PT Siam Maspion Terminal respects the privacy rights of all individuals. To ensure that your personal data is protected, we have created this privacy notice to provide information regarding the collection, use, disclosure, deletion and destruction of your personal data in electronic and other formats based on Law Number 27 of 2022 concerning Personal Data Protection. and other applicable laws and regulations regarding the protection of personal data in Indonesia (“UU PDP”).
1. Definition
1.1. “We” means PT Siam Maspion Terminal.
1.2. “You” means individuals who visit our locations and individuals who participate in our events and activities.
1.3. “Processing” means collecting, analyzing, storing, correcting, updating, displaying, announcing, transferring, disseminating, using, disclosing, deleting and/or destroying personal data.
1.4. “Personal data” means any data relating to an identified or identifiable natural person that can be identified alone or combined with other information directly or indirectly via an electronic or non-electronic system.
2. Processing Objective
2.1. Contractual Necessity: We process your personal data because this is necessary for the performance of a contract between you and us, such as when you attend our events or visit our premises.
2.2. Legitimate Interests: We process your personal data to pursue our legitimate interests or the interests of third parties. Examples include:
2.2.1 Business Operations: To manage, develop and run our business operations.
2.2.2 Security and Access Control: To control access to buildings, indoor areas, and the internet to protect security, prevent and detect crime, and use as evidence in investigations by our internal and government agencies.
2.3. Vital Interests: We process your personal data to protect your or another person’s vital interests, such as making contact in emergencies and controlling and preventing disease.
2.4. Legal Compliance: We process your personal data to comply with our legal obligations.
2.5. Public interest: We process your personal data to carry out tasks carried out in the public interest or in the exercise of official authority vested in us.
2.6. Consent: We process your personal data based on your consent for specific purposes, which will be communicated to you when obtaining consent. Further information about your consent and its implications can be found in the next section of this privacy notice.
3. Personal Data We Collect
3.1. Participation in Activities: When you participate in any of our activities, whether organized by us, by people we employ, or jointly organized with other entities, or when you enter our premises, we collect the following personal data:
3.1.1 Registration and Participation Information: Name, contact number, email.
3.1.2 Video and Audio Data: Still images and moving images (including photos and videos recorded at seminar or event locations).
3.2. Visiting Our Locations: When you visit our locations:
3.2.1 CCTV Monitoring: We collect, monitor and process your images and videos recorded by CCTV (we do not record audio) in designated areas. We will display signage to inform you of areas where CCTV operates.
3.2.2 Visitor Records: We collect, store and process the following personal data in our Visitor Records System:
● Personal information, such as name, telephone number, email.
● Wi-Fi Registration: We require that you register when using our Wi-Fi services. The personal data we collect includes name, telephone number and email.
3.3. Additional Data Collection: If we need to collect additional personal data, we will notify You and process the data in accordance with the PDP Law.
3.4. Disclosure of Third Party Data: If you disclose other people’s personal data to us, you must be able to do so lawfully and in compliance with PDP Laws, including informing data subjects of this privacy notice and other related documents and obtaining any necessary consent before or at the time of disclosure.
4. Cookies
4.1. We use cookies and similar technologies to collect personal data as specified in our Cookie Notice.
5. Consent, Withdrawal, and Consequences
5.1. Right to Withdraw Consent: If we rely on your consent to process personal data, you can withdraw your consent at any time. Withdrawal will not affect the validity of processing carried out prior to withdrawal.
5.2. Consequences of Withdrawal or Refusal: Withdrawing your consent or refusing to provide certain information may result in our inability to fulfill some or all of the purposes stated in this privacy notice.
5.3. How to Withdraw Consent: You can withdraw your consent by following the instructions provided in the channel where consent was obtained (for example, changing the settings in your user account).
6. Retention Period
6.1. Data Retention Duration: We will retain your personal data for the period necessary to fulfill the stated purposes. We may retain certain data for up to 5 years to defend against legal claims. If the retention period is unclear, we will retain the data for the usual period in accordance with retention standards.
6.2. Data Deletion and Destruction: We have established an audit system to delete or destroy your personal data when the retention period expires or when the data becomes irrelevant or unnecessary for the purposes for which it was collected.
6.3. Retention After Withdrawal of Consent: If your personal data is processed based on consent, we will stop processing it after you withdraw consent. However, we may retain your personal data to record your withdrawals and respond to future requests.
7. Disclosure of Your Personal Data
7.1. Business Restructuring: If we restructure our business, sell or transfer assets, acquire a business, or merge with another business, we may disclose your personal data to our partners and advisors. We will do our best to protect your data and require our partners and advisors to comply with the PDP Act and this privacy notice.
7.2. Protective Measures: We will require recipients of your personal data to take appropriate measures to protect your personal data, process it correctly and only when necessary, and prevent unauthorized use or disclosure.
8. Security Measures
8.1. Technical and Organizational Measures: We have implemented technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure or destruction. These measures include encryption and access restrictions to ensure only authorized personnel have access to your data and are trained in the importance of data protection.
8.2. Comprehensive Security Measures: We maintain comprehensive security measures, including administrative, technical, and physical safeguards (such as access control and user access management), to prevent unlawful loss, access, use, alteration, or disclosure of personal data. We review and update these measures as necessary or as technology changes to ensure effective security.
8.3. Protection of Certain Personal Data: If we process certain personal data, we will use our best efforts to implement appropriate security measures to protect that data.
9. Your Rights as a Data Subject
9.1. Summary of Your Rights under the PDP Law: You have the following rights:
9.1.1 Right to Information: To receive clear information about our identity, accountability, purposes of data processing and the basis for data processing.
9.1.2 Right to Withdraw Consent: To withdraw the consent you have provided to us at any time.
9.1.3 Access Rights: To request to view and copy your personal data or to disclose the sources from which we obtained your personal data.
9.1.4 Right to Data Portability: To request that we send or transfer personal data in electronic form to another data controller as required by the PDP Law.
9.1.5 Right to Object: To object to our collection, use or disclosure of your personal data.
9.1.6 Right to Erasure: To request that we delete, destroy or anonymize your personal data.
9.1.7 Restriction Rights: To request that we suspend use of your personal data.
9.1.8 Right to Object to Automated Decision Making: Object to decisions based solely on automated processing that have legal consequences or have a significant impact on you.
9.1.9 Right to Rectification: Request that we correct your personal information to ensure it is current, complete, and accurate.
9.1.10 Right to File a Complaint: To file a complaint with the Personal Data Protection Authority if we, our data processors, employees or contractors violate or do not comply with the PDP Law.
9.2. Processing of Rights Requests: We will consider your request, notify you of the outcome, and carry it out (if appropriate) within the time period specified by the PDP Law from the date we receive the request. Your rights will be processed in accordance with the PDP Law.
9.3. How to Exercise Your Rights: You can exercise your legal rights by sending your request by email to the data controller.
10. Information about the Data Controller and Data Protection Officer
10.1. Data Controller: The data controller of this privacy notice is PT Siam Maspion Terminal
10.2. Business Address: Maspion V Industrial Area, Jl. Beta Maspion, Manyar Sidomukti, Manyar, Gresik Regency, East Java 61151.
10.3. Contact Information: If you have any questions about this privacy notice, you can contact the data controller:
• Nanang Cahyono – ncahyono@smtjetty.com.
11. Miscellaneous
11.1. Amendments to Privacy Notice: If this privacy notice is changed, we will post the new privacy notice on our website or through other channels. The new privacy notice will take effect immediately on the date of the announcement.