Privacy Notice for Customers
PT Siam Indo respects everyone’s right to privacy. To ensure that your personal data is protected, we have created this Privacy Notice to provide information on the collection, use, disclosure, deletion, and destruction of your personal data in electronic and other formats in accordance with Law No. 27 of 2022 on Personal Data Protection and other applicable laws and regulations on personal data protection in Indonesia (“PDP Laws”).
Definitions
- “We” means PT Siam Indo.
- “You” means an individual who is our customer or prospective customer, as well as any contact persons, legal representatives, directors, employees, staff, advisors of our customers or prospective customers, or any other individual acting on their behalf.
- “Processing” means activities such as collecting, analyzing, storing, correcting, updating, displaying, publishing, transferring, disseminating, using, disclosing, deleting, and/or destroying personal data.
- “Personal Data” means information about an individual that can be used to recognize or identify someone either on its own or combined with other information, directly or indirectly, through electronic or non-electronic systems.
Purpose of Processing
- Contractual Needs: Processing your personal data is essential for performing a contract between you and us. This includes:
- Providing services and products to you
- Managing your account
- Delivery arrangements
- Managing accounting and financial matters
- Providing after-sales services
- Processing returns or exchanges
- Legitimate Interests: Processing for our or a third party’s legitimate interests, including:
- Business Activities: Managing, developing, and carrying out our business, including communication, administration, development, fraud prevention and detection, crime prevention, managing relationships with current or prospective customers, and maintaining information technology (IT) systems.
- Security: Safeguarding your security through measures such as data protection, access control, and identity authentication when you log in with your user account.
- Marketing and Data Analytics: Conducting marketing research and data analysis, sending updates by email, SMS, chat apps, phone, and post, including communication with you.
- Vital Interests: Protecting your or another person’s vital interests, such as contacting you in emergencies or preventing disease.
- Legal Compliance: Fulfilling our legal obligations.
- Public Interest: Performing tasks in the public interest or exercising official authority granted to us.
- Consent: With your consent, we may process your personal data for additional purposes. Such purposes will be communicated to you at the time of obtaining your consent.
Personal Data We Collect
- Sources: We collect data directly from you or indirectly from reliable sources such as public organizations, companies within the SCG and WINGS Groups, business partners, lawful disclosers, and trusted service providers.
- When Using Services or Membership Programs: When you use our services, purchase products, join loyalty programs, or use our website, we may collect:
- Personal Information: ID card, identification number, title, name, date of birth, mobile number, email, communication history, signature.
- Contact Information: Email address, phone number, home/office address, social media accounts.
- Employment Information: Occupation, position, work experience.
- Purchase Information: Purchase history, claims, and complaints.
- Provided Information: Any personal information you provide when contacting us, requesting after-sales services, or participating in research or interviews.
- When Contacting or Participating in Events:
- Personal Information: Name, date of birth, photo, ID number, passport number, airline membership number, health information (e.g., food allergies).
- Contact Information: First name, last name, phone number, email, address.
- Participation Information: Records of your participation in our activities, including past participation and photos taken during events.
- Specific Personal Data: If processing sensitive data (e.g., financial, health, biometric, or other sensitive data as defined by law), we will clearly inform you of the type and reasons for processing. Such data will be handled in accordance with laws and secured appropriately.
- Third-Party Data Disclosure: If you disclose another person’s data to us, you must ensure it is done lawfully, in compliance with PDP Laws, that the data subject has been notified of this Privacy Notice, and that necessary consent has been obtained.
Cookies
- We use cookies and similar technologies as described in our Cookie Notice.
Consent, Withdrawal, and Consequences
- Right to Withdraw Consent: If processing is based on your consent, you may withdraw consent at any time. Withdrawal will not affect the lawfulness of prior processing.
- Consequences: Withdrawal or refusal to provide certain information may limit our ability to fulfill some or all purposes stated in this notice.
- How to Withdraw: You may withdraw consent via instructions provided at the point of collection (e.g., changing account settings) or by emailing [email protected].
- Consent for Minors or Persons with Disabilities: If you are a minor, legally incompetent, or disabled, you must obtain authorization from your legal guardian before providing consent.
- Consent on Behalf of Others: If you give consent on behalf of another person, you must have lawful authority or a valid power of attorney.
Data Retention
- Retention Period: We retain personal data as long as needed to fulfill the purposes stated. In some cases, data may be retained for up to 30 years for legal defense purposes. If not specified, data will be retained for a reasonable time based on standard practices.
- Deletion: Data will be deleted or destroyed once retention ends or it is no longer relevant.
- After Withdrawal: If processed based on consent, we will stop processing after withdrawal but may retain the data to document the withdrawal and handle future requests.
Disclosure of Your Personal Data
- We may share your data with:
- Distributors or affiliated stores within PT WINGS Surya and PT Sayap Mas Utama
- Third parties, including:
- Transport and logistics providers
- Postal service providers
- Data processing providers
- Marketing providers
- Contractors acting on our behalf
- Financial service providers (banks, payment companies, credit providers)
- IT providers (cloud services, blockchain systems, data analytics, SMS/email providers)
- Software developers and programmers
- Auditors, consultants, and advisors
- Government authorities (e.g., Tax Office, Anti-Money Laundering Office)
- Insurance companies
- Other relevant parties in connection with our business operations.
- Separate Privacy Notices: Some recipients may have their own privacy notices. Please read theirs to understand how they handle your data.
- Business Restructuring: In case of restructuring, sale, transfer of assets, merger, or acquisition, we may disclose your data to relevant parties, ensuring compliance with PDP Laws.
- Safeguards: We require all recipients to protect your data, process it lawfully, and prevent unauthorized use or disclosure.
International Transfers
- We may transfer your personal data to SCG Group companies or other entities outside Indonesia for purposes such as:
- With your explicit consent (after being informed of risks)
- For contract performance or pre-contractual steps
- For contracts in your interest
- For public interest reasons
- For legal claims
- To protect vital interests when you are unable to consent
- Data may be stored on servers or cloud services abroad. We ensure providers apply adequate safeguards and prevent unauthorized access.
Security Measures
- We use technical and organizational measures to protect your data from loss, misuse, unauthorized access, disclosure, or destruction, including encryption and access restrictions.
- We regularly review and update our security measures to remain effective and aligned with technological developments.
Your Rights as Data Subject
- Under the PDP Law, you have the following rights:
- Right to information
- Right to withdraw consent
- Right to access
- Right to data portability
- Right to object
- Right to deletion
- Right to restriction
- Right to object to automated decision-making
- Right to rectification
- Right to file a complaint with the Data Protection Authority
- Requests will be reviewed and handled in accordance with PDP Laws within the statutory timeline. You can exercise your rights by emailing [email protected].
Data Controller and Data Protection Officer
- Data Controller: PT Siam Indo
- Business Address: PT Siam Indo Gypsum Industry, Jl. Inspeksi Kalimalang Km.2 Kp Cikedokan, Cibitung Barat, Bekasi 17520, Indonesia
- Contact: [email protected]
Miscellaneous
- Changes to Privacy Notice: Any changes will be announced on our website or through other available media. The new notice will take effect on the date of announcement.