DATA PROTECTION POLICY

GENERAL

This policy statement (the “Data Protection Policy”) provides information on the obligations, practices and policies of Indovative Consulting “PT. SUKSES BISNIS INTERNASIONAL” its subsidiaries, affiliates, representatives, and related companies (“Company”) in relation to data protection and data privacy.

For enquiries around our Data Protection Policy or should you have any complaints regarding data protection issues, please e-mail us at Pak@indovative.consultingnsulting

2. COLLECTION OF PERSONAL DATA

The Company’s officers, management and members of staff shall, at all times, respect the confidentiality of, and endeavour to safeguard, personal data collected, used, disclosed and/or transferred by, or on behalf of, the Company.

The Company takes reasonable measures to ensure all collection, use, disclosure and/or transfer of personal data by the Company shall be done in an appropriate manner for customer membership and other reasonable internal purposes.

Individuals who provide personal data to the Company will be informed in writing as soon as reasonably practicable of the following:

that their personal data is being processed;

the purposes for which their personal data is collected and further processed;

any information available to the Company as to the source of that personal data;

the individual’s right to request access to and to request correction of their personal data, and how to contact the Company with any inquiries or complaints;

the class of third parties to whom their personal data is disclosed;

the choices and means the Company offers for limiting the processing of their personal data;

whether it is obligatory or voluntary for such individual to supply their personal data; and

the consequences arising from a failure to supply their personal data where it is obligatory for the individual to supply such personal data to the Company.

3. WHAT KIND OF PERSONAL DATA DO WE COLLECT?

For the purpose of carrying on the Company’s business, including registration and administration of our client, partner and human resource data bank and the provisions by the Company of related products and services (including any relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to provide products or services to satisfy your request:

your name;

your correspondence and/or billing address;

payment details, such as credit card and banking information;

contact details, such as your name, telephone number and/or email address;

Cookie data of browser and additional web services

In addition, the Company may require other optional additional personal information from you in order to personally tailor our services to fit your individual needs. Such personal information may include:

your gender;

your salary range and employment details;

your education and profession;

your hobbies and leisure activities;

other related products and services you subscribe to; and

your family and household demographics;

The Company may engage other companies or individuals to assist us in providing our services, or to provide certain services such as analysing customer lists, providing marketing assistance or other third party consulting services. These third parties may have access to information needed to perform their function but cannot use that information for other purposes.

4. ACCURACY OF PERSONAL DATA

Customers who provide the Company with personal data will be asked to confirm that their personal data provided is accurate.

In addition, the Company will endeavour to verify data provided using generally accepted practices and guidelines, which includes checking data provided against pre-existing data held by the Company. In some cases, the Company will ask to see original documentation in relation to personal data such as personal identification cards.

5. ACCESS AND CORRECTION OF PERSONAL DATA

Individuals have the right to:

check whether the Company holds any personal data relating to them and, if so, obtain copies of such data; and

require the Company to correct any personal data relating to them if the individual knows that their personal data as held by the Company is inaccurate, incomplete, misleading and/or not up-to-date.

However, the Company will not deal with access or correction requests from individuals which are frivolous, vexatious or unreasonable.

Where an individual legitimately requests access to and/or correction of personal data relating to the individual held by the Company, the Company shall endeavour to provide and/or correct such data within in an appropriate time and in an appropriate manner.

6. STORAGE, SECURITY AND RETENTION OF PERSONAL DATA

The Company endeavours to take all reasonable steps to keep secure any personal data. These include physical measures such as storing in locked areas or containers customer information which are contained in physical hardcopy documents, and technological measures such as ensuring that digital information is stored on secure servers. For Indonesia-related electronic transactions, the relevant data will be stored within Indonesia. For German-related electronic transaction, the relevant data will be stored within Germany/Singapore.

Computer data is stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas. Access to records and data without appropriate authorisation is strictly prohibited and access to such personal data is only granted where there is a business need to do so. Company records are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate. [Encryption technology, such as SSL (i.e. secure sockets layer), may be employed for the transmission of data collected online.

The Company’s employees and data processors are obliged to respect the confidentiality of any personal data held by the Company. However, security of communications over the internet cannot be guaranteed, and the Company will not be held responsible for events arising from unauthorised access to personal data.

The Company will use reasonable endeavours to destroy or permanently delete any personal data when it is no longer necessary to fulfil the original purpose for which such personal data was collected, unless such personal data must be retained to satisfy any applicable statutory or contractual obligations or there is otherwise a business purpose to retain such personal data.

The Company will endeavour inform you in writing of a failure in relation to the protection of confidential personal data.

7. DISCLOSURE OF PERSONAL DATA

All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose(s), or reasonably related purpose(s) for which such data was collected, provide such information to the following parties:

any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;

any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose(s) or reasonably related purpose(s) for which such data was provided;

any other person or company who has undertaken to provide a comparable standard of protection as that provided by the Company with respect to such data, provided such person or company has a legitimate right to such information; and

any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies necessary to establish and support the payment of any services being requested.

Personal data may also be disclosed to any person or persons that have a right under any applicable law to gain access to such information provided they are able to prove their authority to access such information.

8. TRANSFER OF PERSONAL DATA OVERSEAS

At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of the country where such personal data was collected in order to carry out the purposes, or reasonably related purposes, for which such personal data were collected. Where such a transfer is performed, the transferred personal data will be afforded a comparable level of protection as set out within this Data Protection Policy and in any event will be in accordance with the requirements set out under applicable law.

9. DIRECT MARKETING

The Company will only send promotional and other direct marketing materials in accordance with all applicable laws. Customers can withdraw consent to receiving marketing materials by informing the Company or reaching out to the Company’s data protection officer at pak@indovative.consultingnsulting.com

10. COOKIES AND LINKS TO OTHER WEB SITES

Some of the Company’s websites may place a “cookie” on your machine. Such cookies may be used to provide personalised services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across the Company’s websites.

The Company may also provide links to web sites outside of its own websites. These linked sites are not under the control of the Company, and the Company is not responsible for the conduct of persons, companies or entities linked to the Company’s website, nor for the performance or otherwise of any content and/or software contained in such external websites.

11. CHANGES TO THE POLICY

The Company reserve the right to alter any of the provisions contained in this Data Protection Policy for compliance with relevant local legislation, to meet its global policy requirements, and for any other purpose deemed necessary by the Company.