Privacy Policy

This Privacy Policy sets out the basis on which PT Ayopop Teknologi Indonesia (“Ayoconnect” or “We” or “Our” or “Us”) may collect, use, disclose, and/or process the personal data of Our users (“Service Users” or “You“) when you use our website at https://id.ayoconnect.com/, our platform, and/or dashboard ("Services") in accordance with Law No. 27 of 2022 concerning Personal Data Protection (“PDP”); Government Regulation No. 71 of 2019 concerning Implementation of Electronic Systems and Transactions; Ministry Regulations Communication and Information Technology No. 20 of 2016 concerning Protection of Personal Data in Electronic Systems; and other applicable regulations regarding personal data in Indonesia ("PDP Regulation"). This Privacy Policy applies to personal data that We have or are under Our control, including personal data held by organizations that We have engaged to collect, use, disclose, and/or process personal data for Our purposes (“Data Processing”). 

By using Our Services or register an account, you agree to this Privacy Policy as set out further below. Please read this Privacy Policy carefully, if you do not agree with this Privacy Policy, please immediately stop using Our Services and request the deletion of personal data that we may have processed.

1. Overview

Ayoconnect provides access to computing systems that bridge interactions or connect one system to another with the aim of creating a relationship between each website, platform, and/or dashboard (Application Programming Interface - “API”). APIs can come from companies or Service Users that cooperate with Ayoconnect and/or API services developed by Us. So, it can be used optimally on Our website, platform, and/or dashboard .We collect data according to the function and purpose of Ayoconnect Services so that it can be used by Service Users. Data has a special role in our operational business to improve security in the payment transaction network, reduce the risk of fraud, and other potentially unlawful or illegal activities.

2. Personal Data

2.1
In this Privacy Policy, unless the context requires otherwise, the following terms will have the following definitions:

  1. Personal Data is data about an individual who is identified or can be identified alone or in combination with other information either directly or indirectly through the electronic or non-electronic system.Personal Data consists of: (i) Specific Personal Data; and (ii) General Personal Data. With the following details:
  1. Specific Personal Data:
  1. health data and information;
  2. biometric data;
  3. genetic data;
  4. criminal records;
  5. child data;
  6. personal financial data; and/or
  7. other data in accordance with the provisions of the legislation.
  1. General Personal Data:
  1. full name;
  2. gender;
  3. citizenship;
  4. religion;
  5. marital status; and/or
  6. Personal Data combined to identify a person.
  1. Service Users are individuals/companies who: (i) have registered and/or used an account through Our Services, or (ii) have cooperated and signed a contract with Us.

2.2
Personal Data that we can process, including but not limited to:

  1. Service User Data (for example, (i) full name; (ii) residential address according to identity card; (iii) place and date of birth; (iv) occupation; (v) gender; (vi) signature or biometric data; (vii) corporate name; (viii) business license number; (ix) domicile address of company; (x) telephone number; and (xi) the name of the person in charge.
  2. Financial transaction data (for example, records of data containing information such as but not limited to (i) transaction processing information carried out by the Service User's customer (or the Service User itself as the context) through the website and platform that is recorded on the Dashboard; and (ii) information on transactions that have been successfully carried out and can be proven by electronic records which are declared to be fully accepted and declared successful as recorded on the Dashboard.

3. Data Processing

3.1
Data that we process is (i) data that has been provided to us in accordance with good PDP principles or data voluntarily provided by Service Users directly or through third parties who legally have the authority to disclose such Personal Data to Us; or (ii) data that is legally permitted or required by PDP Regulations to be processed without the consent of the data owner.

3.2
We may perform Personal Data Processing for any and/or all of the following purposes, namely:

  1. verifying the identity of the Service User's customer and the Service User's;
  2. perform obligations in connection with the Ayoconnect Services;
  3. respond, handle, and process the questions, requests, complaints and suggestions of Service Users;
  4. support processing of payment transactions;
  5. improve the quality of payment transaction services through performance quality reviews;
  6. send service notifications when there are updates to the website, platform, and/or dashboard;
  7. sending marketing communications;
  8. comply with PDP Regulations, codes of practice, or assist with law enforcement and investigations carried out by relevant government authorities and/or regulators.

4. Data Protection and Security

In the event of a PDP failure that is stored in Ayoconnect system (database), We will provide a written notification no later than 3x24 hours (three times twenty-four hours) to Service Users containing adequate information as required by the PDP Regulations. This is a quick step that will be implemented by Ayoconnect to reduce the risk of loss to the affected parties.

The PDP failure in question is the failure to protect the Personal Data of Service Users in terms of the confidentiality, integrity, and availability of Personal Data, including security breaches, whether intentional or unintentional, leading to damage, loss, alteration, disclosure, or unauthorized access to Personal Data sent, stored or processed.

The general principle of PDP that We do is to maintain data confidentiality, secure data, and obtain approval from data owners before data processing can be carried out.

In order to protect your personal data from unauthorized Data Processing or similar risks, We have taken physical and technical organizational, administrative and preventive actions (for example, up-to-date antivirus protection and encryption). In terms of disclosing Personal Data of Service Users both internally and externally (to service providers and authorized third party agents), we only provide information that is necessary to know.

However, Service Users should be aware that no method of transmission or storage over the Internet/electronics is completely secure. We strive to protect the security of your Personal Data and continue to review, improve and update our information security measures.

5. Storage of Personal Data

In order to maintain Customer confidentiality, Personal Data must be stored in a database in a secure and encrypted manner. Any Personal Data must be stored on a password protected computer. Application data must be associated with Customer details using a unique anonymous identifier that does not consist of personal details (for example, initials or date of birth). Personal identifiers may only be retained for as long as necessary for Data Processing purposes. After Data Processing is complete, the personal identifier must be deleted. Documents that allow access to Customer's Personal Data should not be left unattended.

In particular, We may retain your Personal Data for as long as necessary to fulfill the purposes of Data Processing, or as required/permitted by applicable law. We will stop storing your Personal Data as soon as it is reasonably practicable that such storage no longer fulfills the purposes of the Data Processing and is no longer necessary for legal or business purposes.

6. Storage of Personal DataTransfer of Personal Data to Outside Country Boundaries

In general, we do not process your Personal Data to countries outside the territory of Indonesia. However, if we do so, we will take steps in accordance with the PDP Regulations and ensure that the Service User's Personal Data is protected by applicable legal standards (comparable to the Indonesian PDP Regulations) for any Data Processing outside the country's borders.

7. Privacy Policy Changes and Notices

We may make changes to the Privacy Policy from time to time with notice. You have an obligation to review this Privacy Policy periodically, your continued use of Ayoconnect Services constitutes your acknowledgment and acceptance of the changes.

Any changes will take effect according to the date when this Privacy Policy was last updated and published on the Ayoconnect website. Accordingly, notice of changes to the Privacy Policy is immediately deemed to have been received by the Service User within 24 (twenty four) hours since it was published on the Ayoconnect site.

8. Contact Information and Official Complaints Line

If you have any questions about the Privacy policy, any concerns or complaints regarding the treatment of your privacy, know or suspect a possible violation of privacy, and/or request the treatment of the rights of the personal data subject (request, change, update, access, termination, and withdrawal of consent for Personal Data Processing) please contact us at info@ayoconnect.id. If Service Users raise questions or complaints, Our representatives will contact them within a reasonable time after receiving the complaint to discuss the problem and outline options on how the related issue can be resolved. We strive to ensure that all complaints are resolved in a timely manner.