This Data Protection Notice ("Notice") establishes the basis on which covid19.go.id may collect, use, disclose or process personal data from potential service users, service users, authorized representatives of the use of our services in accordance with Indonesian law. This notice applies to personal data in our possession or under our control, including personal data held by institutions we engage with to collect, use, disclose or process personal data for our purposes.
As used in this Notice:
“Personal data” means data, whether true or not, about an individual (whether a prospective service user, service user, authorized representative of a service user or otherwise) that can be identified: (a) from such data; or (b) from that data and other information we have or may have access to.
Depending on the nature of your interaction with us, some examples of personal data we may collect from you include your name, contact information such as city of residence, postal code, email address or phone number, nationality, gender, age, employment information and educational background
COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or through a third party who has been authorized by you to disclose your personal data to us (your "authorized representative") after ( i) you (or your authorized representative) have been notified of the purposes for which the data was collected, and (ii) you (or your authorized representative) have given your written consent to the collection and use of your personal data for such purposes, or (b) the collection and use of the data without consent is permitted or required by law. We will seek your consent before collecting any additional personal data and before using your personal data for purposes that have not been notified to you (unless permitted or permitted by law).
We may collect and use your personal data for any or all of the following purposes:
build or manage your relationship with us. This includes:
If you are a potential service user:
process and evaluate your application for our services
If you are a service user:
monitor, evaluate and/or audit the services provided. This may include an assessment of the quality of the service provided and the effects of the service provided (both in the short and long term, and after you stop using the service)
If you are an authorized representative of service users:
process and evaluate service user applications for our services
provide you with information about our upcoming events or activities, for which you have specifically requested to receive such information; respond to, handle and process your questions, requests, applications, complaints and feedback
to comply with any applicable laws, regulations, codes of practice, guidelines or rules, or to assist law enforcement and investigations carried out by governmental and/or regulatory authorities
other purposes for which you provide the information.
We may disclose your personal data:
where such disclosure is necessary for, or in connection with, the provision of the service you have requested
to comply with any applicable laws, regulations, codes of practice, guidelines, rules or requests by public bodies, or to assist law enforcement and investigations
other parties to whom you authorize us to disclose your personal data, or if necessary to take any action requested by you.
CANCEL YOUR CONSENT
Your consent to the collection, use and disclosure of your personal data will remain in effect until such time as it is withdrawn by you or your authorized representative in writing. You or your authorized representative may withdraw your consent and ask us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by sending your request by email or otherwise in writing to the Data Protection Officer. Our Officer / DPO) at the contact details are provided below. If you are unable to submit your request in writing or if you need assistance with submitting your request, you may request to speak or meet with our Data Protection Officer
After receiving your written request to withdraw your consent, we may need a reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences from us. access the same, including any legal consequences that may affect your rights and obligations to us. In general, we will endeavor to process your request within three (3) business days of receiving it.
While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we will, in such circumstances, notify you. you before completing the processing of your request. If you decide to withdraw your consent, please inform us in the manner described in paragraph 6 above.
Please note that withdrawal consent does not affect our right to continue to collect, use and disclose personal data where such unauthorized collection, use and disclosure is permitted or required by applicable law.
ACCESS TO AND CORRECTION OF PERSONAL DATA
If you wish to make (a) an access request for access to a copy of the personal data we hold about you or information about how we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data we have about you, you can send your request by email or otherwise in writing, to our Data Protection Officer at the contact details provided below. If you need assistance with submitting your request, you can ask to speak or meet with our Data Protection Officer
Please note that reasonable fees may apply for access requests. If so, we will notify you of the fee before processing your request.
We will respond to your request as soon as possible. In general, our response will be within three (3) business days. If we are unable to respond to your request within thirty (30) days of receiving your request, we will notify you in writing within thirty (30) days of the time we will be able to respond to your request. If we are unable to provide you with any personal data or to make any corrections requested by you, we will usually tell you the reason why we cannot do so (unless we are not required to do so under Indonesian law).
PERSONAL DATA PROTECTION
To protect your personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as the latest antivirus protection, encryption, use of privacy filters, and disclose personal data both internally and to our authorized third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and improving our information security measures.
PERSONAL DATA ACCURACY
We usually rely on the personal data you provide (or your authorized representative). To ensure that your personal data is current, complete and accurate, please update us of any changes to your personal data by notifying our Data Protection Officer on the contact details provided below.
PERSONAL DATA RETENTION
We may retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable law.
We will stop storing your personal data, or remove the means by which such data may be associated with you, as soon as it is reasonable to deem that such storage no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes .
SENDING AND DISTRIBUTION OF PERSONAL DATA
User's Personal Data will not be sent and disseminated to other parties, except:
A party appointed by the Government of the Republic of Indonesia in handling the spread of COVID-19 and other infectious diseases, and in order to facilitate the new normal.
A legitimate request from law enforcement officials based on the provisions of the legislation.
The parties based on the agreement will use the Application data for the benefit of supporting the efforts of the Government of the Republic of Indonesia in tackling Covid-19 and other infectious diseases.
TRANSFER PERSONAL DATA OUTSIDE INDONESIA
We generally do not transfer your personal data to countries outside Indonesia. However, if we do, we will pass on the information to you for the transfer to take place and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under applicable law in Indonesia. p>
DATA PROTECTION OFFICER
You can contact our Data Protection Officer (DPO) if you have any questions or feedback regarding our personal data protection policies and procedures, or if you wish to make a request, in the following ways:
In the event that the User finds a security loophole in the Application system, the User is obliged to immediately report the findings in writing to the manager of the covid19.go.id website. Users are prohibited from using this for personal or certain group interests and publishing to the general public for any reason.
Users can submit questions, complaints and/or complaints in connection with the use of Personal Data or Personal Information on the Application. Any feedback, suggestions, and or findings provided by the User regarding the Application are not considered confidential information. The application reserves the right to use this information freely without limits. Users are prohibited from abusing the findings so that it can affect the operation of the Application.
Security findings reports, questions, complaints and/or complaints in connection with the use of the Application are submitted in writing via email [email protected] by attaching the User's identity.
The Application will verify the Personal Data by referring to the Personal Data stored in the Application system. The application has the right to reject questions, complaints and/or complaints submitted in the event that the Personal Data has not been verified.
In the event that there are additions, subtractions and/or changes to the Application complaint channel, you will be notified later via Application notification or through other official channels.
INFLUENCE OF NOTIFICATIONS AND CHANGES OF NOTICES
This notice applies in connection with other notices, contract clauses and consent clauses applicable in relation to our collection, use and disclosure of your personal data.
We may revise this Notice from time to time without prior notice. You can determine whether such revision has occurred by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgment and acceptance of the changes.
Effective Date : 17/03/2020
Last updated: 04/17/2022