PRIVACY POLICY
PT AKSI VISITAMA (“TADA”)
PT Aksi Visitama and/or its affiliates (“Tada” or “We/Us/Our”), as a provider of loyalty and rewards services, is committed to protecting and respecting the privacy of You, Our partners, and Our clients. We understand the importance of Personal Data and are dedicated to processing Personal Data in a transparent and secure manner, and in accordance with applicable laws and regulations, including Law No. 27 of 2022 on Personal Data Protection (the PDP Law), as well as generally applicable security standards, including but not limited to ISO 27001 (as may be updated from time to time).
This Privacy Policy explains how We obtain, collect, store, control, use, process, analyze, rectify, update, display, announce, transfer, disclose, and protect Your Personal Data (“Personal Data Processing”) that We obtain and/or receive through the Website, applications, email, WhatsApp, customer service, as well as through Our clients and partners, in accordance with the purposes of Personal Data Processing as set out in this Privacy Policy.
Tada has the right to review and/or update this Privacy Policy from time to time as necessary, in order to ensure its alignment with applicable laws, regulations, technical requirements, and/or changes in Our business practices. Any changes will be announced through Our official channels or through notifications on the Services. Where required by applicable laws and regulations, We will request Your consent to any changes that have a material impact on the Processing of Personal Data. If You continue to use the Services after notice of such changes has been provided, this will be deemed as Your acknowledgment that You have read and understood the latest version of the Privacy Policy, without prejudice to Your rights under the applicable laws and regulations.
This Privacy Policy is prepared in both Bahasa Indonesia and English versions. In the event of any discrepancy in interpretation, Bahasa Indonesia version shall prevail to the extent permitted by the applicable laws and regulations. All provisions of this Privacy Policy shall be governed by and construed in accordance with the laws applicable in the territory of the Republic of Indonesia.
To help You understand how Your Personal Data is managed based on the way You interact with Us, We have divided this policy into several categories according to the services You use. Please select the category that applies to You below to obtain more detailed and relevant information:
Last updated: […].
On the Website, We act as the Personal Data Controller. This means that We independently determine the purposes and means of processing Personal Data collected through the Website in accordance with applicable laws and regulations, including but not limited to marketing, analytics, recruitment, as well as the development and improvement of Our services.
DEFINITION
- You/Your refers to any individual as a Personal Data Subject who accesses and/or uses the features available on this Site.
- Cookies are small text files placed on Your device (computer, tablet, or smartphone) when You access Our Site. Cookies enable the Website to recognize Your device, store user preferences, remember language settings, and help Us improve the performance, functionality, and effectiveness of the services We provide. In addition to Cookies, We may also use other similar tracking technologies (such as web beacons or pixel tags) for analytics, security, and user experience improvement purposes, to the extent permitted by applicable laws and regulations. The use of certain Cookies may require Your consent in accordance with applicable legal provisions.
- Personal Data refers to any data or information relating to an identified and/or identifiable individual, whether directly or indirectly, whether on its own or in combination with other information, in accordance with applicable laws and regulations.
- Website or Site means Tada’s official website available at www.usetada.com.
SCOPE OF PERSONAL DATA PROCESSING
We collect information about You based on Your interactions with Our Site and in accordance with the lawful basis for Personal Data Processing under the applicable laws and regulations. The following sets out the details of the categories of data We collect, collection methods, and the purpose of its use:
1. Site visitors & Information Requests
- Collection Method: Directly through the completion of electronic forms or interactions with Our virtual assistant.
- Type of Data: Full name, phone number, email address, job title, company name, and Your country of origin or company location.
- Purpose: To provide relevant information regarding loyalty services, respond to Your inquiries, process product demo requests, and conduct communications, including marketing communications, where Your consent has been obtained or based on another lawful basis in accordance with the applicable provisions.
2. Job Applicants
- Collection Method: Directly through the completion of an electronic job application form in the “Career” section and the upload of documents.
- Type of Data: Curriculum vitae (CV), cover letter, educational background, work experience, portfolio, and other relevant information contained in the supporting documents.
- Purpose: To evaluate Your qualifications, carry out the selection and interview process, verify Your professional background (to the extent permitted by applicable laws and regulations), and contact You regarding career opportunities, whether for the position applied for or other relevant opportunities (with Your consent where required)
3. Information We Collect Automatically
- Collection Method: Indirectly through Cookies, server logs, and third-party tracking technologies integrated into Our Site.
- Type of Data:
- Infrastructure and Security: IP address, device identifier, and HTTP request metadata.
- Analytics and Performance: Session duration, pages visited, traffic sources, and click interactions.
- Marketing and Functionality: Language preferences, Cookie consent status, and browsing activities for the delivery of relevant content and/or advertisements (where consent has been obtained, if required).
- Purpose: To ensure the security of the Site against cyberattacks, analyze the technical performance of the Site, and optimize the user experience.
If You do not wish to receive Cookies from Our Site, You may adjust Your browser settings. Each browser has different configurations for managing Your preferences; further information can be found in the “Help” menu of Your browser.
However, We recommend that You carefully consider before disabling certain Cookies that are necessary for the basic functions of the Site. Please note that if You block or refuse Cookies, some pages of the Site may not be displayed properly or certain service features may not function optimally. To the extent permitted by applicable laws and regulations, We shall not be responsible for any limitations in service functionality arising as a direct result of Your choice to disable necessary Cookies.
SENSITIVE PERSONAL DATA
As a matter of general practice, We do not actively collect specific (sensitive) Personal Data through Our Site, unless You voluntarily provide it through electronic forms, virtual assistants, or Our recruitment process. In accordance with applicable laws and regulations, “Specific Personal Data” includes information relating to health, biometric data, genetic data, criminal records, children’s data and/or certain personal financial data, and/or other data as provided under applicable legal provisions.
If We process specific Personal Data, We will do so with an appropriate level of protection and security in accordance with applicable laws and regulations and based on a lawful basis for processing, including Your explicit consent (where required) and/or where required by applicable legal provisions.
DISCLOSURE OF PERSONAL DATA
We implement physical and technical access restrictions, whereby Your Personal Data may only be accessed by Our internal personnel who have specific authorization and require such information on a need-to-know basis in order to perform their duties. We ensure that every staff member who has access to Your Personal Data is bound by confidentiality obligations and subject to strict data security protocols.
We will not disclose Your Personal Data to unauthorized third parties. However, We may share Your Personal Data under the following circumstances:
1. Company Group and Authorized Partners
We may share Your data with entities within Tada Group as well as authorized service providers (such as hosting providers, system maintenance providers, and professional consultants) that support Our operations. These service providers are only permitted to process Your Personal Data to the extent necessary to carry out Our instructions and in accordance with contractual obligations, including confidentiality and Personal Data protection obligations in compliance with applicable laws and regulation
2. Legal Compliance and Security
We may disclose Your Personal Data if required by applicable laws and regulations or legal procedures, including to respond to official requests from lawful and competent public authorities in accordance with applicable legal provisions.
3. Protection of Vital Interest
Disclosure may be made if We reasonably determine that the disclosure of Personal Data is necessary to prevent financial loss, physical harm, or as part of an investigation into activities suspected of violating the law, to the extent permitted by applicable laws and regulations.
DATA SECURITY AND STORAGE
We implement proportionate technical and organizational security measures to ensure the security and confidentiality of the Processing of Your Personal Data. Considering the nature of the data and the risks associated with its processing, We take reasonable and necessary measures to maintain data integrity and prevent unauthorized access, disclosure, alteration, loss, damage, or access by unauthorized third parties.
1. Data Storage Location
We manage the storage of Personal Data in accordance with the applicable laws and regulations in Indonesia. Therefore, all Personal Data that We collect and process through Our Site is stored and managed on servers located within the jurisdiction of the Republic of Indonesia.
In certain circumstances, Personal Data may be processed or stored outside the territory of Indonesia by Us or Our service providers, provided that this is carried out in accordance with the applicable laws and regulations and with an equivalent level of protection.
2. Data Retention Period
We will only retain Your Personal Data for as long as necessary to fulfill the purposes for which such Personal Data was collected and processed, or for as long as required by applicable laws and regulations, including to comply with any applicable legal or regulatory requirements. After the retention period expires, the Personal Data will be deleted or anonymized in accordance with Our data retention policy and applicable legal provisions.
3. Security Protocols
Our protection measures include, but not limited to:
- Physical Protection: Securing physical access to Our data storage locations and servers.
- Access Control: Strict authentication procedures through the use of unique identification and confidential passwords, as well as additional security mechanisms (such as multi-factor authentication, where relevant).
- System Monitoring: The use of connection logs to monitor any access activity to Our systems.
- Encryption: The implementation of encryption technology for certain data, both when the data is transmitted (in transit) and when the data is stored on servers (at rest).
TRANSFER OF PERSONAL DATA
In carrying out Our operations and providing Our services, We may need to transfer, store, or process Your Personal Data in countries outside the territory of the Republic of Indonesia. In the event of a data transfer, We will ensure that:
- the destination country of the transfer has a level of personal data protection that is equivalent to or higher than that provided under the applicable laws and regulations in Indonesia; and/or
- We implement adequate and legally binding protection measures, including data processing agreements and/or other lawful mechanisms in accordance with applicable laws and regulations; and/or
- We obtain Your consent where required by applicable laws and regulations.
LINK TO OTHER SITES
Our Site may provide links to other websites for Your convenience and information. Such websites operate independently from Us and are not under Our control. These websites are managed by third parties with their own privacy policies and terms of use, which We recommend that You review carefully.
We are not responsible for the content, products, services, or privacy practices of such linked websites. To the extent permitted by applicable laws and regulations, any access to and use of such third-party websites shall be at Your own responsibility. We shall not be liable for any losses arising from the use of third-party websites, to the extent such losses are not caused by Our fault or negligence.
YOUR RIGHTS AS DATA SUBJECT
Based on applicable laws and regulations, particularly the Personal Data Protection Law in Indonesia, You have certain rights in relation to Your Personal Data that is under Our control, including:
- Right of Access: You have the right to request access to and obtain a copy of Your Personal Data that We process.
- Right to Update/Rectify: You have the right to request that We correct any errors or inaccuracies in, or update, Your Personal Data to ensure the accuracy of the data.
- Right to Erasure/Destroy: You have the right to request the deletion or destruction of Your Personal Data from Our systems, in accordance with applicable legal provisions.
- Right to Withdraw Consent: You have the right to withdraw the consent that You have previously given for the processing of Your Personal Data.
- Right to Restrict Processing: You have the right to request the restriction of the Processing of Your Personal Data under certain circumstances in accordance with applicable laws and regulations.
- Right to Object: You have the right to object to the Processing of Your Personal Data under certain circumstances in accordance with applicable legal provisions.
Exceptions and Refusal of Requests
We reserve the right to refuse Your request to access, correct, or delete part or all of Your Personal Data where permitted and/or required by applicable laws and regulations. Such refusal may be made by providing You with valid reasons, under the following circumstances:
- The request is manifestly unfounded, unreasonably repetitive, or disproportionate;
- Fulfillment of the request may interfere with ongoing legal proceedings, law enforcement, or investigative interests;
- There are indications that the request is related to a violation of applicable laws or regulations;
- The Personal Data is still required to fulfill Our legal, compliance, audit, or rights-defense obligations in accordance with applicable laws and regulations.
UNSUBSCRIBE
If You have subscribed to communication or marketing services through Our Site and no longer wish to receive future correspondence, You may withdraw Your consent and/or stop receiving such communications at any time by clicking the “Unsubscribe” link available at the bottom of each email We send to You or through other mechanisms that We provide (where available).
Your request will be processed within a reasonable period in accordance with the applicable laws and regulations.
Please note that We may still send certain communications that are administrative in nature and/or related to the services You use
CONTACT US
If You have any questions, comments, or wish to exercise Your rights in relation to this Privacy Policy, please do not hesitate to contact Our Data Protection Officer (DPO) by email at: [email protected].
To protect Your Personal Data, We may request additional information to verify Your identity before following up on such request.
We will respond to Your request within a reasonable period in accordance with the applicable laws and regulations.
Last updated: […].
By using and/or accessing Our Platform, You acknowledge that You have read and understood this Privacy Policy. Specifically in relation to the Platform, You understand that We act as a Personal Data Processor. We process Your Personal Data only based on the instructions of, and on behalf of, Our business partners who act as Personal Data Controllers.
In the event that You wish to exercise Your rights as a Data Subject, We will forward and/or coordinate such request with the relevant Personal Data Controller in accordance with the respective authority of each party.
DEFINITION
In this Privacy Policy, unless otherwise determined by the context, the following terms shall have the meanings set out below:
You refers to any individual, acting as a Personal Data Subject, who accesses, interacts with, or is registered as a user of the Platform to use the Services that We provide.
Cookies are small text files placed on Your device (computer, tablet, or smartphone) when You access the Tada Platform. Cookies enable Us to recognize Your device, store user preferences, remember language settings, and help Us improve the performance, functionality, and effectiveness of the Services that We provide. In addition to Cookies, We may also use other similar tracking technologies (such as Mobile Advertising Identifiers, web beacons, or software development kits) for the purposes of recognizing Your device, storing preferences, and optimizing the performance and functionality of the Services across Our Platform ecosystem in accordance with applicable laws and regulations, including Your consent where required.
Personal Data refers to any data or information relating to an identified and/or identifiable individual, whether directly or indirectly, whether on its own or in combination with other information, whether in Our electronic or non-electronic systems. This includes, but is not limited to: name, address, date of birth, phone number, email address, gender, official identity documents (ID Card/Passport), photograph, and other data classified as personal data under applicable laws and regulations.
Terms of Use refers to the terms and conditions, standard operating procedures, or other policies and provisions established by Us in connection with the use of the Platform.
Services refers to the various services, features, and functions provided by Us to You through the Platform.
Customer Service refers to the official help center that We provide through telephone number 1-500-340, email at [email protected], the Live Chat feature, or WhatsApp at +62-813-1500-7070.
Applicable Regulations refers to all laws, government regulations, protocols, industry codes, and requirements of administrative or judicial authorities in the territory of the Republic of Indonesia (including but not limited to the Personal Data Protection Law) that apply from time to time during the validity period of this Privacy Policy.
Platform refers to all systems and channels that We provide for the delivery of the Services, including but not limited to the “Tada – Membership & Rewards Wallet” mobile application (available through the Google Play Store and Apple App Store), official websites, and digital communication channels such as WhatsApp chatbots or other virtual assistants that We develop to provide the Services.
SCOPE OF PERSONAL DATA PROCESSING
We carry out Personal Data Processing, including collecting, using, storing, and/or transferring Your Personal Data, whether general or specific (sensitive) in nature, to ensure that the Platform can function optimally in accordance with the Services that We provide.
Such Personal Data may be provided by You to Us directly or indirectly through various forms or methods of collection, where the type of data collected depends on the circumstances of the collection and the nature of the services or transactions You carry out.
To the extent permitted by the Applicable Regulations, We will manage such Personal Data based on the categories and purposes set out in this Privacy Policy, as well as based on a lawful basis for processing in accordance with applicable legal provisions. This is done to ensure the best experience for You and to ensure the fulfillment of Our legal obligations across the entire Platform ecosystem.
Personal Data Processing is carried out solely based on the instructions of the relevant Personal Data Controller.
1. Categories of Personal Data We Collect
- Identity and Contact Data: Full name, username, password, identification number (such as ID Card/KTP), taxpayer identification number (NPWP), user identity or other identifiers, job title, date and place of birth, gender, occupation, nationality, photograph, biometric data (where relevant and in accordance with consent or the applicable legal basis), delivery address and related information, email address, phone number, other contact information, and WhatsApp public profile information (if applicable).
- Transaction Data: Details and history of orders/transactions, balance redemption (points/rewards), interests, preferences, feedback, survey responses, and details of delivery or service performance.
- Technical and Device Data: Data: Internet Protocol (IP) address, user identity (User ID), unique device identifiers (IMEI, advertising ID, MAC address), hardware model, operating system and version, device motion information, as well as system activity logs and mobile network information.
- Usage Data and Metadata: Information on how You use Our Services, pages or features accessed, time and duration of use. Specifically for interactions through WhatsApp, this includes communication metadata such as message delivery time and message delivery or read status.
- Location Data: Your real-time geographical location information, including longitude-latitude coordinates, time zone, and Wi-Fi location (where enabled by You and in accordance with the consent provided through the device or Platform)
Important: Where We are required to collect Personal Data under the law or under the terms of an agreement with You, and You choose not to provide the requested Personal Data or provide incomplete data, We may be unable to provide the Services optimally, may delay the provision of the Services, or may be unable to perform Our contractual obligations to You or to the relevant Personal Data Controller.
2. Data Collection Methods
- Directly: Data that You provide when registering an account, using Platform features, providing feedback, interacting with Us directly, or corresponding with Us by mail, email, or by contacting Our Customer Service, including in connection with the use of Services provided by the relevant Personal Data Controller (where applicable).
- Automatically: Each time You visit or interact with Our Platform using Your device, the system may automatically collect Technical Data and location data (where enabled).
We may collect Your real-time geographic location data where You provide permission through Your device or the Platform and in accordance with applicable laws and regulations. In certain circumstances, You may be requested to enable the Global Positioning System (GPS) to optimize Your user experience (for example, to provide accurate information regarding distance or courier estimated arrival time). You always have the option to temporarily disable the location tracking feature in Your device settings; however, please note that such disabling may limit the availability or performance of certain features on the Platform. In addition, We also automatically collect certain data using Cookies and similar tracking technologies (as further described in the Cookies section of this Privacy Policy) in accordance with Your consent where required by applicable laws and regulations. Specifically for interactions via WhatsApp, We automatically record communication metadata, including delivery time, message status, and available public profile information. - Third Parties: Data obtained from business partners, agents, vendors, or suppliers that cooperate with or provide services to Us. In such circumstances, We will only collect Your Personal Data to the extent necessary for lawful cooperation purposes, in accordance with the instructions of the Personal Data Controller (where applicable), and by ensuring that such third parties have a lawful basis for processing in accordance with applicable laws and regulations.
3. Purpose of Information Use
- Operations & Administration: Identifying, verifying, creating, deactivating, and managing your account as a User, as well as providing services and processing orders or balance redemption transactions conducted by you, linking accounts or electronic wallets (e-wallets), and providing additional services from our relevant partners, including the fulfillment of our contractual obligations to you and/or the relevant Personal Data Controller.
- Communication & Services: Notifying account activities, transactions, and changes occurring within the Platform, providing technical assistance through customer service, and handling Your complaints or suggestions, including communications necessary for the provision of the Services.
- Platform Development: Monitoring Platform usage, generating statistical and analytical data for research and product development purposes to improve user experience, including for enhancing security, service quality, and personalization of user experience, to the extent permitted by applicable laws and regulations.
- Marketing & Promotion: Sending promotional materials or other marketing materials.
- Security & Legal Compliance: Preventing and investigating illegal or suspicious activities, as well as ensuring Our compliance with all legal obligations, audits, due diligence, investigations, and reporting requirements under Applicable Regulations and for other purposes as required by Applicable Regulations.
- Implementation of Personal Data Controller Instruction: In the event that We act as a Personal Data Processor, We process Personal Data solely for the purposes determined by and based on the instructions of the relevant Personal Data Controller.
DISCLOSURE OF PERSONAL DATA
We will not sell or rent Your Personal Data. However, We may disclose, provide access to, or share Your Personal Data with Our affiliated companies and other third parties as necessary for legitimate, limited purposes and in accordance with applicable laws and regulations, including as follows:
1. Service Providers and Business Partners
We may share data with agents, vendors, suppliers, contractors, and partners who facilitate our operations or in connection with the implementation of our cooperation with such third parties, limited to what is necessary to carry out legitimate Personal Data Processing functions and purposes. Such parties may include, among others, service providers supporting order processing, delivery, account authentication, integration of our services on third-party platforms, as well as analytics, research, and product development activities.
2. Commercial and Marketing Partners
We may disclose data to third parties collaborating with Us to offer products or services, including marketing activities, provided that such activities are conducted in accordance with applicable laws and regulations and based on Your consent where required.
3. Legal Compliance and Government Authorities
We will share data if lawfully instructed or required by government institutions or authorized regulatory authorities.
This includes responding to investigations, regulatory reporting, complying with record-keeping requirements, supporting government initiatives and programs, as well as other purposes as required under applicable laws and regulations.
4. Protection and Legal Proceedings
Data may be disclosed if there are legal proceedings of any kind between You and Us, or between You and other parties in connection with the Services, in order to protect the legal rights, interests, and/or safety of Us, users, or other third parties, to the extent permitted by applicable laws and regulations.
5. Insurance Partners
In connection with the processing of insurance claims related to Your transactions, We may share Your Personal Data with insurance brokerage companies or insurance providers collaborating with Us, limited to what is necessary for the purpose of processing such claims and in accordance with applicable laws and regulations.
DATA SECURITY AND STORAGE
1. Location and Security of Processing
Your Personal Data is stored and processed on servers located within the jurisdiction of the Republic of Indonesia using adequate technical and organizational security measures in accordance with applicable personal data protection standards.
Under certain conditions, Personal Data may be processed or stored outside the territory of Indonesia by Us or Our service providers, provided that this is carried out in accordance with applicable laws and regulations and with an equivalent level of protection.
We committed to protecting Your Personal Data from unauthorized access, use, or disclosure by:
- Using encryption to protect Personal Data during transfer and storage.
- Implementing strict physical and digital access restrictions on Personal Data within Our organization.
- Entering into contractual agreements with third parties that process Personal Data on Our behalf to ensure the implementation of equivalent protection measures.
2. Retention Period and Deletion
We will only retain Your Personal Data for as long as necessary to fulfill the purposes for which it was collected, for the specified retention period, or for as long as required by Applicable Regulations.
We will delete or anonymize the data (remove Your identity from the data) if:
- The Personal Data is no longer required for business or legal purposes.
- The retention period required by applicable laws and regulations has expired.
- There is a valid deletion request from You, unless retention is still required by law.
- The data has been processed for purposes that have been fulfilled and there is no other legal basis for retaining the data.
3. Limitation of Liability and Third-Party Storage
Please note that Your Personal Data may be stored by government institutions or other authorized third parties. You agree and acknowledge that, where We share data with such authorities in accordance with legal obligations, any further processing by such parties is beyond Our control and is subject to the respective policies of those parties.
To the extent permitted by applicable laws and regulations, We are not responsible for the processing of Personal Data by such third parties where such processing is beyond Our control and is not caused by Our fault or negligence.
TRANSFER OF PERSONAL DATA
In carrying out Our operations and providing Our services, We may need to transfer, store, or process Your Personal Data in countries outside the territory of the Republic of Indonesia. In the event of a data transfer, We will ensure that:
- the destination country of the transfer has a level of personal data protection that is equivalent to or higher than that provided under the applicable laws and regulations in Indonesia; and/or
- We implement adequate and legally binding protection measures, including data processing agreements and/or other lawful mechanisms in accordance with applicable laws and regulations; and/or
- We obtain Your consent where required by applicable laws and regulations.
Where We act as a Personal Data Processor, cross-border transfers are carried out based on the instructions of the relevant Personal Data Controller and in accordance with the contractual obligations applicable between Us and such Personal Data Controller.
LINKS TO OTHER SITES
Our Platform may provide links to other websites or services for Your convenience and information. Such websites or services operate independently from Us and are not under Our control. Such third parties have their own privacy policies and terms of use, which We encourage You to review carefully before using such services.
We are not responsible for the content, products, services, or privacy practices of such third parties. To the extent permitted by applicable laws and regulations, any access to and use of such third-party websites or services is at Your own responsibility. We are not responsible for any loss, damage, or Personal Data breach arising from the use of third-party services, provided that such loss, damage, or breach is not caused by Our fault or negligence.
COOKIES
We and Our third-party partners use Cookies, unique device identifiers, and other similar technologies to collect information about Your device and how You use the Platform. These technologies help Us adapt the Platform to Your needs, improve service efficiency, and personalize Your experience in accordance with applicable laws and regulations, including based on Your consent where required.
Types of Cookies We use:
- Session Cookies: Temporary Cookies used to remember Your visit session and automatically deleted when the browser is closed or the application session ends.
- Persistent Cookies: Cookies that remain stored on Your device for a certain period to remember Your preferences, such as language or login settings, even after the browser is closed.
- Analytical Cookies: Cookies managed by third parties to collect statistical data regarding user behaviour, Platform performance, and analysis of the effectiveness of Our features.
- Secure Cookies: Cookies that are only transmitted through encrypted connections (HTTPS) to protect sensitive information, such as login details.
- Strictly Necessary Cookies: Cookies required to operate the basic functions of the Platform and that cannot be disabled in Our systems. These Cookies are usually only set in response to actions taken by You, such as setting privacy preferences, logging in, or completing forms.
Your Control over Cookies:
You have the right to reject or restrict the use of Cookies through the settings on Your internet browser or device, as well as through the Cookie preference management mechanism that We provide, where available. You may do so by:
- Adjusting the privacy settings on Your browser to reject certain Cookies.
- Deleting Your browsing history and clearing Your browser cache.
- Managing Your advertising identifier (Advertising ID) preferences through Your device settings.
In addition, You may provide or withdraw Your consent to the use of certain Cookies, other than Strictly Necessary Cookies, at any time through the available settings.
Please note that if You reject or delete Cookies, certain functions or features of the Platform may not operate optimally or may not be fully accessible, particularly where the Cookies are essential to the operation of the Platform.
YOUR RIGHTS AS A DATA SUBJECT
Under applicable laws and regulations, particularly the Personal Data Protection Law in Indonesia, You have certain rights in relation to Your Personal Data, as follows:
- Rights to Access: You have the right to request access to and obtain a copy of Your Personal Data that We process.
- Rights to Update/Rectify: You have the right to request that We correct any errors or inaccuracies in, or update, Your Personal Data to ensure the accuracy of the data.
- Right to Erasure/Destroy: You have the right to request the deletion or destruction of Your Personal Data from Our systems, in accordance with applicable legal provisions.
- Right to Withdraw Consent: You have the right to withdraw the consent that You have previously given for the processing of Your Personal Data.
- Right to Restrict Processing: You have the right to request the restriction of the Processing of Your Personal Data under certain circumstances in accordance with applicable laws and regulations.
- Right to Object: You have the right to object to the Processing of Your Personal Data under certain circumstances in accordance with applicable legal provisions.
In connection with the operation of the Platform ecosystem, You acknowledge that We may act as a Personal Data Processor on behalf of and under the instructions of Our business partners acting as Personal Data Controllers. Accordingly:
- Submission of Requests: Any request relating to the exercise of Your rights as a Personal Data Subject will be forwarded by Us to the relevant Personal Data Controller for review and Processing in accordance with applicable legal obligations and agreements. We may assist in facilitating such request to the extent permitted and/or required under Our agreement with the relevant Personal Data Controller, including by taking further action in accordance with the instructions of such Personal Data Controller.
- Denial of Request: At the instruction or based on the decision of the relevant Personal Data Controller, We may deny a request to access, rectify, or erase some or all of Your Personal Data where permitted and/or required under Applicable Regulations.
- Grounds for Denial: A request may be denied where: (i) the request lacks a clear basis, is unreasonably repetitive, or is disproportionate; and/or (ii) fulfilling the request may interfere with legal proceedings, law enforcement activities, or an ongoing investigation; and/or (iii) the Personal Data remains necessary for compliance with legal, regulatory, or audit obligations, or for the establishment, exercise, or defence of legal rights, in accordance with applicable laws and regulations.
To submit a request or inquiry regarding Your rights, please contact Us through the Customer Service contact details specified in this Privacy Policy. We will respond to and facilitate Your request within a reasonable period in accordance with applicable laws and regulations, including by verifying Your identity where necessary.
UNSUBSCRIBE
If You no longer wish to receive promotional or marketing materials, or certain communications from Us, You may withdraw Your consent and/or opt out through the following methods:
- Through the Application: Disable the push notification feature through the settings menu in the “Tada – Membership & Rewards Wallet” application.
- By Email: Click the “Unsubscribe” link provided at the bottom of each marketing email that We send.
- Through Customer Service: Contact Us directly using the contact details specified in this Privacy Policy.
Your request will be processed within a reasonable period in accordance with applicable laws and regulations.
Please note that, even after You opt out of receiving marketing materials, We may continue to send You administrative and/or non-promotional communications that are necessary in connection with transactions, account security, or material changes to Our Services.
CONTACT US
If You have any questions, comments, or wish to exercise Your rights in relation to this Privacy Policy, please do not hesitate to contact Our Data Protection Officer (DPO) by email at: [email protected].
To protect Your Personal Data, We may request additional information to verify Your identity before following up on such request.
We will respond to Your request within a reasonable period in accordance with the applicable laws and regulations.
Last updated: […].
By using and/or accessing Our Platform, You acknowledge that You have read and understood this Privacy Policy. Specifically in relation to White Label Tadakado, You understand that We act as a Personal Data Processor. We Process Your Personal Data solely based on the instructions of and on behalf of Our business partner acting as the Personal Data Controller.
In the event that You wish to exercise Your rights as a Data Subject, We will forward and/or coordinate such request with the relevant Personal Data Controller in accordance with the respective authority of each party.
DEFINITION
In this Privacy Policy, unless otherwise determined by the context, the following terms shall have the meanings set out below:
You refers to any individual, acting as a Personal Data Subject, who accesses, interacts with, or is registered as a user of the Platform to use the Services that We provide.
Cookies are small text files placed on Your device (computer, tablet, or smartphone) when You access the Tada Platform. Cookies enable Us to recognize Your device, store user preferences, remember language settings, and help Us improve the performance, functionality, and effectiveness of the Services that We provide. In addition to Cookies, We may also use other similar tracking technologies (such as Mobile Advertising Identifiers, web beacons, or software development kits) for the purposes of recognizing Your device, storing preferences, and optimizing the performance and functionality of the Services across Our Platform ecosystem in accordance with applicable laws and regulations, including Your consent where required.
Personal Data refers to any data or information relating to an identified and/or identifiable individual, whether directly or indirectly, whether on its own or in combination with other information, and whether contained in Our electronic or non-electronic systems. This includes, but is not limited to, name, address, date of birth, telephone number, email address, gender, official identity documents (ID Card/Passport), photograph, and other data classified as personal data under applicable laws and regulations.
Terms of Use refers to the terms and conditions, standard operating procedures, or other policies and provisions established by Us in connection with the use of the Platform.
Services refers to the various services, features, and functions provided by Us to You through the Platform.
Customer Services refers to the official help center that We provide through telephone number 1-500-340, email at [email protected], the Live Chat feature, or WhatsApp at +62-813-1500-7070.
Applicable Regulations refers to all laws, government regulations, protocols, industry codes, and requirements of administrative or judicial authorities within the territory of the Republic of Indonesia (including but not limited to the Personal Data Protection Law) that apply from time to time during the validity period of this Privacy Policy.
Platform refers to all systems and channels that We provide for the delivery of the Services, including but not limited to WhatsApp Business bearing the client’s identity, the “Tada – Membership & Rewards Wallet” mobile application (available through the Google Play Store and Apple App Store), official websites, and digital communication channels such as WhatsApp chatbots or other virtual assistants that We develop to provide the Services.
SCOPE OF PERSONAL DATA PROCESSING
We Process Personal Data, including collecting, using, storing, and/or transferring Your Personal Data, whether general or specific (sensitive) in nature, to ensure that the Platform can perform its functions optimally in accordance with the Services that We provide.
You may provide such Personal Data to Us directly or indirectly through various forms or methods of collection, where the types of data collected depend on the circumstances of the collection and the nature of the services or transactions that You undertake.
To the extent permitted by the Applicable Regulations, We will manage such Personal Data based on the categories and purposes set out in this Privacy Policy, as well as based on a lawful basis for processing in accordance with applicable legal provisions. This is done to ensure the best experience for You and to ensure the fulfillment of Our legal obligations across the entire Platform ecosystem.
The Processing of Personal Data is carried out solely based on the instructions of the relevant Personal Data Controller.
1. Categories of Personal Data We Collect
- Identity and Contact Data: Full name, username, password, identification number (such as ID Card/KTP), taxpayer identification number (NPWP), user identity or other identifiers, job title, date and place of birth, gender, occupation, nationality, photograph, biometric data (where relevant and in accordance with consent or the applicable legal basis), delivery address and related information, email address, phone number, other contact information, and WhatsApp public profile information (if applicable).
- Transaction Data: Details and history of orders/transactions, balance redemption (points/rewards), interests, preferences, feedback, survey responses, and details of delivery or service performance.
- Technical and Device Data: Data: Internet Protocol (IP) address, user identity (User ID), unique device identifiers (IMEI, advertising ID, MAC address), hardware model, operating system and version, device movement information, system activity logs, and mobile network information.
- Usage Data and Metadata: Information on how You use Our Services, pages or features accessed, time and duration of use. Specifically for interactions through WhatsApp, this includes communication metadata such as message delivery time and message delivery or read status.
- Location Data: Your real-time geographical location information, including longitude-latitude coordinates, time zone, and Wi-Fi location (where enabled by You and in accordance with the consent provided through the device or Platform).
Important: Where We are required to collect Personal Data under the law or under the terms of an agreement with You, and You choose not to provide the requested Personal Data or provide incomplete data, We may be unable to provide the Services optimally, may delay the provision of the Services, or may be unable to perform Our contractual obligations to You or to the relevant Personal Data Controller.
2. Data Collection Methods
- Directly: Data that You provide when registering an account, using Platform features, providing feedback, interacting with Us directly, or corresponding with Us by mail, email, or by contacting Our Customer Service, including in connection with the use of Services provided by the relevant Personal Data Controller (where applicable).
- Automatically: Each time You visit or interact with Our Platform using Your device, the system may automatically collect Technical Data and location data (where enabled). We may collect Your real-time geographic location data where You provide permission through Your device or the Platform and in accordance with applicable laws and regulations. In certain circumstances, You may be requested to enable the Global Positioning System (GPS) to optimize Your user experience (for example, to provide accurate information regarding distance or courier estimated arrival time). You always have the option to temporarily disable the location tracking feature in Your device settings; however, please note that such disabling may limit the availability or performance of certain features on the Platform. In addition, We also automatically collect certain data using Cookies and similar tracking technologies (as further described in the Cookies section of this Privacy Policy) in accordance with Your consent where required by applicable laws and regulations. Specifically for interactions via WhatsApp, We automatically record communication metadata, including delivery time, message status, and available public profile information.
- Third Parties: Data obtained from business partners, agents, vendors, or suppliers that cooperate with or provide services to Us. In such circumstances, We will only collect Your Personal Data to the extent necessary for lawful cooperation purposes, in accordance with the instructions of the Personal Data Controller (where applicable), and by ensuring that such third parties have a lawful basis for processing in accordance with applicable laws and regulations.
3. Purpose of Information Use
- Operations & Administration: Identifying, verifying, creating, deactivating, and managing your account as a User, as well as providing services and processing orders or balance redemption transactions conducted by you, linking accounts or electronic wallets (e-wallets), and providing additional services from our relevant partners, including the fulfillment of our contractual obligations to you and/or the relevant Personal Data Controller.
- Communication & Services: Notifying account activities, transactions, and changes occurring within the Platform, providing technical assistance through customer service, and handling Your complaints or suggestions, including communications necessary for the provision of the Services.
- Platform Development: Monitoring Platform usage, generating statistical and analytical data for research and product development purposes to improve user experience, including for enhancing security, service quality, and personalization of user experience, to the extent permitted by applicable laws and regulations.
- Marketing & Promotion: Sending promotional materials or other marketing materials.
- Security & Legal Compliance: Preventing and investigating illegal or suspicious activities, as well as ensuring Our compliance with all legal obligations, audits, due diligence, investigations, and reporting requirements under Applicable Regulations and for other purposes as required by Applicable Regulations.
- Implementation of Personal Data Controller Instruction: In the event that We act as a Personal Data Processor, We process Personal Data solely for the purposes determined by and based on the instructions of the relevant Personal Data Controller.
DISCLOSURE OF PERSONAL DATA
We will not sell or rent Your Personal Data. However, We may disclose, provide access to, or share Your Personal Data with Our affiliated companies and other third parties as necessary for legitimate, limited purposes and in accordance with applicable laws and regulations, including as follows:
1. Service Providers and Business Partners
We may share data with agents, vendors, suppliers, contractors, and partners who facilitate our operations or in connection with the implementation of our cooperation with such third parties, limited to what is necessary to carry out legitimate Personal Data Processing functions and purposes. Such parties may include, among others, service providers supporting order processing, delivery, account authentication, integration of our services on third-party platforms, as well as analytics, research, and product development activities.
2. Commercial and Marketing Partners
We may disclose data to third parties collaborating with Us to offer products or services, including marketing activities, provided that such activities are conducted in accordance with applicable laws and regulations and based on Your consent where required.
3. Legal Compliance and Government Authorities
We will share data if lawfully instructed or required by government institutions or authorized regulatory authorities. This includes responding to investigations, regulatory reporting, complying with record-keeping requirements, supporting government initiatives and programs, as well as other purposes as required under applicable laws and regulations.
4. Protection and Legal Proceedings
Data may be disclosed if there are legal proceedings of any kind between You and Us, or between You and other parties in connection with the Services, in order to protect the legal rights, interests, and/or safety of Us, users, or other third parties, to the extent permitted by applicable laws and regulations.
5. Insurance Partners
In connection with the processing of insurance claims related to Your transactions, We may share Your Personal Data with insurance brokerage companies or insurance providers collaborating with Us, limited to what is necessary for the purpose of processing such claims and in accordance with applicable laws and regulations.
DATA SECURITY AND STORAGE
1. Location and Security of Processing
Your Personal Data is stored and processed on servers located within the jurisdiction of the Republic of Indonesia using adequate technical and organizational security measures in accordance with applicable personal data protection standards.
Under certain conditions, Personal Data may be processed or stored outside the territory of Indonesia by Us or Our service providers, provided that this is carried out in accordance with applicable laws and regulations and with an equivalent level of protection.
We committed to protecting Your Personal Data from unauthorized access, use, or disclosure by:
- Using encryption to protect Personal Data during transfer and storage.
- Implementing strict physical and digital access restrictions on Personal Data within Our organization.
- Entering into contractual agreements with third parties that process Personal Data on Our behalf to ensure the implementation of equivalent protection measures.
2. Retention Period and Deletion
We will only retain Your Personal Data for as long as necessary to fulfill the purposes for which it was collected, for the specified retention period, or for as long as required by Applicable Regulations.
We will delete or anonymize the data (remove Your identity from the data) if:
- The Personal Data is no longer required for business or legal purposes.
- The retention period required by applicable laws and regulations has expired.
- There is a valid deletion request from You, unless retention is still required by law.
- The data has been processed for purposes that have been fulfilled and there is no other legal basis for retaining the data.
3. Limitation of Liability and Third-Party Storage
Please note that Your Personal Data may be stored by government institutions or other authorized third parties. You agree and acknowledge that, where We share data with such authorities in accordance with legal obligations, any further processing by such parties is beyond Our control and is subject to the respective policies of those parties.
To the extent permitted by applicable laws and regulations, We are not responsible for the processing of Personal Data by such third parties where such processing is beyond Our control and is not caused by Our fault or negligence.
TRANSFER OF PERSONAL DATA
In carrying out Our operations and providing Our services, We may need to transfer, store, or process Your Personal Data in countries outside the territory of the Republic of Indonesia. In the event of a data transfer, We will ensure that:
- the destination country of the transfer has a level of personal data protection that is equivalent to or higher than that provided under the applicable laws and regulations in Indonesia; and/or
- We implement adequate and legally binding protection measures, including data processing agreements and/or other lawful mechanisms in accordance with applicable laws and regulations; and/or
- We obtain Your consent where required by applicable laws and regulations.
Where We act as a Personal Data Processor, cross-border transfers are carried out based on the instructions of the relevant Personal Data Controller and in accordance with the contractual obligations applicable between Us and such Personal Data Controller.
LINKS TO OTHER SITES
Our Platform may provide links to other websites or services for Your convenience and information. Such websites or services operate independently from Us and are not under Our control. Such third parties have their own privacy policies and terms of use, which We encourage You to review carefully before using such services.
We are not responsible for the content, products, services, or privacy practices of such third parties. To the extent permitted by applicable laws and regulations, any access to and use of such third-party websites or services is at Your own responsibility. We are not responsible for any loss, damage, or Personal Data breach arising from the use of third-party services, provided that such loss, damage, or breach is not caused by Our fault or negligence.
COOKIES
We and Our third-party partners use Cookies, unique device identifiers, and other similar technologies to collect information about Your device and how You use the Platform. These technologies help Us adapt the Platform to Your needs, improve service efficiency, and personalize Your experience in accordance with applicable laws and regulations, including based on Your consent where required.
Types of Cookies We use:
- Session Cookies: Temporary Cookies used to remember Your visit session and automatically deleted when the browser is closed or the application session ends.
- Persistent Cookies: Cookies that remain stored on Your device for a certain period to remember Your preferences, such as language or login settings, even after the browser is closed.
- Analytical Cookies: Cookies managed by third parties to collect statistical data regarding user behaviour, Platform performance, and analysis of the effectiveness of Our features.
- Secure Cookies: Cookies that are only transmitted through encrypted connections (HTTPS) to protect sensitive information, such as login details.
- Strictly Necessary Cookies: Cookies required to operate the basic functions of the Platform and that cannot be disabled in Our systems. These Cookies are usually only set in response to actions taken by You, such as setting privacy preferences, logging in, or completing forms.
Your Control over Cookies:
You have the right to reject or restrict the use of Cookies through the settings on Your internet browser or device, as well as through the Cookie preference management mechanism that We provide, where available. You may do so by:
- Adjusting the privacy settings on Your browser to reject certain Cookies.
- Deleting Your browsing history and clearing Your browser cache.
- Managing Your advertising identifier (Advertising ID) preferences through Your device settings.
In addition, You may provide or withdraw Your consent to the use of certain Cookies, other than Strictly Necessary Cookies, at any time through the available settings.
Please note that if You reject or delete Cookies, certain functions or features of the Platform may not operate optimally or may not be fully accessible, particularly where the Cookies are essential to the operation of the Platform.
YOUR RIGHTS AS A DATA SUBJECT
Under applicable laws and regulations, particularly the Personal Data Protection Law in Indonesia, You have certain rights in relation to Your Personal Data, as follows:
- Rights to Access: You have the right to request access to and obtain a copy of Your Personal Data that We process.
- Rights to Update/Rectify: You have the right to request that We correct any errors or inaccuracies in, or update, Your Personal Data to ensure the accuracy of the data.
- Right to Erasure/Destroy: You have the right to request the deletion or destruction of Your Personal Data from Our systems, in accordance with applicable legal provisions.
- Right to Withdraw Consent: You have the right to withdraw the consent that You have previously given for the processing of Your Personal Data.
- Right to Restrict Processing: You have the right to request the restriction of the Processing of Your Personal Data under certain circumstances in accordance with applicable laws and regulations.
- Right to Object: You have the right to object to the Processing of Your Personal Data under certain circumstances in accordance with applicable legal provisions.
In connection with the operation of the Platform ecosystem, You acknowledge that We may act as a Personal Data Processor on behalf of and under the instructions of Our business partners acting as Personal Data Controllers. Accordingly:
- Submission of Requests: Any request relating to the exercise of Your rights as a Personal Data Subject will be forwarded by Us to the relevant Personal Data Controller for review and Processing in accordance with applicable legal obligations and agreements. We may assist in facilitating such request to the extent permitted and/or required under Our agreement with the relevant Personal Data Controller, including by taking further action in accordance with the instructions of such Personal Data Controller.
- Denial of Request: At the instruction or based on the decision of the relevant Personal Data Controller, We may deny a request to access, rectify, or erase some or all of Your Personal Data where permitted and/or required under Applicable Regulations.
- Grounds for Denial: A request may be denied where: (i) the request lacks a clear basis, is unreasonably repetitive, or is disproportionate; and/or (ii) fulfilling the request may interfere with legal proceedings, law enforcement activities, or an ongoing investigation; and/or (iii) the Personal Data remains necessary for compliance with legal, regulatory, or audit obligations, or for the establishment, exercise, or defence of legal rights, in accordance with applicable laws and regulations.
To submit a request or inquiry regarding Your rights, please contact Us through the Customer Service contact details specified in this Privacy Policy. We will respond to and facilitate Your request within a reasonable period in accordance with applicable laws and regulations, including by verifying Your identity where necessary.
UNSUBSCRIBE
If You no longer wish to receive promotional or marketing materials, or certain communications from Us, You may withdraw Your consent and/or opt out through the following methods:
- Through the Application: Disable the push notification feature through the settings menu in the “Tada – Membership & Rewards Wallet” application.
- By Email: Click the “Unsubscribe” link provided at the bottom of each marketing email that We send.
- Through Customer Service: Contact Us directly using the contact details specified in this Privacy Policy.
Your request will be processed within a reasonable period in accordance with applicable laws and regulations.
Please note that, even after You opt out of receiving marketing materials, We may continue to send You administrative and/or non-promotional communications that are necessary in connection with transactions, account security, or material changes to Our Services.
CONTACT US
If You have any questions, comments, or wish to exercise Your rights in relation to this Privacy Policy, please do not hesitate to contact Our Data Protection Officer (DPO) by email at: [email protected].
To protect Your Personal Data, We may request additional information to verify Your identity before following up on such request.
We will respond to Your request within a reasonable period in accordance with the applicable laws and regulations.
Last updated: […].
DEFINITION
In this Privacy Policy, unless otherwise determined by the context, the following terms shall have the meanings set out below:
Account refers to a unique digital identity registered within Tadakado ecosystem, created by You before using the Services through the registration process set out in the Terms and Conditions.
You/User refers to any individual acting as a Personal Data Subject, data subject, or party who is registered with and/or uses the features and services of Tadakado.
Goods refers to tangible items that can be delivered and meet the delivery criteria under the terms of the delivery service providers cooperating with Us.
Cookies are small text files placed on Your device (computer, tablet, or smartphone) when You access Tadakado. Cookies enable Us to recognize Your device, store user preferences, remember language settings, and help Us improve the performance, functionality, and effectiveness of the Services that We provide. In addition to Cookies, We may also use other similar tracking technologies (such as Mobile Advertising Identifiers, web beacons, or software development kits) for the purposes of recognizing Your device, storing preferences, and optimizing the performance and functionality of the Services across Our Platform ecosystem in accordance with applicable laws and regulations, including Your consent where required.
Personal Data refers to any data or information relating to an identified and/or identifiable individual, whether directly or indirectly, whether on its own or in combination with other information, and whether contained in Our electronic or non-electronic systems. This includes, but is not limited to, name, address, date of birth, telephone number, email address, gender, official identity documents (ID Card/Passport), photograph, and other data classified as personal data under applicable laws and regulations.
Services refers to all forms of services, information, features, and/or functions that We provide and manage through Tadakado.
Customer Service refers to the official help center that We provide through telephone number 1-500-340, email at [email protected], the Live Chat feature, or WhatsApp at +62-813-1500-7070.
One-Time Password (OTP) means a confidential code that We send to You and that may only be used once for the authentication or security verification of Your Account.
Applicable Regulations refers to all laws, government regulations, protocols, industry codes, and requirements of administrative or judicial authorities in the territory of the Republic of Indonesia (including but not limited to the Personal Data Protection Law) that apply from time to time during the validity period of this Privacy Policy.
Products refers to anything, including Goods, displayed on the Site that You may redeem using Your available balance or points.
Site refers to www.tadakado.id, which is provided and managed by Us.
Tadakado refers to all Tadakado digital access channels (Lite, Plus, and Go) provided and managed by Us, including but not limited to the Site, applications, and WhatsApp chatbots.
SCOPE OF PERSONAL DATA PROCESSING
We carry out Personal Data Processing, including collecting, using, storing, and/or transferring Your Personal Data, whether general or specific (sensitive) in nature, to ensure that Tadakado can function optimally in accordance with the Services that We provide.
Such Personal Data may be provided by You to Us directly or indirectly through various forms or methods of collection, where the type of data collected depends on the circumstances of the collection and the nature of the services or transactions You carry out.
To the extent permitted by the Applicable Regulations, We will manage such Personal Data based on the categories and purposes set out in this Privacy Policy, as well as based on a lawful basis for processing in accordance with applicable legal provisions. This is done to ensure the best experience for You and to ensure the fulfillment of Our legal obligations across the entire Tadakado ecosystem.
1. Categories of Personal Data We Collect
- Identity and Contact Data: Full name, username, password, identification number (such as ID Card/KTP), taxpayer identification number (NPWP), user identity or other identifiers, job title, date and place of birth, gender, occupation, nationality, photograph, biometric data (where relevant and in accordance with consent or the applicable legal basis), delivery address and related information, email address, phone number, other contact information, and WhatsApp public profile information (if applicable).
- Transaction Data: Details and history of orders/transactions, balance redemption (points/rewards), interests, preferences, feedback, survey responses, and details of delivery or service performance.
- Technical and Device Data: Data: Internet Protocol (IP) address, user identity (User ID), unique device identifiers (IMEI, advertising ID, MAC address), hardware model, operating system and version, device motion information, as well as system activity logs and mobile network information.
- Usage Data and Metadata: Information on how You use Our Services, pages or features accessed, time and duration of use. Specifically for interactions through WhatsApp, this includes communication metadata such as message delivery time and message delivery or read status.
- Location Data: Your real-time geographical location information, including longitude-latitude coordinates, time zone, and Wi-Fi location (where enabled by You and in accordance with the consent provided through the device or Tadakado).
Third Party Data: If You provide Us with Personal Data relating to another individual, such as Your spouse, family member, friend, or another party, You are responsible for ensuring that You have obtained valid consent from such individual and are authorized to provide such consent for Our Processing of their Personal Data. We may request evidence of such consent from You at any time in accordance with applicable laws and regulations.
Important: Where We are required to collect Personal Data under the law or under the terms of an agreement with You, and You choose not to provide the requested Personal Data or provide incomplete data, We may be unable to provide the Services optimally, may delay the provision of the Services, or may be unable to perform Our contractual obligations to You.
2. Data Collection Methods
- Directly: Data that You provide when registering an account, using Tadakado features, providing feedback, interacting with Us directly, or corresponding with Us by mail, email, or by contacting Our Customer Service, including in connection with the use of Services provided by the relevant Personal Data Controller (where applicable).
- Automatically: Each time You visit or interact with Tadakado using Your device, the system may automatically collect Technical Data and location data (where enabled).
We may collect Your real-time geographic location data where You provide permission through Your device or the Platform and in accordance with applicable laws and regulations. In certain circumstances, You may be requested to enable the Global Positioning System (GPS) to optimize Your user experience (for example, to provide accurate information regarding distance or courier estimated arrival time). You always have the option to temporarily disable the location tracking feature in Your device settings; however, please note that such disabling may limit the availability or performance of certain features on Tadakado. In addition, We also automatically collect certain data using Cookies and similar tracking technologies (as further described in the Cookies section of this Privacy Policy) in accordance with Your consent where required by applicable laws and regulations. Specifically for interactions via WhatsApp, We automatically record communication metadata, including delivery time, message status, and available public profile information
- Third Party: Data obtained from business partners, agents, vendors, or suppliers that cooperate with or provide services to Us. In such circumstances, We will only collect Your Personal Data to the extent necessary for lawful cooperation purposes, in accordance with the instructions of the Personal Data Controller (where applicable), and by ensuring that such third parties have a lawful basis for processing in accordance with applicable laws and regulations.
3. Purpose of Information Use
- Account Management: To identify and register You as a User and to create, verify, deactivate, or manage Your Account, including for the performance of Our contractual obligations to You.
- Provision of Services: To enable Us to provide Services that are currently available, requested by You, or made available in the future, including to fulfil Your requests and perform Our contractual relationship with You.
- Transaction Processing: To process and facilitate orders and balance redemption transactions made by You through Tadakado, including for transaction recording and reporting purposes.
- Notifications: To notify You of transactions or activities occurring within Tadakado, including administrative and/or mandatory communications.
- Electronic Wallet Integration: To facilitate the linking of Your Account and/or electronic wallet (e-wallet), where You enable such linking feature on Tadakado, in accordance with Your consent and the applicable terms of the relevant third-party services.
- Service Communications: To communicate with You and provide information in connection with Your use of Tadakado, including for customer support and the provision of important information relating to the Services.
- Service Updates: To notify You of any changes to Tadakado’s features, Services, or policies, including changes that may affect Your rights and obligations.
- Complaint Handling: To process, resolve, and address complaints, issues, questions, and suggestions received from You.
- Balance Management: To accurately process and manage Your balance.
- Partner Services: To provide access to or services from Our strategic partners, including integrations with third-party services in accordance with applicable terms.
- Tadakado Optimization: To monitor the use of Tadakado and to manage, support, and improve its performance efficiency, growth, user experience, and functionality, to the extent permitted by applicable laws and regulations.
- Technical Support: To provide assistance and resolve technical difficulties or operational issues within the Tadakado ecosystem.
- Analytics and Development: To generate statistical and analytical data for testing, research, behavioural analysis, product development, and collaboration purposes, including to improve service quality and support product innovation.
- Security and Protection: To prevent, detect, and investigate suspicious transactions or any prohibited, illegal, unauthorized, or fraudulent activities, and to protect Our rights, interests, and security, as well as those of You and/or third parties.
- Legal Compliance: To enable Us to comply with all obligations under Applicable Regulations, including responding to requests from authorities and fulfilling record-keeping, reporting, audit, due diligence, and investigation requirements.
- Other Purposes: For other purposes that are reasonably related to and not inconsistent with the primary purposes of the Processing of Personal Data described in this Privacy Policy, which will be notified to You and, where required under applicable laws and regulations, carried out based on Your consent.
DISCLOSURE OF PERSONAL DATA
We may disclose, provide access to, or share Your Personal Data with Our affiliates and other third parties to the extent necessary for legitimate, limited purposes and in accordance with applicable laws and regulations, including as follows:
1. Service Providers and Business Partners
We may share data with agents, vendors, suppliers, contractors, and partners that facilitate Our operations or in connection with Our cooperation with such third parties, solely to the extent necessary to carry out legitimate Personal Data Processing functions and purposes. Such parties may include, among others, service providers that support order processing, delivery, Account authentication, integration of Our Services into third-party platforms, and analytics, research, and product development activities.
2. Commercial and Marketing Partners
We may disclose data to third parties that cooperate with Us to offer products or services, including for marketing activities, provided that such disclosure is carried out in accordance with applicable laws and regulations and based on Your consent where required.
3. Legal Compliance and Government Authorities
We will share data where lawfully ordered or required to do so by government institutions or competent regulatory authorities. This includes responding to investigations, fulfilling regulatory reporting and record-keeping requirements, supporting government initiatives and programs, and other purposes as required under applicable legal provisions.
4. Protection and Legal Proceedings
Data may be disclosed if there are legal proceedings of any kind between You and Us, or between You and other parties in connection with the Services, in order to protect the legal rights, interests, and/or safety of Us, users, or other third parties, to the extent permitted by applicable laws and regulations.
5. Insurance Partner
In connection with the processing of insurance claims related to Your transactions, We may share Your Personal Data with insurance brokerage companies or insurance providers collaborating with Us, limited to what is necessary for the purpose of processing such claims and in accordance with applicable laws and regulations.
DATA SECURITY AND STORAGE
1. Location and Security of Processing
Your Personal Data is stored and processed on servers located within the jurisdiction of the Republic of Indonesia using adequate technical and organizational security measures in accordance with applicable personal data protection standards.
Under certain conditions, Personal Data may be processed or stored outside the territory of Indonesia by Us or Our service providers, provided that this is carried out in accordance with applicable laws and regulations and with an equivalent level of protection.
We committed to protecting Your Personal Data from unauthorized access, use, or disclosure by:
- Using encryption to protect Personal Data during transfer and storage.
- Implementing strict physical and digital access restrictions on Personal Data within Our organization.
- Entering into contractual agreements with third parties that process Personal Data on Our behalf to ensure the implementation of equivalent protection measures.
2. Retention Period and Deletion
We will only retain Your Personal Data for as long as necessary to fulfill the purposes for which it was collected, for the specified retention period, or for as long as required by Applicable Regulations.
We will delete or anonymize the data (remove Your identity from the data) if:
- The Personal Data is no longer required for business or legal purposes.
- The retention period required by applicable laws and regulations has expired.
- There is a valid deletion request from You, unless retention is still required by law.
- The data has been processed for purposes that have been fulfilled and there is no other legal basis for retaining the data.
3. User and Third-Party Responsibilities
- Account Confidentiality: You are fully responsible for maintaining the confidentiality of Your Account details. You must not share Your Account details, including Your Personal Identification Number (PIN) and One-Time Password (OTP), with anyone, and You are responsible for the security of the device that You use.
- Third-Party Storage: Where We share data with government institutions or competent authorities in accordance with this policy, You acknowledge that the storage of such data will be subject to the retention policies of the respective institutions and will be outside Our direct control.
- Limitation of Liability: To the extent permitted by Applicable Regulations, We are not responsible for any losses arising from activities or Processing of Personal Data that are outside Our control and are not caused by Our fault or negligence.
TRANSFER OF PERSONAL DATA
In carrying out Our operations and providing Our services, We may need to transfer, store, or process Your Personal Data in countries outside the territory of the Republic of Indonesia. In the event of a data transfer, We will ensure that:
- the destination country of the transfer has a level of personal data protection that is equivalent to or higher than that provided under the applicable laws and regulations in Indonesia; and/or
- We implement adequate and legally binding protection measures, including data processing agreements and/or other lawful mechanisms in accordance with applicable laws and regulations; and/or
- We obtain Your consent where required by applicable laws and regulations.
LINKS TO OTHER SITES
Our Platform may provide links to other websites or services for Your convenience and information. Such websites or services operate independently from Us and are not under Our control. Such third parties have their own privacy policies and terms of use, which We encourage You to review carefully before using such services.
We are not responsible for the content, products, services, or privacy practices of such third parties. To the extent permitted by applicable laws and regulations, any access to and use of such third-party websites or services is at Your own responsibility. We are not responsible for any loss, damage, or Personal Data breach arising from the use of third-party services, provided that such loss, damage, or breach is not caused by Our fault or negligence.
COOKIES
We and Our third-party partners use Cookies, unique device identifiers, and other similar technologies to collect information about Your device and how You use Tadakado. These technologies help Us adapt the Platform to Your needs, improve service efficiency, and personalize Your experience in accordance with applicable laws and regulations, including based on Your consent where required.
Types of Cookies We use:
- Session Cookies: Temporary Cookies used to remember Your visit session and automatically deleted when the browser is closed or the application session ends.
- Persistent Cookies: Cookies that remain stored on Your device for a certain period to remember Your preferences, such as language or login settings, even after the browser is closed.
- Analytical Cookies: Cookies managed by third parties to collect statistical data regarding user behaviour, Platform performance, and analysis of the effectiveness of Our features.
- Secure Cookies: Cookies that are only transmitted through encrypted connections (HTTPS) to protect sensitive information, such as login details.
- Strictly Necessary Cookies: Cookies required to operate the basic functions of Tadakado and that cannot be disabled in Our systems. These Cookies are usually only set in response to actions taken by You, such as setting privacy preferences, logging in, or completing forms.
Your Control over Cookies:
You have the right to reject or restrict the use of Cookies through the settings on Your internet browser or device, as well as through the Cookie preference management mechanism that We provide, where available. You may do so by:
- Adjusting the privacy settings on Your browser to reject certain Cookies.
- Deleting Your browsing history and clearing Your browser cache.
- Managing Your advertising identifier (Advertising ID) preferences through Your device settings.
In addition, You may provide or withdraw Your consent to the use of certain Cookies, other than Strictly Necessary Cookies, at any time through the available settings.
Please note that if You reject or delete Cookies, certain functions or features of the Platform may not operate optimally or may not be fully accessible, particularly where the Cookies are essential to the operation of Tadakado.
YOUR RIGHTS AS A DATA SUBJECT
Under applicable laws and regulations, particularly the Personal Data Protection Law in Indonesia, You have certain rights in relation to Your Personal Data, as follows:
- Rights to Access: You have the right to request access to and obtain a copy of Your Personal Data that We process.
- Rights to Update/Rectify: You have the right to request that We correct any errors or inaccuracies in, or update, Your Personal Data to ensure the accuracy of the data.
- Right to Erasure/Destroy: You have the right to request the deletion or destruction of Your Personal Data from Our systems, in accordance with applicable legal provisions.
- Right to Withdraw Consent: You have the right to withdraw the consent that You have previously given for the processing of Your Personal Data.
- Right to Restrict Processing: You have the right to request the restriction of the Processing of Your Personal Data under certain circumstances in accordance with applicable laws and regulations.
- Right to Object: You have the right to object to the Processing of Your Personal Data under certain circumstances in accordance with applicable legal provisions.
You may withdraw Your consent to the Processing of certain Personal Data at any time by providing reasonable written notice to Us through the available contact details.
Such withdrawal of consent may affect the provision of the Services, subject to the following conditions:
- Withdrawal of consent may result in Us being unable to provide some or all of the Services to You;
- We will provide information on the relevant consequences before or at the time the withdrawal of consent is made;
- To the extent permitted by applicable laws and regulations, We shall not be responsible for any limitation of the Services arising as a direct result of such withdrawal of consent.
We may refuse Your request to access, rectify, and/or erase some or all of the Personal Data that We possess or control where permitted or required by Applicable Regulations. This includes, but is not limited to, circumstances where We consider that:
- The request lacks a clear basis, is unreasonably repetitive, or is disproportionate;
- Fulfilling the request may violate applicable laws or contractual obligations;
- The Personal Data is still required for law enforcement purposes, judicial proceedings, compliance with legal obligations, audit purposes, or the defence of rights in accordance with applicable laws and regulations.
UNSUBSCRIBE
If You no longer wish to receive promotional or marketing materials, or certain communications from Us, You may withdraw Your consent and/or opt out through the following methods:
- By Email: Click the “Unsubscribe” link provided at the bottom of each marketing email that We send.
- Through Customer Service: Contact Us directly using the contact details specified in this Privacy Policy.
Your request will be processed within a reasonable period in accordance with applicable laws and regulations.
Please note that, even after You opt out of receiving marketing materials, We may continue to send You administrative and/or non-promotional communications that are necessary in connection with transactions, account security, or material changes to Our Services.
CONTACT US
If You have any questions, comments, or wish to exercise Your rights in relation to this Privacy Policy, please do not hesitate to contact Our Data Protection Officer (DPO) by email at: [email protected].
To protect Your Personal Data, We may request additional information to verify Your identity before following up on such request.
We will respond to Your request within a reasonable period in accordance with the applicable laws and regulations.
(Previously known as Rewardku)
Last updated: […].
By using and/or accessing Loyalty and Rewards SME, You acknowledge that You have read and understood this Privacy Policy. You understand that We and the client (business partner) act as joint Personal Data Controllers in relation to Personal Data collected, used, stored, and/or disclosed through Loyalty and Rewards SME.
Tada and the Client are each responsible for the Processing of Personal Data in accordance with their respective roles and responsibilities in the provision of the Services and are required to comply with Applicable Regulations. Information regarding the allocation of roles and responsibilities between Tada and the Client will be further described in this Privacy Policy.
DEFINITION
In this Privacy Policy, unless otherwise determined by the context, the following terms shall have the meanings set out below:
You refers to any individual, acting as a Personal Data Subject, who accesses, interacts with, or is registered as a user of the Loyalty and Rewards SME to use the Services that We provide.
Cookies are small text files placed on Your device (computer, tablet, or smartphone) when You access Loyalty and Rewards SME. Cookies enable Us to recognize Your device, store user preferences, remember language settings, and help Us improve the performance, functionality, and effectiveness of the Services that We provide. In addition to Cookies, We may also use other similar tracking technologies (such as Mobile Advertising Identifiers, web beacons, or software development kits) for the purposes of recognizing Your device, storing preferences, and optimizing the performance and functionality of the Services across Our Platform ecosystem in accordance with applicable laws and regulations, including Your consent where required.
Personal Data refers to any data or information relating to an identified and/or identifiable individual, whether directly or indirectly, whether on its own or in combination with other information, and whether contained in Our electronic or non-electronic systems. This includes, but is not limited to, name, address, date of birth, telephone number, email address, gender, official identity documents (ID Card/Passport), photograph, and other data classified as personal data under applicable laws and regulations.
We/Our/Us refers to Tada and the Client collectively, who in this case act as joint Personal Data Controllers.
Terms of Use refers to the terms and conditions, standard operating procedures, or other provisions established by Us from time to time in connection with the use of Loyalty and Rewards SME.
Client refers to a legal entity or business partner that cooperates with Tada as the program owner and joint Personal Data Controller with Tada in the context of the implementation of the loyalty and rewards program.
Services refers to all services and features provided by Tada through Loyalty and Rewards SME, including but not limited to account management, loyalty programs, balance redemption, system integration, and customer support services.
Customer Services refers to the official help center that We provide through telephone number 1-500-340, email at [email protected], the Live Chat feature, or WhatsApp at +62-813-1500-7070.
Applicable Regulations refers to all laws, government regulations, protocols, industry codes, and requirements of administrative or judicial authorities within the territory of the Republic of Indonesia (including but not limited to the Personal Data Protection Law) that apply from time to time during the validity period of this Privacy Policy.
Platform refers to the entire digital ecosystem developed and managed by Tada to provide the Services, including but not limited to websites, mobile applications, and official WhatsApp Business accounts.
Tada refers to PT Aksi Visitama, a limited liability company established under the laws of the Republic of Indonesia.
SCOPE OF PERSONAL DATA PROCESSING
We Process Personal Data, including collecting, using, storing, and/or transferring Your Personal Data, whether general or specific (sensitive) in nature, to ensure that the Platform can perform its functions optimally in accordance with the Services that We provide.
You may provide such Personal Data to Us directly or indirectly through various forms or methods of collection, where the types of data collected depend on the circumstances of the collection and the nature of the services or transactions that You undertake.
To the extent permitted by the Applicable Regulations, We will manage such Personal Data based on the categories and purposes set out in this Privacy Policy, as well as based on a lawful basis for processing in accordance with applicable legal provisions. This is done to ensure the best experience for You and to ensure the fulfillment of Our legal obligations across the entire Platform ecosystem.
1. Categories of Personal Data We Collect
- Identity and Contact Data: Full name, username, password, identification number (such as ID Card/KTP), taxpayer identification number (NPWP), user identity or other identifiers, job title, date and place of birth, gender, occupation, nationality, photograph, biometric data (where relevant and in accordance with consent or the applicable legal basis), delivery address and related information, email address, phone number, other contact information, and WhatsApp public profile information (if applicable).
- Transaction Data: Details and history of orders/transactions, balance redemption (points/rewards), interests, preferences, feedback, survey responses, and details of delivery or service performance.
- Technical and Device Data: Data: Internet Protocol (IP) address, user identity (User ID), unique device identifiers (IMEI, advertising ID, MAC address), hardware model, operating system and version, device movement information, system activity logs, and mobile network information.
- Usage Data and Metadata: Information on how You use Our Services, pages or features accessed, time and duration of use. Specifically for interactions through WhatsApp, this includes communication metadata such as message delivery time and message delivery or read status.
- Location Data: Your real-time geographical location information, including longitude-latitude coordinates, time zone, and Wi-Fi location (where enabled by You and in accordance with the consent provided through the device or Platform).
Important: Where We are required to collect Personal Data under the law or under the terms of an agreement with You, and You choose not to provide the requested Personal Data or provide incomplete data, We may be unable to provide the Services optimally, may delay the provision of the Services, or may be unable to perform Our contractual obligations to You or to the relevant Personal Data Controller.
2. Data Collection Methods
- Directly: Data that You provide when registering an account, using Platform features, providing feedback, interacting with Us directly, or corresponding with Us by mail, email, or by contacting Our Customer Service, including in connection with the use of Services provided by the relevant Personal Data Controller (where applicable).
- Automatically: Each time You visit or interact with Our Platform using Your device, the system may automatically collect Technical Data and location data (where enabled).
We may collect Your real-time geographic location data where You provide permission through Your device or the Platform and in accordance with applicable laws and regulations. In certain circumstances, You may be requested to enable the Global Positioning System (GPS) to optimize Your user experience (for example, to provide accurate information regarding distance or courier estimated arrival time). You always have the option to temporarily disable the location tracking feature in Your device settings; however, please note that such disabling may limit the availability or performance of certain features on the Platform.
In addition, We also automatically collect certain data using Cookies and similar tracking technologies (as further described in the Cookies section of this Privacy Policy) in accordance with Your consent where required by applicable laws and regulations.
Specifically for interactions via WhatsApp, We automatically record communication metadata, including delivery time, message status, and available public profile information.
- Third Parties: Data obtained from business partners, agents, vendors, or suppliers that cooperate with or provide services to Us. In such circumstances, We will only collect Your Personal Data to the extent necessary for lawful cooperation purposes, in accordance with the instructions of the Personal Data Controller (where applicable), and by ensuring that such third parties have a lawful basis for processing in accordance with applicable laws and regulations.
3. Purpose of Information Use
- Operations & Administration: Identifying, verifying, creating, deactivating, and managing your account as a User, as well as providing services and processing orders or balance redemption transactions conducted by you, linking accounts or electronic wallets (e-wallets), and providing additional services from our relevant partners, including the fulfillment of our contractual obligations to you and/or the relevant Personal Data Controller.
- Communication & Services: Notifying account activities, transactions, and changes occurring within the Platform, providing technical assistance through customer service, and handling Your complaints or suggestions, including communications necessary for the provision of the Services.
- Platform Development: Monitoring Platform usage, generating statistical and analytical data for research and product development purposes to improve user experience, including for enhancing security, service quality, and personalization of user experience, to the extent permitted by applicable laws and regulations.
- Marketing & Promotion: Sending promotional materials or other marketing materials.
- Security & Legal Compliance: Preventing and investigating illegal or suspicious activities, as well as ensuring Our compliance with all legal obligations, audits, due diligence, investigations, and reporting requirements under Applicable Regulations and for other purposes as required by Applicable Regulations.
DISCLOSURE OF PERSONAL DATA
We may disclose, provide access to, or share Your Personal Data with Our affiliates and other third parties to the extent necessary for legitimate, limited purposes and in accordance with applicable laws and regulations, including as follows:
1. Service Providers and Business Partners
We may share data with agents, vendors, suppliers, contractors, and partners that facilitate Our operations or in connection with Our cooperation with such third parties, solely to the extent necessary to carry out legitimate Personal Data Processing functions and purposes. Such parties may include, among others, service providers that support order processing, delivery, Account authentication, integration of Our Services into third-party platforms, and analytics, research, and product development activities.
2. Commercial and Marketing Partners
We may disclose data to third parties that cooperate with Us to offer products or services, including for marketing activities, provided that such disclosure is carried out in accordance with applicable laws and regulations and based on Your consent where required.
3. Legal Compliance and Government Authorities
We will share data where lawfully ordered or required to do so by government institutions or competent regulatory authorities. This includes responding to investigations, fulfilling regulatory reporting and record-keeping requirements, supporting government initiatives and programs, and other purposes as required under applicable legal provisions.
4. Protection and Legal Proceedings
Data may be disclosed if there are legal proceedings of any kind between You and Us, or between You and other parties in connection with the Services, in order to protect the legal rights, interests, and/or safety of Us, users, or other third parties, to the extent permitted by applicable laws and regulations.
5. Insurance Partner
In connection with the processing of insurance claims related to Your transactions, We may share Your Personal Data with insurance brokerage companies or insurance providers collaborating with Us, limited to what is necessary for the purpose of processing such claims and in accordance with applicable laws and regulations.
DATA SECURITY AND STORAGE
1. Location and Security of Processing
Your Personal Data is stored and processed on servers located within the jurisdiction of the Republic of Indonesia using adequate technical and organizational security measures in accordance with applicable personal data protection standards.
Under certain conditions, Personal Data may be processed or stored outside the territory of Indonesia by Us or Our service providers, provided that this is carried out in accordance with applicable laws and regulations and with an equivalent level of protection.
We committed to protecting Your Personal Data from unauthorized access, use, or disclosure by:
- Using encryption to protect Personal Data during transfer and storage.
- Implementing strict physical and digital access restrictions on Personal Data within Our organization.
- Entering into contractual agreements with third parties that process Personal Data on Our behalf to ensure the implementation of equivalent protection measures.
2. Retention Period and Deletion
We will only retain Your Personal Data for as long as necessary to fulfill the purposes for which it was collected, for the specified retention period, or for as long as required by Applicable Regulations.
We will delete or anonymize the data (remove Your identity from the data) if:
- The Personal Data is no longer required for business or legal purposes.
- The retention period required by applicable laws and regulations has expired.
- There is a valid deletion request from You, unless retention is still required by law.
3. Joint Controllers Responsibilities
Tada and the Client are each responsible for the security, management, and deletion of Personal Data that falls within their respective scope of control in their roles as joint Personal Data Controllers. Tada and the Client will coordinate reasonably to ensure an adequate level of Personal Data protection across the Platform ecosystem, in accordance with applicable laws and regulations.
4. Limitation of Liability and Third-Party Storage
Data that has been disclosed to government institutions or authorized third parties will be subject to the retention policies of the respective institutions and will be outside Our control.
To the extent permitted by applicable laws and regulations, We are not responsible for any losses arising from the Processing or storage of Personal Data by such third parties where such Processing or storage is outside Our control and is not caused by Our fault or negligence.
TRANSFER OF PERSONAL DATA
In carrying out Our operations and providing Our services, We may need to transfer, store, or process Your Personal Data in countries outside the territory of the Republic of Indonesia. In the event of a data transfer, We will ensure that:
- the destination country of the transfer has a level of personal data protection that is equivalent to or higher than that provided under the applicable laws and regulations in Indonesia; and/or
- We implement adequate and legally binding protection measures, including data processing agreements and/or other lawful mechanisms in accordance with applicable laws and regulations; and/or
- We obtain Your consent where required by applicable laws and regulations.
Where We act as a Personal Data Processor, cross-border transfers are carried out based on the instructions of the relevant Personal Data Controller and in accordance with the contractual obligations applicable between Us and such Personal Data Controller.
LINKS TO OTHER SITES
Our Platform may provide links to other websites or services for Your convenience and information. Such websites or services operate independently from Us and are not under Our control. Such third parties have their own privacy policies and terms of use, which We encourage You to review carefully before using such services.
We are not responsible for the content, products, services, or privacy practices of such third parties. To the extent permitted by applicable laws and regulations, any access to and use of such third-party websites or services is at Your own responsibility. We are not responsible for any loss, damage, or Personal Data breach arising from the use of third-party services, provided that such loss, damage, or breach is not caused by Our fault or negligence.
YOUR RIGHTS AS A DATA SUBJECT
Under applicable laws and regulations, particularly the Personal Data Protection Law in Indonesia, You have certain rights in relation to Your Personal Data, as follows:
- Rights to Access: You have the right to request access to and obtain a copy of Your Personal Data that We process.
- Rights to Update/Rectify: You have the right to request that We correct any errors or inaccuracies in, or update, Your Personal Data to ensure the accuracy of the data.
- Right to Erasure/Destroy: You have the right to request the deletion or destruction of Your Personal Data from Our systems, in accordance with applicable legal provisions.
- Right to Withdraw Consent: You have the right to withdraw the consent that You have previously given for the processing of Your Personal Data.
- Right to Restrict Processing: You have the right to request the restriction of the Processing of Your Personal Data under certain circumstances in accordance with applicable laws and regulations.
- Right to Object: You have the right to object to the Processing of Your Personal Data under certain circumstances in accordance with applicable legal provisions.
Considering that Tada and the Client act as joint Personal Data Controllers, any request You submit will be handled by Tada and/or the Client in accordance with the respective roles and responsibilities of each party.
Such coordination will be carried out based on the arrangement between Tada and the Client and applicable laws and regulations to ensure the effective fulfillment of Your rights.
We may request additional information to verify Your identity before following up on such request.
Tada and/or the Client may refuse Your request where permitted and/or required by applicable laws and regulations, by providing You with valid grounds, including under the following circumstances:
- The request does not meet the applicable legal requirements;
- The request lacks a clear basis, is unreasonably repetitive, or is disproportionate;
- The Personal Data remains necessary to fulfill legal, compliance, or audit obligations, or for the defence of rights in accordance with applicable laws and regulations;
- Fulfilling the request may violate applicable laws or contractual obligations.
To submit a request or inquiry regarding Your rights, please contact Us through the Customer Service contact details specified in this Privacy Policy. We will respond to and facilitate Your request within a reasonable period in accordance with applicable legal requirements.
UNSUBSCRIBE
If You no longer wish to receive promotional or marketing materials, or certain communications from Us, You may withdraw Your consent and/or opt out through the following methods:
- By Email: Click the “Unsubscribe” link provided at the bottom of each marketing email that We send.
- Through Customer Service: Contact Us directly using the contact details specified in this Privacy Policy.
Your request will be processed within a reasonable period in accordance with applicable laws and regulations.
Please note that, even after You opt out of receiving marketing materials, We may continue to send You administrative and/or non-promotional communications that are necessary in connection with transactions, account security, or material changes to Our Services
CONTACT US
If You have any questions, comments, or wish to exercise Your rights in relation to this Privacy Policy, please do not hesitate to contact Our Data Protection Officer (DPO) by email at: [email protected].
To protect Your Personal Data, We may request additional information to verify Your identity before following up on such request.
We will respond to Your request within a reasonable period in accordance with the applicable laws and regulations.