Privacy Notice for Business Partners
1. About this notice
We will process your personal data in compliance with every applicable law and any laws that replace them in the future (including the European Union’s General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”)) and the law of the Republic of Indonesia No.27 Year 2022 regarding Private Data Protection ("PDP")
In this notice, we provide information based on such laws related to processing your personal data. This notice sets out the basis on which any personal data that you provide to us, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this notice.
2. Information about us
For the purpose of data protection law, PT. Sharp Electronics Indonesia (“we”, “us” and “our”) is a data controller in respect of your personal data. And we are committed to respecting your privacy.
(a) Our main office address: Jl. Harapan Raya Lot LL 1&1, Kawasan Industri KIIC, Desa Sirnabaya, Kec. Teluk Jambe Timur, Karawang - Jawa Barat 41361
(b) Our phone number: +62-267 8468 600
(c) Our email address: email@example.com
In this notice:
(a) your “personal data” means any data which relates to you and from which you can be identified, including specific data (health data and information, biometric data, genetic data, crime records, child data, personal work data and others) and general data (full name, gender, nation, religion, martial status and others);
(b) our “affiliates” means our subsidiaries; and
(c) “processing” means any activity or operation that is carried out in respect of your personal data, such as collecting, storing, using, transferring or deleting it.
4. How we collect your personal data and what personal data we collect
We will collect and process the following personal data about you (collected through communications including: writings, face-to-face discussion, phone calls, e-mails, or otherwise). Such information generally includes your name, contact data (e-mail, phone number), company name, address, position and all other personal data which is required to enter into a contract with you and to communicate with you.
In some circumstances, we may be provided such personal data relating to you by the organisation you represent or the organisation that otherwise employs or engages you (“Business Partners”). This information is necessary in order for (i) the relevant business we provide you or Business Partners or (ii) the relevant business services to be provided to us by Business Partners.
There may be circumstances where the provision of business services to us results in us collecting other types of personal data from you, or us being provided other types of personal data about you from Business Partners. If so, then we will protect such personal data to the same high standards explained in this policy and take any additional steps necessary to ensure we process such personal data in accordance with applicable laws.
5. Purpose and legal basis of processing personal data
We use the personal data that we hold about you for the following purposes:
Establishing and maintaining relationship with Business Partners, Marketing
The legal basis for the processing of your personal data is:
· performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art.6 (1)(b) GDPR; or
· where the processing of your personal data is necessary for the pursuance of our legitimate interests in accordance with Art.6 (1)(f) GDPR (e.g. establishing a business relationship, marketing and networking).
We do not process your “sensitive data” (information about your race, ethnic origin, religion, physical or mental health, political opinions, sexual life, any actual or alleged criminal offences, and genetic and biometric data).
6. Disclosure of personal data to recipients
We may share your personal data with recipients in the situations described below:
(a) Internal Use for us: Employees of us or our affiliates who are authorised and need to access these data.
(b) Affiliates: We share your personal data with our affiliates for internal administrative purposes and uses that are consistent with this Notice.
(c) Service Providers: We share your personal data with third-party service providers who perform services, such as providing data servers, logistics services and payment services on our behalf.
(d) Business Partners: We may share your personal data with business partners, such as customers or suppliers to the extent this is required for conducting and/or acquiring business with these partners (e.g., exchange of contact details).
(e) Legal Process and Safety: We may disclose your personal data to legal or government regulatory authorities as required by applicable law. We may also disclose your personal data to third parties as required by applicable law in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health and safety of you or others, or to enforce our legal rights or contractual commitments that you have made.
(f) Business Transfers: Your personal data may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction. It may also be disclosed in the event of insolvency, bankruptcy or receivership.
7. Transfers of personal data outside the European Economic Area
The personal data that we collect from you or provided by Business Partners may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us, for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that:
(a) the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data; or
(b) the recipient enters into standard data protection clauses with us that have been approved by the European Commission.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the information about us above.
8. Transfer of personal data outside the Indonesia territory
In doing so, every person, public body and international organization is obliged to ensure that the country to which the personal data is transferred has and equalivalent or higher level of personal data protection.
9. Storage limit of personal data
We will retain the personal data that we collect about you as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer period is demanded by applicable laws.
10. Your rights
(a) Access, rectification, erasure, restriction, data portability
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the following rights:
· Request from us access to your personal data pursuant to Art. 15 GDPR
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information.
· Request from us rectification of your personal data pursuant to Art. 16 GDPR
You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data.
· Request from us erasure of your personal data pursuant to Art. 17 GDPR
You have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply.
· Request from us restriction of processing pursuant to Art. 18 GDPR
You have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply.
· Right to data portability pursuant to Art. 20 GDPR
You have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain legal conditions apply.
(b) Right to object
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you also have the right to object to the processing of your personal data.
Where personal data are processed for direct marketing purposes (see section 5 above), you have the right to object at any time to processing of personal data concerning you for such marketing pursuant to Art. 21 (2) GDPR.
Every person, public body and international organization must refuse to provide change access to personal data in the event that:
i. Endangers the safety, physical health, or mental health of himselft or others;
ii. Impact on the disclosure of other people's personal data;
iii. Contrary to national defense and security interest
(c) Right to lodge a complaint
If you have any complaints regarding our privacy practices in the EEA, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority).
(d) Criminal Provisions
i. Everyone who intentionally and against the law obtain or collect Personal Data that not his the intent to benefit yourself or others that can result in the loss of the Personal Data Subject as intended shall be punished with imprisonment a maximum of 5 (five) years and / or a fine a maximum of IDR 5 (five) Billion.
ii. Everyone who intentionally and against the law is disclosing Personal Data that does not belong to him shall be punished with a maximum imprisonment of 4 (four) years and / or a maximum fine IDR 4 (four) Bilion.
iii. Everyone who intentionally and against the law is using Personal Data that does not belong to him shall be punished with a maximum imprisonment of 4 (four) years and / or a maximum fine IDR 4 (four) Bilion.
iv. Everyone who intentionally create fake Personal Data or falsify Personal Data with the intent to benefit himselft or others, or who can cause harm to others is criminalized with threat of imprisonment of 6 (six) years and / or a maximum fine IDR 6 (six) Billion.
v. In terms of criminal acts as intended is carried out by the Corporation, criminal charges can be imposed onto the management, holders of control, givers of orders, beneficial owner, with the penalties that can be imposed against the Corporation with maximum fine of 10x the maximum penalty threatened fines.
vi. Additional penalties for corporations:
- confiscation of profits and/or property asset obtained from or proceed of criminal acts;
- freezing of all or part of the business Corporation;
- permanen prohibition to perform certain action;
- closure of all or part of the place of business and / or Corporate activities;
- carry out obligations that have been neglected;
- payment of compensation;
- license revocation; and dissolution of the Corporation.
Questions, comments and requests regarding this privacy notice are welcome. Please contact us using the information about us above.
Established:17th March 2023
Legal Compliance Officer
PT. Sharp Electronics Indonesia