Privacy Policy — PT Dinamika Jaya Manunggal

1. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

• Personal Data means any data about an identified or identifiable person, individually or combined with other information, whether directly or indirectly through an electronic or non-electronic system.
• Data Subject means the individual to whom the Personal Data relates.
• Data Controller means any person, public body, or international organization acting individually or jointly to determine the purpose and exercise control over the processing of Personal Data.
• Data Processor means any party processing Personal Data on behalf of the Data Controller.
• Processing means the acquisition, collection, processing, analysis, storage, correction, updating, display, announcement, transmission, dissemination, disclosure, deletion, or destruction of Personal Data.
• PDP Law means Republic of Indonesia Law No. 27 of 2022 on Personal Data Protection and its implementing regulations.

2. Introduction

PT Dinamika Jaya Manunggal ("DJM", "we") is committed to protecting your Personal Data in accordance with applicable regulations, including Indonesia Law No. 27 of 2022 on Personal Data Protection.

This Privacy Policy explains how we collect, use, store, protect, and process your Personal Data when you access our website at dinamikajm.co.id.

3. Data We Collect

3.1 Data You Provide Directly

We collect Personal Data that you provide through contact forms, including:

• Name
• Email address
• Phone number / WhatsApp
• Company / organization
• Message content

3.2 Data Collected Automatically

When you access our website, we may collect:

• IP address
• Device and browser information
• Website usage behavior through cookies and similar technologies

3.3 Future Features (If Available)

If features such as user login, newsletters, or file uploads are implemented in the future, we may collect additional data relevant to those functions, subject to your prior consent.

4. Purpose of Processing

We process your Personal Data for the following purposes:

• Responding to your inquiries
• Follow-up communication related to services
• Providing service-related information (with your consent)
• Internal analysis to improve our services and website
• Compliance with legal and regulatory obligations

We do not use your Personal Data beyond these purposes without additional consent.

5. Legal Basis for Processing

Pursuant to Article 20 of the PDP Law, we process Personal Data based on one or more of the following legal bases:

• Valid consent from the Data Subject (e.g., form submission, cookie acceptance);
• Performance of a contract to which you are a party, or to fulfill your request prior to entering into a contract;
• Compliance with the Data Controller's legal obligations under applicable laws and regulations;
• Protection of the vital interests of the Data Subject;
• Performance of the Data Controller's authority based on laws and regulations;
• Other legitimate interests of the Data Controller, taking into account the purpose, necessity, and balance of interests.

6. Data Use and Sharing

We do not sell or share your Personal Data with third parties for commercial purposes.

Data may be processed using:

• Internal company systems;
• Supporting tools such as email and data management systems (including Google Sheets);
• Communication tools such as WhatsApp;
• Analytics tools such as Google Analytics and Microsoft Clarity.

All usage is strictly for supporting our operations.

7. Data Retention

We retain Personal Data as follows:

• Inquiry data: up to 2 (two) years after the last interaction;
• Marketing data: until you withdraw your consent;
• Analytics data: according to the retention policy of each platform (e.g., Google Analytics).

After this period, data will be deleted or anonymized as appropriate.

8. Cookies

We use cookies for:

• Essential website functionality;
• Website usage analytics.

Analytics cookies are only activated after you provide consent through our cookie banner. You may withdraw your consent at any time through the cookie settings on our website or through your browser settings.

9. Cross-Border Data Transfer

Our website is hosted in Indonesia. However, certain third-party services we use (such as Google Analytics and Microsoft Clarity) may process data outside Indonesia, particularly in the United States (US).

In accordance with Article 56 of the PDP Law, the transfer of Personal Data outside the Indonesian territory is carried out on the following legal bases:

• Ensuring that the country where the receiving Data Controller or Processor is located has a level of Personal Data protection equivalent to or higher than that provided under the PDP Law; or
• Ensuring adequate and binding Personal Data protection through Standard Contractual Clauses (SCCs) with the service provider; or
• Obtaining the consent of the Data Subject.

We will ensure that any cross-border transfer of Personal Data meets at least one of the above legal bases and is carried out in accordance with the PDP Law and its implementing regulations.

10. Data Security

We implement reasonable technical and organizational measures to protect your Personal Data, including:

• Encrypted connections (HTTPS);
• Role-based access control;
• Periodic security audits of systems processing Personal Data.

11. Data Breach Notification

In accordance with Article 46 of the PDP Law, in the event of a Personal Data protection failure (data breach), we are committed to:

• Notifying the affected Data Subjects and the competent Personal Data Protection authority no later than 3 x 24 (three times twenty-four) hours after becoming aware of the breach;
• Providing information regarding the Personal Data exposed, when and how the Personal Data was exposed, and the response and recovery measures undertaken by the Data Controller;
• Where required, publicly announcing the Personal Data protection failure in accordance with applicable laws and regulations.

Such notifications will be sent through your registered email or other official communication channels.

12. Your Rights as a Data Subject

In accordance with Articles 5 to 13 of the PDP Law, you have the following rights:

• The right to obtain information regarding the identity, legal basis, purpose, and accountability of any party requesting your Personal Data (Article 5);
• The right to complete, update, and/or correct errors and/or inaccuracies in your Personal Data (Article 6);
• The right to access and obtain a copy of your Personal Data (Article 7);
• The right to terminate processing, delete, and/or destroy your Personal Data (Article 8);
• The right to withdraw consent for the processing of your Personal Data (Article 9);
• The right to object to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect the Data Subject (Article 10);
• The right to delay or restrict the processing of Personal Data proportionally in accordance with the purpose of processing (Article 11);
• The right to file a lawsuit and receive compensation for violations of Personal Data processing (Article 12);
• The right to obtain and/or use Personal Data about yourself from the Data Controller in a structured and commonly used format, and to transfer it to another Data Controller, provided that the systems can communicate securely — the right to data portability (Article 13).

How to exercise your rights: Requests can be submitted via email to privacy@dinamikajm.co.id.

In accordance with Article 7(2) of the PDP Law, we will provide an initial response within no later than 3 x 24 (three times twenty-four) hours from the receipt of your request, with substantive fulfillment of the request to be processed within a reasonable timeframe consistent with the complexity of the request and applicable laws and regulations.

13. Children's Data Protection

This service is not directed to children under 18 (eighteen) years of age. We do not knowingly collect Personal Data from children without verifiable parental or legal guardian consent in accordance with Article 25 of the PDP Law.

If we inadvertently collect a child's Personal Data without parental or guardian consent, such Personal Data will be deleted promptly upon discovery. Parents or guardians who become aware that their child has provided Personal Data to us may contact us at privacy@dinamikajm.co.id to request deletion.

14. Data Controller Contact

PT Dinamika Jaya Manunggal ITS Tower Niffaro Park Lt 6 Unit 10 Jl. Raya Pasar Minggu No. 18 South Jakarta 12510, Indonesia

Person in Charge (PIC) for Personal Data Protection: Name: Deny Setiawan Title: Director Email: privacy@dinamikajm.co.id

15. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated revision date and, where relevant, we will provide reasonable notice via email or a website banner.

16. Consent

By using this website and submitting your Personal Data through the available forms, you acknowledge that you have read, understood, and agreed to this Privacy Policy.