Privacy policy

This Privacy Policy identifies how We manage the Personal Information We collect, use, hold and disclose and how to contact Us if You have any queries. As a business, We comply with Law Number 27 of 2022 on Personal Data Protection or Undang-undang Republik Indonesia Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi ("UUPDP") and protect Your Personal Information in accordance with those laws as well as privacy laws that may apply in Your jurisdiction.

Occasionally, We may ask You for Personal Information about other people – for example, Your customers or other authorised representatives, to provide Our services. If You choose to disclose this information to us, You confirm that You have informed these parties that You are providing their Personal Information to Us for the purposes of providing Our products and services either directly or by providing such disclosure in Your own privacy policy.

Where lawful and practical, You have the right to remain anonymous or to make use of a pseudonym, however if You choose to remain anonymous or to use a pseudonym, We may not be able to provide You with access to some or all Our products or services.

Information means, collectively, Personal Information and Sensitive Information.

Personal Information means information relating to an individual, who are identified or can be identified separately or in combination with other information, either directly or indirectly through an electronic or non-electronic system.

Privacy Law includes the UUPDP and/or any amendments thereof.    

Sensitive Information means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a trade union or other professional body, sexual preferences, criminal record or health information.

Relevant Circumstances means all circumstances where the employee records exemption under the UUPDP does not apply, including Information:

1. obtained during the recruitment process;
2. not directly related to an employee’s current or former employment relationship with Us; and
3. shared between related bodies corporate, contractors, and subcontractors, such as Information which is shared through services arrangements with a corporate group.
    

We/Us/Our means Esri Indonesia and any of its related entities and Group (Boustead Geospatial Group).

You/Your means You as a Customer or employee (former, current or prospective) of Us, both in the singular and plural and as an individual and/or a legal entity under the Corporations legislation in Your jurisdiction.

We may collect the following types of Personal Information:

1. name;
2. mailing or street address;
3. billing address;
4. email address;
5. telephone number and other contact details;
6. age or date of birth;
7. position or role title details;
8. bank account information
9. credit card information;
10. time zone information;
11. details of the products and services We have provided to You or that You have enquired about, including any additional information necessary to deliver those products and services and respond to Your enquiries;
12. information You provide to Us through customer surveys; or
13. any other Personal Information that may be required to facilitate Your dealings with us.

We will only collect Personal Information where that information is necessary for Us to perform one or more of Our functions or activities, where We are required to by law, or You have consented to Our collection of Your Personal Information from third parties – for example Your own representatives. If You choose to provide Us with Personal Information, You consent to the transfer and storage of such Personal Information on Our servers for as long as We consider necessary to fulfil the purpose for which it was collected, or as required by relevant laws, under this Privacy Policy and any other arrangements that apply between Us.

We may collect Personal Information from You through the following (amongst others):

1. one of Our websites;
2. social media;
3. phone;
4. email;
5. Your participation in any marketing initiative or promotional activities or events;
6. Your access to and use of Our products, services and website; and/or
7. Your access to and use of Our products, services, and website, based on transactions with us (through contractual obligations), form part of the ways in which we collect your personal information; and/or
8. in writing.

We will generally collect Personal Information directly from You. We may also collect Personal Information from third parties (including third party data analytic service providers) and publicly available sources of information. We may use Personal Information supplied by You or a third party to source additional Personal Information from publicly available sources of information.

Some Personal Information (e.g. race, ethnicity, health information etc.) is Sensitive Information and requires a higher level of protection under the Privacy Law. We will only collect such Sensitive Information when We have Your express consent for Us to do so and the collection is reasonably necessary for Us to conduct Our functions or activities, or where the information is required or authorised by law.

When You apply for a job with Us We collect certain information from You (including Your name, contact details, working history and relevant records checks) from any recruitment consultant, Your previous employers and others who provide information to Us, to assist in Our decision should We make You an offer of employment or engage You under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of Our current and former employees, which are exempt from the Privacy Laws. 

If You do not provide Your Personal Information, We may not be able to:

1. progress Your application or offer of employment, or to consider You for future employment opportunities;
2. monitor the use and efficiency of business resources (such as Our technology); and
3. efficiently use related entities or contractors necessary for the delivery of Our business activities and functions.

In addition to the general Personal Information referred to in this Privacy Policy, Personal Information collected in connection with the Relevant Circumstances may include:

1. ID information, such as Your name, postal or email address, telephone numbers, licenses, date of birth, gender details;
2. other contact details such as social media handles You use on publicly available websites;
3. resumes and other correspondence;
4. work history and education history;
5. health information, disabilities and psychometric testing results;
6. other information We consider necessary to Our recruitment, business activities and management processes.

Sensitive Information may be required to be collected in some circumstances.  We will only collect Sensitive Information if it is necessary for business purposes and for the inherent requirements of the position.

All information collected will be used and disclosed by Us as outlined in this Privacy Policy. We take reasonable steps to ensure that Your Personal Information is held securely.

It is Our usual practice to collect Personal Information about You in the Relevant Circumstances:

1. directly from You, for example where You provide Information by using a printed or online method;
2. where relevant, and with Your consent, through a third-party recruitment service provider;
3. from third parties, with Your consent. For example, We may seek Information about You:
   
   1. prior employment history through reference checks;
   2. eligibility to work in Your jurisdiction through a visa status check;
   3. educational qualifications by requesting confirmation of qualifications or results from an academic institution;
   4. aptitude or other psychometric testing;
   5. ability to perform the inherent requirements of the position, through medical and other allied health professionals, or criminal record history check and/or working with children check;
   6. from speaking to Us over the phone;
   7. through Our international and national IT framework either intentionally or by default;
   8. through publicly available networking sites, such as Facebook or LinkedIn.
4. We may also collect Information about You because We are required or authorised by law to collect it.
5. When You commence employment with Us, as a condition of employment We may ask You to provide evidence of Your identity and legal entitlement to work in Australia.  We may also ask for Personal Information, such as emergency contact details, tax file number and bank account details which will form part of Your employee file.
6. If We do not have Your prior consent to collection of Information from a third party, We will take reasonable steps to inform You that We have collected Information from a third party.

Your Personal Information may be used to:

1. assess Your application (or an application submitted on Your behalf by a recruitment service provider or by an employee as part of the employee referral program) for advertised positions;
2. invite You to apply for future positions with Us, unless You notify Us that You do not wish this to occur;
3. allow Us to conduct recruitment statistical reporting and analysis;
4. conduct, in connection with Our management of any recruitment business risks, investigations, resolutions and legal claim defences, compliance with court orders and other legal obligations and regulatory requirements;
5. share Information internally, and with any contractor or subcontractor, where doing so would assist Us with completing administrative tasks efficiently;
6. share documents, such as resumes, with clients;
7. obtain security clearances where required;
8. capture any data in relation to the use of technological devices or systems provided to an Individual by Us; and
9. conduct employment-related management and administrative processes.

Unless authorised by the Privacy Law, Your Personal Information will not be used for any other purpose without Your consent.

We may disclose Your Personal Information internally for the purposes of:

1. Considering and contacting You for future positions with Us;
2. statistical reporting and analysis;
3. allowing cohesive network operations between Our international and national networks; and
4. conducting management and administrative processes.

Our information technology systems may automatically permit access to Your Information within Our network of international and national related entities, contractors and service providers.

We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of Your Personal Information.  These organisations may carry out activities including:

1. information technology services;
2. website usage analysis;
3. management and administrative tasks.

We may disclose Your Personal Information to overseas related entities or contractors, including related entities or contracts located in the areas where We have offices.

Where We have collected Personal Information about You either directly or by other means as set out above, We will notify You of the following as soon as practicable:

1. The Primary Purpose that We are collecting Your Personal Information;
2. Other related uses or disclosures that We may make of Your Personal Information (Secondary Purposes);
3. How You can contact Us;
4. That You can access the Personal Information that We hold about You;
5. That You should contact Us should You need to access or correct Personal Information collected by Us;
6. The organisations We usually disclose the Personal Information to;
7. Where applicable, any law that requires the Personal Information to be collected.

If We receive unsolicited Personal Information about or relating to You and We determine that such information could have been collected in the same manner if We had solicited the information, then We will treat it in the same way as solicited Personal Information under the Privacy Law. Otherwise if We determine that such information could not have been collected in the same manner as solicited Personal Information, and that information is not contained in an official state record, We will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.

Where We store Your Personal Information depends largely on the purpose it was collected for but may include:

1. internal customer relationship management system which is hosted offshore;
2. email database within Our marketing campaign system;
3. internal contacts database; and
4. hard copy records in Our offices.

The data servers are password protected and login secured. However, by providing Personal Information to Us You consent to Your information being stored and processed on a data server or data servers (such as cloud services) owned by a third party or third parties that may be located outside of Your jurisdiction and which may not be subject to the Indonesian Privacy Principles.

We take reasonable steps to protect Your Personal Information from unauthorised access, loss, disclosure or modification under this Privacy Policy.

We regularly monitor all Our systems holding Personal Information, however, no data transmission over the internet can be guaranteed as one hundred per cent secure. We will take reasonable steps to maintain the security of and to prevent unauthorised access to or disclosure of Your Personal Information. However, We do not guarantee that unauthorised access to Your Personal Information will not occur, either during transmission of that information to Us or after We receive that information.

We only retain Your Personal Information for as long as is necessary for the purposes for which it was collected and We are required to keep it to comply with any laws. We will take such steps as are reasonable in the circumstances to destroy or de-identify Personal Information which We no longer need.  These measures may vary depending on the Personal Information held.

We collect Personal Information primarily for the following purposes (the “Primary Purpose” of Personal Information collection):

1. Providing Our products and services to You;
2. Validating and completing purchase requests;
3. Providing notifications of new product releases or functionality updates;
4. Improving and developing the design of Our range of products and services for Your use, including using data analytics (for example, Google Analytics, Hotjar and Act-On, or other products with similar functionality);
5. Providing notification of upcoming events
6. Providing industry and related information;
7. Conducting surveys and research;
8. Complying with licensing, legislative and regulatory requirements;
9. Improving Our service delivery (including to resolve a complaint);
10. Managing Our relationship with You;
11. Employment related purposes (including assessing an applicant’s suitability for a job); and
12. To subscribe You to Our e-communications.

If You subscribe to Our e-communications (e.g. newsletters, event updates etc.), We may send You direct updates about Our products and services, event invitations and for marketing purposes (including advising You of other products, services, promotional events, programs and special offers which may be of interest to You) via your registered email. If You do not wish to remain a subscriber to Our mailing list, You can unsubscribe from any electronic communications by clicking the ‘unsubscribe’ button or by contacting Our marketing department.

We will only collect, hold, use and/or process (together "process") Your Personal Information where We are legally allowed to do so.

We will ensure that Your Personal Information is:

1. processed lawfully, fairly and transparently;
2. collected for specific, explicit and legitimate purposes;
3. adequate, relevant and limited to what is necessary for the purpose of the processing;
4. kept accurate and up to date;
5. only kept for so long as is necessary;
6. processed securely using appropriate technical and organisational measures to ensure integrity and confidentiality.

For Us, the lawful basis which We rely on will fall into one of the following:

1. Contractual performance: where We process Your Personal Information for contractual performance
   • This includes enabling Us to take steps You request prior to Us entering a contract; and then once We have entered a contract, to enable Us to perform the contract and to provide You with the products and services. We will process Your Personal Information in accordance with the contract.
2. Legitimate interests: where We process Your Personal Information for Our legitimate interests
   • We are a commercial organisation engaged in the provision of geographic information systems and associated services. We have an interest in promoting, marketing, selling and supporting Our products and services. Where We process Your Personal Information for Our interests We will do so only where We have carefully considered both Our and Your interests. We will not process Your Personal Information if Our interests are overridden by Your interests or fundamental rights and freedoms.
3. Consent: where We rely solely on Your consent to process Your Personal Information

There may be circumstances where We need to or are required to obtain and/or rely upon Your consent to process Your Personal Information. If this is the case We will give You:

1. the reason for needing Your consent, including details as to how We will process Your Information;
2. the choice as to whether to provide consent;
3. information to enable You to withdraw Your consent.

We do not generally share Our customer lists on a commercial basis with third parties but if We did, We would only do so if We  had the appropriate consent of the individual involved.

We may disclose Personal Information We collect from You:

1. To Our subsidiaries and other related entities (other than for Sensitive Information), employees, contractors or agents for the Primary Purpose set out above, or for other purposes directly related to the purpose for which the Personal Information is collected;
2. To others that You have been informed of at the time any Personal Information is collected from You;
3. To Our business associates, third party suppliers, service providers and others for purposes directly related to the purpose for which the Personal Information is collected;
4. To Our payment systems operators (for example, merchants receiving card payments);
5. To Our professional advisors;
6. To organisations that acquire all or part of Our assets or business;
7. To organisations where We outsource functions (including information technology providers, print service providers and mail houses);
8. With Your consent, to specific third parties to receive information held by Us; or
9. other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required by law.

If We use or disclose Your Personal Information for a Secondary Purpose other than the main reason for which it was originally collected, We  will ensure that:

1. The Secondary Purpose is related to the Primary Purpose of Personal Information collection, and You would reasonably expect that We  would use or disclose Your information in that way;
2. You have consented to the use or disclosure of Your Personal Information for the Secondary Purpose; or,
3. The use or disclosure is required or authorised by or under law.

We will take reasonable steps to ensure that any contracts with third parties include requirements for those third parties to comply with the use and disclosure requirements of the Privacy Law.

In the unlikely event that We  are required to disclose Personal Information to law enforcement agencies, government agencies or external advisors We  will only do so under the Privacy Law or any other relevant legislation.

We take reasonable steps to ensure that each organisation that We  disclose Your Personal Information to is committed to protecting Your privacy and complies with the Privacy Law.

By providing Your Personal Information to Us, You consent to Us transferring Your Personal Information to such other organisations.

Some of the service providers, related bodies corporate and other third parties We disclose Personal Information to are in countries outside of Your jurisdiction. Any overseas disclosure does not affect Our commitment to protecting Your Personal Information.

Where We  send Your Personal Information outside of Our jurisdiction, We  make sure that appropriate data handling and security arrangements are in place. You acknowledge that, by consenting to the disclosure of Your Personal Information to entities outside of Your jurisdiction We will no longer be required to take reasonable steps to ensure that the overseas recipient does not breach the applicable provisions of the Privacy Laws in relation to Your Personal Information.

When You provide such express consent, We will not be liable to You for any breach of the respected Privacy Law by those overseas recipients. Further, the overseas recipient of Personal Information may be subject to a foreign law that could compel the disclosure of Personal Information to a third party, such as an overseas authority. In such case, We  will not be responsible for that disclosure.

We review, on a regular and ongoing basis, Our collection and storage practices to ascertain how improvements to accuracy can be achieved.

You can request access to Your Personal Information held by Us in writing.  We also require some proof of identification before releasing or correcting any Personal Information.

We may make reasonable changes for access to Information and may refuse to provide access to, or delete, Information where this is required or authorised by the Privacy Act or another law.

To assist Us to keep Our records up to date, You should ensure all Personal Information provided to Us is accurate and kept up to date.  We take the accuracy of Your Personal Information seriously, if You are aware that the information, We  hold relating to You is inaccurate, incorrect or out-of-date, please contact Our Privacy Officer.

We require employees to perform their duties in a manner consistent with Our legal responsibilities in relation to privacy.

We take all reasonable steps to ensure that paper and electronic records containing Personal Information are stored in facilities that are only accessible by people who have a genuine need to know.

We review, on a regular and ongoing basis, Our information security practices ascertaining how ongoing responsibilities can be achieved and maintained.

We reserve the right in Our sole discretion to modify, amend, vary or update this Privacy Policy at any time without notice. If this is necessary, We  will include the amended Privacy Policy on Our website to ensure You are kept up to date of how We manage Your Personal Information. We recommend You review the Privacy Policy regularly to ensure You are aware of any changes.

We take Your Privacy very seriously, to make it simpler for You to contact Us, We have centralised Our contact details, please contact Us by one of the following means:

E-mail Us at: privacy@esriindonesia.co.id
Telephone Us at: +62 (21)27099881;
Write to Us at: Privacy Officer, Esri Indonesia, 26th Floor, Jalan Jend. Gatot Subroto, Kav. 18, South Jakarta, 12710.

We respect and place significant importance on Your rights. We would like to make sure You are fully aware of all Your data protection rights.

In summary, Your rights include the right to:

1. The right to access – You have the right to request Us for copies of Your personal data. We may charge You a small fee for this service;
2. The right to rectification – You have the right to request that We correct any Information You believe is inaccurate. You also have the right to request Us to complete the Information You believe is incomplete;
3. The right to erasure – You have the right to request that We erase Your personal data, under certain conditions;
4. The right to restrict processing – You have the right to request that We restrict the processing of Your personal data, under certain conditions;
5. The right to object to processing – You have the right to object to Us processing Your personal data, under certain conditions;
6. The right to data portability – You have the right to request that We transfer the data that We have collected to another organisation, or directly to You, under certain conditions.

If You wish to object or to withdraw consent, You may contact Us though one of the methods detailed below in the 'Contact us' section. In addition, where We have sent You a marketing email, We will have provided an 'unsubscribe' or 'set Your preferences' which You can use to stop any future marketing communications.