About Us

About Us

PRIVACY NOTICE

PT ORIX Indonesia Finance (“Company”) is committed to managing any information/data, including personal data and/or information, on a person who is individually identifiable either on their own or combination with other data and/or information obtained directly or indirectly through various manners. (“Personal Data”), in compliance with the principles of personal data protection as regulated in the applicable laws and regulations, including but not limited to Law No. 27 of 2022 concerning Personal Data Protection (“PDP Law”) and its implementing regulation.

 

This Privacy Notice is made to set forth the scope of the Personal Data, the procedure of the Company in obtaining, collecting, and managing the Personal Data, the purposes of processing the Personal Data, storage and security of the Personal Data, legal rights of those who have provided the Company with the Personal Data (“Data Owners”), as well as other provisions.

 

A. Scope of Personal Data

Personal Data collected by the Company shall include General Personal Data and Specific Personal Data as below:
  1. General Personal Data
a. Full name;
b. Gender;
c. Citizenship;
d. Religion;
f. Marital status; and/or
g. Other Personal Data used to identify a person, such as ID card number, mother maiden name, address, birth place and date, occupation, telephone/cellular number and others.
 
  1. Specific Personal Data
a. Health data and information;
b. Biometric data that allows unique identification of individuals, such as facial images, fingerprint records;
c. Genetic data;
d. Criminal record;
e. Spouse and children data;
f. Personal financial data, such as account mutations, collectability status of financing facilities; and/or
g. Other data regulated in the applicable laws and regulations.

 

B. The Procedure of the Company in Obtaining, Collecting, and Managing the Personal Data

As a Personal Data controller, the Company obtains, collects, and manages the Personal Data in accordance with the Personal Data processing provisions of the Company and in accordance with the provisions of the applicable laws and regulations. In processing the Personal Data, the Company shall obtain valid written consent from the Data Owners and provide information to the Data Owners, which at a minimum shall include:

  1. Legality of Personal Data processing;
  2. Types and relevance of Personal Data collected and processed;
  3. The purposes of Personal Data collection/processing;
  4. Retention period of documents containing Personal Data;
  5. Details regarding the information collected;
  6. Period of Personal Data processing; and
  7. Rights of the Data Owners.

 

The Company may process all Personal Data managed by the Company the purpose of selecting prospective customers, and updating the Personal Data of the Company’s customers The Company may also process the Personal Data for the purpose of selecting potential business partners, third-party agents (“Vendors”) and updating the Personal Data of the Company’s Vendors.

 

C. The Purposes of Personal Data Processing

Personal Data obtained or collected by the Company may be processed by the Company for the following purposes:

  1. Providing and improving financial products and/or services of the Company;
  2. Implementation of internal analysis, including implementation of Know Your Customer (KYC)/Customer Due Diligence (CDD) principles in accordance with applicable laws and regulations;
  3. Compliance with legal provisions and government regulations, including but not limited to reporting to the Financial Services Authority;
  4. Handling complaints on financial products and/or services of the Company:
  5. Offering products and/or services from the Company and/or other parties collaborating with the Company;
  6. Other purposes that are permitted and do not conflict with applicable laws and regulations.

 

D. Storage and Security of Personal Data

The Company retains the Personal Data in accordance with the data retention provisions of the Company. The Company may retain the Personal Data beyond the designated retention period if such Personal Data is required to respond to requests from the regulators, competent authorities, or for legal and other purposes. The Personal Data may be stored by the Company for transaction verification, business needs, operational purposes, and other requirements in accordance with applicable laws and regulations. Upon expiration of the retention period, the Company may delete and/or destruct the Personal Data in accordance with the provisions of the applicable laws and regulations.

 

The Company will consistently ensure that the Personal Data it manages remains secured and protected, whether through up-to-date technology or through internal policies and procedures. All employees, agents, advisers/consultants, representatives of the Company, and/or other parties working in cooperation with the Company are required to maintain the confidentiality of the Personal Data received from the Company and managed by them in compliance with all provisions of the applicable laws, regulations, their internal policies and procedures relating to processing of the Personal Data.

 

E. Legal Rights Held by Data Owner

Data Owners have the following rights regarding the Personal Data managed by the Company:

  1. Receive the information regarding the identification of the data recipient of the Personal Data, legal interest basis, and the purpose of use and request of the Personal Data.
  2. Complete, update and/or correct inaccuracies in the Personal Data.
  3. Have access to a copy of the Personal Data stored, obtained and managed by the Company.
  4. Submit a request to suspend, restrict, terminate the processing, delete or destroy the Personal Data.
  5. Withdraw the consent of the processing of the Personal Data.
  6. File an objection on processed data of the Data Owners by the Company that has a significant impact on the Data Owner.
  7. Take other actions in accordance with applicable laws and regulations, including but not limited to the PDP Law.

 

However, the Company reserves the right to decline such request if:

  1. The Personal Data is still needed for the processing of the Personal Data
  2. The request of such request may cause the disclosure of the Personal Data belonging to another person.
  3. It is permitted under applicable laws and regulations or such request contradicts with the interest protected by the applicable laws and regulations.

 

F. Other Provisions

  1. Data Owners shall be fully responsible for any (material and immaterial) losses that arise from a violation of Personal Data protection caused by the Data Owners, negligence, intentional actions or instructions by the Data Owners.
  2. User access (access logs) on this site will be stored automatically to enable the Company to perform statistical analysis to improve this site.
  3. The Data Owners may withdraw consent for any or all processing of Personal Data at any time by providing the Company with a written notice through the Company’s official email. Upon receiving such withdrawal of consent from the Data Owner, the Company will inform the Data Owner of any potential consequences arising from such withdrawal, so that the Data Owner may decide whether to proceed with the withdrawal.

 

G. Privacy Notice Changes

The Company may review, update and adjust this Privacy Notice from time to time in order to improve the personal data protection policy of the Company and comply with the provisions of the applicable laws and regulations.

 

H. Contact Us

For any questions or concerns about the personal data protection policy of the Company, please contact us at:

PT ORIX Indonesia Finance
Wisma Keiai 24th Floor, Jl. Jend. Sudirman Kav. 3, Karet Tengsin, Tanah Abang, Daerah Khusus Ibukota Jakarta 10220
Tel. 021 - 572 3041 | Fax. 021 - 572 3071
Email. dpo_orif@orix.co.id