PT. Sainskerta Solusi Nusantara ("Sainskerta", "we", "our", or "us") respects the privacy of visitors and users of our services. This Privacy Policy explains how we collect, use, store, protect, and share your personal data in accordance with Indonesia's Personal Data Protection Law No. 27 of 2022 (UU PDP).
1. Data Controller
The controller of your personal data is PT. Sainskerta Solusi Nusantara, a legal entity incorporated in Indonesia.
Office address: Blok Khusus F16A Graha Dewata Estate, Malang, East Java 65144, Indonesia.
For privacy-related inquiries, contact our Data Protection Officer at privacy@sainskerta.id.
2. Data We Collect
We collect personal data you provide directly to us — such as name, email address, phone number, job title, and company name — when you submit a contact form, subscribe to our newsletter, or communicate with our team.
We also collect technical data automatically when you visit our site: IP address, device and browser type, pages visited, visit duration, referrer source, and interactions with our content. This is collected via cookies and similar tracking technologies.
For active clients using our services, we may collect additional data related to project requirements, communication history, and technical documentation you provide.
3. Purposes and Legal Basis of Processing
We process your personal data for the following purposes:
— To provide and improve our services (legal basis: contract performance or legitimate interest);
— To respond to your questions and requests (legal basis: contract performance or legitimate interest);
— To send newsletters and relevant marketing (legal basis: explicit consent, withdrawable at any time);
— To meet legal and tax obligations (legal basis: legal obligation);
— To prevent fraud, abuse, and maintain system security (legal basis: legitimate interest);
— To run aggregate analytics for site and service improvement (legal basis: legitimate interest).
5. Third-Party Processing
We may share your personal data with vendors and data processors bound by contractual obligations protecting your data to UU PDP standards. Categories include:
— Hosting and cloud infrastructure providers (Vercel, AWS, Google Cloud);
— Transactional email and newsletter service providers;
— Analytics providers;
— AI model providers (OpenAI, Anthropic, DeepSeek) for specific features on our site, subject to Data Processing Agreements;
— Legal counsel, accountants, and auditors bound by confidentiality.
We do not sell your personal data to third parties under any circumstances.
6. Cross-Border Data Transfers
Some of our vendors are located outside Indonesia (primarily Singapore, the United States, and the European Union). When your data is transferred outside Indonesian jurisdiction, we ensure adequate safeguards, including:
— Standard Contractual Clauses (SCCs) with primary vendors;
— Verification that the destination country provides equivalent protection, or
— Your explicit consent if no other safeguard applies.
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this Policy, or as required by applicable law.
— Contact form and inquiry data: 24 months after last communication;
— Active client data: for the duration of the engagement plus 5 years for audit compliance;
— Newsletter data: until you unsubscribe;
— Access logs and analytics: 12 months in identifiable form, aggregate indefinitely.
8. Your Rights as a Data Subject
Under Indonesia's PDP Law 27/2022, you have eight fundamental rights over your personal data:
— Right to clear information about how your data is processed;
— Right of access to a copy of personal data we hold;
— Right to rectification if data we hold is inaccurate;
— Right to erasure ("right to be forgotten") in certain circumstances;
— Right to restrict processing;
— Right to data portability in machine-readable format;
— Right to object to automated decision-making with significant impact;
— Right to withdraw consent at any time.
To exercise these rights, email privacy@sainskerta.id. We respond within 14 working days.
9. Data Security
We apply appropriate technical and organisational security measures to protect your data from unauthorised access, loss, or disclosure. These include TLS encryption for all data in transit, encryption at rest for sensitive data, role-based access control (RBAC), comprehensive audit logging, and regular security reviews.
No system is 100% secure. If a data incident occurs that could harm you, we will notify you and the relevant authorities within 72 hours as required by UU PDP.
10. Children's Privacy
Our services are not directed to children under the age of 17. We do not knowingly collect personal data from children. If you discover that your child has provided data to us, contact privacy@sainskerta.id so we can delete it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be announced via on-site notification and, for active clients, via email. The last updated date appears at the top of this page.
Please review this page periodically. Continued use of our services after changes signifies your acceptance of the updated Policy.
12. Contact
If you have questions, complaints, or requests regarding this Privacy Policy or how we process your data:
— Data Protection Officer: privacy@sainskerta.id
— General inquiries: hello@sainskerta.id
— Postal address: PT. Sainskerta Solusi Nusantara, Blok Khusus F16A Graha Dewata Estate, Malang, East Java 65144, Indonesia
If you are unsatisfied with our response, you may lodge a complaint with the Indonesian Personal Data Protection Authority (OPDP) or the Ministry of Communication and Information.