November 29th, 2024

This privacy policy (hereinafter “Policy”) regulates how we, PT Solusi Identitas Global Net (hereinafter “We”) collect, process and protect any of your personal data or information in our Services (defined below). As a Personally Identifiable Information Controller (PII Controller), We have a high commitment to the protection of Your Personal Data (defined below). We are responsible for upholding the principles of data or information management with full integrity, so the security of Your Personal Data is our priority. This Policy applies to all users of the Services who access through the website, mobile application, and any other platform that We manage (collectively, the “Platform”) including any party that cooperates with Us, unless regulated in a separate privacy policy.

We develop a various range of Services, particularly related to the management of Electronic Certificates but not limited to, such as ezSign electronic signature services (web and mobile applications) and Registration Authority and do not rule out the possibility for other service areas in the future (hereinafter referred to as “Services”).

By using Our Services, You acknowledge that You have agreed, either expressly or by other means mentioned in this Policy. We hope that You will read this Policy carefully and thoroughly to ensure that You understand how We handle Your Personal Data.

1. Definition
Each word begins with a capital letter has the following meaning:

a. “We” means PT Solusi Identitas Global Net (SIGN) which is a Limited Liability Company with legal entity authorized to carry out the operation of Non- Institutional Indonesian Electronic Certificate (PSrE) based on the Decree of the Director General of Informatics Application of the Ministry of Communication and Informatics Republic of Indonesia Number 954 Year 2023.

b. “ezSign” is an application owned by PT SIGN for the provision of services for issuing and managing Electronic Certificates and the use of other Electronic Certificate features.

c. “Account” is a unique name (username) created by the Owner in the form of an alphanumeric code to identify the Owner in using ezSign services.

d. “Electronic Certificate” or “Certificate” is an electronic Certificate containing an electronic signature and identity indicating the legal subject status of the parties to an electronic transaction issued by ezSign.

e. “Personal Data” means any data about a person whether identified and/or identifiable individually or in combination with other information either directly or indirectly through electronic and/or non-electronic systems.

f. “Data Subject” means the person identified by the Personal Data.

g. “Personal Data Controller” means any person, public body, and international organization acting singly or jointly in determining the purposes and exercising control of the processing of Personal Data.

h. “Applicant” is a legal person or corporation applying for the issuance of an Electronic Certificate through ezSign.

i. “Electronic Certificate Owner”, “Certificate Owner”, or “Owner” is the party whose identity is stated in the Electronic Certificate issued through ezSign and has gone through the verification process. If the Owner uses the ezSign service, the Owner is also a “User” or “You”.

j. “Registration Authority”, “Registration Authority”, or shortened as RA is a part of PT Solusi Identitas Global Net (SIGN) that performs identification and authentication of Applicant’s and Owner’s Personal Data, acceptance of Certificate application, revocation of Certificate, re-issuance, and/or renewal of Certificate. The Registration Authority receives the Personal Data and is responsible under the Personal Data protection policy and/or agreement.

k. “Reliant” means any person, organization, business entity, or entity that relies on the validity of Electronic Certificates and services that utilize Electronic Certificates.

l. “Certification Practice Statement” or CPS for short is a public document that describes the governance of the implementation of ezSign Electronic Certificate services as required by the provisions of the Laws and standards that apply globally.

2. Personal Data that We Process
The following is the scope and type of Personal Data about You that We process in connection with Your use of the Services (as applicable, i.e. depending on the context or circumstances of collection and the nature of the Service used or transactions undertaken):

a. Identity Data:

-National ID Number (NIK);
– Full Name;
– Date of Birth;
– Place of Birth;
– Facial Images; and
– Copy of Image of Indonesian Identity Card (KTP)

b. Contact Data:

– Email address; and
– Cell phone number (mobile phone)

c. Data related to your activities during the use of the Service, including but not limited to:

– The public Internet Protocol (IP) address of your internet network;
– The operating system you are using
– The browser you use to access the Service and it’s version;
– Geolocation;
– Timestamp of login and other activites; and
– User transaction data related to the use of the Service.

d. Cookies:

We use cookies during the User’s use of the Service, to recognize and remember certain information on the User’s browser such as session management. The User can disable cookies through browser configuration. If the User disables cookies, the functions of the Service are potentially limited.

3. How We Collect Your Personal Data

We collect Your Personal Data through several methods, namely:

a. Through direct provision by You when You register, use the Services, or when You contact Our helpesk; and

b. Through the Platform, browser, and device that You use.

Where You provide Us with Personal Data relating to another party (such as the personal data of Your spouse, family members or other parties), You represent that You have obtained the consent of such party to, and hereby consent on behalf of such party to, Our collection, use, disclosure and processing of their Personal Data.

4. Purpose of Processing Personal Data

We process your Personal Data for the following purposes and other purposes permitted by applicable law:

a. Provide Our Services and/or Products, such as:

– Provision of ezSign Account;
– Issuance, management, renewal, and revocation of Electronic Certificates;
– Collection, recording, and analysis of data related to the activity of using ezSign Services;
– Notification to Users on activities and/or transactions that occur on ezSign Services;

b. Transfer of information about ezSign Services, updates, development, and/or improvement of ezSign Services or other services provided by Third Parties that cooperate with Us.

c. Delivery of marketing media related to the Services that are customized based on the demographic characteristics of Users, as well as sponsors and advertisers from Third Parties that cooperate with Us. We may deliver marketing media, advertisements, and/or sponsorships in various ways, including and not limited to the Platform, short message service (SMS), chat applications (such as: WhatsApp and Telegram), message notifications on mobile applications (push notifications), voice calls, and/or via email.

d. Internal operational needs, including and not limited to auditing and analyzing related to developing, maintaining, testing, repairing, improving, and personalizing ezSign Services in accordance with Users’ needs and preferences and payment processing.

e. Fulfillment of applicable legal obligations, including but not limited to responding to requests, investigations, or directives of any regulatory and/or law enforcement member.

f. Supporting the improvement of security and reliability of Our Services, including but not limited to detecting, preventing, and responding to acts of fraud, criminal activity, and/or misuse of Our Services, activities that are potentially harmful to corporations or the public, and ensuring the security of the system and architecture of Our Services.

g. Implementing the process of User requests to Our Services, including but not limited to granting access, updating, correcting, and/or deleting User Personal Data in the ezSign system. As well as contacting the User regarding the request.

h. Providing responses to Your inquiries or requests related to Your Personal Data and/or Our Services.

i. Other purposes as long as such purposes are not prohibited by the Law or other applicable regulations. We will notify You with such other purposes through Your written/recorded consent if required by the applicable laws and regulations.

5. Personal Data Disclosure

By continuing to fulfill the agreed confidentiality obligations, We may disclose Personal Data if required to disclose Your Personal Data by law, court order, subpoena, request from authorized government institutions or law enforcement in accordance with the provisions of the applicable laws and regulations.

If You provide Your Personal Data through a third party such as a Registration Authority or a Verifier, We recommend that You understand the Personal Data protection provisions of such third party in relation to the acquisition, use and disclosure of Personal Data. We may be required to disclose Your Personal Data pursuant to instructions or agreements with such parties.
We may disclose and share Your Personal Data to third parties such as business partners, vendors or service providers (e.g. payment system service providers, data center facility providers), subcontractors, external experts, consultants, auditors, or advocates that We appoint to provide ezSign services to Users, conduct business operations, or fulfill Our obligations to applicable laws and regulations. The relationship between us and third parties is further realized in a cooperation agreement.
If a third party receiving Personal Data from Us acts as a Data Processor appointed by Us, the Data Processor must agree to:

a. Process Personal Data for the purposes, interests, and mechanisms agreed in the cooperation agreement.
b. Safeguard Personal Data during the processing by applying adequate security protection as We apply or better security.
c. Restore, delete, and/or destroy Personal Data immediately after there is no need or according to Our instructions.

In the event of a corporate action for the merger or takeover of another party over Us which then becomes Our successor to continue Our obligations related to the management of Your Personal Data, the sharing of Your Personal Data to that party can be carried out in accordance with further provisions that will be conveyed later.

6. Location of Processing and Storage of Personal Data

Your Personal Data is processed and stored in Indonesia in secure processing and storage facilities at the Power Center and Disaster Recovery Center. The processing and storage facilities are only accessible by designated and authorized PT Solusi Identitas Global Net personnel. Sensitive information is masked or stored in our database in an encrypted manner. Backup and archive data is also encrypted and stored in secure processing and storage facilities. We do not label the contents of the storage media to avoid disclosure of Personal Data by unauthorized parties. We do not transfer your Personal Data outside of Indonesia.

7. Personal Data Retention Period

We keep your Personal Data to the extent necessary to fulfill the purposes of processing Personal Data as stated in this Policy document. The period of time needed to store and maintain Personal Data is based on the following conditions:

a. As long as the User or you are still using the ezSign service;
b. As long as your Electronic Certificate is still valid;
c. According to the period of data or archive retention period described in the CPS document; and/or
d. In accordance with the storage period in accordance with our business operational needs

8. Correction and Updating of Personal Data

You are responsible for maintaining and informing Us that the Personal Data You submit is accurate, reliable and up-to-date for lawful use as intended.
We strive to provide the best and most reliable and secure services to provide services to correct Your Personal Data. However, not all of Your Personal Data can be changed because it will have an impact on the status of Your Electronic Certificate or changes in services to You. In some instances, changes and updates to Personal Data may require revocation and replacement of your Electronic Certificate.
If you need to change your Personal Data or you find an error in your Personal Data, you can use the data change feature available on the ezSign application. If you need further assistance, please contact us via email helpdesk@ezsign.id by informing the problems experienced. Do not provide confidential or sensitive information to our officers.
We implement standard verification and authentication measures, such as authenticating data change requesters, to ensure that the person requesting the change is authorized to do so before the change is implemented.
If you obtained your Electronic Certificate through a Registration Authority that we partner with, you are expected to contact the Registration Authority to apply for data changes by following the applicable provisions. If You are not sure where Your Electronic Certificate came from, You can send a sample electronic document that has been signed with Your Electronic Certificate to email helpdesk@ezsign.id for Us to identify the source of Your Electronic Certificate.

9. Your Rights

We can support You in exercising your rights as a data subject. However, We also have the authority to exercise control over Your Personal Data such as considering whether Your application is eligible, granting approval or refusal, stopping the processing of Your Personal Data, and so forth of Your Personal Data in accordance with the provisions of the applicable laws and regulations.
Given the characteristics of the Electronic Certificate itself, we cannot delete data related to the Electronic Certificate without assessing the eligibility and requirements of the application.
We do not send Electronic Certificates to other PSrEs.

10. Deletion or Disposal Personal Data

You as an ezSign application User can delete or destroy Personal Data through the features available in the application. We will remind you of the impacts that occur if you continue to delete or destroy Personal Data, especially on the use of Electronic Certificates and services related to Electronic Certificates.
We will perform deletion if the data is no longer needed followed by destruction of Personal Data after the archive storage and retention period is fulfilled as stated in the CPS document.

For operational and business needs, we store ezSign User Personal Data in the form of Personal:
a. National ID Number (NIK) with encrypted condition;
b. Full Name; and
c. Email.

11. Applicable Law and Dispute Resolution

This Policy is governed and interpreted based on the laws of the Republic of Indonesia, so that Users and We agree:
a. One party submits written notification to the other party;
b. Prioritize deliberation to resolve disputes;
c. If the deliberation does not reach an agreement to resolve the dispute, both parties agree that the dispute resolution will be brought to the Indonesian National Arbitration Board (BANI) according to the rules and procedures established by BANI.

12. Force Majeure

We are not responsible for failures, delays in service provision, or performance degradation caused by matters beyond our reasonable control (force majeure), including but not limited to acts of civil or military authorities, natural disasters, epidemics, fires, floods, earthquakes, riots, wars, equipment failures, power outages and communication network failures, sabotage, terrorism, or other unforeseen events.

13. Policy Changes

We may change this Privacy Policy from time to time based on needs or regulatory changes. If there are changes to this Privacy Policy, We will publish on Our website or to Your email stored in Our system. You are obliged to check this Privacy Policy periodically to understand the process of protecting Your Personal Data that We do.

14. Contact Us

For questions or assistance regarding Personal Data or Electronic Certificates, please contact Us via email helpdesk@ezsign.id including if:
a. You believe there has been a breach of Your Personal Data;
b. You wish to report any misuse of Your Personal Data and Electronic Certificates; and/or
c. You wish to obtain assistance with Your Personal Data

To follow up on your request, here is some information that we may ask, such as:
a. Your full name;
b. Your contact information;
c. The application and specification of the device You are using; and/or
d. Serial number of your Electronic Certificate.