Memuat...

Legal Document

Privacy Policy

Last updated: January 1, 2025

1. Our Commitment

Toko Web Jaya is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when using our Platform, in accordance with Indonesia's Personal Data Protection Law (UU PDP).

2. Data We Collect

2.1 Data You Provide

  • Account Data: Full name, email address, profile photo (from Google OAuth if used)
  • Transaction Data: Purchase history, order details, payment information (excluding card numbers — processed by payment gateway)
  • Communication Data: Messages you send via contact forms or customer support
  • Appointment Data: Information provided when booking appointments/consultations

2.2 Automatically Collected Data

  • Technical Data: IP address, browser type, OS, pages visited, visit duration
  • Cookie Data: Session cookies to maintain login and preferences
  • Log Data: Server access logs for security and troubleshooting

2.3 Data from Third Parties

  • Google OAuth: Name, email, and profile photo if you choose Google sign-in
  • Payment Gateway: Payment status confirmation (not card details)

3. How We Use Your Data

We use your data to:

  • Provide, manage, and improve Platform services
  • Process transactions and send invoices
  • Send notifications about orders, subscriptions, and accounts
  • Provide customer support
  • Send product updates and service information (can be disabled)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Analyze Platform usage for service improvement (anonymized aggregate data)

4. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: Processing necessary to fulfill requested services
  • Consent: For marketing communications requiring explicit consent
  • Legitimate Interests: For platform security and fraud prevention
  • Legal Obligation: To comply with applicable regulations

5. Data Storage and Security

5.1 Storage Location

Data is stored on servers located in Indonesia or countries with adequate data protection standards.

5.2 Retention Period

  • Active account data: While account remains active
  • Transaction data: Minimum 5 years per Indonesian tax regulations
  • System logs: 90 days
  • Deleted account data: Anonymized within 30 days of deletion request

5.3 Security Measures

We implement technical and organizational security measures, including:

  • Data encryption in transit (HTTPS/TLS)
  • Password hashing using bcrypt
  • Role-based access control
  • Continuous monitoring for suspicious activity
  • Regular data backups

6. Data Sharing with Third Parties

We do not sell your personal data. Data is only shared with:

  • Payment Provider (Duitku): Minimum information required to process transactions
  • Email Provider (Sumopod): For transactional email delivery
  • Google: If you use the Google sign-in feature
  • Legal Authorities: If required by applicable law or court order

All third parties are required to comply with equivalent data security standards.

7. Cookies

7.1 Types of Cookies Used

  • Essential Cookies: Required for basic Platform functions (login, cart, language preference) — cannot be disabled
  • Analytics Cookies: Help us understand Platform usage (can be disabled)

7.2 Managing Cookies

You can set cookie preferences through browser settings. Disabling essential cookies may impair Platform functionality.

8. Your Rights

Under Indonesia's UU PDP, you have the right to:

  • Access: Know what personal data we hold about you
  • Correction: Update inaccurate data via account settings
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Receive a copy of your data in machine-readable format
  • Objection: Opt out of direct marketing processing
  • Restriction: Limit data processing under certain conditions

To exercise these rights, contact us at privacy@tokowebjaya.com. We will respond within 30 business days.

9. Children's Privacy

Our Platform is not intended for children under 18. We do not knowingly collect data from children. If you believe a minor has provided data to us, please contact us immediately.

10. Policy Changes

We may update this Privacy Policy periodically. The latest version is always available on this page with the update date. For significant changes, we will notify you via email or Platform notification.

11. Contact Us

For privacy-related questions or complaints, contact us at:

Go Back ← Terms of Service