Privacy Policy

Privacy Notice

 

January 1, 2025

PT Data Encryption Information Technology (Defend IT360) is committed to protecting and respecting your personal data. Under the Personal Data Protection Law (UU PDP), we are responsible for collecting and managing your personal data lawfully, transparently, and fairly. This privacy policy explains how we collect and use your personal data, the purpose of the collection, and your rights regarding the personal data we process.

  1. How Personal Data is Collected

Personal data collection refers to the process by which an organization or entity, such as Defend IT360, gathers, records, and processes personal data for specific purposes in compliance with applicable policies and regulations, including the Personal Data Protection Law (UU PDP) in Indonesia. The collection of personal data must adhere to lawful, transparent, and fair data protection principles.

Below are the effective and lawful ways personal data may be collected:

Sources of Personal Data Collection

Personal data may be collected from various sources, including:

  • Directly from the data subject (data provided by individuals): This includes information provided by customers or other parties through various means, such as registration forms, survey responses, interactions via customer service, or transactions.
  • Through services or websites: When individuals access company websites or applications, personal data such as IP addresses, location, search history, and application usage may be collected through mechanisms like cookies or activity logs.
  • Third parties: Data may also be collected from partners or third parties such as payment service providers or marketing agencies, with the data subject’s consent.
  1. Purpose

The personal data we collect is used for the following purposes:

  • Communication and Notifications: To inform you about service updates, offers, or relevant promotions.
  • Legal and Security Purposes: To comply with legal obligations and prevent fraud while protecting company assets and data.
  1. Types of Personal Data
  • Personal Identity: Full name, gender, date of birth, identity number (ID card/passport).
  • Contact Information: Residential address, email address, phone number.
  • Location Data: Geographical location when using our location-based services (if applicable).
  1. Sharing Personal Data

We do not share your personal data with third parties unless necessary for the purposes outlined in this privacy policy or required by law. Any authorized party requiring your personal data will be granted access only to the extent necessary for a specific purpose.

  1. Third-Party Collaborations

We collaborate with third parties such as business partners, payment service providers, or technology vendors to help deliver the services we offer you. These third parties will only access your personal data to perform their functions in this context, with an obligation to maintain confidentiality and protect your personal data in accordance with our policies and applicable regulations.

  1. Transfer of Personal Data Outside Indonesia (International)

In certain cases, your personal data may be transferred outside Indonesia to countries with adequate data protection levels or in accordance with international standards. Before transferring personal data abroad, we ensure that necessary measures are taken to protect your privacy rights.

  1. Personal Data Security

We are committed to maintaining the confidentiality and security of your personal data. We implement various technical measures to protect personal data from unauthorized access, use, disclosure, alteration, or deletion. This includes data encryption, and we are ISO 27001 certified for information security management systems.

  1. Automated Decision-Making

We do not engage in automated decision-making that could significantly impact data subjects without human intervention, unless permitted by law or necessary for contract execution or other legitimate interests.

  1. Legal Basis for Using Personal Data

The collection and use of your personal data are based on one or more of the following legal grounds:

  • Your explicit consent.
  • The execution of a contract with you.
  • Our legitimate interest in running our operations.
  • Legal obligations our company must comply with.
  1. Information Regarding Children

We do not knowingly collect personal data from children under the age of 18. If we discover that we have collected personal data from children without parental or guardian consent, we will promptly take steps to delete the data.

  1. Data Retention

Personal data will only be retained for as long as necessary to fulfill the purpose of its collection or to comply with applicable legal obligations. We ensure that your personal data is not stored longer than required.

  1. Data Subject Rights

You have certain rights regarding the personal data we manage, including:

  • Right to Access Personal Data: You may request a copy of the personal data we hold about you.
  • Right to Rectify Personal Data: You may request corrections or updates to inaccurate personal data.
  • Right to Data Portability: You can request a copy of your personal data in a format that is easy to transfer to another provider.
  • Right to Object to the Use of Personal Data: You may object to the use of personal data for specific purposes (e.g., direct marketing).
  • Right to Withdraw Consent: You may withdraw consent previously given for processing your personal data.
  • Right to Request Deletion of Personal Data: You may request the deletion of your personal data, subject to legal conditions or necessary retention by our company.
  1. How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint through our provided communication channels. We will respond to your complaint promptly and in compliance with applicable regulations. If you are not satisfied with our handling of your complaint, you also have the right to file a complaint with the relevant data protection authority.

  1. Governing Law

This Privacy Notice is subject to the applicable laws in Indonesia, particularly the Personal Data Protection Law (UU PDP) and other relevant regulations.

  1. Privacy Notice Changes

We may update this privacy policy from time to time. Any changes will be communicated appropriately (e.g., via our website or email), and the latest version of the privacy policy will be available to you.

  1. Acknowledgment and Consent

By using our services or providing your personal data to Defend IT360, you acknowledge that you have read and agreed to the contents of this Privacy Notice. Your consent allows us to process your personal data in accordance with this policy.