Fraud Blocker

Privacy Policy

PRIVACY NOTICE POLICY

A. Introduction

PT ATI realizes the importance of protecting privacy, confidentiality and individual rights to personal data. This document is “Privacy Notice Policy” which are determined and implemented by PT ATI, in protecting personal data in any form, including in the process of collecting, processing, analyzing, storing, displaying and/or destroying such personal data by PT ATI (“Personal Data Processing”), where the scope of the provisions and their implementation must also comply with the provisions of the personal data protection laws and regulations in force in the Republic of Indonesia, including but not limited to the provisions of Article 15.1 of Law Number 27 of 2022 concerning Personal Data Protection.

The personal data referred to in this Privacy Notice Policy are:

  1. The definition of personal data as regulated in the applicable laws and regulations of the Republic of Indonesia, where "personal data” is data about an individual who is identified or can be identified individually or combined with other information either directly or indirectly through electronic or non-electronic systems, and as further regulated in the personal data protection laws and regulations in force in the Republic of Indonesia; and

  2. Where the personal data, including but not limited to, received directly by PT ATI, received from ATI Affiliates (“ATI Affiliate”), received from ATI Employees (“ATI employees”), received from ATI Affiliate Employees (“ATI Affiliate Employees”), received from the Vendor (“Vendor”), received from Vendor Employees (“Vendor Employees”), received from the Supplier (“Supplier”), received from Supplier Employees (“Supplier Employees”), received from PT ATI client (“Merchant" or "Customers”), received from direct users (end user) services provided by PT ATI (“End Users”), and received from any third party, where the parties mentioned have obtained prior explicit consent from the Personal Data Subject to provide personal data to PT ATI in connection with the implementation of Personal Data Processing. For the avoidance of doubt, each and every party above who provides personal data to PT ATI is referred to as “Personal Data Provider”.

Protecting personal data and privacy is very important for PT ATI's business to maintain trust and confidence in PT ATI's products and services.

We ask that you read these provisions carefully to understand PT ATI's practices regarding personal data protection.

PT ATI really respects the privacy of personal data and protects the rights of the entity to which the personal data is attached. However, PT ATI has the right to exclude the rights of Personal Data Subjects in accordance with the provisions of personal data protection laws and regulations in force in the Republic of Indonesia, including but not limited to the provisions of Article 15.1 of Law Number 27 of 2022 concerning Personal Data Protection.

B. General Provision

1. Personal Data & Personal Data Subjects

This Privacy Notice Policy regulates efforts and implementation of personal data protection, including in any and all Personal Data Processing activities, in order to guarantee the constitutional rights of each Personal Data Subject who is part, series and subject of Personal Data Processing ("Personal Data Subject”).

2. Basis of Processing of Personal Information

For any processing of personal data, PT ATI can only process personal data from personal data subjects, limited only to: (i) certain types of information; (ii) for a specific purpose; (iii) legally valid and (iv) transparent, based on the explicit legal consent of this Personal Data Subject to the Privacy Notice Policy in the manner as regulated in the provisions of point C.12 of this Privacy Notice Policy.

The Privacy Notice Policy is PT ATI's information and basis for processing your Personal Data, and contains:

  1. Process and fulfill orders, payments, and requests;
  2. Provide and personalize our products and services;
  3. Communicate with customers regarding offerings, updates, and promotions;
  4. Respond to inquiries, feedback, or customer support requests;
  5. Improve our products, services, and website experiences;
  6. Analyze and understand user preferences and trends;
  7. Comply with legal obligations and protect our rights.


In general, PT ATI will ensure that approval for Personal Data Processing is carried out through written or recorded consent (both electronic and non-electronic) in connection with:

  1. Fulfillment of obligations of agreement/cooperation/provision of services provided by PT ATI, in the event that the Personal Data Subject is one of the parties or to fulfill the request of the Personal Data Subject, when entering into an agreement with PT ATI and/or carrying out cooperation with PT ATI and/or using services provided by PT ATI;

  2. Legal obligations from governments and/or regulators to collect certain personal data and certain purposes;

  3. Protection of vital interests. Certain situations may arise where the processing of personal data is necessary to protect a natural person's vital interests, such as his or her life, health or security;

  4. Responsibilities within the scope of public interests, public services, or the implementation of data controller authority as mandated by the laws and regulations of the Republic of Indonesia;

  5. Fulfillment of other legitimate interests, such as CCTV recordings of PT ATI's internal areas (and areas that are PT ATI's responsibility), or public areas where PT ATI has obtained legal permission. In this case, it is necessary to pay attention to the objectives, requirements and balance of interests between the data controller and the data subject's rights and other legitimate interests; and

  6. In compliance with the provisions of laws and regulations regarding the protection of personal data that apply in the Republic of Indonesia, if required by a third party, PT ATI can show proof of consent that has been given by each Personal Data Subject in connection with the implementation of Personal Data Processing by PT ATI.


Your consent is based on the mechanism as regulated in the provisions of point C.12 of this Privacy Notice Policy is a form of your consent to the Personal Data Processing in connection with the matters as described in letters a-f above.

C. Detail Arrangement

1. PT ATI as Data Controller

In situations where PT ATI is the Personal Data Controller in accordance with the provisions of laws and regulations regarding the protection of personal data of the Republic of Indonesia ("PT ATI as Personal Data Controller”), then PT AT is obliged to have a basis for processing personal data, in the form of explicit legal consent from the Personal Data Subject for 1 (one) or several specific purposes which have been conveyed by PT ATI as the Personal Data Controller to the Personal Data Subject, in the procedure as follows regulated in the provisions of point C.12 of this Privacy Notice Policy, in connection with the following activities:

  1. Fulfillment of obligations of agreement/cooperation/provision of services provided by PT ATI, in the event that the Personal Data Subject is one of the parties or to fulfill the request of the Personal Data Subject, when entering into an agreement with PT ATI and/or carrying out cooperation with PT ATI and/or using services provided by PT ATI;

  2. Customers, Vendors, Suppliers and End Users: PT ATI processes Personal Data from personal data received from Customers, received from Vendors, received from Suppliers and/or received from End Users based on specific purposes relevant to the implementation of collaboration with each of these parties;

  3. PT ATI can also process Personal Data related to activities, implementation of payment transactions, implementation of business transactions, implementation of purchase transactions and/or visits to the PT ATI office, PT ATI website, PT ATI application, Application Program Interface (“API”) PT ATI and/or other locations/media owned or managed by PT ATI. The implementation of Personal Data Processing by PT ATI must be limited to carrying out activities necessary to carry out transactions using services provided by PT ATI, socializing and establishing relationships with PT ATI;

  4. Fulfillment of PT ATI's legal obligations as Personal Data Controller in accordance with the provisions of the applicable laws and regulations in the Republic of Indonesia;

  5. Fulfillment of protection of the vital interests of Personal Data Subjects by PT ATI as required by the laws and regulations of the Republic of Indonesia;

  6. Implementation of PT ATI's duties in the public interest, public service, or exercise of authority as Personal Data Controller as regulated in laws and regulations relating to the protection of personal data of the Republic of Indonesia;

  7. Personal Data Processing from ATI Employees and/or ATI Affiliate Employees as Personal Data Subjects, as necessary to act as an employer. Personal data of employees and former employees will be stored for the following purposes:
  1. Human resources management (including recruiting, employment, performance appraisals, payroll, taxes, health and other benefits administration, and termination processes);
  2. Communication and interaction with employees, contractors and authorized individuals;
  3. Compliance with legal and regulatory obligations;
  4. Health and safety management;
  5. Professional training and development; 
  6. Internal research, analytics and reporting; and/or
  7. Fulfillment of other legitimate interests by taking into account the objectives, needs and balance of interests of the Personal Data Controller and the rights of the entity to which the personal data is attached.

PT ATI as the Personal Data Controller will maintain the confidentiality of personal data and supervise every party involved in processing personal data under the control of PT ATI.

PT ATI can also process personal data related to transaction activities and/or visits to the PT ATI office, PT ATI website, PT ATI application, API PT ATI and/or other locations/media owned or managed by PT ATI. The implementation of Personal Data Processing by PT ATI will be limited to what is necessary to carry out transactions using services provided by PT ATI, socialize and establish relationships with PT ATI. PT ATI will store this personal data information securely and will not disclose it to any third party unless instructed by the entity to which the personal data is attached and/or as regulated in the laws and regulations of the Republic of Indonesia and/or as ordered by the authorities. authorized person.

To the extent permitted by applicable laws and regulations in the Republic of Indonesia, PT ATI may also collect some information from anonymous sources that do not require including personal information in surveys or aggregate information about how users use the PT ATI system (e.g. websites, applications, and so on).

In some cases, PT ATI may also collect personal data through use of cookies. For example, when someone accesses the PT ATI website, PT ATI can send a cookie (which is a small summary file containing a unique ID number) to the person's computer. This allows PT ATI to recognize the computer and greet users every time they visit the PT ATI website without bothering people with registration. This also allows us to track the products or services users view so that, if they allow, PT ATI can send them news about those products and services. PT ATI also uses cookies to measure traffic patterns, to determine which areas of the PT ATI website have been visited, and to measure transaction patterns in aggregate. PT ATI can use this to research user habits so that PT ATI can improve PT ATI products and services. Cookie from PT ATI does not collect personal information. If someone doesn't want to accept cookies, they can arrange a browser so as not to accept cookies.

2. PT ATI as Data Processor

As a Personal Data Processor, PT ATI can process Personal Data (“PT ATI as Personal Data Processor”) according to orders from the personal data controller (“Third Party Controller of Personal Data”), where the process is in accordance with the instructions given by the Third Party Controller of Personal Data and thus the Third Party guarantees PT ATI that written consent from the Personal Data Subject has been previously obtained for the scope as instructed by the Third Party Controller of Personal Data. Third Party Personal Data Controllers include one and/or several parties within the scope of Personal Data Providers.

3. How PT ATI Uses Personal Data

By remaining subject to the provisions of the laws and regulations in force in the Republic of Indonesia, PT ATI may use personal data for the following purposes:

  1. Process and fulfill orders, payments, and requests;
  2. Provide and personalize PT ATI products and services;
  3. Communicate with customers regarding offers, marketing, and promotions;
  4. Respond to customer questions, reviews, or support requests;
  5. Improve PT ATI's products, services and website experience;
  6. Analyze and understand user preferences and trends;
  7. Provision of services by PT ATI;
  8. Comply with legal obligations and protect the rights of PT ATI; And
  9. Matters as regulated in point C.1 of this Privacy Notice Policy.

4. Disclosure of Personal Data

In addition to the scope as provided in Section 13 of this Privacy Notice Policy and subject to the provisions of the laws and regulations in force in the Republic of Indonesia, PT ATI may share personal data with third parties as follows:

  1. Service Provider: PT ATI collaborates with trusted service providers who help us in providing products and services as well as our business operations. For example, provider cloud, payment processors, suppliers, banks, etc.

  2. Merchant: PT ATI collaborates with Merchants (customers) in providing products and services.

  3. Regulators for Legal Compliance: PT ATI can share personal data information with regulators to comply with applicable laws and regulations in Indonesia, along with their enforcement.

  4. Business Transfer Recipient: If PT ATI carries out a merger, acquisition or sale of assets, personal data may be provided as part of these activities.

  5. Permission: PT ATI can provide personal data with explicit consent from the entity to which the personal data is attached, unless otherwise specified in the laws and regulations of the Republic of Indonesia.

5. Cookie and PT ATI Website Tracking Technology

PT ATI website may use cookies and similar tracking technologies to improve visitors' browsing experience and collect information about visitors' usage patterns. Visitors can manage preferences cookie via settings browser visitors.

6. Data Security

In accordance with the provisions of the laws and regulations of the Republic of Indonesia, PT ATI takes reasonable and appropriate measures to protect personal data from unauthorized access, disclosure, alteration or destruction. However, please remember that no method of transmission over the internet or electronic storage is completely secure. PT ATI can store personal data in electronic or printed form. Personal data is destroyed or de-identified when it is no longer needed or at the request of the entity to which the personal data is attached.

Every supplier, affiliate, or non-affiliated third party acting on behalf of PT ATI is obliged to maintain the confidentiality of non-public information obtained through PT ATI, and has the right to process Personal Data as long as it has obtained written consent from PT ATI and the entity whose personal data is it is attached to it.

7. Your Data Protection Rights

In using PT ATI website, visitors have the right to access, correct, or delete personal data stored by PT ATI, as well as the right to limit or object to certain processing activities. However, if visitors choose to restrict certain processing, this may affect the visitor's experience of PT ATI products and services. To exercise visitor rights or if visitors have questions, please contact PT ATI via the channels provided below.

8. Data Retention

Subject to the provisions of the laws and regulations of the Republic of Indonesia, PT ATI will retain personal data only as long as is necessary to fulfill the purposes outlined in this Privacy Notice Policy, unless a longer retention period is required or permitted by the provisions of the laws and regulations in force in the Republic of Indonesia.

9. Children's Privacy

PT ATI products and services are not intended for individuals under 18 years of age. PT ATI does not knowingly collect personal data from children without appropriate parental consent. If you believe we have inadvertently collected personal data from a child, please contact PT ATI and PT ATI will take the necessary steps to delete information relating to the child or carry out special processing of the child's Personal Data, in accordance with statutory regulations that apply in the Republic of Indonesia.

10. Privacy Notice Policy Update

PT ATI may update the Privacy Notice Policy from time to time to reflect changes in practice or requirements of the laws and regulations of the Republic of Indonesia. PT ATI will provide notification of any material updates via the PT ATI website or other appropriate means and/or channels determined by PT ATI from time to time, in accordance with the provisions of the laws and regulations of the Republic of Indonesia.

11. Contact Us

If you have questions, concerns, or requests for further information regarding the Privacy Notice Policy or PT ATI's data protection practices, please contact PT ATI's Data Protection Officer (DPO), via email: ihsan@ayoconnect.id.

12. Explicit Statement of Personal Data Subjects

In:

  1. Using every service provided by PT ATI;
  2. Entering locations, media, systems managed by PT ATI;
  3. Accessing websites managed by PT ATI; 
  4. Accessing API managed by PT ATI; and/or
  5. Carrying out, entering, utilizing, using and/or accessing any media, platform and/or facility managed by PT ATI,

Then you are required to carefully read this Privacy Notice Policy.

By carrying out each action as described above, you hereby agree to every provision as regulated in this Privacy Notice Policy and you hereby confirm that your personal data and/or the personal data provided by you to PT ATI, has fulfilled the provisions of the Policy This Privacy Notice Policy and PT ATI have the right to carry out every activity as regulated in this Privacy Notice Policy, including processing personal data.

If you have objections to the provisions of this Privacy Notice Policy, then you are expected not to carry out all the activities as described in point 12 and please contact the PT ATI DPO.

13. Disclosure of Personal Data

In providing services and/or access as described in point 12 above, you agree that PT ATI has the right to provide your personal data to the following parties, limited to carrying out activities as described in point 12 above:

  1. Our employees, contractors or service providers for the purposes of operating our website or business, fulfilling service requests, and providing products and services;

  2. Supplier and other third parties with whom we have a commercial relationship;

  3. Any organization for any official purpose with explicit approval;

  4. Any party as required by law, or to comply with subpoenas, legal proceedings, or similar legal, judicial or arbitration proceedings, including disclosures to authorized third party auditors or governmental authorities, or to investigate or prevent fraud;

  5. Any third party that enables us to protect our copyright, protect our website from unauthorized access and fraudulent acts that could harm the website content;

  6. In terms of our employees' personal information, managing our business, and our employees' careers, payroll, calculating income taxes, approvals, recording leave and sick days, and so on;

  7. We may send direct marketing communications and information about our products and services (newsletters) to customers that we think may be of interest to them, or follow instructions from Ayoconnect. However, this communication will usually be sent to company representatives, and not to individuals in their personal capacity and can be sent in various forms in accordance with applicable regulations. If a customer indicates a preference for a method of communication, we will endeavor to use that method whenever possible. Additionally, customers have access to the Privacy Notice Policy on our website at any time and can unsubscribe from marketing communications by contacting us.