Privacy Notice

May 2022

  1. PURPOSE

The following is the privacy notice statement (“Privacy Notice”) of PT Finxina Kreasi Digital which is the holding company of FINXINA and sets forth our policies & practices in connection with personal data that we collect through our website, and any mobile sites, applications, or other mobile interactive features (collectively, the “Platform”).

In order to use the services provided on our Platform, you will have to share your personal data with us.

  1. SCOPE

This Privacy Notice explains how we handle personal data you share with PT Finxina Kreasi Digital

  1. PERSONAL DATA

“Personal data” is personally identifiable information that identifies you as an individual, such as your name, mailing address, email address, age range, and the like. Personal data is only obtained when you voluntarily provide the information to us. We use personal data to better understand your needs and interests and to provide you with better service.

  1. DATA SUBJECTS

Individuals accessing the Platform or who are registering to use the services on the Platform and who voluntarily provide personal data to us (“you” or “your”) are covered by this Privacy Notice.

  1. FINXINA PRIVACY PRINCIPLES

Your privacy matters to us. Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we shall maintain the following privacy principles:

  1. a) we will first obtain your consent to collect, use, or disclose your personal data;
  2. b) we only collect personal data that we believe to be relevant and necessary, in order to help us conduct our business;
  3. c) we use your personal data to provide you with better customer services and products;

d we may be required from time to time to disclose your personal information to governmental or judicial bodies or agencies or our regulators, if required to do so by law;

  1. e) we shall take reasonable measures to ensure that your personal data in our possession or control is accurate and up to date;
  2. f) we protect the personal data in our possession or under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of such data.

By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.

This notice shall stipulate:

  1. a) our purposes of personal data collection;
  2. b) the important controls we employ for protecting personal data;
  3. c) the classes of persons we can transfer personal data to;
  4. d) the data access and correction right of customers;
  5. e) our notice for data transfer;
  6. f) use of personal data in direct marketing;
  7. g) retention of personal data; and
  8. h) withdrawal of your consent.
  1. PURPOSES OF DATA COLLECTION
  2. a) From time to time, it may be necessary for you to supply us your personal data in connection with the opening or continuation of accounts and the establishment or continuation of facilities or provision of opening or continuation of accounts and the establishment or continuation of facilities or provision of commercial services.
  3. b) Failure to supply such personal data may result in our inability to open or continue accounts or establish or continue facilities or provide services to you.
  4. c) We may also collect personal data in the ordinary course of the continuing our business relationship, for example, when you avail any of our other services through the Platform.
  5. d) We, or authorized third parties, may use your personal data for any one of the following purposes:
  6. conducting checks at the time of your application for our products
  7. maintaining our credit assessments;

III. ensuring your ongoing credit worthiness;

  1. designing services or related products for your use;
  2. marketing services, promotional materials, or other services or products for which we may or may not be remunerated;
  3. determining the amount of indebtedness owed to or by you;

VII. enforcement of your obligations, including, without limitation, the collection of amounts outstanding from you;

VIII. complying with the obligations, requirements or arrangements for disclosing and using data that apply to us including:

  1. any law binding or applying to us existing currently and as may be amended, from time to time;
  2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers existing currently and in the future that apply to us; or

iii. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on us by reason of our financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations.

  1. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within our intragroup companies, subsidiaries, or affiliates, and any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; or
  2. other types of uses for personal data in connection with our business.
  1. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND RESERVE?

The types of personal information that we collect, and share depend on the product or service you avail with us. It includes, but is not limited to:

  1. a) contact and personal information: title, your first name, surname, date of birth, email address, mobile phone number, personal code, residential address and/or mailing address, data of the personal identity document, photo, signature, employment status, source of funds, driving license number, sex, citizenship;
  2. b) other information: video and audio records of video calls for identification, telephone conversations, IP address;
  3. c) details of visits to website, app and use of our Platform;
  4. d) for the purpose of direct marketing: name, surname, telephone no., e-mail address, address, date of birth, location, IP address, country of residence, nationality, industry type, employment status, cookies;
  5. e) for the purpose of recruitment: name, surname, nationality, address, employment/visa status, telephone no., e-mail address, education, work experience, current and previous employers contacts with candidates’ consent;
  6. f) for statistical, analytical and our services improvement purposes, we can use anonymized and aggregated datasets, which can be used not limited to modeling, reporting and analytics;
  7. g) representatives of legal entities (members of the management bodies and other representatives (for example, employees) who are authorized to represent the client in relations with the controller or acting on their behalf, representing the client on behalf of the client, according to corporate documents): personal identification number, identity document details, workplace, e-mail address, gender, position, surname, nationality, telephone number, name, photo, signature, bank account information (bank name and bank account number), monetary transaction or transaction date, amount, currency, the data on the beneficiary of the funds (natural person’s name, date of birth, personal identification number or other unique character sequence assigned to this person for identifying the person; the legal entity’s name, legal form, registered office, code if any).
  1. IMPORTANT CONTROLS EMPLOYED BY FINXINA FOR PROTECTION OF PERSONAL DATA
  2. a) Personal data in our possession and under our control shall be kept confidential and private. We shall take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal data. We shall store all the personal data you provide on our secure servers.
  3. b) Physical copies shall be under lock and key with logged access.
  4. c) Unfortunately, however, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. Any losses of personal data shall be handled at the outset as per legislated requirements or guidelines. Should there be none, we shall make arrangements to notify the relevant internal & external stakeholders. Periodic updates will be arranged to notify on actions and remedies taken with the final solution to be shared, on a fair and equitable basis. The final handling decision lies with us, based on legal and regulatory priorities firstly followed by its social responsibility.
  1. CLASSES OF PERSONS WE CAN TRANSFER PERSONAL DATA

FINXINA may provide such personal data for the purposes set out in Section 6 to the following third parties including, but not limited to:

  1. a) any agent, contractor or third-party service provider who provides administrative, telecommunications, computer, payment, debt collection or other services to it in connection with the operation of PT Finxina Kreasi Digital
  2. c) any other person or entity under a duty of confidentiality within our group companies which has to be in line with their nature of function on a need to know basis;
  3. d) any person or entity to whom we are obliged or otherwise required to make disclosure under the requirements of any law binding on or applying to our relevant group company, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which our relevant group company is expected to comply, or any disclosure pursuant to any contractual or other commitment of our relevant group company with local or foreign legal, regulatory, govern- mental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be existing currently and in the future applying to itself or its subsidiaries; or
  4. e) any other person or entity (including its associated companies or affiliates) who had established or proposes to establish any business relationship with it or recipient of the data.

In all instances we shall ensure that our contracts with such third parties shall stipulate that the third parties shall act in accordance with the PDPA with respect to your personal data.

  1. ACCESS TO AND CORRECTION OF PERSONAL DATA

You have the right:

  1. a) to check whether we hold your personal data;
  2. b) to access and correct your personal data;
  3. c) to request that we correct any of your personal data that may be inaccurate; and
  4. d) to inquire about our policies and practices in relation to personal data and to be informed of the kind of personal data held by us.

The above requests can be addressed as follows:

Attention to:

  1. a) The Compliance Officer (Contact us).
  2. b) We may require you to verify your identity before we provide you access to your personal data.
  3. c) We may charge you a fee in accordance with our Schedule of Fees and Guidelines to access to your personal data.
  1. DATA TRANSFER

Upon obtaining your consent and/or when we follow applicable law requirements, your personal data may be processed, kept, transferred or disclosed in and to any country by us and in accordance with the laws, rules, regulations, or governmental orders of that (your) country.

  1. USE OF DATA IN DIRECT MARKETING

Before we use your personal data in direct marketing, we will obtain your explicit consent (which includes an indication of no objection) to do so.

We are allowed to offer you similar goods or services when you signed a contract with us.

If you do not wish us to use or provide to other persons his personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying us (Contact us);

  1. RETENTION OF PERSONAL DATA

We retain your personal data for the period necessary to carry out the purposes outlined in this Privacy Notice, unless a longer period is required or permitted by law

  1. WITHDRAWAL OF CONSENT

You may, at any time, withdraw your consent for our collection, use, or disclosure of your personal data for any purpose by contacting our Compliance Officer (Contact us).

  1. CONTACT US

Address:

PT Finxina Kreasi Digital

Pondok Indah Tower 3, 17th Floor
Jl. Sultan Iskandar Muda Kav. V-TA
Jakarta Indonesia 12310
hello@finxina.com

Nothing in this Privacy Notice shall limit your rights under applicable laws.