PERSONAL DATA PROTECTION POLICY

I. Introduction

This Privacy Policy explains how we collect, store, use, process, transfer, disclose, and protect your Personal Information. This Privacy Policy applies to all users of services provided by PT Digdaya Duta Digital.

II. Definitions

1. Personal Data means data about an identified or identifiable individual, either directly or indirectly, through electronic or non-electronic systems.
2. Provision of Personal Data means activities intended to disclose personal data to certain individuals or groups.
3. Personal Data Protection means all efforts to protect Personal Data in the course of processing activities to ensure the constitutional rights of the data subject.
4. Information means data or statements that can be seen, heard, or read, presented in electronic or non-electronic form.
5. Personal Data Controller means any person, public body, or international organization that individually or jointly determines the purposes and controls the processing of Personal Data.
6. Personal Data Processor means any person, public body, or international organization that individually or jointly processes Personal Data on behalf of the Controller.
7. Personal Data Subject means an individual to whom Personal Data is attached.
8. User means any data subject including individuals, legal entities, customers, or parties who directly or indirectly use, access, connect with, or cooperate with services provided by PT Digdaya Duta Digital.
9. Person means a legal subject in the form of an individual or legal entity.
10. Corporation means a group of persons and/or assets organized either as a legal entity or non-legal entity.
11. Services means all types of services and products of PT Digdaya Duta Digital, including websites, features, applications, social media, or other communication platforms.
12. Third Party means any party having a business relationship with PT Digdaya Duta Digital, including business partners, vendors, outsourcing companies, and/or other appointed parties.
13. Personal Data Processing means activities including obtaining, collecting, processing, analyzing, storing, correcting, updating, disseminating, displaying, announcing, transferring, disclosing, deleting, and destroying Personal Data.
14. PDP Law means Law Number 27 of 2022 concerning Personal Data Protection and its implementing regulations and amendments.

III. General Personal Data Protection (Privacy) Policy

1. Company Commitment

This Privacy Policy is established by PT Digdaya Duta Digital as a commitment to protecting and managing Users’ Personal Data.

This policy governs the procedures and principles applicable to the collection, storage, processing, correction, updating, transmission, disclosure, and protection of Users’ Personal Data through official channels and media operated by PT Digdaya Duta Digital.

2. User Consent

By continuing to access or use the website, domain, application, or services of PT Digdaya Duta Digital, Users are deemed to have read, understood, and agreed to this Privacy Policy.

3. Third-Party Services

This Privacy Policy does not apply to third-party services, even if links are available on PT Digdaya Duta Digital platforms.

4. Accuracy of Information

Users are fully responsible for the accuracy and validity of the Personal Data provided.

5. Data Subject Rights

Users have the right to:

• Obtain information regarding data processing
• Access and obtain copies of data
• Correct and update data
• Request deletion
• Withdraw consent
• Object to processing
• Transfer data (data portability)
• File complaints and/or claim compensation

IV. Personal Data Protection Provisions

1. Personal Data

1.1 General Personal Data

Personal Identification Data:

• Full name
• Address
• Phone number
• Email address
• IP address
• Geolocation data
• Unique device identifiers
• Photograph
• Government-issued ID numbers (ID card, driver’s license, passport)
• Nationality

Education and Employment Data:

• Occupation
• Business sector
• Position/division
• Employer/company name

1.2 Specific Personal Data

• Bank account information
• Investment objectives
• Source of funds
• Risk profile
• Trade confirmations
• Monthly reports
• Biometric data
• Transaction data

Financial Data:

• Account numbers
• Monthly/annual income
• Monthly/annual expenses
• Transaction data
• Tax data

Digital Activity Data:

• Device model
• Operating system
• Software
• IP address
• Wi-Fi information
• Mobile network

Interaction Data:

• Call recordings
• Communication transcripts (WhatsApp, email, social media, chatbot)

Processed Data:

• Profiling results based on service usage

Installed Application Data:

• Information about applications installed on the user’s device

1.3 Data Collection

Personal Data may be collected when:

• Applying for services
• Using websites/applications
• Communicating with customer service
• Participating in promotions/surveys
• Corporate actions (mergers/acquisitions)
• Receiving lawful information from third parties
• Data is publicly available

1.4 Use of Personal Data

Used for:

• Identity verification (KYC)
• Service provision
• Communication and promotions
• Payment processing
• Legal compliance
• System development
• Analytics and security
• Advertising and marketing

1.5 Legal Basis for Processing

• Explicit consent
• Contract performance
• Legal obligations
• Legitimate interests
• Vital interests

1.6 Data Sharing

Personal Data may be shared with:

• Company group entities
• Partners and vendors
• Financial institutions
• Government authorities
• Advertising platforms
• Joint promotion partners

All processing is conducted within the territory of the Republic of Indonesia.

1.7 Data Security

Security measures include:

• Data encryption
• Industry-standard security practices
• Periodic audits
• Access limitation (need-to-know & least privilege principles)

In the event of a data breach, notification will be provided within 3 x 24 hours in accordance with applicable laws.

1.8 Data Retention

Personal Data is retained as long as necessary for:

• Service provision
• Legal compliance
• Dispute resolution
• Operational purposes

After the retention period, data will be securely deleted or anonymized.

1.9 Data Subject Rights and Obligations

Rights:

• Access
• Correction
• Deletion
• Restriction of processing
• Withdrawal of consent
• Data portability
• Opt-out from marketing

Obligations:

• Provide accurate data
• Not provide false information
• Maintain account security
• Exercise rights in good faith

1.10 Rights and Obligations of the Data Controller

Rights:

• Determine purposes of processing
• Instruct processors
• Conduct compliance audits

Obligations:

• Ensure lawful basis
• Ensure data security
• Appoint a Data Protection Officer if required
• Report data breaches

1.11 Rights and Obligations of the Data Processor

Rights:

• Clear instructions
• Legal protection
• Written agreement

Obligations:

• Process only under written instructions
• Maintain confidentiality
• Delete/return data after termination

1.12 Governing Law

This Policy is governed by the laws of the Republic of Indonesia. Any disputes shall be resolved before the competent courts in Indonesia.

1.13 Changes to This Policy

This Privacy Policy may be updated from time to time. Updates will be announced via application, website, or registered email.

1.14 Complaint Mechanism

Users may submit complaints regarding alleged violations through:

Email: support@digdaya.co.id

PT Digdaya Duta Digital will follow up in accordance with internal procedures and applicable laws.