Privacy Notice

A. Introduction

PT Astra Graphia Tbk and/or its affiliates (hereinafter individually and collectively referred to as “Astragraphia” or “We”) understand the importance of protecting Personal Data as regulated by Law No. 27 of 2022 concerning Personal Data Protection along with its implementing regulations applicable to Astragraphia, which may be enacted from time to time (hereinafter referred to as the “UU PDP”). Therefore, Astragraphia is committed to implementing the provisions of the UU PDP and related regulations and their implementation in order to maintain confidentiality and ensure the protection of your Personal Data in accordance with applicable laws and regulations.

In the context of this Privacy Notice, “Personal Data” refers to data about an identified or identifiable individual, either on its own or in combination with other information, both directly and indirectly, through electronic or non-electronic systems as defined in the UU PDP.

This Privacy Notice, along with any changes made from time to time (“Privacy Notice”), explains how we process Personal Data, which includes the acquisition, collection, processing, analysis, storage, correction, updating, display, announcement, transfer, dissemination, disclosure, and deletion (hereinafter referred to as “Personal Data Processing”) through the use of websites, applications, and/or systems (if any), participation in specific programs or promotional activities by us and/or third parties who collaborate or have a legal relationship with us (“Third Parties”), both online and offline, as well as through activities and services, including product services and other features provided on the website, applications, and/or systems (if any) (collectively referred to as “Products and/or Services”)

This Privacy Notice applies to any Personal Data Processing we conduct when you:

  1. become a user of our Products and/or Services or our customer; and/or
  2. become (i) our business partner, contractor, agent, and/or supplier, and/or (ii) have a legal relationship with us for a specific purpose, such as the implementation of corporate social responsibility.

(Collectively referred to as “You”).

 

B. Your Representations and Warranties in Relation to the Provision of Personal Data

By using this site or application, or by using our Products and/or Services, or by providing your Personal Data to us or to the service providers we designate, either directly or through your representative, you declare and warrant that:

  1. you have read and understood the entirety of this Privacy Notice;
  2. the authenticity, completeness, and accuracy of the Personal Data you provide to us; and
  3. you understand all the terms of this Privacy Notice and the Personal Data Processing we carry out based on this Privacy Notice.

In certain circumstances, you may provide Personal Data of other individuals (such as Personal Data from your lawful spouse, family members, or other parties, including those you represent) to us. You declare and warrant that you have obtained explicit and lawful consent from those individuals as Personal Data subjects, and you understand that we rely on your statements and warranties to carry out the Personal Data Processing of the relevant individuals/parties. We are not responsible if the Personal Data you provide, especially the Personal Data of other individuals, is obtained unlawfully. We may request proof of such consent from you at any time as needed.

 

C. Types of Your Personal Data Collected and Methods of Collection

We collect the Personal Data that you provide to us when you use our Products and/or Services. The Personal Data collected includes, but is not limited to: 

  1. Identity Data: your personal information, including name, place and date of birth, gender, email address, and National Identification Number (NIK);
  2. Geographic Data: information regarding your location (when geolocation features are activated on your mobile device);
  3. Biometric Data: information that allows for unique identification of individuals, such as facial images;
  4. Communication Records: records of communications between you and us, including when you contact us (such as to ask questions, report issues, or file complaints, including but not limited to requests for updates to Personal Data). We collect and store these communication records and other Personal Data you provide in those communications;
  5. Usage Data: information regarding your usage of our Products and/or Services and technical information, such as data about the traffic of our Products and/or Services, and the frequency of your access to our Products and/or Services;
  6. Device Data: including device data that covers the type/model of device you use to access the Services, internet protocol (IP) address, and geographical location data (geolocation, as necessary for the provision of Services), and cookies (to personalize any information included as Personal Data used to access the Products and/or Services, as well as how you can manage your cookies through your browser settings, though this option may limit the speed/quality of the Products and/or Services);
  7. Other Personal Data: any other information you provide when using our Products and/or Services.

With the Personal Data we collect, we may create, use, or disclose:

  1. statistical data derived from the Personal Data you provide; and/or
  2. information regarding transactions you carry out with us or information contained in payment documents or transaction documents that include the Personal Data you provide, such as bills or proof of purchase.

(hereinafter referred to as “Transaction Data”),

where Transaction Data will not be considered Personal Data because this data will not directly or indirectly reveal the Personal Data you provided, as (i) this data cannot be linked to or identify any individual, or (ii) this data is then combined with similar data so that the original data forms part of a larger data set.

For specific purposes, you may be asked to provide your Personal Data and/or Transaction Data to meet legal obligations or to fulfill a contract. Failure to provide Personal Data for these purposes may be deemed a failure to fulfill legal obligations or an inability to enter into a contract with us.

If not requested, please do not provide or disclose sensitive Personal Data (such as health data, biometric data, children's data, etc.) to us. We may collect information from various sources in accordance with applicable laws, including Personal Data and/or Transaction Data collected by Third Parties and/or public sources, both new and historical data, as part of our efforts to continually provide you with the best Products and/or Services.

 

D. Purpose of Processing Your Personal Data

We use your Personal Data to conduct our business and operational activities, including but not limited to the following purposes:

  • To provide and maintain our Products and/or Services (including responding to your inquiries, comments, or complaints);
  • To detect, prevent, and address issues related to our Products and/or Services;
  • For internal administrative processes, including but not limited to documentation, audits, and taxation;
  • To fulfill obligations under agreements with you and/or Third Parties, including notifying you about changes to our Products and/or Services;
  • To communicate with you through various media such as email, phone, text messages (SMS), notifications or chats within applications (in-app messaging/push notifications), and social media;
  • To market and promote our Products and/or Services, including announcements, promotional materials, greetings, invitations to participate, and special rights from our partners, sponsors, or advertisers;
  • To process your participation in any production activities, contests, games, promotions, polls, or surveys;
  • To understand and analyze usage and sales patterns of our Products and/or Services based on our customers' needs and preferences for research, analysis, testing, product and/or service development, and collaboration with Third Parties;
  • To prevent, detect, investigate any suspicious transactions, criminal activities, or prohibited activities, including those based on applicable laws and regulations;
  • To respond to requests related to law enforcement and to protect our rights and/or yours;
  • To develop, enhance, and provide Products and/or Services that meet your needs; and/or
  • To fulfill other necessary requirements as needed.

We may process the Personal Data you provide for these purposes. We will convey other processing to you first, as required by applicable laws and regulations.

 

E. Basis for Processing Your Personal Data

We process your Personal Data for the purposes stated above above using one of the following processing bases:

  1. Explicit valid consent that you provide - you can withdraw your consent at any time, however withdrawal of consent may provide impact on your experience of using our Products and/or Services;
  2. Fulfillment of your contractual obligations - We may carry out Processing of Data you provide to carry out agreed obligations, including to provide our products and/or services according to your request;
  3. Fulfillment of legal obligations based on laws and regulations - We can carry out Processing of Personal Data that you provide to carry out certain actions that We are obliged to do based on applicable laws and regulations;
  4. Fulfillment of Protection of Vital Interests - We can carry out the above Processing Personal Data that you provide to fulfill the protection of vital interests you (for example, interests relating to your safety); and/or
  5. Fulfillment of Legitimate Interests - We may process the Data Personal information that you provide to fulfill the interests of us or third parties legitimate, where such interests do not violate your interests and rights.

 

F. Processing of Your Personal Data by Third Parties

We may provide access and/or disclose your Personal Data with Parties Certain third parties are related to your use of our products and/or services. These third parties include but are not limited to:

  • Research and marketing companies related to the promotion of our products and/or services.
  • Information technology provider companies (infrastructure features, computing cloud (cloud computing), software, big data analysis and machine learning, including data cleansing, data insight and credit scoring features).
  • Payment transaction processing services provider companies which include organizer of payment gateways, fund transfers, electronic wallets, electronic money and other payment system service providers related to transactions carried out in Products and/or Services.
  • Other provider companies or our partners related to products and/or Services offered in Our Products and/or Services.
  • Professional advisors and external auditors, including legal advisors, advisors finance and other consultants.
  • Government authorities, both within and outside the jurisdiction of the Republic of Indonesia, in accordance with applicable laws and regulations.
  • Other parties as part of actual or planned transactions, such as mergers, acquisitions, purchases and/or asset transfers, financing, restructuring, and/or other transactions as part of our business activities (including during due diligence or feasibility studies that are part of those transactions).
  • Our subsidiaries, related companies, affiliates, and jointly controlled entities to provide you with a good, relevant, and secure experience when using our Products and/or Services.
  • Other parties in accordance with applicable laws and regulations.

 

G. Storage

Unless prohibited by the provisions of applicable laws and regulations and with referring to this Privacy Notice, We will store and use your Personal Data you provide as long as we need it to carry out the objectives of Processing of Personal Data that We have submitted, including other purposes to fulfil Our legal obligations, resolve disputes, and implement agreements.

If the relationship between Us and You has ended, We will retain Personal Data that you provide for a certain period, with the aim of:

  • Maintaining business records for the purposes of analysis, internal reporting, and/or audits;
  • Complying with retention requirements based on applicable laws and regulations;
  • Proving or executing claims and/or disputes that are ongoing or may arise;
  • Handling complaints related to our products and/or services. 

You understand and agree that we can delete the Personal Data that you provide if the Personal Data is no longer needed for the purposes mentioned above.

 

H. Storage of Personal Data and Transfer of Personal Data Abroad

We store and process the Personal Data that you provide at our facilities or location of other service providers abroad. By using our products and/or services, You understand and agree that your information may be transferred outside the country where you live, including Indonesia, which may have data protection regulations different from your country. Under certain circumstances, courts, enforcement agencies laws, regulatory bodies or security authorities in such other countries may have the right to access the Personal Data you provide.

You hereby understand and agree that We may send, store, use, and process your Personal Data on servers located in data centers appointed by us. The data center may be managed by a Third Party and/or located at outside the territory of the Republic of Indonesia. Notwithstanding the foregoing, Processing of Your Personal Data in connection with the use of our products and/or services will continue to be regulated by this Privacy Notice complies with applicable laws and regulations.

We will endeavor to comply with applicable regulations and use all actions reasonably necessary, such as obtaining your consent (we can request your consent when you provide your Personal Data) or other basis permitted by applicable regulations.

 

I. Your Rights as a Personal Data Subject

You as the subject of Personal Data have rights regulated by regulations applicable laws regarding the protection of Personal Data and Us always commits to enable you to exercise your rights in connection with Processing Personal Data, subject to applicable laws and regulations (including limitations and exceptions), as follows:

  1. The right to obtain information regarding clarity of identity, basic interests law, the purpose of the request and use of Personal Data, and the accountability of the party involved request Personal Data (as stated in the Notification this privacy);
  2. The right to obtain access and/or a copy of your Personal Data from us;
  3. The right to complete, update, and/or correct errors and/or inaccuracy of Personal Data;
  4. The right to terminate the processing of Personal Data if the processing purposes and/or the retention period for Personal Data has not been reached, including those following the request deletion and/or destruction of Personal Data;
  5. The right to delete Personal Data according to the processing purposes and/or retention period Personal Data has not been reached, including those followed by a request for destruction of Personal data;
  6. The right to obtain and/or use Personal Data in any form in accordance with the structure and/or format commonly used or read by the system electronically (portability right), and the right to use and transmit Data Personal to other Personal Data controllers as long as the system used can communicate with each other securely in accordance with the principles of Personal Data protection based on statutory provisions (interoperability rights).
  7. The right to withdraw consent to Processing of Personal Data if grounds Processing of Personal Data constitutes explicit valid consent;
  8. The right to delay or limit Data Processing;
  9. Other rights based on applicable regulations.

If you wish to submit a request to exercise your rights as stated above, you are encouraged to communicate it through the channels/contacts listed in Section L of this Privacy Notice. We will carry out a verification and screening process for all your requests to exercise your rights as a personal data subject. In order to do so regarding your authority to submit a request, we may ask you to provide information or supporting documentation to substantiate the request. Once verified, we will inform you regarding the consequences for the exercise of your rights. After getting your agreement on the consequences We will implement your request within the specified time limit by applicable laws and regulations. However, please understand that based on applicable laws and regulations and under certain conditions, We have the right to refuse your request to exercise your rights as such described above, including to delete or destroy part or all your Personal Data that We control, if this is required or permitted based on applicable laws and regulations.

We may charge an administration fee for each request you make exercise your rights as a subject of Personal Data in accordance with regulatory provisions applicable legislation.

 

J. Cookies, Pixel Tags, and Other Technologies

By using Our Products and/or Services, you may use cookies, pixel tags, and/or other technologies or you may disable these features by stopping your use of Our Products and/or Services or adjusting the settings on your device, such as disabling, controlling, or deleting cookies, pixel tags, and/or other technologies if you so choose. However, you should note that if you choose to do so, it may impact the quality of your experience using Our Products and/or Services.

 

K. Personal Data Security

We highly value your Personal Data and make reasonable efforts to protect any Personal Data. We continually strive to improve the standards of protection of your Personal Data.

However, you understand that the transmission of information through online means is not completely secure and We are not responsible for any losses arising from damage or loss of Your Personal Data that occurs beyond Our control. Therefore, We strongly recommend that You always update the security of the access that You create and have in connection with the use of Our Products and/or Services or Your software and do not disclose the account password on Your Products and/or Services to any party.

If there is an incident related to the protection of Personal Data, you understand and agree that We may send an electronic notification letter regarding the incident to You.

 

L. Contact Us

If you have any questions or complaints regarding the Privacy Notice and the Personal Data Processing activities that We conduct, including if you intend to exercise your rights as a Personal Data subject, you can contact us at:

PT Astra Graphia Tbk

Jl. Kramat Raya No. 43 Jakarta 10450 Indonesia

Telephone : +6221 3909190; +6221 3909444

Fax : +6221 3909181; +6221 3909388

E-mail : info@astragraphia.co.id

Corporate Communications

E-mail: corcomm@astragraphia.co.id

Corporate Secretary

E-mail: corporate.secretary@astragraphia.co.id

 

M. Language

This Privacy Notice may be translated into languages ​​other than Indonesian. If there is any inconsistency between the Indonesian language version of this Privacy Notice and other language versions, the Indonesian language version shall apply.

 

N. Applicable Law

This Privacy Notice is governed by the laws of the Republic of Indonesia.

 

O. Changes or Updates to the Privacy Notice

We may change, supplement, and/or replace this Privacy Notice from time to time (with notice to you) to ensure that Notice this privacy is in line with the procedures and practices carried out by us in carrying out Processing of Personal Data, including to comply with legal and regulatory requirements valid invitation.