This Privacy Policy explains how PT Granjaya Asia Investama
collects, uses, stores, protects, discloses, and otherwise processes
personal data when you visit www.granjaya.id,
submit an enquiry, subscribe to communications, or otherwise interact
with our corporate website.
1.
Scope of This Privacy Policy
This Privacy Policy applies to personal data processed through the
public corporate website operated by PT Granjaya Asia Investama.
It applies to website visitors, individuals who contact us, newsletter
subscribers, representatives of prospective or existing clients,
business partners, vendors, and other persons who communicate with us
through the website.
Separate privacy notices, agreements, onboarding documents, or platform
terms may apply when you access a client portal, trading platform,
account system, mobile application, third-party service, or other
restricted service.
2.
Personal Data We May Collect
The personal data we collect depends on how you interact with the
website and the information you choose to provide.
Information provided directly by you
When you submit a contact form, subscribe to communications, send an
email, call us, or otherwise contact us, we may collect:
- your full name;
- email address;
- telephone or mobile number;
- company or organisation name;
- job title or professional role;
- country, region, or location information;
- the nature or category of your enquiry;
- the content of your message or correspondence; and
- any other information you voluntarily provide in connection with
your enquiry.
Information collected automatically
When you visit the website, certain technical information may be
collected automatically by the website, hosting provider, security
provider, or other technology service providers, including:
- Internet Protocol address;
- browser type and version;
- device type and operating system;
- language and time-zone settings;
- pages visited and referring pages;
- date, time, and duration of access;
- website interactions and navigation activity;
- approximate location derived from technical information; and
- security, diagnostic, and system log information.
Please do not submit passwords, trading instructions, account
credentials, payment-card details, or other highly sensitive
information through a general website contact form.
3.
How We Collect Personal Data
We may collect personal data:
- directly from you when you submit a form or contact us;
- when you subscribe to newsletters or corporate communications;
- through your interactions with the website and its technical
infrastructure;
- from authorised representatives, employers, clients, business
partners, or service providers;
- from publicly available sources where permitted by applicable law;
and
- through cookies or similar technologies where those technologies are
used.
Where another person provides your personal data to us, we expect that
person to have the appropriate authority or lawful basis to provide it.
4.
Purposes of Processing
We may process personal data to:
- receive, review, and respond to enquiries;
- communicate with prospective clients, existing clients, business
partners, vendors, and other stakeholders;
- provide requested corporate, product, service, or technical
information;
- manage newsletter and communication subscriptions;
- maintain records of correspondence and business communications;
- evaluate potential business, commercial, or professional
relationships;
- operate, administer, maintain, and improve the website;
- monitor website performance, functionality, availability, and
security;
- detect, prevent, and investigate misuse or security incidents;
- comply with applicable legal, regulatory, audit, reporting, and
record-keeping requirements;
- establish, exercise, or defend legal claims; and
- carry out other purposes communicated to you at the time the data is
collected.
5.
Legal Basis for Processing
Depending on the circumstances and applicable law, we may process
personal data on one or more of the following grounds:
- Consent:
where you have given valid consent for a specified purpose, such as
receiving optional communications.
- Contractual necessity:
where processing is necessary to take steps at your request before
entering into an agreement or to perform an agreement.
- Legal obligation:
where processing is required to comply with applicable laws,
regulations, lawful requests, or regulatory requirements.
- Legitimate interests:
where processing is reasonably necessary for legitimate business
purposes and those interests are not overridden by your rights and
interests.
- Protection of vital interests or public interest:
where applicable under relevant law.
Where processing is based on consent, you may withdraw your consent,
subject to applicable law. Withdrawal does not affect the lawfulness of
processing carried out before the withdrawal.
6.
Cookies and Similar Technologies
The website may use cookies, local storage, pixels, log files, or
similar technologies to support essential website functions, remember
preferences, maintain security, measure performance, or understand how
visitors interact with the website.
These technologies may include:
- Essential technologies
required for website operation, security, navigation, and form
functionality;
- Preference technologies
that remember language or display selections;
- Analytics technologies
used to understand website performance and visitor interaction,
where enabled; and
- Third-party technologies
associated with embedded tools, external links, or website service
providers.
You may control certain cookies through your browser settings.
Disabling essential technologies may affect website functionality.
This section must be reviewed if analytics, advertising pixels,
embedded videos, live chat, or other tracking tools are added to the
website.
7.
Newsletter and Marketing Communications
Where you subscribe to a newsletter or agree to receive optional
communications, we may use your contact information to send corporate
updates, service information, event notices, or other relevant
communications.
You may unsubscribe at any time by using an unsubscribe mechanism
included in the communication, where available, or by contacting us
using the details provided in this Privacy Policy.
Operational, legal, security, account-related, or service-related
communications may still be sent where they are necessary and
permitted by applicable law.
8.
Disclosure of Personal Data
We may disclose personal data only where reasonably necessary and
permitted by applicable law, including to:
- authorised directors, officers, employees, representatives, and
affiliates;
- website hosting, development, maintenance, cloud, email, security,
analytics, and communication service providers;
- professional advisers, including legal counsel, auditors,
accountants, consultants, and insurers;
- prospective or existing business partners where necessary for a
legitimate business purpose;
- regulators, government authorities, courts, law-enforcement bodies,
or other authorised institutions;
- parties involved in a corporate restructuring, merger, acquisition,
financing, asset transfer, or similar transaction; and
- other parties where you have authorised the disclosure or where the
disclosure is otherwise permitted by law.
Service providers that process personal data on our behalf are
expected to use it only for authorised purposes and to apply
appropriate confidentiality and security measures.
9.
Third-Party Websites and Platforms
The website may contain links to external websites, login portals,
trading systems, social-media services, messaging applications, or
other third-party platforms.
When you follow an external link, the third party may collect and
process personal data under its own privacy policy and terms. This
Privacy Policy does not govern independent third-party processing.
You should review the privacy information provided by the relevant
third party before submitting personal data or using its services.
10.
International Data Transfers
Some website infrastructure, hosting, cloud, communications, security,
or technology service providers may process or store data in locations
outside Indonesia.
Where personal data is transferred across national borders, we will
take reasonable steps to ensure that the transfer is handled in
accordance with applicable legal requirements and that appropriate
safeguards are used where required.
11.
Data Retention
We retain personal data only for as long as reasonably necessary for
the purposes for which it was collected, including to:
- respond to and maintain records of enquiries;
- manage business and professional relationships;
- provide requested communications;
- maintain website security and technical records;
- comply with legal, regulatory, accounting, audit, and
record-keeping requirements; and
- establish, exercise, or defend legal claims.
Retention periods may vary depending on the type of data, the purpose
of processing, the nature of the relationship, legal requirements, and
the need to resolve disputes or enforce agreements.
When personal data is no longer required, we may delete, destroy,
anonymise, or otherwise securely dispose of it, subject to applicable
law and technical limitations.
12.
Data Security
We take reasonable administrative, organisational, physical, and
technical measures designed to protect personal data against
unauthorised access, loss, misuse, alteration, disclosure,
destruction, or other unlawful processing.
Such measures may include access controls, system monitoring,
authentication measures, confidentiality requirements, security
updates, backups, and the use of appropriate service providers.
No website, electronic transmission, or storage system can be
guaranteed to be completely secure. You should use caution when
submitting personal data online and must not send passwords or
sensitive account information through general contact forms.
13.
Personal Data Breaches
Where we become aware of a personal data breach, we may investigate,
contain, document, and remediate the incident and take other actions
required under applicable law.
Where legally required, affected individuals and relevant authorities
may be notified in accordance with applicable requirements.
14.
Your Rights
Subject to applicable law, verification requirements, and lawful
limitations, you may have the right to:
- obtain information about the processing of your personal data;
- request access to your personal data;
- request a copy of personal data relating to you;
- request correction or completion of inaccurate or incomplete
personal data;
- request deletion or destruction of personal data where legally
applicable;
- withdraw consent where processing is based on consent;
- object to or request restriction of certain processing;
- request suspension or termination of certain processing where
applicable;
- submit a complaint concerning the processing of your personal data;
and
- exercise other rights available under applicable data-protection
law.
To protect personal data, we may ask you to verify your identity and
provide sufficient information to identify the relevant records before
processing a request.
Certain requests may be limited or refused where permitted or required
by law, including where disclosure would adversely affect the rights
of another person, legal privilege, security, regulatory obligations,
or the prevention and investigation of unlawful activity.
15.
Children’s Personal Data
The corporate website is not intended for children and is not designed
to knowingly collect personal data from children.
If you believe that a child has submitted personal data through the
website without appropriate authorisation, please contact us so that
the matter can be reviewed and appropriate action can be taken.
16.
Automated Decision-Making
The general corporate website is not intended to make decisions that
produce legal or similarly significant effects solely through
automated processing.
Separate platforms or services may use different processes and may be
governed by separate notices, disclosures, and contractual terms.
17.
Accuracy of Personal Data
You are responsible for ensuring that personal data you submit through
the website is accurate, complete, current, and lawfully provided.
Please contact us where information you have provided changes or
requires correction.
18.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes
in our website, technology, business operations, data-processing
practices, or legal and regulatory requirements.
The updated version will be published on this page together with a
revised “Last Updated” date.
Where appropriate or legally required, we may provide additional
notice of material changes.
19.
Applicable Law
This Privacy Policy is intended to be interpreted consistently with
applicable laws and regulations of the Republic of Indonesia,
including applicable personal-data-protection and electronic-system
requirements.
Where another privacy notice or written agreement applies to a
specific account, platform, transaction, product, or service, that
document may contain additional privacy provisions.