Privacy Policy

Effective Date: Dec 2023


We, PT. IURIS International Indonesia, and its subsidiaries and affiliate (collectively, “IURIS,” “us,” or “we”) understand that your privacy is important to you. We are committed to respecting your privacy and protecting your personal data. This privacy policy describes how we handle and protect your personal data (the “Privacy Policy”) when we collect it through IURIS websites, applications, and digital assets (collectively, our “Sites”) and through our externally facing business activities, such as service offerings, events, surveys, and communications, when we interact with you and collect data from you for use by and on behalf of IURIS (i.e., when IURIS is acting as a data controller or similar term under applicable privacy law).

This privacy policy also applies to personal data that may be provided to IURIS related partnerships or corporations, or the partners, agents or employees, whether by individuals themselves or by others. We may use personal information for any of the reasons described in this statement or as otherwise stated at the point of data collection.

IURIS processes personal data for numerous purposes. Our policy is to be transparent about why and how we process personal data.

Contents


  1. Our legal ground for processing your personal data
  2. Data Controller
  3. How do we collect your personal data?
  4. Why and how are we using your personal data?
  5. What do we not do when we collect and process your personal data?
  6. Who has access to your personal data?
  7. Security
  8. What are your data protection rights, and how can you exercise them?
  9. Changes to this privacy policy

1. Our legal ground for processing your personal data


Your local law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

2. Data controller


When IURIS collects and processes your personal data in accordance with this Privacy Notice, we do so as authorized under applicable data privacy laws, whether as data controller or joint controller (similar terms may be used under applicable law), which means that we determine and are responsible for how your personal data is collected, used, protected, disclosed, and disposed of. Depending on the jurisdiction you are located in or made contact with IURIS, the local IURIS entity may be your main data controller.

3. How do we collect your personal data


We may collect and combine information about you when you access or use the Services, including:

  1. first and last name
  2. email address
  3. phone number
  4. address (street address, city, state, zip code)
  5. user profile photo

Log and Usage Information: such as browser type you use, hardware model, operating system, IP address, unique device identifiers, access times, pages viewed, links clicked, and browsing behavior such as time spent, what site you came from, what site you visit when you leave us, and browsing behavior.

4. Why and how are we using your personal data


IURIS uses your personal data for different purposes and may combine data from multiple sources to accomplish those purposes. The table below summarizes the purposes for which we process your personal data, the categories of personal data that we use for each purpose, and the legal grounds on which each data processing activity is based, along with who has access to the personal data.


  • Our legal ground for processing your personal data
  • Data Controller
  • How do we collect your personal data?
  • Why and how are we using your personal data?
  • What do we not do when we collect and process your personal data?
  • Who has access to your personal data?
  • Security
  • What are your data protection rights, and how can you exercise them?
  • Changes to this privacy policy

5. What do we not do when we collect and process your personal data


We do not acquire, use, or allow others to use deidentified data with the intent of identifying or reidentifying individuals. When we receive deidentified data or transform personal data that we have collected into deidentified data, we make the following commitments:


  • IURIS will maintain deidentified data in deidentified form
  • Except to the extent necessary to confirm that personal data has been transformed into deidentified data, IURIS will not attempt to identify or reidentify specific individuals within a deidentified dataset or otherwise use deidentified data to attempt to associate specific individuals with individual characteristics and will not permit any entity or individual acting on IURIS behalf to do so.
  • To the extent, if any, that IURIS provides access to or otherwise discloses a deidentified dataset to a non-IURIS recipient, for example, a service provider or a client, it will require each such recipient to agree to maintain the deidentified data in its deidentified form and not attempt, or permit others to attempt, to identify or reidentify specific individuals within the deidentified dataset or otherwise use deidentified data to attempt to associate specific individuals with individual characteristics.

6. Who has access to your personal data


We are committed to protecting your privacy and ensuring that your personal data is only accessed by authorized individuals. Your personal data may be accessed by the following:


  • Internal Team: Only employees and contractors who need access to your data to perform their duties (e.g., customer support, technical maintenance, or marketing) will have access to your personal information. All such individuals are bound by confidentiality agreements.
  • Service Providers: We may share your personal data with third-party service providers who assist us in operating our website, conducting our business, or serving you. These providers include, but are not limited to, web hosting companies, email service providers, payment processors, and analytics services. All service providers are contractually obligated to use your data solely for the purposes of providing services to us and are prohibited from sharing or selling your information.
  • Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change in ownership or transfer of your personal data.
  • Your Consent: With your explicit consent, we may share your personal data with third parties not covered by the above categories. You will be informed of the identity of these third parties and the purpose of the data sharing before your consent is sought

7. Security


We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information. Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.


8. What are your data protection right, and how can you exercise them


You may have certain rights under your local law in relation to the personal information we hold about you. In particular, you may have a legal right to:


  • Obtain confirmation as to whether we process personal data about you, receive a copy of your personal data, and obtain certain other information about how and why we process your personal data.
  • The right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed.
  • The right to delete your personal data in the following cases:
    • The personal data is no longer necessary in relation to the purposes for which they were collected and processed.
    • Our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing.
    • Our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds.
    • You object to processing for direct marketing purposes.
    • Your personal data has been unlawfully processed.
    • Your personal data must be erased to comply with a legal obligation to which we are subject.
  • The right to restrict personal data processing in the following cases:
    • For a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data.
    • Your personal data have been unlawfully processed and you request restriction of processing instead of deletion.
    • Your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise, or defend legal claims.
    • For a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.
  • The right to object to the processing of your personal data in the following cases:
    • Our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party.
    • Our processing is for direct marketing purposes.
  • The right to data portability.
    • The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.
  • The right to withdraw consent
    • Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).
  • If you consider that the processing of your personal data infringes the law, you may have the right to lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred.

9. Changes to this privacy policy


IURIS may change this Privacy Policy from time to time. We encourage you to visit this page to stay informed. If the changes are material, we may provide you additional notice to your email address or through our Services. Your continued use of the Services indicates your acceptance of the modified Privacy Policy.

Background Image
WhatsAppWhatsApp