PT Xapiens Teknologi Indonesia

PRIVACY POLICY FOR CUSTOMERS

(“Policy”)

Welcome to the website platform and social media channels operated by PT Xapiens Teknologi Indonesia (hereinafter referred to as "Xapiens" or “We”). Xapiens upholds  honesty, transparency and we are committed to building strong and lasting relationships with our customers based on trust and mutual benefit. This Privacy is designed to help you understand how We collect, use, disclose, and/or process the Personal Data that you have entrusted to Xapiens and/or that Xapiens holds about you.

DEFINITION OF PERSONAL DATA

“Personal Data” means any information or piece of information that may identify you either directly (for example: your name) or indirectly (for example: through pseudonymous data such as a unique ID number) that can be identified from that data alone or from that data and other information that an organization can or is likely able to access.

Common examples of Personal Data include your name, identification number, and contact information.

PERSONAL DATA WE COLLECT

We collect or receive data from you through our website, forms, devices, social media pages, or other means. The type of Personal Data We collect depends on the circumstances of the collection and the nature of the services or products you use, to the extent permitted by applicable laws and regulations.

Xapiens will process your Personal Data based on the following grounds:

a. Contractual obligation or in order to enter into a contract and

taking actions at your request in relation to services;

b. Legitimate business interests, such as, fraud prevention, maintaining the security of our network and services, direct marketing, and improving our services;

c. Compliance with legal obligations, including accounting and tax requirements and regulations related to electronic transactions and financial services, which are subject to strict conditions (such as retention periods), procedures, and your rights to restrict the use of your data, which may affect the scope of information that can be provided; and/or

d. Substantial public interest, for example, to assiting in detecting and preventing fraud, terrorism, corruption, tax evasion, and financial crimes, or to protect the economic well-being of certain individuals.

 

We may collect your Personal Data under the following circumstances, including but not limited to:

a. Register for and/or use our Services or Platform, or open an account with us;

b. Provide information while using our Services or Platform, or submit any form, including but not limited to application forms or other forms related to our products and services, either online or in physical form;

c. Provide documents or other information in relation to your interactions with us, or when using our products and services;

d. Interact with us, such as via phone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms, our website and email, chat applications such as whatsapp, including interactions with our Customer Care Specialists;

e. Subscribe to our newsletters, alerts, or other services;

f.  Make a transaction through our Services and Portal;

g. Submit feedback, suggestions, or complaints to us;

h. grant permission to other companies to share information about you;

i. Register for a contest;

j. Make your information becomes publicly available; or

k. Otherwise Submit your Personal Data to us for any reason

The list above is not intended to be exhaustive and only provides some common examples of when your Personal Data may be collected.

We may also collect information from certain third parties, as long as We have a lawful basis for doing so, including fraud prevention agencies, business organizations, credit reference or screening agencies, billing agencies, and other network providers.

By using the Services, registering an account with us, visiting or accessing the Services, you acknowledge and agree that you accept the practices, terms, and/or policies described in this Privacy Policy, and you hereby authorize us to collect, use, disclose, and/or process your Personal Data as described herein.

 

If you do not consent to the processing of your Personal Data as described in this Privacy Policy, please do not use our Services. In the event that we amend our Privacy Policy, We will will publish such amendments or the revised Privacy Policy on our Platform. We reserve the right to amend this Privacy Policy at any time.

In certain situations, you may provide us with the Personal Data of other individuals (such as your family members, friends, or people in your contact list). If you provide us with their Personal Data, you represent and warrant that you have obtained their consent for their Personal Data to be processed in connection with this Policy.

 

We use cookies (small text files stored in your browser) and other tracking technologies to monitor your activities. For further details about this and how to opt-out, please refer to the 'Cookies' section of this Policy.

The types of information We may collect (where applicable) include:

a. Your name, address, telephone and/or mobile number, date of birth, gender, information about your property or home, occupation, income, identification number, and email address.

b. Your credit or debit card information, bank account details, and other financial information. For example, you will be required to provide this information when registering for services. We will also collect necessary data to process payments each time you make a purchase.

c. Your transaction data, such as call records (e.g., numbers you call, time and duration), or how you use internet data, as part of our provision of telecommunication services to you.

d. Your location data, which may be precise when using GPS or by identifying the nearest cell towers or Wi-Fi hotspots when location-based services or features are enabled. It can also be less precise, such as based on your IP address, postal code, or city name.

e. Your interactions with us, such as records or recordings of calls to our customer service centers, live chat sessions, emails or letters sent to us, or other types of communication from any channel.

f. Credential information – We may collect passwords, hints, and similar security information used for authentication and access to services and accounts.

g. Your preferences for specific products, services, and activities when you directly inform us, or when We infer them based on how you use our products and services.

h. Your advertising ID, used for marketing and advertising activities.

i. Information about the device you use, such as International Mobile Equipment Identity (IMEI) or other unique identifiers, type of network connection (mobile or fixed), device provider, network and device performance, browser type, language, digital rights management information, and operating system.

j. Metadata of your ssage activity, inculuding  card activation, voice call usage, data usage, Value-Added Services (VAS) activation, prepaid top-ups, postpaid bill payments, prepaid balance transfers, content and package purchases, as well as your profile and segmentation.

k. Please refer to the 'Cookies' section for detail on the infomation We collect throught cookies, Web beacons, and other technologies, including advertising data.

l. Your browsing history. We do not retain the websites you visit, as this is only stored temporarily to establish a connection. Where you have granted permission, We may collect categories of Websites you’ve browsed (e.g., sports, music, or news) on your mobile device or PC and use these preferences to offer you personalized deals or show tailored advertisements. You can opt out of this via Cookies. For further information on marketing communications, see the ‘Opt-Out’ section under ‘Your Rights’ in this Policy.

m. Information obtained from other sources, such as credit agencies, fraud prevention agencies, and data providers. This may include demographic data, interest-based data, and online behavior data.

n. In certain circumstances (if permitted by law), We may process specific categories special categories of Personal Data or Personal Data relating to criminal offenses and sanctions. Special categories of Personal Data may include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health-related data, or biometric data.

 

If We collect any additional categories of Personal Data from you, We will notify you separately or via other appropriate mechanisms as required by regulation, while continuing to protect your Personal Data in accordance with this Privacy Policy.

USE OF PERSONAL DATA

We will use your personal information for the following purposes:

  1. To consider and/or process your applications/transactions with us or your transactions and communications with third parties through the Services;
  2. To admister, operate, provide, and/or manage your use and/or access to our Services and Platform (including, without limitation, remembering your preferences), as well as your relationship with us and your user account with;
  3. To respond to, process, handle, or resolve transactions, complaints, and/or fulfill your requests for certain products and services, and to notify you about service issues and unusual account activities;
  4. To enforce the Terms of Service;
  5. To protect the personal safety, rights, property, or security of others individuals;
  6. For purposes of identification, verification, due diligence, or “know your customer” (KYC) purposes;
  7. To make product recommendations;
  8. To communicate and implement KYC procedures with you;
  9. To handle or facilitate customer service, execute your instructions, and respond to any inquiries made by (or on behalf of) you;
  10. Contact you or communicate with you via telephone calls, text messages and/or fax messages, emails and/or postal mail or other means for the purpose of administering and/or managing your relationship with Us or your use of Our Services, such as but not limited to communicating administrative information to you relating to Our Services. You acknowledge and agree that such communication by Us may be made by sending you letters, documents or notices, which may involve the disclosure of certain Personal Data about you to make such delivery and may also be included on the outer cover of the envelope/postal package;
  11. To conduct research, analysis, and Customer Satisfaction Surveys (Net Promotor Score - NPS) to understand how you use our Services and improve our products, services, and customer experience;
  12. To enable audits and surveys to validate the size and composition of our target audience and understand their experience with Xapiens Services;
  13. For marketing and advertising purposes, including sending you marketing and promotional information via various communication channels about products and/or services (including those of third parties collaborating with or related to Xapiens), whether currently available or developed in the future. You may unsubscribe from marketing communications at any time using the unsubscribe function in electronic marketing materials or by contacting our Customer Service. We may use your contact information to send newsletters from us or affiliated companies;
  14. You will be automatically subscribed to Xapiens newsletters after email verification via OTP. If you do not wish to receive these, please click the ‘unsubscribe’ button at the bottom of the email;
  15. To offer loyalty programs, partner offers, bonuses, and other co-branded marketing efforts, such as merchant loyalty programs, seller offers, or co-branded credit cards in collaboration with third parties;
  16. To respond to legal processes or comply with applicable laws, government requirements, or regulations within relevant jurisdictions, or if We believe in good faith that disclosure is necessary, including meeting disclosure requirements under binding legal obligations for Xapiens or its related companies or affiliates (which may include displaying your name, contact details, and company information);
  17. To generate statistics and conduct research for internal reporting and legal or archival retention requirements;
  18. To perform due diligence or other screening activities (including background checks) as required by law, regulations, or our risk management procedures;
  19. To perform risk and/or credit assessments and determine products or terms, including credit products, financial services, or other applicable products, offered by Xapiens or its affiliates;
  20. To audit our Services or Xapiens business operations;
  21. To prevent or investigate actual or suspected breaches of the Terms of Service, fraud, unlawful activities, neglect or errors related to your use of our Services or arising from your relationship with us;
  22. To respond to threatened or actual claims made against Xapiens or claims that any Content infringes third-party rights;
  23. To store, maintain, and back up your Personal Data (including disaster recovery), both within or outside your jurisdiction;
  24. Dealing with/and or facilitating business asset transactions or potential business asset transactions, where such transactions involve Xapiens as a participant, or involve only related companies or affiliates of Xapiens as participants or involve Xapiens and/or one or more related companies or affiliates of Xapiens as participants, and there may also be other third party organizations that are participants in such transactions. “Business asset transactions” refers to the purchase, sale, lease, merger, amalgamation or other form of acquisition, disposal or financing of an organization or part of an organization or any business or assets of an organization; and/or
  25. To perform automated decision-making as needed for the above purposes; and/or
  26. For any other purposes We notify you of when obtaining your consent.

To show relevant advertising, you will also see targeted advertising based on cookie usage reflecting your preferences. This may occur on Xapiens’ websites, other organizations’ Websites, or online media channels such as social media sites. We may combine cookie data with other data We have collected. If you do not want any information processed through cookies, please see the ‘Cookies’ section of this Policy, which explains how to control and opt-out of cookies.

Please note that opting out of interest-based advertising does not stop advertisements from being shown — it only means ads will not be tailored to your preferences. You may also see ads on your social media feeds (e.g., Facebook or Twitter). To stop receiving these ads, adjust your ad settings on those platforms.

We will process your Personal Data and transaction history to protect and detect fraud, prevent misuse or damage to our network, perform debt recovery, or track those who have not fulfilled payment obligations for using our Services.

(Together referred to as the “Purposes”).

You acknowledge, agree, and consent that Xapiens may access, store, and disclose your Personal Data and information if required by law, court order, or by government authorities or regulators having jurisdiction over Xapiens, or if Xapiens reasonably believes in good faith that such storage, disclosure, or access is necessary to:

a)     Comply with legal processes;

b)     Comply with any  requests from  government authority or regulator with jurisdiction over xapiens;

c)     Enforce xapiens’ terms of service or this privacy Policy;

d)     Respond to any threatened or actual claims against xapiens or other claims that any content infringes third-party rights;

e)     Respond to your customer service requests; or

f)       Protect the rights, property, or personal safety of xapiens, its users, and/or the public.

Since the purposes for which We may collect, use, disclose, or process your Personal Data depend on the circumstances, such purposes may not be limited to those listed above. HoWever, We will notify you of any such additional purposes at the time We obtain your consent, unless processing without your consent is permitted by applicable law.

 

RETENTION PERIOD OF YOUR PERSONAL DATA

We are committed to collecting, processing, and storing your Personal Data using encryption or other methods with the best protection based on the law to provide our Services.

Personal Data may be stored within or outside the territory of Indonesia, while still fulfilling obligations related to access and effective supervision in accordance with applicable laws and regulations.

We Xapiens will retain Personal Data for as long as you continue to use the Services and/or in accordance with applicable laws and regulations.

Personal Data may be stored within or outside the territory of Indonesia, subject to compliance with applicable data protection laws and regulations.

SECURITY OF YOUR PERSONAL DATA

We are committed to safeguarding your Personal Data and taking all reasonable precautions to do so. We contractually require trusted third parties to process your Personal Data on our behalf to do adhere the same standards of protection.

We always do our best to protect your Personal Data and, once We receive it, We use strict security procedures and features to try to prevent unauthorized access. Because the transmission of information over the internet is not completely secure, While We implement reasonable security measures, We cannot guarantee absolute security of data transmitted via the internet. Accordingly, any transmission of Personal Data is undertaken at your own risk.

COOKIES

From time to time, We or our authorized service providers may use "cookies" or other features to enable us to collect or share information related to your use of the Services or Platform. These features help us improve the Platform and Services We offer or help us provide new services and features.

A "cookie" is an identifier stored on your computer or mobile device that records data about your computer or device, such as how and when the Services or Platform are used or visited, by how many people, and other activities within our Platform. We may link cookie information to Personal Data. Cookies are also linked to information about items you have selected for purchase, and the Web pages you have viewed. This information is also used to track your shopping cart, deliver content tailored to your interests, perform data analysis, and monitor the use of our Services.

You may refuse the use of cookies by selecting the appropriate settings on your browser or device. HoWever, please note that if you do so, you may not be able to use the full functionality of our Platform or Services.

 

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

a. Right of Access

You have the right to know whether We are processing your Personal Data and to request a copy of the Personal Data We process concerning you.

b. Right to Rectification

You have the right to request correction of any incomplete or inaccurate Personal Data We hold about you. Please note that this process may take up to seventy-two (72)  hours to be processed in our system from the date of the request. We will notify you once the correction is completed.

c. Right to be Forgotten (Right to Erasure)

You have the right to request that We delete any Personal Data We hold about you, except when it is necessary for us to retain the information to comply with legal obligations or to enforce, exercise, or defend legal rights.

d. Right to Restrict Processing

You have the right to restrict the processing of your Personal Data in certain situations. In such cases, We will refrain from using your data for any purposes other than storage.

e. Right to Data Portability

You have the right to receive the Personal Data We hold about you in a structured electronic format. Additionally, you have the option to transfer this Personal Data to another data controller, provided that (a) you initially provided us with this Personal Data and (b) We process the data based on your consent or to fulfill a contract with you or a third party subscribing to our services.

f. Right to Object to Processing

You have the right to object to the processing of your Personal Data for the following purposes: (1) Targeted Advertising; (2) Sale of Personal Data; and/or (3) Profiling leading to decisions with legal consequences.

g. Right to Object Based on Legitimate Interests

If the processing of your Personal Data is based on our legitimate interests, you may object for reasons related to your particular situation. We will respect your objection unless We have compelling legitimate grounds to continue processing that override your interests and rights, or if processing is necessary for the establishment, exercise, or defense of legal claims.

h. No Discrimination and No Retaliation

You have the right to receive services without denial or modification of your experience simply because you exercise your rights.

i. Right to Lodge a Complaint

You have the right to file a complaint with the relevant data protection authority.

 

You may submit a request to exercise any of these rights related to your Personal Data by sending a request to our team. To protect your privacy and security, We may, at our discretion, ask you to verify your identity before providing the requested information.

 

WITHDRAWAL OF CONSENT

If you have given us consent to process your Personal Data, you may freely withdraw that consent at any time without any charge. This includes situations where you want to unsubscribe from marketing messages sent by us. To withdraw your consent, please contact us.

After receiving your request to withdraw consent to receive marketing or promotional materials or communications, please note that the withdrawal process may take up to 3x24 hours to be processed in our system. As a result, you may continue to receive marketing or promotional materials or communications during this period.

Once the withdrawal process is completed, We will cease thecollection, using, and/or disclosing your Personal Data, except in cases where We need to retain it for compliance, regulatory, or other legal purposes.

 

CHILDREN’S PRIVACY

We refrain from knowingly collecting Personal Data from individuals under the age of 18.

 

CHANGES/UPDATES TO THE PRIVACY POLICY

As part of our efforts to properly manage, safeguard, and process your Personal Data, We will periodically review and assess our policies, procedures, and processes. As part of this commitment, Xapiens may modify this Policy to adapt to industry trends and changes in laws or regulations. We reserve the right to amend this Policy.

By accessing our Website, you acknowledge your acceptance of the terms outlined in this Policy, which may be updated from time to time. Any changes to the Policy will be published on our Website. Your continued use of the Platform and/or our services after changes to the Policy implies your consent to comply with the updated Policy terms.

We recommend checking our Website regularly to stay informed about the latest developments in our Personal Data protection policies.

We reserve the right to charge you a reasonable fee for handling and processing your requests to access your Personal Data, subject to applicable regulations and after notifying you of the estimated cost.

We will correct/update your Personal Data based on your request within 5 (five) working days and/or in accordance with the provisions of the Privacy Law.

 

Contact Us

If you have questions regarding your Personal Data or this Policy, wish to file a complaint about the collection, use, or management of your Personal Data by us, or have questions regarding our compliance with applicable laws, please do not hesitate to contact us electronically via email at [email protected].