PT MANDIRI SEKURITAS CUSTOMER PRIVACY POLICY

Last updated on 3 November 2024

 

Welcome to our Privacy Policy where we will explain how we collect, use and protect your personal information.

In this Privacy Policy, we declare PT Mandiri Sekuritas (hereinafter referred to as "Mandiri Sekuritas" or "Mansek" or "We") as the Controller of Personal Data always strives to provide security and protection for your convenience in transactions.

We are committed to protect your personal data. This Privacy Policy provides complete information about how we collect, use and protect your data. We always comply with applicable laws and regulations, including Law No. 27 of 2022 on Personal Data Protection and its amendments, better known as the "PDP Law", as well as applicable and relevant laws and regulations, to ensure the security and privacy of your data.

1. DEFINITIONS/TERMS

In this Privacy Policy, the use of terms is explained as follows:

1. Personal Data is data about an individual that can be identified individually or combined with other information either directly or indirectly through electronic or non-electronic systems;
2. General Personal Data is Personal Data that is general in nature and does not fall into the category of Specific Personal Data, including but not limited to: full name, birth mother's maiden name, gender, address, place and date of birth, telephone number, email address, occupation, IP address, geo-location data, unique device identifier, photograph, identification number issued by an Authorized Authority (such as: Identity Card (KTP), Driver's License (SIM) or passport), nationality, and signature;
3. Specific Personal Data is Personal Data that is specific and requires a higher level of protection than the protection of other Personal Data in accordance with applicable laws and regulations, such as bank accounts, investment objectives, sources of investment funds, risk profiles, trade confirmations, monthly reports, biometric data, and your transaction data combined with or containing Personal Data;
4. Group is the holding company and subsidiary of Mansek;
5. Mansek is PT Mandiri Sekuritas;
6. Services are any services and products of Mansek including websites, features, applications, social media, or other forms of communication media provided or used by Mansek;
7. Third Party means any party that has a business relationship with Mansek including business partners, vendors, outsourcing companies and/or other parties that Mansek appoints to represent Mansek;
8. Personal Data Subjects or You are all owners of Personal Data who use the Services including, but not limited to customers and individuals appointed and/or authorized to represent Mansek's customers, and visitors or users of Mansek's websites and applications to which this Privacy Policy applies and is displayed;
9. Personal Data Processing is the activity of obtaining, collecting, processing, analyzing, storing, rectifying, updating, disseminating, displaying, announcing, transferring, disclosing, erasing and destroying Personal Data; and
10. PDP Law is Law No. 27 of 2022 on Personal Data Protection and its derivative regulations and all amendments from time to time.

2. PERSONAL DATA COLLECTION

We collect Personal Data from the following sources:

a) From you

In the course of providing the Services, Mansek collects Personal Data in various forms, including but not limited to, when you:

1. or an authorized individual on your behalf visiting the Mansek’s website or using the Mansek’s app;
2. request information, register and use the Services;
3. contact Mansek to submit questions or feedback, either through Mansek's branch offices, Care Center, social media, chatbot service and other communication media; and
4. participate in activities organized by Mansek or Mansek's designated Third Parties such as webinars or surveys.

b) Third Party

Mansek may also collect your Personal Data from other parties (depending on the type of service you use), including:

1. The party you authorize (Power of Attorney) to give instructions, manage your account and make decisions on your behalf;
2. Group and/or Third Parties for the purpose of providing the Services;
3. Where you work or companies you are affiliated with;
4. Mansek’s customers;
5. Other parties who refer you to Mansek for example for referral programs;
6. Financial institutions, government agencies and other authorities;
7. Other party sites/applications that use Mansek's Application Programming Interface (API) or that Mansek uses; and
8. Other sources of public information include: social media services, financial information service system (SLIK) from the Financial Services Authority (OJK), population information registered with Dukcapil, company information registered with the Ministry of Law and Human Rights.

3. TYPES OF PERSONAL DATA

Depending on the Services you use and your interaction with Mansek, the categories and types of your Personal Data, which may be processed including but not limited to:

a) General Data

1. Personal profile identification data
   Full name, Population Identification Number/Nomor Induk Kependudukan(NIK) for Indonesian citizen (WNI) and foreign citizen (WNA) ID cards, Nomor Pokok Wajib Pajak (NPWP)/Tax Identification Number (TIN), immigration documents, gender, nationality, place and date of birth, birth mother's maiden name, alias/nickname, religion, voice recording, image recording, photograph, signature form (wet and/or electronic), and/or biometric data.

2. Family Data
   Marital status, name of spouse, number of children, and number of dependents.

3. Correspondence data
   Address according to ID card, address and domicile status, e-mail address, phone/mobile number, and emergency contact that includes name, type of relationship with you, address, phone/mobile number, and e-mail.

4. Education and employment data
   Level of education, type of work, field of business, position, division, year of starting work/business, name of company/agency where worked, address of workplace, employment status, and names, titles, and telephone numbers of coworkers.

b) Specific Data

1. Financial data
   Fund and securities account numbers, source of income, monthly/annual income, monthly/annual expenses, transaction data, and tax data and other capital market service data that you receive.

2. Data related to personal preferences
   Communication preferences, hobbies, and interests.

3. Digital activity data
   Time-stamped data of any of your activities in connection with the use of the Services including registration, login and transaction times, your activities on the Mansek application, and the interaction of the Mansek application with other applications on your electronic devices; device data including the hardware model, operating system and version, software, IP address, Wi-Fi or mobile network information you use to access the Services.

4. Interaction data
   CCTV footage of Mansek premises, recordings of Care Center telephone conversations, transcripts of conversations via Mansek's communication media including Whatsapp, e-mail, social media and chatbot.

5. Processed data
   The data obtained from the processing of your data includes, but is not limited to, profiling based on Service usage activities.
   
   

6. Installed Application Data

   This information includes details about the applications you have installed on your device, including but not limited to applications that Mansek deems may pose a risk of digital manipulation or affect Mansek’s assessment of your risk profile. The amount of information that Mansek collects may change over time. This information is used to help create a list of harmless applications and prevent security products from mistakenly identifying them as harmful.

 

4. USE OF PERSONAL DATA

We use your Personal Data with your consent to deliver, maintain and develop our products and services. Uses of your personal data include:

a) Provision, Management and Support Services

1. Management of Mansek products, and/or services including profiling and scoring in order to improve services for you;
2. carry out your requests, such as executing transaction instructions, document requests and updating Personal Data;
3. analyze and process your application for a securities financing facility;
4. communicate with you face-to-face or via telephone, e-mail, SMS, Whatsapp, chatbot and social media regarding information on features or benefits of the Service, transaction notifications, notification of changes to the terms and conditions of the Service;
5. providing user support services, e.g. responding to your queries, feedback and complaints, and keeping records of such interactions.

b) Promotion and Bidding Activities

1. Providing Mansek’s promotions or programs that can collaborate with other parties for products and/or services that you already have;
2. Marketing and/or offering of products, and/or services of Mansek and/or other companies within Mansek's financial conglomerate and/or third parties working with Mansek for products and/or services that you do not already have;
3. Provide information about your Personal Data to the Group and Third Parties as permitted under applicable law for commercial purposes in which case Mansek will seek your consent separately for the offering activities as set out above e.g. when opening an account.

c) Mansek's Legitimate Interest

1. Carry out Service provision activities and improve business performance;
2. Evaluate, improve and update Service problem solving from time to time;
3. Analyze and understand your trends and behavior in using the Service in order to improve the quality of the Service and comply with applicable regulations;
4. Conduct market research and create analysis reports for the purposes of Service development, protecting Mansek's security, carrying out internal audit purposes and investigating suspicious and/or unlawful activities such as fraud, money laundering, terrorism financing, bribery and corruption.

d) Fulfillment of Legal Obligantions

1. Implementation of Know Your Customer (KYC) and Customer Due Diligence (CDD) principles for the implementation of Anti-Money Laundering Prevention of Financing of Terrorism and Prevention of Financing of Proliferation of Weapons of Mass Destruction (AML PPT PPPSPM);
2. Verify the Verification of the accuracy of your information regarding the use of the Service;
3. Submission of reports in accordance with the provisions of applicable regulations and laws and regulations to OJK, Stock Exchange, KSEI, KPEI, and other authorized parties;
4. Implementation and compliance with all applicable laws and regulations;
5. Carrying out Mansek's obligations in the context of fulfilling the interests of national defense and security, law enforcement processes, state administration, supervision of the financial services sector, monetary, payment systems, and financial system stability, statistics and scientific research in the context of state administration; and/or
6. A state of emergency that has been declared by the Government.

 

5. DISCLOSURE OF PERSONAL DATA

We will share your Personal Data with third parties only in the manner set out in this Policy or specified at the time the Personal Data is collected, including to the following parties:

1. The Competent Authority for the needs of investigation or investigation, fulfillment of a court order for a legal process, or to comply with filing or reporting obligations under a law or regulation, and for other purposes as required by applicable laws and regulations;
2. Parties designated by the Authority for contact tracing, supporting the Authority's initiatives, policies or programs, and other purposes as reasonably required;
3. Other parties in order to resolve an emergency related to your safety, in particular (i) to prevent financial loss or damage, to report suspected illegal activities or to respond to any claims or potential claims brought against or (ii) in the event that you suffer a loss of your stored Personal Data in the event that you request assistance from law enforcement and/or other parties to collect your Personal Data stored with us; then, to assist you, we may hand over your Personal Data held by us to such law enforcement or other parties for the purpose of assisting you to recollect your lost Personal Data;
4. Payment processors, who process your payments on the Website and App;
5. Business partners who separately manage accounts with you for loyalty programs;
6. Business partners or vendors in connection with the processing of any promotion, event or service organized by us;
7. Professional advisors and consultants;
8. Agents, contractors or service providers who provide operational services to us, such as online cloud storage and processing, marketing optimization, information technology, telecommunications, backup and disaster recovery service providers, security or other related services that require the collection, use or disclosure of your Personal Data; and
9. Third Parties that You authorize us to disclose Your Personal Data. In connection with the Disclosure of Your Personal Data to Third Parties, including from Third Parties to other parties, We will require such Third Parties and other parties to maintain the security and confidentiality of Your Personal Data in accordance with the provisions of the applicable laws and regulations. If the interested Third Party does not require certain Personal Data to be associated with You, Your relevant Personal Data will be reasonably deleted so that such Personal Data cannot be associated with You as an individual before it is disclosed or transferred to such Third Party;
10. We use Google Analytics to help us understand how our customers use this site.

 

6. BASIS FOR PROCESSING PERSONAL DATA

Processing of Personal Data takes place once Mansek has satisfied one or more of the following bases for processing:

1. Explicit consent
   Mansek processes your Personal Data for certain purposes based on your consent or that of a party authorized to represent you.
2. Contractual obligations
   Mansek processes your Personal Data to fulfill its obligations under an agreement between you and Mansek or prior to entering into an agreement with you.
3. Legal obligations
   Mansek processes your Personal Data to fulfill  legal obligations in accordance with applicable laws and regulations.
4. Legitimate interests
   Mansek processes your Personal Data to fulfill its legitimate interests without prejudice to the rights of the Personal Data Subject and with due regard to the balance between Mansek's interests and your rights, in particular to improve the Services.
5. Public interests
   Mansek processes your Personal Data to carry out its responsibilities in order to safeguard the public interest, provide public services and fulfill Mansek's authority under laws and regulations.
6. Vital interests
   Mansek processes Personal Data to fulfill the protection of the vital interests of the Personal Data Subject.

7. RIGHTS OF PERSONAL DATA SUBJECTS
Mansek is fully aware that Personal Data is the most important asset for you, therefore we inform you of the rights you have as a Personal Data Subject:

a)   Right to Information and Access

You have the right to obtain information regarding the identity of the party requesting your Personal Data, the purpose of the request, and access to a copy of your Personal Data. Mansek will provide access to such information through Mansek's authorized means, such as Mansek branches or other channels, in accordance with the provisions of laws and regulations and Mansek's policies. You understand that in the event that you request a copy of your Personal Data information and/or details of the processing of your Personal Data, you may be charged by Mansek. You are expressly prohibited from obtaining or collecting, disclosing, disseminating, using or selling personal data of others without obtaining the prior written consent of the owner of such data. These actions may be considered an invasion of privacy and may result in legal action.

b)   Right to Data Correction

You have the right to supplement, update and/or correct any incorrect or inaccurate Personal Data. We reserve the right to verify the personal data provided by You. Use of false personal data may be considered a violation of the Privacy Policy and may result in restriction or termination of User access to our Services.

c)   Right to Obtain, Use and/or Transfer Personal Data to Other Parties

You have the right to obtain, utilize or provide your Personal Data held by Mansek to third parties, provided that the communication systems used by Mansek and such Third Parties are secure.

d)   Right to End Processing, Erase and/or Destroy Personal Data

You have the right to terminate the processing, erasure and/or destruction of your personal data. You agree to allow Mansek time to process the termination of processing, erasure and/or destruction of your personal data to the extent Mansek requires. To exercise such right to end processing, erasure and/or destruction of personal data, you may contact Mansek through the means of communication set out in this Privacy Policy.

To be understood, such termination of processing, deletion and/or destruction of personal data may affect Mansek's ability to provide products, services and services to you and the contractual relationship that has been established between Mansek and you or between Mansek and other third parties, including may result in the termination of the services you receive and/or the termination of one or more of your agreements with Mansek and/or the breach of one or more of your obligations under agreements with Mansek.

In connection therewith, the termination of processing, deletion and/or destruction of personal data results in you giving Mansek the right to freeze securities accounts and funds, and/or declare that your debts and/or obligations to Mansek become due and collectible. Any losses arising from the exercise of your right to terminate the processing, deletion and/or destruction of personal data shall be your responsibility. Mansek's obligation to delete and destroy your personal data is excluded for the purposes of: national defense and security; law enforcement process; public interest in the context of state administration; supervision of the financial services sector, monetary, payment systems, and financial system stability carried out in the context of state administration.

e)   Right to Withdraw Consent

You have the right to withdraw the consent to the processing of Personal Data that You have provided to Mansek, and You agree to provide Mansek with additional time to process the termination of the processing of Your personal data to the extent Mansek requires. To exercise such right to withdraw consent, You may contact Mansek through the means of communication set out in paragraph 14 of this Privacy Policy.

You should understand that the withdrawal of such consent may affect Mansek's ability to provide products, services and services to you and manage the contractual relationship that has been established between Mansek and you or between Mansek and other third parties including may result in the cessation of the services you receive and/or the termination of one or more of your agreements with Mansek and/or the breach of one or more of your obligations under agreements with Mansek.

In connection therewith, the withdrawal of consent to the processing of personal data will result in you giving Mansek the right to freeze your securities accounts and funds, and/or declare that your debts and/or obligations to Mansek have become due and collectible. Any losses arising from the exercise of your right to withdraw consent to the processing of personal data shall be your responsibility.

f)   Right to Object to the Results of Automatic Processing

You have the right to object to the results of automated processing of your Personal Data that has legal consequences or has a significant impact on you, including profiling and/or credit scoring.

g)   Right to Suspend or Restrict Processing

You have the right to suspend or restrict the processing of your Personal Data in proportion to the purposes for which your Personal Data is processed. For the exercise of this right, You may contact Mansek through the means of communication set out in paragraph 14 of this Privacy Policy. You should understand that such request for delay or restriction of processing may affect Mansek's ability to provide products, services and services to you, as well as the contractual relationship that has been established between Mansek and you or between Mansek and other third parties including may result in the cessation of the services you receive and/or the termination of one or more of your agreements with Mansek and/or the breach of one or more of your obligations under your agreement with Mansek. In connection therewith, such delay or restriction of processing of personal data will result in you granting Mansek the right to freeze your securities accounts and funds, and/or declare that your debts and/or obligations to Mansek have become due and collectible. Any losses arising from the exercise of your right to suspend or restrict the processing of personal data shall be your responsibility.

h)    Other rights in accordance with laws and regulations

You have the right to exercise other rights in relation to the processing of personal data to the extent provided for in the applicable laws and regulations.

8. CONTROL AND TRANSFER OF PERSONAL DATA

In processing your Personal Data, Mansek may engage third parties as joint controllers and/or processors of your Personal Data either within and/or outside Indonesia. In such case, Mansek will protect your personal data in accordance with the laws and regulations.

If Mansek transfers your Personal Data outside of Indonesia, Mansek will reasonably ensure that the country to which the transfer is made has an equivalent (or higher) level of protection of Personal Data than that of Indonesia. In the event that the country to which the Personal Data is transferred does not have an equivalent (or higher) level of protection, Mansek may still transfer your Personal Data to the extent that it complies with the laws and regulations.

Mansek may also transfer your Personal Data outside of Indonesia for the purposes of combating fraud and other financial crimes, and handling any disputes or issues that may arise in accordance with applicable laws and regulations.

9. PERIOD OF STORAGE AND PROCESSING OF PERSONAL DATA

Mansek will carry out processing of Personal Data from the moment Mansek obtains the basis for processing. Mansek will continue to process your Personal Data for as long as you continue to use Mansek's products, services and/or services or in accordance with applicable laws and regulations. Mansek may retain your Personal Data after you have terminated your use of Mansek's products, services and/or services for the period necessary by reference to laws and regulations or in accordance with the storage or retention periods set out in Mansek's internal policies or in accordance with applicable laws and regulations.

Some of Your Personal Data may also be stored by Third Parties who work with Mansek to provide the Services that You use. In the event that Mansek shares Your Personal Data with authorized government institutions and/or other institutions that may be designated by the authorized government, You agree and acknowledge that the storage of Your Personal Data by the relevant institutions will follow the data retention policies of each such institution. In addition, Mansek also has a legal obligation to retain your Personal Data if it is related to the completion of the legal process of an ongoing case.

10. COOKIE POLICY

a) How do we use Cookies?

To give you the best experience, we use the following types of cookies:

1. Session Cookies. We use these cookies to operate our Electronic Systems.
2. Preference Cookies. We use preference cookies to help us remember how you like using our services. Some cookies are used to personalize content and provide you with a customized experience. For example, location can be used to provide you with services and offers in your area.
3. Security Cookies. We use these cookies for security purposes.

b) How do I control your Cookies?

Cookies are sent to your browser from the website and stored on your device. Tracking technologies such as beacons, tags and scripts, we use to collect and track information and to improve the reliability and analyze our services.

You can instruct your browser to refuse all Cookies or to indicate when Cookies may be sent. However, if you do not consent to Cookies, you may not be able to use some or all of the services in our Electronic Systems.

If you choose to use the Electronic System without blocking or disabling Cookies, you agree to the use of these Cookies and also the use by us of your information/data that we collect through Cookies.

In addition to our own Cookies, we also work with other companies to place Cookies on our Sites to collect information for us. These companies may not use these Cookies for their internal purposes or share the information collected with anyone other than Mandiri, in accordance with the terms of their contracts/agreements with us.

For more information about Cookies, you can access aboutCookies.org, or www.allaboutCookies.org

11. CHILDREN'S PRIVACY

We refrain from knowingly collecting Personal Data from individuals under the age of 17. However, we may collect Personal Data from individuals under the age of 17 for the implementation of our services to you while still referring to the applicable regulatory provisions.

12. PEOPLE WITH DISABILITIES

We carry out special processing of personal data of persons with disabilities through certain branch offices that we determine in the context of service optimization. We carry out the processing of personal data of persons with disabilities by communicating and seeking consent from persons with disabilities and/or guardians of persons with disabilities in accordance with the provisions of laws and regulations.

13. MERGER, ACQUISITION, CONSOLIDATION, SPIN-OFF, LIQUIDATION

In the event of a merger, acquisition, asset sale, consolidation, spin-off or liquidation where there is a transfer of Your Personal Data, then We will notify You:

1. Prior to the transfer of Personal Data; and
2. Subsequent data controllers under different Privacy Policies. In certain situations, We may be required to disclose Your personal data if required to do so by law or in response to valid requests from public authorities, such as courts or Government agencies.
   
   

14. CHANGES TO PRIVACY POLICY AND PERSONAL DATA PROTECTION CONTACT PERSON

We are always committed to maintaining the security and privacy of your information. Therefore, we may update this Privacy Policy from time to time in accordance with the development of our practices in processing Personal Data and in accordance with applicable laws and regulations. You can access the latest version of this Privacy Policy through our website at: https://www.mandirisekuritas.co.id/id/kebijakan-privasi

If you have any questions about this Privacy Policy, please contact the customer support service contact information below:

1. Care Center : 14032
2. E-mail : care_center@mandirisekuritas.co.id