Privacy Policy
PT. Panen Lestari Indonesia, Tbk., (“PLI” or “we”) is a company engaged in the retail sector and is domiciled in Indonesia.
PLI understands that in carrying out our operational activities, your privacy as a consumer is very important and we will always be committed to respecting and protecting the personal data of parties related to PLI.
This privacy policy regulate how PT Panen Lestari Indonesia, Tbk., and/or all of its subsidiaries ("Business Group") process your personal data and your rights as subject data.
I. LAWFUL BASIS
Business Group may process your personal data if one of the following applies:
a. You have given a consent by clicking the consent sign at the consent box;
b. Providing personal data is necessary for the implementation of agreement between you and the Business Group;
c. Processing is necessary to fulfil legal obligations that the Business Group must fulfil;
d. Processing is related to tasks carried out in the public interest or the exercise of official authority granted to you; or
e. Processing is necessary for legitimate interests pursued by the Business Group or third parties.
II. PURPOSE
We will use and process your personal data for the purposes covered in this privacy policy, and we will retain it for as long as necessary for those purposes and in accordance with applicable laws and regulations. PLI will collect your personal data for the following purposes:
a. account registration, transactional interests including but not limited to purchasing, paying, and/or delivering products;
b. make improvements to our services and products to ensure that the content presented is appropriate and efficient for you;
c. generate statistical and research data for internal reporting and/or record keeping requirements;
d. to initiate and maintain correspondence with you via electronic mail (email), SMS (short message service), registered mail, telephone calls and other channels;
e. to control and prevent potential fraud against you and against us during the purchase process. If we determine that the transaction is potentially fraudulent, this processing may terminate the transaction;
f. to send marketing communications, advertisements, vouchers, surveys, and information directly or targeted, and information about special offers or promotions and when events, promotions, features, or launches occur; and
g. to perform contractual obligation, legal and/or regulatory compliance including compliance with legal or regulatory requirements.
III. COLLECTED DATA
1. We collect your personal data in various forms while you, among others:
a. directly submit your personal data, for example, when you use, register, submit a question, and/or shopping online through our sites or electronic systems, social media, or electronic systems or provided by third parties;
b. submit your personal data to Business Group or appointed third party during marketing activities, direct sales, or competition events.
c. other information resources such as referral program, our business partner, public information, as emergency contact, financial institution, or government institution.
2. Among the types of personal data, either directly by Business Group or through third parties, including but not limited to:
a. Contact information (such as full name, address, family data, e-mail address and telephone and/or mobile phone number.
b. Demographic information (such as age, gender and nationality).
c. Photos and video recordings.
d. Banking information (such as account number, credit card information, payment history).
e. MAP loyalty points information.
IV. THE PERIOD OF DATA PROCESSING
1. We process your Personal Data as long as you give consent and as necessary to fulfill the purposes of its submission and collection, or as required by applicable laws and regulations.
The Business Group may be permitted to process Personal Data for a more extended period whenever the User has given consent to such processing, as long as such consent is not withdrawn. In addition, the Business Group may be obliged to retain Personal Data for a more extended period whenever requested to do so for the performance of legal obligations or upon order of an authority.
V. DATA STORAGE AND PROCESSING
1. The Business Group takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of Personal Data. Your Personal Data will be stored in corporate database center with strict access restrictions.
2. Data processing is carried out using computers and/or supporting tools, following procedures and organisational modes closely related to the indicated objectives. Apart from the Business Group, in some cases, Personal Data may be accessed by certain types of persons in charge (administration, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting provider, IT company, communications agency) appointed, if necessary, as data processor by the Business Group.
3. Depending on your location and the Business Group, the transfer of Personal Data may involve the transfer of Personal Data to a country other than your country and/or the country of the Business Group. If such a transfer occurs, you can find out more by checking the relevant sections of this document or asking the Business Group using the information provided in the contact section.
4. Business Group will only share your Personal Data with those who have a legitimate business need for it, competent law enforcement bodies, regulators, government agencies, courts, or other third parties where disclosure is required due to applicable laws or regulations. Whenever we permit a third party to access your Personal Data, we will ensure the Personal Data is used in a manner consistent with this privacy notice. Your Personal Data may be shared with our subsidiaries and affiliates and other third parties, including service providers
VI. RETENTION PERIOD
1. Personal Data will be stored for as long as required by the purposes for which it was collected and/or for as long as such storage is necessary or permitted under the applicable laws and regulations.
2. Once the retention period ends, Personal Data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the retention period ends.
VII. DATA PROTECTION
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information stay confidential.
We have implemented various types of physical, technical and administrative safeguards to protect your personal data and our network from unauthorized access.
However, we cannot completely guarantee the security of any personal data we may have collected from or about you, or that for example no harmful code will enter our websites, applications and digital services (for example viruses, bugs, spyware or adware). You should be aware of the risks associated with using websites, applications and digital services.
VIII. YOUR RIGHT AND OBLIGATION
1. You have the rights as a personal data subject to access, erase, rectify, and other rights as stipulated in Law No. 27 of 2022 on Personal Data Protection.
2. You are responsible to ensure the accuracy of your Personal Data and shall inform us to rectify, complete, and/or renew your Personal Data. In the event there is any inaccuracy to your Personal Data, we reserve our right to terminate your usage on one of our electronic system. To make a request to exercise one of the above rights, you may contact cs@pli-indonesia.co.id by email.
IX. MISCELLANEOUS
1. We may revise this privacy policy from time to time.
2. The revised privacy policy shall apply from the date of publication, and you hereby waive any right you may otherwise have to be notified of, or to consent to, revisions of this privacy policy.
3. You hereby agree that we may assign, transfer, sub-contract or otherwise deal with our rights and/or obligations under this privacy policy.
4. If a provision of these privacy policy is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions will continue in effect.
5. If any unlawful and/or unenforceable provision of this privacy policy would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect.
6. A provision under this privacy policy is for our benefit and your benefit and is not intended to benefit or be enforceable by any third party.
7. The exercise of the parties’ rights under a contract under this privacy policy is not subject to the consent of any third party.
8. Our privacy policy shall constitute the entire agreement on data processing between you and us and as long as there in no conflicting provision, these shall supersede all previous agreements between you and us in relation to your Personal Data.
9. Any disputes relating to this privacy policy shall be subject to the laws of Republic of Indonesia and exclusive jurisdiction of the District Courts of Central Jakarta.
By providing your personal data to us, you agree that:
1. You have read and understood this privacy policy and have agreed to the use of your personal data as set out in this privacy policy.
2. In the event that you provide us with the personal data of another person (such as your spouse, family, friend or other party), you represent and warrant that you have obtained the consent of that person for the use of their personal data as set out in this privacy policy and will release us from any legal claims if there is a violation of the use of that person's personal data.
3. All statements and agreements that you provide to us are true and are made without any coercion from any party.
