Privacy Policy

1. Background

1.1. BhinPay(‘our’, ‘us’ or ‘we’), we regard the fair and lawful treatment of personal data as a critical factor in the success of our operations and a key to the maintenance of the confidence that exists between those with whom we deal and ourselves.

1.2. We understand that you are aware of and care about your personal privacy interests, and we take that seriously. ‘You’ in this policy means the private individual who is using or otherwise requesting to use the products and services offered by us either on his/her own account or on behalf of a legal entity. This Privacy Policy defines our approach regarding the collection and use of your personal data and sets forth your privacy rights.

1.2. We understand that you are aware of and care about your personal privacy interests, and we take that seriously. ‘You’ in this policy means the private individual who is using or otherwise requesting to use the products and services offered by us either on his/her own account or on behalf of a legal entity. This Privacy Policy defines our approach regarding the collection and use of your personal data and sets forth your privacy rights.

2. Scope

2.1. This policy applies to your Personal Data when you visit our site(s) or use our services and does not apply to online websites or services that we do not own or control.

3. Data collection

3.1. In accordance with the applicable laws and regulations, we only collect and process a limited amount of data, including personal information, about you that is necessary to perform our business operations and provide you with our products and services. Personal data as used in the context of this privacy policy, applies to any information that identifies or that can be used to identify you as a private individual, such as your name, mobile phone number, email address, date of birth, and possible further information for the purpose of responding to your request or delivering a specific product or service.

3.2. We may also require other identification information if you send or receive certain high-value transactions or high overall payment volumes through our services or as is otherwise required in order for us to comply with our financial crime prevention obligations under the respectively applicable regulatory requirements.

4. Types of data

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Information that you voluntarily provide

4.1. We collect personal data when you provide it to us: (a) information that you provide by filling in application forms and forms on our website, which includes information provided at the time of registering to use our services, subscribing to our newsletter(s), and reporting a problem; (b) information provided via electronic means of communication, i.e. when you communicate with us, contact our customer support teams or respond to a survey, we may keep a record of our correspondence; (c) information regarding an enquiry from you about our products or services; (d) information that you provide in the context of a job application.

Information received from third parties

4.2. We could receive your personal data through third parties: (a) information received by one of PT Bhinpay TEKNOLOGI INDONESIA Group members; (b) information received by the card schemes (e.g. Visa, Mastercard, etc.), credit reference agencies, fraud prevention agencies, government and law enforcement agencies; (c) information received via public sources like company registers and filings.

Transaction information

4.3. When you use our payment services we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, participants associated with the transaction, merchant information, including information about any funding instruments used to complete the transaction, device information, technical usage data, and geolocation information.

Information collected from your computer or your electronic device by our website

4.4. As with most websites, the following non-personal data is routinely collected during visits to our website and use of our online resources. This information may include the name of your internet service provider (IP address), the website that directed you to our website, browser and/or device type, date, time and length of your visit. This information cannot be used to personally identify visitors. When collecting and processing your IP address, the latter will be fully anonymised right after collection by deleting the last three figures. That way we are no longer able to identify you as a person. We will delete the IP address within no more than 12 months.

Information collected through the use of cookies

4.5. Our website(s) uses cookies. You can, at all times, manage website cookies in your browser settings and change these settings by accepting, rejecting, or deleting cookies. For more information, please see our Cookie Policy.

5. Use of personal information

5.1. We collect, store and process your personal data as described hereunder, primarily to provide you with a safe, smooth, efficient, and customised experience, specifically, for the following business-related purposes: (a) Account set up and administration. Your personal data is required to set up and manage your account, authenticate your access to an account, communicate with you about your account, provide technical and customer support, verify your identity, and send important account, transaction and service information. (b) Provision of products and services. To ensure our customers are genuine and that we are paid for the products and services we provide, we use your personal data for identification and verification purposes, i.e. to confirm your identity and conduct appropriate due diligence checks. (c) Contractual obligations. We need your personal data in order to carry out our obligations arising from any contracts entered into between you and us. (d) For our legitimate interests. We may use your personal data to manage our business needs, such as monitoring, analysing, and improving the services, the sites’ performance and functionality, and to enforce the terms under which we provide our services. (e) Surveys and polls. If you participate in a survey or a poll, the information you provide to us may be used for market and historical research purposes. (f) Email alerts. Where you have explicitly consented, we use your personal data to provide you with information about our products and services, to inform you about important changes to this Privacy Policy or other relevant business news. (g) Job applications. If you wish to apply for an advertised vacancy, we need your personal data in order to administer the recruitment process. (h) Legal obligations. We may be required to collect and retain personal data about you for legal and compliance reasons, i.e. to manage risk, or to detect, prevent, and/or remediate fraud or other potentially illegal or prohibited activities.

5.2. Consistent with our commitment to protect your personal data, we only conduct such processing where a valid lawful basis exists. In particular, we use your personal data in line with our contractual and/or legal obligation, or when we have a legitimate interest. Where our reason for processing is based on your consent, you may withdraw that consent at any time.

6. Security of personal information

6.1. We are committed to making sure your information is protected. Once we receive your information, we use various security features and strict procedures, taking into account industry standards, to ensure the privacy and confidentiality of data and personally identifiable information. We maintain physical, technical and administrative safeguards that comply with regulatory requirements. Specifically, we use a combination of firewall barriers, data encryption techniques and authentication procedures to prevent unauthorised access to your data and to our systems. We also enforce physical access controls to our buildings and files. We test our systems regularly and also contract with outside companies to audit and test our security systems and processes.

6.2. We authorise access to your personal data only for those employees who require it to fulfil their job responsibilities and provide benefits, goods or services to you. We educate our employees about the importance of confidentiality and maintaining the privacy and security of personal data.

6.3. Our security procedures are constantly revised based on new technological developments in order to ensure the highest level of protection of your personal information. However, there are also a number of things that you can help with. We encourage you to use a strong password and make sure it is not the same one for all your accounts. You may not share it with anyone. Our representatives will never ask you for your password, so any email or other communication containing such request should be treated as unauthorised or suspicious and forwarded to [email protected].

7. Data storage and retention

7.1. We take appropriate technical and organisational measures, both at the time of the design of the processing system and at the time of the processing itself, in order to maintain security and prevent unauthorised processing.

7.2. Your personal data will be retained for the least amount of time necessary to fulfil our legal or egulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by applicable regulatory requirements if it is in our legitimate business interests and not explicitly prohibited.

7.3. If your Agreement is terminated and/or your Account is closed, we may take steps to mask personal data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable regulatory requirements. We will continue to use and disclose such personal data in accordance with this Privacy Policy.

7.4. The cookies we use have defined expiration times; unless you visit our Sites or use our Services within that time, the cookies are automatically disabled and retained data is deleted. Please consult our Cookie Policy for more information.

7.5. When we no longer need personal information, we securely delete or destroy it.

8. Disclosure of information to third parties

8.1. In order to provide our services, some of the information we collect may be required to be disclosed to our affiliates or other entities.

8.2. As a merchant aggregator, we work with numerous third parties in order to perform our operations in the most efficient way. We may therefore disclose personal data to those entities in order to respond to your requests or inquiries, or when necessary to fulfil the services they provide to us such as software, system, and platform support, cloud hosting services, etc.

8.3. We partner with other financial institutions to jointly create and offer products and services. We may, therefore, disclose personal data to those entities in order to ensure provision of those products and services to you.

8.4. We may share information with the other participants to your transactions, including other users you are sending or receiving funds from, and merchants or their service providers when you use the services to pay for products or services. The information may include personal data necessary to facilitate the transaction; personal data to help other participant(s) resolve disputes and detect and prevent fraud; and anonymous data and performance analytics to help merchants better understand the uses of our services and to help merchants enhance users’ experiences.

8.5. We may also share personal data when we are required to comply with legal obligations and respond to requests from government agencies. This includes exchanging data with other organisations for the purpose of fraud prevention and anti-money laundering measures.

8.6. We may share your personal data if we believe it’s reasonably necessary to protect the rights, property and safety of our company or its customers.

8.7. We do not collect or compile personal data for dissemination, rent or sale to external parties for their marketing purposes without your explicit consent.

9. Rights of data subjects

9.1. Whenever we process your personal data, we take reasonable steps to ensure that it is kept accurate and up to date for the purposes for which it was collected. With respect to the information related to you that ends up in our possession, and recognising that it is your choice to provide it to us, we commit to giving you the ability to do all of the following: (a) Right to be informed. You have the right to be informed about the processing (collection and use) of your personal data. (b) Right to access. You have the right to obtain confirmation whether or not we are processing personal data about you. You may also request information about: the purpose of the processing; the categories of personal data concerned; who else within our group might have received the data; and how long it will be stored. (c) Right to correction. You have the right to review and amend the record of personal data maintained by us if you believe it may be out of date or inaccurate. (d) Right to ‘be forgotten’. You may request that we erase your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law. (e) Right to restrict processing. You have the right to restrict the processing of your personal data, e.g. to limit the way that we use your data. (f) Right to portability. When technically feasible, we will, upon request, provide your personal data to you or transmit it directly to another data controller. (g) Right to opt-out. You can opt-out of receiving electronic marketing materials from us at any time. This can be done through your account settings, by clicking the ‘unsubscribe’ link in any email communications which we might send to you, or by contacting our DPO. Please note that this might take a few days. (h) Right to withdraw consent. You are entitled to withdraw your consent to the processing of your data. (i) Right to complain. You have the right to lodge a complaint with the appropriate supervisory authority if you have concerns about how we process your personal data.

9.2. Reasonable access to your personal data will be provided at no cost within a month upon receiving your request to the [email protected]. If access cannot be provided within the aforementioned time frame, we will provide you with the exact date when the information will be provided.

9.3.In accordance with our security procedures we may occasionally request proof of identity before we disclose personal data to you.

9.4. Please bear in mind that there may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will confirm what they are if that is the case.

10. Children’s personal data

10.1. Our websites and our services are not directed to children under the age of majority. We do not knowingly collect information, including personal data, from children or other individuals who are not legally able to use our sites and services. If we obtain actual knowledge that we have collected personal data from a child under the age of majority, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of majority.

11. Data Protection Officer

11.1. We understand that you may have questions or requests regarding this Privacy policy or your personal information. The latter are welcomed and should be addressed to our Data Protection Officer at [email protected].

12. Review and update

12.1. We will only use your personal data in the manner described in this Privacy Policy effective at the time the information was collected. However, we keep this Privacy Policy under regular review and in case of any revisions, the latter will be promptly communicated on this page.

12.2. We encourage you to periodically review this page to be informed about any changes in how we are protecting your personal data.

This Privacy policy was last updated on May 20th, 2021.