Ayoconnect provides access to computing systems that bridge interactions or connect one system to another with the aim of creating a relationship between each website, platform, and/or dashboard (Application Programming Interface - “API”). APIs can come from companies or Service Users that cooperate with Ayoconnect and/or API services developed by Us. So, it can be used optimally on Our website, platform, and/or dashboard .We collect data according to the function and purpose of Ayoconnect Services so that it can be used by Service Users. Data has a special role in our operational business to improve security in the payment transaction network, reduce the risk of fraud, and other potentially unlawful or illegal activities.
Personal Data that we can process, including but not limited to:
Data that we process is (i) data that has been provided to us in accordance with good PDP principles or data voluntarily provided by Service Users directly or through third parties who legally have the authority to disclose such Personal Data to Us; or (ii) data that is legally permitted or required by PDP Regulations to be processed without the consent of the data owner.
We may perform Personal Data Processing for any and/or all of the following purposes, namely:
In the event of a PDP failure that is stored in Ayoconnect system (database), We will provide a written notification no later than 3x24 hours (three times twenty-four hours) to Service Users containing adequate information as required by the PDP Regulations. This is a quick step that will be implemented by Ayoconnect to reduce the risk of loss to the affected parties.
The PDP failure in question is the failure to protect the Personal Data of Service Users in terms of the confidentiality, integrity, and availability of Personal Data, including security breaches, whether intentional or unintentional, leading to damage, loss, alteration, disclosure, or unauthorized access to Personal Data sent, stored or processed.
The general principle of PDP that We do is to maintain data confidentiality, secure data, and obtain approval from data owners before data processing can be carried out.
In order to protect your personal data from unauthorized Data Processing or similar risks, We have taken physical and technical organizational, administrative and preventive actions (for example, up-to-date antivirus protection and encryption). In terms of disclosing Personal Data of Service Users both internally and externally (to service providers and authorized third party agents), we only provide information that is necessary to know.
However, Service Users should be aware that no method of transmission or storage over the Internet/electronics is completely secure. We strive to protect the security of your Personal Data and continue to review, improve and update our information security measures.
In order to maintain Customer confidentiality, Personal Data must be stored in a database in a secure and encrypted manner. Any Personal Data must be stored on a password protected computer. Application data must be associated with Customer details using a unique anonymous identifier that does not consist of personal details (for example, initials or date of birth). Personal identifiers may only be retained for as long as necessary for Data Processing purposes. After Data Processing is complete, the personal identifier must be deleted. Documents that allow access to Customer's Personal Data should not be left unattended.
In particular, We may retain your Personal Data for as long as necessary to fulfill the purposes of Data Processing, or as required/permitted by applicable law. We will stop storing your Personal Data as soon as it is reasonably practicable that such storage no longer fulfills the purposes of the Data Processing and is no longer necessary for legal or business purposes.
In general, we do not process your Personal Data to countries outside the territory of Indonesia. However, if we do so, we will take steps in accordance with the PDP Regulations and ensure that the Service User's Personal Data is protected by applicable legal standards (comparable to the Indonesian PDP Regulations) for any Data Processing outside the country's borders.