Privacy Policy

PT Immenzo Jaya International (operating as Condensa)

Last Updated: October 5, 2024

This Privacy Policy describes how PT Immenzo Jaya International, operating as Condensa ("Company," "we," "us," or "our"), collects, uses, processes, stores, and protects your personal data in compliance with Law No. 27 of 2022 concerning Personal Data Protection ("PDP Law") and other applicable Indonesian data protection regulations.

By accessing or using our website [www.condensa.net] (the "Website"), you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy.

1. DATA CONTROLLER

PT Immenzo Jaya International (Condensa)
Jakarta, Indonesia
Email: privacy@condensa.net

We are the data controller responsible for the collection and processing of your personal data through the Website.

2. DATA PROTECTION OFFICER (DPO)

In compliance with Article 52 of the PDP Law, we have appointed a Data Protection Officer responsible for overseeing compliance with data protection obligations and handling data subject requests.

Contact: dpo@condensa.net

3. PERSONAL DATA WE COLLECT

Since our Website does not require user login or account registration, we collect limited personal data. The personal data we may collect includes:

3.1 General Personal Data

  • Name

  • Email address

  • Phone number

  • Company/organization name and details

  • Job title or professional information

This data is collected when you voluntarily submit contact forms, inquiry forms, or request information about our services.

3.2 Technical and Usage Data (Non-Login Context)

  • IP address

  • Browser type and version

  • Device information

  • Pages visited and time spent on pages

  • Referral source

  • Cookie data (see Cookie Policy below)

This data is automatically collected through cookies and similar technologies when you visit our Website.

3.3 Sensitive Personal Data

We do not intentionally collect sensitive personal data as defined under Article 4(2) of the PDP Law, including health records, biometric data, genetic data, political opinions, or religious beliefs, unless explicitly required for service delivery and with your express consent.

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds as required by Article 20 of the PDP Law:

a) Consent: You have given explicit consent for the processing of your personal data for specific purposes.

b) Contractual Necessity: Processing is necessary for entering into or performing a contract with you.

c) Legal Obligation: Processing is required to comply with Indonesian legal and regulatory requirements.

d) Legitimate Interests: Processing is necessary for our legitimate business interests, provided such interests do not override your fundamental rights and freedoms.

5. PURPOSE OF PROCESSING

We process your personal data for the following purposes in accordance with Article 21 of the PDP Law:

  • Responding to inquiries and providing information about our services

  • Communicating with you regarding service requests or business opportunities

  • Improving the functionality, performance, and user experience of our Website

  • Analyzing website traffic and usage patterns

  • Complying with legal and regulatory obligations

  • Detecting, preventing, and investigating security incidents and fraud

  • Maintaining business records and archives

We will not process your personal data for purposes incompatible with those for which it was originally collected without obtaining your additional consent.

6. DATA RETENTION

In accordance with Article 15 of the PDP Law, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

Retention Periods:

  • Contact inquiry data: Up to 2 years from the date of last contact

  • Technical and usage data: Up to 12 months

  • Legal compliance records: As required by applicable Indonesian laws

After the retention period expires, we will delete, destroy, or anonymize your personal data in a secure manner to prevent unauthorized access or reconstruction.

7. DATA SHARING AND DISCLOSURE

We do not sell, rent, or trade your personal data to third parties. We may share your personal data only in the following limited circumstances:

7.1 Service Providers

We may share data with trusted third-party service providers who assist us in operating the Website, conducting analytics, or providing technical support. These providers are contractually obligated to protect your data and use it only for specified purposes.

7.2 Legal Requirements

We may disclose personal data when required by Indonesian law, court order, government regulation, or to comply with legal processes.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same protections outlined in this Privacy Policy.

8. CROSS-BORDER DATA TRANSFERS

All personal data processing and storage occur within the territory of the Republic of Indonesia. We do not transfer personal data outside Indonesia unless:

  • We have obtained your explicit consent;

  • The transfer is necessary for the performance of a contract;

  • The recipient country provides adequate data protection as determined by Indonesian authorities; or

  • We implement appropriate safeguards, such as Standard Contractual Clauses (SCCs).

9. DATA SUBJECT RIGHTS

Under the PDP Law (Articles 27-37), you have the following rights regarding your personal data:

a) Right to Access: Request confirmation and access to your personal data that we hold.

b) Right to Correction: Request correction or updating of inaccurate or incomplete personal data.

c) Right to Erasure: Request deletion of your personal data under certain circumstances.

d) Right to Withdraw Consent: Withdraw your consent to data processing at any time without affecting the lawfulness of processing before withdrawal.

e) Right to Object: Object to the processing of your personal data for specific purposes.

f) Right to Data Portability: Request transfer of your personal data in a structured, commonly used format.

g) Right to Restriction: Request restriction or suspension of processing under certain conditions.

To exercise any of these rights, please contact our Data Protection Officer at dpo@condensa.net. We will respond to your request within 14 (fourteen) days as required by applicable regulations. Identity verification may be required to protect your privacy.

10. DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify affected data subjects within 3 x 24 hours (72 hours) of becoming aware of the breach, as required by Article 47 of the PDP Law;

  • Report the breach to relevant authorities;

  • Provide information about the nature of the breach, potential consequences, and remedial measures taken.

11. SECURITY MEASURES

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, or loss, including:

  • Encryption of data in transit and at rest

  • Access controls and authentication mechanisms

  • Regular security audits and vulnerability assessments

  • Employee training on data protection and security practices

  • Secure data storage within Indonesian data centers

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. CHILDREN'S PERSONAL DATA

Our Website is not intended for children under the age of 13 years. We do not knowingly collect personal data from children without verified parental consent. If we become aware that we have collected personal data from a child without proper consent, we will take immediate steps to delete such data.

Parents or guardians who believe their child has provided personal data to us may contact our DPO at dpo@condensa.net.

13. AUTOMATED DECISION-MAKING AND PROFILING

We do not engage in automated decision-making or profiling activities that produce legal effects or similarly significantly affect you. If we implement such technologies in the future, we will:

  • Obtain your explicit consent;

  • Provide transparent information about the logic involved;

  • Offer you the right to human intervention and review.

14. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. The "Last Updated" date at the top of this document indicates when changes were last made.

Material changes will be communicated through:

  • Prominent notice on our Website

  • Email notification (if we have your contact information)

Your continued use of the Website after changes are posted constitutes acceptance of the updated Privacy Policy.

15. CONTACT FOR PRIVACY INQUIRIES

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Data Protection Officer
PT Immenzo Jaya International (Condensa)
Email: dpo@condensa.net
Address: Jakarta, Indonesia

We will respond to your inquiry within a reasonable timeframe as required by Indonesian law.

16. COMPLAINTS AND DISPUTE RESOLUTION

If you believe your data protection rights have been violated, you have the right to file a complaint with our legal team

We are committed to resolving complaints in good faith and in accordance with applicable Indonesian data protection laws.