PERSONAL DATA (PRIVACY) ORDINANCE - PRIVACY POLICY STATEMENT
GENERAL
This policy statement provides information on the obligations and policies
of LINKMEDIA Limited, its subsidiaries, affiliates, and associated companies
(the "Company") under the Republic of Indonesia Personal Data
(Privacy) Ordinance 1995 - Cap.486 (the "Ordinance").
Although this policy specifically addresses the Company's obligations
in respect of the laws of the Republic of Indonesia, the Company believes
the principles embedded in the Ordinance are equal to any in the world
in respect of the protections they provide to an individual. As such,
the Company undertakes to apply, where practicable, those principles and
the processes set out herein to its operations globally.
Where the Company's operations are subject to privacy legislation other
than that of Republic of Indonesia, then this policy shall be applied
so far as practicable and consistent with such local legislation. For
further details on the Company's compliance with the Ordinance and any
other privacy legislation, please contact the Company's Privacy Compliance
Officer at the address listed below.
Throughout this policy, our use of the term "personal data"
has the meaning ascribed to it by the Ordinance.
OUR CORPORATE POLICY
The Company shall fully comply with the obligations and requirements
of the Ordinance. The Company's officers, management, and members of staff
shall, at all times, respect the confidentiality of and endeavor to keep
safe any and all personal data collected and/or stored and/or transmitted
and/or used for, or on behalf of, the Company.
The Company shall endeavor to ensure all collection and/or storage and/or
transmission and/or usage of personal data by the Company shall be done
in accordance with the obligations and requirements of the Ordinance.
Where an individual legitimately requests access to and/or correction
of personal data relating to the individual, held by the Company, then
the Company shall provide and/or correct that data in accordance with
the times and manner stipulated within the Ordinance.
STATEMENT OF PRACTICES
TYPES OF PERSONAL DATA COLLECTED
For the purpose of carrying on the Company's business, including registration
and administration of the Company's telecommunications and related products
and services (including relevant online services), you may be requested
to provide personal data such as, but not limited to, the following, without
which it may not be possible to satisfy your request:
(a) Your name;
(b) Service installation address, correspondence address, and/or billing
address;
(c) Account details, including account numbers, service numbers, or user
accounts;
(d) Payment details, including credit card and banking information;
(e) Contact details, including contact name and telephone number or email
address; or
(f) Information for the verification of identity, including identification
type and identification number.
In some instances, you may also be requested to provide certain data
that may be used to further improve our products and services and/or better
tailor the type of information presented to you. In most cases, this type
of data is optional although, where the requested service is a personalised
service, or provision of a product is dependant on your providing all
requested data, failure to provide the requested data may prevent us from
providing the service to you. This type of data includes, but is not limited
to:
(a) Your age;
(b) Gender;
(c) Salary range and employment details;
(d) Education and Profession;
(e) Hobbies and leisure activities;
(f) Other related products and services subscribed to; and
(g) Family and household demographics.
In support of the telecommunications and other services offered by the
Company, information may be automatically collected relating to those
services so we may perform accurate reporting and administration of your
accounts such as, but not limited to, call/connection time, duration,
origin, and destination.
The Company's web servers may also collect data relating to your online
session, the use of which is to provide aggregated, anonymous, statistical
information on the server's usage so that we may better meet the demands
and expectations of visitors to our sites. This type of data may include,
but is not limited to:
(a) The browser type and version;
(b) Operating system; and
(c) The IP address and/or domain name.
Some of the Company's web sites may place a "cookie" on your
machine; for example to provide personalised services and/or maintain
your identity across multiple pages within or across one or more sessions.
This information may include, but is not limited to, relevant login and
authentication details as well as information relating to your activities
and preferences across our web sites.
Under certain circumstances, telephone calls made to our order and/or
service hotlines and/or inquiry telephone numbers are recorded for the
purposes of quality control, appraisal, as well as staff management and
development. Unless expressly indicated at the time of calling, such recordings
are NOT personal data of the caller and therefore, in respect of the caller,
are not subject to the various provisions of the Ordinance and the caller
has no rights and/or claims; either statutory, contractual or tortious,
over or to such data. At all times, every care is taken to protect such
recordings from inadvertent and/or unauthorized access.
ACCURACY OF PERSONAL DATA
Where possible, we will validate data provided using generally accepted
practices and guidelines. This includes the use of check sum verification
on some numeric fields such as account numbers or credit card numbers.
In some instances, we are able to validate the data provided against pre-existing
data held by the Company. In some cases, as per the requirements of the
Ordinance, the Company is required to see original documentation before
we may use the personal data such as with Personal Identifiers and/or
proof of address.
Although we do not currently provide online access to and correction
of personal data held by the Company, we fully comply with the "Rights
of Access and Correction" obligations of the Ordinance. Please refer
to the section titled "Access and Correction of Personal Data "
below for details on how you can obtain and correct any personal data
relating to you that we may hold.
RETENTION OF PERSONAL DATA
The Company will destroy any personal data it may hold in accordance
with our internal retention policy. The policy states that:
(a) Personal data will only be retained for as long as is necessary to
fulfil the original or directly related purpose for which it was collected,
unless the personal data is also retained to satisfy any applicable statutory
or contractual obligations; and
(b) Personal data are purged from the Company's electronic, manual, and
other filing systems in accordance with specific schedules based on the
above criteria and the Company's internal procedures.
DISCLOSURE OF PERSONAL DATA
All personal data held by the Company will be kept confidential but the
Company may, where such disclosure is necessary to satisfy the purpose,
or a directly related purpose, for which the data was collected provide
such information to the following parties:
(a) Any subsidiaries, holding companies, associated companies, or affiliates
of, or companies controlled by, or under common control with the Company;
(b) Any person or company who is acting for or on behalf of the Company,
or jointly with the Company, in respect of the purpose or a directly related
purpose for which the data was provided;
(c) Any other person or company who is under a duty of confidentiality
to the Company and has undertaken to keep such information confidential,
provided such person or company has a legitimate right to such information;
and
(d) Any financial institutions, charge or credit card issuing companies,
credit information or reference bureaux, or collection agencies necessary
to establish and support the payment of any services being requested.
Personal data may also be disclosed to any person or persons that have
a right under the Ordinance to gain access to such information provided
they are able to prove their authority to access such information. For
example, if the Company were served with a court order demanding certain
customer information then the Company would disclose the information to
the duly appointed officer of the court or such other persons as the court
orders.
TRANSFER OF PERSONAL DATA OUTSIDE OF INDONESIA
At times it may be necessary and/or prudent for the Company to transfer
certain personal data to places outside of the Republic of Indonesia in
order to carry out the purposes, or directly related purposes, for which
the personal data were collected. Where such a transfer is performed,
it will be done in compliance with the requirements of the Ordinance.
SECURITY OF PERSONAL DATA
Physical records containing personal data are securely stored in locked
areas and/or containers when not in use.
Computer data are stored on computer systems and storage media to which
access is strictly controlled and/or are located within restricted areas.
Access to records and data without appropriate management authorization
are strictly prohibited. Authorizations are granted only on a "need
to know" basis that is commensurate with an individual's Company
responsibilities and their training.
Records of the Company are under the control of assigned information
officers who are responsible to ensure the transfer of or access to information
is legitimate and complies with the Ordinance.
Audit records may be produced to validate data modifications in order
to verify the data's integrity.
There may be violations logging processes for investigation of any unauthorized
attempt to access information.
Encryption technology, such as SSL, may be employed for the transmission
of data collected online.
ACCESS AND CORRECTION OF PERSONAL DATA
Under the terms of the Ordinance, individuals have the right to:
(a) Check whether the Company holds any personal data relating to them
and, if so, obtain copies of such data;
(b) Require the Company to correct any personal data relating to them
which is inaccurate for the purpose for which it is being used; and
(c) Ascertain the Company's policies and practices in relation to personal
data, which are those policies and practices set out in their entirety
herein.
An individual may exercise his or her right of access by:
(a) Completing the form "Personal Data (Privacy) Ordinance 1995
- LINKMEDIA Data Subject Access Request" (LINKMEDIA/PDPF001A/1203)
- see also Note 1 below;
(b) Sending the completed form, along with appropriate proof of identity
(a copy of the applicant's IndonesiaIdentity Card or Passport) and the
prescribed fee to the Company's Privacy Compliance Officer at the address
listed below.
(c) Alternatively, if you do not wish to provide a copy of your proof
of identity, you may present the completed form (LINKMEDIA/PDPF001A/1203)
- see also Note 1 below - in person, along with appropriate identification,
at any of our conveniently located LINKMEDIA Shop listed below. There,
staff will verify your identity and stamp the completed form appropriately.
Please send the stamped form and processing fee to the Company's Privacy
Compliance Officer at the address listed below for processing.
The Company will, upon satisfying itself of the authenticity and validity
of the access request, make every endeavor to comply with and respond
to the request within the period set by the Ordinance.
An individual may exercise their right of correction by:
(a) Writing to the Company's Privacy Compliance Officer at the address
listed below, specifying the data which they believe to be incorrect,
the reason they believe it is incorrect, and the applicable corrections;
and
(b) Providing "proof of identity" verifying that the individual
making the request is authorized to request such corrections.
The Company will, upon satisfying itself of the authenticity and validity
of the correction request, make every endeavor to comply with and respond
to the request within the period set by the Ordinance.
DIRECT MARKETING
In accordance with the requirements of the Ordinance, the Company will
honor an individual's request not to use his or her personal data for
the purposes of direct marketing. Should you wish not to receive direct
marketing material from the Company, please write to the Company's Privacy
Compliance Officer at the address listed below.
Any such request should clearly state details of the personal data in
respect of which the request is being made. Specifically, we request that
you include the corresponding Company assigned account numbers which are
printed on the Company's statements/invoices. Please also state clearly
the authority under which you are authorized to make such a request.
Unless otherwise instructed as per the above, the Company may use any
of the data collected in the normal course of its business for marketing
purposes.
RECRUITMENT AND EMPLOYMENT
RECRUITMENT
During the recruitment process, job applicants may be required to provide
sufficient personal data so that the Company may, as appropriate and/or
applicable:
(a) Assess the applicant's suitability for the position being applied
for;
(b) Assess the applicant's suitability for other positions the Company
may have available;
(c) Determine preliminary remuneration and benefit packages;
(d) Verification of credentials and/or experience; and
(e) Perform security vetting and/or integrity checking
At a minimum, such personal data will include:
(a) The applicant's name and contact details, including address and telephone
number(s);
(b) Previous employment and relevant experience; and
(c) Education and relevant training.
Additional information may also be required dependant on the nature of
the position being applied for.
The applicant is responsible for ensuring all personal data they provide
is accurate and complete. The provision of inaccurate information or the
withholding of requested information may prevent the Company from making
an offer of employment, invalidate such offer if the inaccuracy or omission
is discovered after an offer has been made, or lead to termination of
employment if the inaccuracy or omission is discovered after employment
has commenced.
The personal data so provided may be transferred to persons within the
Company who are involved in the assessment of the applicant's suitability
for the position applied for and/or other positions, which may be, or
may become, available within the Company. The data may also be transferred
to other third parties, such as investigation agencies, as are necessary
to satisfy the purposes set out above.
The Company shall retain the personal data of unsuccessful applicants
for future recruitment purposes for a period of two years from the date
of application. The personal data of successful applicants shall be retained
for the duration of their employment by the Company and as described below
under the heading of "Employment, Including Post Employment".
In respect of the Company's practices regarding matters not directly
addressed in this section "Recruitment", the practices, and
procedures set out in the preceding sections of this Privacy Policy Statement
shall apply.
EMPLOYMENT, INCLUDING POST EMPLOYMENT
In the course of employment by the Company, personal data of employees
and their families, as appropriate, will be collected and used on an ongoing
basis for various Human Resource purposes including but not limited to;
administering staffing, performance management, training, career development,
salary and benefits administration, communication, medical benefits, provident
fund administration, insurance, taxation, welfare and providing information
in compliance with legal requirements. It will be transferred to those
internal departments, intra-company, and/or to other third parties as
is necessary for the purposes.
The Company retains certain personal data of employees when they cease
to be employed by the Company. Such data are required for any residual
employment-related activities of the former employee including, but not
limited to:
(a) The provision of job references;
(b) Processing applications for re-employment;
(c) Matters relating to retirement benefits; and
(d) Allowing the Company to fulfil contractual or statutory obligations.
Further details regarding the Company's polices and practices in respect
of its handling of personal data relating to its employees, including
post employment, are included in the Company's Human Resources Policies
and Staff Handbooks. They are also available to the Company's employees
from either the Company's Privacy Compliance Officer or directly from
their respective Human Resources representative.
THE COMPANY'S PERSONAL DATA (PRIVACY) ORDINANCE CONTACT DETAILS
All enquiries regarding the Company's compliance with its obligations
under the Ordinance should be in writing to:
LINKMEDIA Privacy Compliance Officer
Coklat Barat 22
Malang 65141
Jawa Timur
Indonesia
Or via email to:
Note 1: The Company will honor requests made either on its own form,
"Personal Data (Privacy) Ordinance 1995 - LINKMEDIA Data Subject
Access Request" (LINKMEDIA/PDPF001A/1203), or on that prescribed
by the Republic of Indonesia Privacy Commissioner for Personal Data (form
no.: OPS003), which is available from the Privacy Commissioner's Office,
provided all mandatory data as specified in the LINKMEDIA form has been
supplied.
(If there is any inconsistency or conflict between the English and Indonesian
versions, the English version shall prevail.)
With us, make your work so easily and enjoyable at Home. We give you solution for you who wants to running your company at home. 
