PERSONAL DATA PROTECTION NOTICE
PT CIKARANG LISTRINDO TBK

PTCL recognizes the importance of transparency and empowering users in managing their personal data, in accordance with the applicable personal data protection regulations. Below, you will find information about the data subject rights that users can exercise, as well as the procedures to be followed obtain services for the fulfillment of data subject rights. In accordance with the PDP Law, data subject rights include, among others:

• Right to information;
• Right to access;
• Right to rectify or update;
• Right to request deletion and destruction;
• Right to delay or restrict processing;
• Right to data portability; and
• Right to withdraw consent.

Exceptions to Data Subject Rights

In accordance with the PDP Law, we respect and protect your rights as a data subject. However, there are certain situations that entitle us to deny your request for rights as stipulated in the PDP Law.

Some of your rights as a data subject, namely:

• Right to request deletion and destruction;
• Right to withdraw consent;
• Right to delay or restrict processing; and
• Right to data portability.

Exceptions may apply under certain conditions, such as:

• For the purposes of national defense and security;
• In the context of law enforcement processes;
• For the public interest related to state administration;
• For the supervision of financial services, monetary matters, payment systems, and financial system stability related to state administration; or
• For statistical and scientific evaluation purposes.

We ensure that any exceptions applied are done so in accordance with the applicable laws.

User Procedure for Submitting Data Subject Rights

To exercise the rights mentioned above Users may contact PTCL link Data Privacy Service. PTCL is committed to responding to requests in accordance with PDP Law, within a maximum of 3x24 hours on bussiness days for certain data subject rights, from the receipt of data subject‘s request, and will then provide assistance and comprehensive information on the details to fulfill such requests.

PTCL values users‘ privacy and autonomy in managing their personal data. We strive to ensure that all processes related to personal data subject rights are carried out transparently, efficiently, and in accordance with the applicable laws.

No Usual Fees Charged

You are not required to pay any fees to access your personal data (or to exercise any other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may refuse to process your request under such circumstances.

Information We May Require from You

We may request certain specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to request further information in relation to your request to expedite our response.

Time Limit for Responding

We strive to respond to all legitimate data subject rights requests within a reasonable time frame in accordance with the Personal Data Protection Law (UU PDP). Occasionally, it may take longer than the timeframe specified by the UU PDP if your request is particularly complex or if you have made multiple requests simultaneously. In such cases, we will notify you and provide periodic updates.

In order to meet the standards set by the PDP Laws, PTCL is committed to ensuring that all processing of users‘ personal data is based on relevant legal basis processing in accordance with the PTCL Application. These legal basis processing includes:

• The data subject’s consent;
• Fulfillment of contractual obligations;
• Compliance with legal obligations;
• Protection of the vital interests of the data subject;
• Performance of a task carried out in the public interest; or
• Pursuit of other legitimate interests.

Relevant Legal Basis for Processing:

We ensure that we have relevant processing basis in accordance with PDP Law for analyzing the users‘ personal data.

If our processing is based on the processing basis of the consent of the data subject, such consent will only be obtained through affirmative action from Users that clearly indicate their consent. This means that consent cannot be assumed from presumption, inaction, or default consent. For example, we will use unchecked checkboxes that are not pre-ticked by default or ask Users to click a button explicitly indicating their consent.

Clear and Specific Information:

Prior to processing personal data, Users will be provided with clear and specific information regarding what data will be collected, the purpose of data usage, who will have access to the data, and how Users can update their personal data in the future.

Withdrawal of Consent:

If the processing of personal data is based on the data subject’s consent, users have the rights to withdraw their consent in the same manner and steps as when they wish to delete or destruction their data as mentioned in Section I.4.

Transparency and Accountability:

We are committed to always being transparent and accountable in all processing activities involving Users‘ personal data. PTCL will continuosly monitor and review data processing practices to ensure that Users‘ personal data protection principles are respected and adhered to.

By implementing this consent mechanism, PTCL reaffirms its commitment to protecting User‘s privacy and personal data in accordance with the PDP law. We value the trust of our User‘s and are committed to esnuring transparency and providing users with control over their personal data.

PTCL collects User‘s personal data while using the PTCL site/application, with legitimate and transparent purposes processing such data to provide the Site/Application services. This includes, but not limited to, the management and processing of User transactions, management and facilitation of the use of the Site/Application, making changes, deletion, and other purposes as permitted by applicable laws based on relevant basis for processing. The personal data collected by PTCL includes the following:

1. Personal Data that is voluntarily and independently provided by Users, this includes, but not limited to, personal data provided when Users:
   1. Create or update a PTCL account, including but not limited to name, email address, phone number, password, address, photo, and/or other information;
   2. Upload personal data in connection with services provided on the Site/Application, including but not limited to ID card photos, gender, known electrical conditions or power consumption patterns, and/or other personal data uploaded by Users from time to time on the Site/Application;
   3. Provide information about family members, friends, beneficiaries, beneficial owners, proxies, individuals under guardianship, trustees, guarantors, other guarantors, and/or other individuals given by users;
   4. Contact PTCL, including but not limited to through Customer Service;
   5. Complete surveys sent by PTCL or on behalf of PTCL;
   6. Enter payment details when performing payment activities through the Site/Application;
   7. Use features that require access permissions to Users‘ devices; dan
   8. Provide other personal data through third-party services when using the Site/Application.
   
   
2. Personal Data Collected When Users utilize the Site/Application, this includes, but not limited to:
   1. Real or approximate location data, including but not limited to IP addresses, geo-location, and so on;
   2. Data regarding the timing of each User activity, including but not limited to registration, login, use of Site/Application services, payments, etc;
   3. Data about Users‘ usage or preferences, including interactions with the Site/Application, saved choices, and selected settings. This data is obtained using, but not limited to, HTTP cookies, pixel tags, server-to-server tracking and first-party data collection and similar technologies that create and maintain unique identifiers;
   4. Device data, including the type of device used to access the Site/Application, including but not limited to hardware model, operating system and version, software, file names and versions, language preferences, unique device identifiers, advertising identifiers, serial numbers, device motion information, and/or mobile network information, along with other additional data required according to browser or application access requests on the Users‘ devices;
   5. Log data, including server logs that receiving data such as device IP address, date and time of access, application features or pages viewed, application workflow and other system activities, browser type, and/or third-party sites or services used by Users before interacting with the Site/Application.
   
   
3. Personal data received from other sources, either as a data controller or data processor, including but not limited to:
   1. Business partners who assist PTCL in developing and delivering services on the Site/Application to Users, including but not limited to electricity service providers, electricity generation technology providers, payment service providers, delivery service partners, telecommunications companies, and/or other partners;
   2. Third parties used by Users to create or access an account in PTCL Site/Application, including but not limited to social media services, or sites or applications used by PTCL; and
   3. Publicly available sources. PTCL may combine and/or process personal data obtained from these sources with other data it holds.

The data subject as the data owner is responsible for the accuracy of the data submitted to PTCL, in this regard, PTCL will undertake verification and reasonable steps to ensure the the accuracy of the data received.

PTCL is committed to collecting and using Users‘ personal data transparently. We understand the importance of Users‘ personal data protection and aim to ensure that all our Users understand the types of data we collect, why we collect, and how we use the data to enhance our services (personalizing services), that we exercise analisys and development to understand the usage trends and improve the performance and usability of our site/application, as well as ensure the account security and protect against unauthorized access.

To support this commitment, the types of personal data we collect are as follows:

1. Identity Information: This includes your name, email address, phone number, date of birth, and gender that you provide when creating account or updating your profile on our Site/Application.
2. Transaction Data: Information about transactions you make on our Site/Application, including payment details, services you use, and purchase history.
3. Technical Data: This includes IP address, browser type, operating system version, and other details about the device you use to access our Site/Application.
4. Location Data: Your estimated or actual geographic location, depending on the permissions you grant us.

PTCL may use all or part of the personal data obtained and collected from users, based on the data subject’s consent or other processing basis, as mentioned in the previous section for the following purposes:

1. Processing Requests: Handling requests, applications, changes, deletions, activities, or transactions performed by Users in accordance with the PTCL Site/Application.
2. Providing features for the provision, implementation, maintenance, and/or improvement of products and services, including but not limited to:
   1. Offering, obtaining, providing, or facilitating PTCL services or other products through the Site/Application;
   2. Performing internal activities necessary to provide services on the Site/Application, including but not limited to software troubleshooting, bug fixing, operational issues, data analysis, testing, research, and/or monitoring and analyzing usage trends and User activities.
3. User Support: Assisting Users when communicating through Customer Service on the Site/Application, including:
   1. Reviewing and resolving User issues and/or problems;
   2. Forwarding User inquiries to the appropriate customer service representatives to address issues;
   3. Monitoring and improving customer service responses.
4. Contacting Users: Reaching out to Users via email, mail, phone, mobile phone, and/or other communication channels, including but not limited to assisting and/or resolving the payment processes or issues experienced by Users in using the Site/Application. All communications will be conducted after obtaining explicit consent from Users or having other relevant processing basis, while respecting the protection of the user‘s personal data.
5. Enhancing Security and Comfort: With Users‘ consent or relevant basis for processing, using the personal data obtained from Users for the purposes of processing information to enhance the security and services convenience on the Site/Application, and developing new features and/or services.
6. Monitoring and Investigation: Monitoring or investigating suspicious activities, transactions, or activities that may indicate fraud or violations of Terms and Conditions or applicable laws, and taking necessary actions based on the results of such monitoring or investigation. The purpose of monitoring is to ensure User security and prevent fraud. Actions taken based on monitoring results will be proportional and transparent. Users have the right to know how their data will be processed, including procedures for filing complaints if their rights are violated.
7. Law Enforcement and Legal Requirements: Other than for those stated in PDP Notice, Users‘ personal data will only be used or disclosed for law enforcement purposes or to meet legal requirements when there is a clear legal obligation. PTCL will ensure that disclosures are made with minimal access to unnecessary personal data and only to relevant authorities.

PTCL is committed to maintaining the trust and personal data protection of our Users by ensuring that any disclosure of personal data to third parties is conducted with highest standards of security and personal data protection.

PTCL commits not to sell, transfer, distribute, or lend Users‘ personal data to any third party other than for the purposes related to the required processes, without the User‘s consent or relevant legal basis processing.

If PTCL needs to share data with third parties in relation to providing our service, such as for the transaction processing, and payment verification, PTCL will do so with caution and selectively. We ensuring that all Business Partners or third parties prioritize Users‘ data security, personal data protection and comply with strict personal data protection standards:

1. It is necessary to disclose personal data to Business Partners: Disclosure of personal data to Business Partners or other third parties who assist PTCL in providing services on the Site/Application and processing any form of User activities on the Site/Application, including but not limited to processing electricity services, transactions, payment verifications, and other related services.
2. Relevant Information: PTCL will only provide relevant information to Business Partners according to Users‘ consent for using the Business Partners‘ services. This includes integrated applications or sites, or Business Partners with whom PTCL have collaborated. We ensure that all data transfer/sharing processes are conducted in accordance with strict personal data protection standards.
3. PTCL facilitates communication between users and business partners (such as electricity service partners, delivery partners, payment partners, and others) in resolving issues and/or problems encountered by users while using the website/application, as well as other related matters. Such communication is carried out with the user‘s explicit consent, and the exchange of information is conducted solely for the purpose of resolving the issue/problem.
4. Information to Vendors and Advisors: PTCL will only provide relevant information to vendors, legal advisors, financial advisors, external auditors, marketing partners, asset firms, similar service providers, and/or other third parties only for specific purposes in accordance with the consent provided, maintaining confidentiality and data integrity in compliance with the applicable regulations.
5. Public Communication: Users contacting PTCL via public media such as blogs, social media, and/or specific features on the Site/Application should be aware that communication between Users and PTCL may be publicly visible. Users are advised to avoid sending sensitive information through these channels.
6. Disclosure to Subsidiaries and Affiliates: PTCL may share Users‘ information with subsidiaries and/or affiliates with explicit Users‘ consent or another relevant basis for processing for clear and legitimate purposes, to assist in providing services or processing data for and on behalf of PTCL.
7. Legal Compliance: PTCL discloses Users‘ personal data in an effort to comply with legal obligations and/or legitimate requests made by law enforcement agencies and/or authorized government agencies in accordance with applicable procedures and regulations.

Personal Data Protection by Third Parties

1. Confidentiality Agreements: We require all third parties who receiving your personal data to sign confidentiality agreements that obligate them to maintain the confidentiality and security of the data and to use the information solely for the purposes that have been agreed upon.
2. Security Standards: Third parties must adhere to strict data security standards to ensure the safety and integrity of the data.

To enhance the Users‘ experience by storing preferences and configurations during visits to our site, HTTP cookies are automatically placed on the Users‘ devices to store their user preferences throughout visiting a site.

Users may choose to accept, reject, and/or delete HTTP cookies while using the site (Users who choose to reject or delete HTTP cookies may affect their site experience to obtain optimal services when accessing the site). In the event that Users reject or delete HTTP cookies, they acknowledge and accept that this may be result in issues accessing the PTCL site.

1. The PTCL Site/Application may contain links or internet connection to third-party sites/applications (hereinafter referred to as “Third-Party Sites/Applications”) and third-party content (hereinafter referred to as “Third-Party Content”) that may display PTCL’s logos or brands. The users understands and agree that PTCL has no control over Third-Party Sites/Applications and/or Third-Party Content; and therefore, Users‘ use of links or internet connection to Third-Party Sites/Applications and/or Third-Party Content is at their own responsibility.
2. When Users leave the PTCL site/application and access and/or use links to Third-Party Sites/Applications and/or Third-Party Content, PTCL is not responsible for protecting the privacy and any information Users provide while visiting those Third-Party Sites/Applications and/or Third-Party Content. PTCL is also not responsible for any content or information on Third-Party Sites/Applications and/or Third-Party Content, including but not limited to any any consequences arising from accessing Third-Party Sites/Applications and/or Third-Party Content.
3. Users are advised to carefully review and read the personal data protection notice applicable to Third-Party Sites/Applications and/or Third-Party Content.
4. PTCL provides links or internet connection to Third-Party Sites/Applications and/or Third-Party Content solely for User convenience, and this should not be construed as endorsement, adoption, sponsorship, or affiliation between PTCL and Third-Party Sites/Applications and/or Third-Party Content.

PTCL emphasizes that Users have control over their personal data. Therefore, PTCL provides the following guidelines:

1. Mobile devices (iOS, Android, etc.) generally have settings that prevent the PTCL application from accessing certain personal data without User consent. The Mobile devices will notify the Users when the PTCL application initially request access to such personal data.
2. To the extent permitted by applicable regulations, Users may contact PTCL to withdraw consent for the collection, storage, management, and use of personal data. In such cases, Users understand the consequences that they will no longer be able to use the electricity services or other services available on the Site/Application.
3. PTCL will inform Users if there is a failure in personal data protection or confidential information by providing written notification This notification will include the reasons or causes of the failure, the types of personal data disclosed, when and how the personal data was disclosed, and the measures taken to address and remedy the disclosure of personal data.

1. PTCL will retain, manage, and use Users‘ personal data as long as the Users’ accounts remains active for the purpose of processing that have been informed to the user.
2. If the purpose is no longer relevant or we do not have a relevant processing basis, PTCL will delete or destroy the data after the expiration of the personal data retention period required by law. This exception applies only when there are legal reasons that require further data retention.

PTCL may from time to time make changes or updates to this PDP Notice at any time. PTCL advises that Users to carefully read and review this PDP Notice page from time to time to be aware of any changes. PTCL will send a notification via email or application 30 calendar days before the changes become effective and legally binding. If there are no objections from the user within that period, the user is deemed to have accepted and not objected to the changes.

In the increasingly connected digital era, PTCL acknowledges that in the future we may need to transfer Users‘ personal data internationally while complying with the personal data transfer provisions under the PDP Law, which include:

1. We will ensure that the destination country of the personal data recipient (whether a data controller or data processor) has a level of personal data protection that is equivalent to or higher than that stipulated by the Personal Data Protection Law (PDP Law);
2. If the recipient country does not meet the equivalent level of protection, we will ensure that there are adequate and binding protections for the personal data; or
3. If the conditions in the previous two points are not met, we will obtain the data subject’s consent for the data transfer activities.

If we become aware that the security of the website has been compromised or Users‘ personal information has been disclosed to unrelated third parties due to external activities, including but not limited to security breaches or fraud, we reserve the right to take reasonable and appropriate measures, including but not limited to investigation, and reporting, as well as notification, and cooperation with the law enforcement authorities. In the event of a data breach occurs, we will make reasonable efforts to notify the affected data subject if we believe there is a harmful risk to such Users as a result of the breach or if notification is otherwise required by law. In doing so, we will announce the notification on our website, applications, social media, and/or send you an email.

1. This PDP Notice is created and governed in accordance with the laws of the Republic of Indonesia.
2. The headings in this PDP Notice are for reference purposes only and in no way define, limit, explain, or describe the content of each section.
3. This PDP Notice is available in Indonesian and other languages as needed to ensure a broader understanding of this PDP Notice. The Indonesian language version shall prevail when there is a difference between the versions.
4. All consents and withdrawals of consent by Users are given voluntarily, without coercion or pressure from any party.
5. If you have any questions regarding this Notice, the use of your personal data, or wish to exercise your data subject rights, please contact us through the following link: Data Privacy Service.