AirAsia Credit Card

Privacy Notice

Permata Bank

Personal Data Protection Information under Personal Data Protection Law In Indonesia

PT Bank Permata Tbk, a banking company which has been licensed and supervised by Financial Service Authority (the “Bank”, “we” and/or “us”) intends to provide you with quality services in order to meet your expectations, and the Bank realizes the importance of the protection of your personal data and compliance with Law No. 27 Year 2022 regarding Personal Data Protection and relevant laws and regulations.

As part of our commitment to protect your personal data transparently, the Bank has prepared this Personal Data Protection notice (“Privacy Notice”) to inform you, as the personal data subject, of personal data protection and your rights as the personal data subject rights who are:

1. (1) individuals interacting with the Bank whether an existing, former or prospective customer of the Bank;
2. (2) individuals, who are permanent and/or non-permanent employees, outsourced employees, officials, representatives, shareholders, directors, beneficial owners, administrators (in the context of suspension of debt payment obligations), curators (in the context of bankruptcy), liquidators (in the context of dissolving a business entity), contact persons, agents, or any person related to a legal entity or individual as mentioned in (1) above, a guardianship (for children or those under guardianship) or a group of people who interact with the Bank, whether as prospective customers, customers or former customers of the Bank;
3. (3) individuals, who are a former, current or prospective shareholder of the Bank, or any person related thereto;
4. (4) individuals, who are prospective employees/employees, permanent and/or non-permanent employees/employees, outsourced employees/employees, former employees/employees, officials, directors or commissioners of the Bank, former officials, directors or commissioners of the Bank or prospective directors or commissioners of the Bank or persons related thereto;
5. (5) individuals related to the Bank, who are permanent and/or non-permanent employees, outsourced employees, officials, representatives, shareholders, directors, beneficial owners, administrators (in the context of suspension of debt payment obligations), curators (in the context of bankruptcy), liquidators (in the context of dissolving a business entity), contact persons, agents, or any person related either as a provider of goods and/or services, former provider of goods and/or services, or prospective provider of goods and/or services to the Bank;

of the protection of your personal data that the Bank receives or will receive from business operation and service provision of the Bank through branches, websites, telephones, electronic channels, applications, social media or other sources, in order to assure you that the Bank will take care of your personal information, and will obtain, collect, use or disclose your personal information only if the Bank deems it necessary, correct and appropriate, the legal basis for the Bank in processing your personal data and efforts to protect personal data. and to notify you of the personal data subject rights as stipulated in this Personal Data Protection Notice.

1. Personal data to be collected, used and disclosed.

Personal Data to be obtained, collected, used, and disclosed by Bank are as follows:

1.1 Data which can identify you as a personal data subject, whether directly or indirectly

1. (1) Personal information, namely: full name (and aliases, if any), resident identification number, resident identification card (ID Card), family registration card, birth certificate or death certificate, taxpayer identification number, social security number, driving license, place and date of birth, citizenship, passport, temporary/permanent/ limited stay permit, and/or work permit (expatriate), occupation/ occupation history, sex, marital status, marriage certificate, other family member information, including mother’s maiden name, signature, facial photograph, education/ education history, organisation membership, other data and information.
2. (2) Contact information, namely, residential address according to ID Card and any other residential address (if any), address for document delivery, electronic mail address (email address), home phone number, mobile phone number, facsimile number, information of contact person provided to the Bank, working address and contact number (if any);
3. (3) Information regarding financial conditions and transaction with the Bank, namely, saving account number, deposit account number, investment account number, current account number, credit card number, debit card number, type of credit and debit cards, deposit account movement, information on transactions made through electronic cards or via electronic or digital channels, income and expenditure information, credit information, credit rating information, debt payment information, asset information, financial status information, risk assessment information (such as information relating to suitability test for investment, financial transaction, investment aptitude, debt payment, or compliance with terms and conditions of service agreements), information generated from an analysis of personal data, information on any wrong doing including accusation thereof, information on any litigation or prosecution instituted against the personal data subject and enforcement thereof, information relating to taking out of insurance initiated by, or investments made through, the Bank, information on making or receiving payments, information for compliance with laws on Anti-Money Laundering and the US Foreign Account Tax Compliance Act (FATCA), any other information related to the use of or request for services and to the making of transactions with the Bank;
4. (4) Information relating to any contact with the Bank, namely, information received by the Bank through branches, telephones, electronic or digital channels, social media, information from closed circuit TV (“CCTV”) camera and off-site services which may be displayed or recorded in written form, voice or transaction tape recording, photos or videos;
5. (5) Technical information, namely, internet protocol (IP) address, media access control (MAC) address, the identification code affixed to the network and the devices connected thereto (MAC Address), log, device ID, application programming interface (API), cookies, type and version of plug-in, browser, operating system and platform, internet system or mobile network, geographic location, device setting and other technical data derived from the use of platform, application and operating system of the Bank;
6. (6) Usage information, namely, username, password, search information, visit statistics, menu used, time spent on the website, platform and application, timestamp of last click, favorite items, Q&A, log file, communication information with the Bank;
7. (7) Behavioral information, namely, information relating to personal interests or preferences, and manner of use or of service utilization.

1.2 Sensitive personal data that the Bank must obtain your consent before collection thereof, namely, information concerning biometric data (such as facial recognition, fingerprint recognition, iris recognition and voice recognition data), religion, criminal record, health data, disability or any other data as prescribed by the Personal Data Protection laws and Regulations.

The Bank will only collect personal data of children under the age of 18 (eighteen) years only if the child is a customer of the Bank, or if you provide your child's personal data and consent to its processing. In any processing we do related to a child's personal data, we assume that the child's guardian has done what is supposed to be done, including reading and understanding this Privacy Notice.

2. Purposes of collection, use and disclosure of your personal data

Bank will collect, use and disclose your personal data in accordance with the processing basis prescribed by the laws, namely:

1. (1) fulfilment of contract obligations made with, or compliance with your request/application made to Bank;
2. (2) fulfilment of legal obligations which are required to be complied with by Bank;
3. (3) fulfilment of other legitimate interest of the Bank or any other person or juristic person without disregarding the rights of personal data subjects, especially in efforts to improve Bank products and/or services;
4. (4) carrying out duties in the context of public interest, public services, or exercising the authority of the Personal Data Controller based on laws and regulations;
5. (5) fulfilment of the protection of vital interest for prevention of danger to a person’s life, body or health; or
6. (6) an explicit valid consent from you for 1 (one) or several specific purposes that has been submitted by Bank to you in cases that do not fall within the processing basis specified in (1) to (5);

for the following purposes:

2.1 communicating or providing information related to or in connection with the products or services of the Bank that you utilize or will utilize;

2.2 performing the Bank’s obligations as stated in your request/application or agreement made to the Bank, or in connection with such request/application or agreement, such as, sending and receiving of documents and debt collection, as well as compliance with an agreement made between the Bank and any other person which is necessary and related to services provided to you;

2.3 managing your relationship with the Bank, and preparing details or records of your utilization of services for providing further service to you;

2.4 managing the information of corporate customers or non-individual which may contain your personal data;

2.5 complying with relevant laws and regulations;

2.6 verifying and identifying your identity in accordance with the Know Your Customer procedures of the Bank, including verifying your information and auditing such verification in accordance with the procedures prescribed by the laws and the Bank;

2.7 taking any action as required or recommended by the supervisory authorities, such as actions to prevent vulnerable customers from certain restrictions or to prevent elderly customers from engaging in certain types of transactions, and actions for damage control;

2.8 managing and administrating the Bank's internal operations, such as, supervising, improving and auditing the Bank's internal operations;

2.9 managing or dealing with the risks, such as:

1. (1) preventing, dealing with, or mitigating, risks arising from illegal actions that may occur to you, the Bank’s customers, staffs and the Bank, by using those information for improvement of security system relating to the utilization of services via various channels, the operating system and the security system in the Bank’s information technology operation;
2. (2) providing security, such as, video recording (through CCTV) of visitors or customers who contact or transact with the Bank and identity card exchange before entering a building for the purpose of security within the Bank’s premises;
3. (3) risk management related to business operation of financial institutions, such as, credit risk, operational risk, compliance risk, legal risk, reputation risk, liquidity risk, strategic risk and market risk;

2.10 providing and offering products, services and their alternatives to you, which include public relations, communication, notification, offering or presenting privileges, benefits, rewards or information relating to products or services of the Bank, companies in the Bank's financial business group or business partners that may be of your interests; or organizing events and promotions, participating in the sweepstakes, or providing drawing prize for you;

The Bank will ask for your consent separately for additional or new product or service offering activities as listed above, for example when opening an account. You may also withdraw your consent to the processing of your personal data for the purposes of these offering activities at any time by contacting the Bank Contact as stated in this Privacy Notice.

2.11 examining the use of services or transactions/ activities effected in accordance with your or your counter party’s instructions;

2.12 administering services and managing complaints, such as examining transactions/activities resulting from the use of financial services, erroneously effected financial transaction, or transmitting of data within the Bank or between the Bank and any other party, or accommodating customer complaints, providing compensation, or using information to improve the work process on such matters;

2.13 making statistical analysis or research related to the business operation of the Bank and the companies in the Bank's financial business group or the Bank’s affiliates;

2.14 making adjustment to the Bank’s strategy, protecting benefit or evaluating the performance or services of the Bank;

2.15 evaluating, developing and improving the Bank’s products or services, or exercising the Bank's rights (such as making credit scoring model, behavior scoring, and market surveys), and disclosing information generated from such evaluation to you for your financial planning or utilization of other services of the Bank or to the companies within the Bank's financial business group or business partners;

2.16 organizing promotional projects or activities, meetings, seminars, recreation and workplace site visits as well as recording information or photographs for publication or advertisement, and performing and complying with applicable laws;

2.17 storing data in a cloud storage and in other systems used by the Bank;

2.18 performing the Bank’s obligations under terms and conditions specified in an agreement to which the Bank is a party or enforcing legal or contractual rights of the Bank;

2.19 connecting to or facilitating the access to website, applications and platforms of the Bank or any other person;

2.20 performing personal background check as necessary or relevant to the consideration on your qualification as required by laws and specified by the Bank;

2.21 acting as representative, performing its obligation, executing, or carrying out any action in relation to a course of business of the Bank; or

2.22 managing any matter related to securities holders or proxies, attorneys or members of provident/ pension fund as well as performing its obligations as a securities issuer, or a business operator in relation to or in connection with securities business, or a contracting party with a securities issuer, or a business operator in relation to or in connection with securities business.

The collection, use or disclosure of your personal data as aforesaid shall also include the sending or transferring of your personal data overseas that the Bank has proceeded in accordance with the said principles.

3. Persons or entities to whom the Bank may disclose your personal data

The Bank may be required to disclose your personal data to other persons or entities located in Indonesia or overseas in order to achieve the purposes stated in this Privacy Notice, namely:

3.1 The controlling shareholders of the Bank and affiliated parties of the Bank as published on the Bank’s website;

3.2 The Bank’s business partners, such as, business partners of the Bank relating to financial business, banking, service provision, investment, marketing, transportation, telecommunication, healthcare center, general insurance, life insurance, health (non-life) insurance or any person involved in any promotion or loyalty program or data analysis; or platform provider or person whose name or logo appears in an agreement with the Bank, or electronic card, website or any other service channels of the Bank;

3.3 Third Parties involved in the Bank’s provision of services, such as, those who act as intermediaries in banking transactions, settlement or payment service providers, the Bank’s service partners, outsource service providers, the Bank’s contractors or sellers of goods or services or the Bank’s agents both domestically and internationally, with whom the Bank has agreement or contract, e.g. infrastructure development service providers, internet service providers, telecommunication and communication service providers, technical infrastructure service providers, electronic system or information technology development service providers, logistics and warehousing service providers, cloud service providers, and research service providers, data analysis service providers, communication service providers, survey service providers, event and activities organizers, identity verification system service providers, Dip Chip service providers, identity verification service providers, credit rating agencies, courier service providers, producing of, and recording of data on, electronic cards service providers, the service providers who offers to sell the Bank's financial products or services and security and fraud prevention service providers;

3.4 Persons or authorities prescribed by laws. The Bank may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of government agencies, regulatory authorities or where the Bank believes that any action is necessary for compliance with the laws for protection of the rights of the Bank or any other person, for the safety of any person, for prevention and investigation of, or dealing with fraud, or for security or safety in various aspects;

3.5 The Bank’s consultants, such as financial consultant, legal consultant, notary, technical consultant and auditor;

3.6 Assignees of rights, obligations or claims of the Bank, including those involved in corporate restructuring, business transfer, investment, merger and acquisition, purchase or sale of assets, shares, or business, in which case the persons involved in such actions will also comply with this Privacy Notice;

3.7 Other persons related to you, such as, owners of a joint saving or deposit account, joint debtors, trustees, beneficiaries, estate administrators, authorized persons, guarantors or any persons placing assets as security for your debt payment to the Bank, administrator or receiver;

3.8 Associations, organizations, clubs and agencies, such as, the National Bankers' Association, banks and financial institutions;

3.9 Websites and social media, such as, LinkedIn, Facebook, Google, or Instagram.

4. Storage and retention period of your personal data

4.1 Retention of your personal data. The Bank has established security measures for protection of your personal data, whether in document and electronic form, in order to prevent loss, unauthorized or unlawful access, use, alteration, correction or disclosure of personal data.

4.2 Retention period of your personal data. The Bank will collect your personal data for the purposes notified to you in this Privacy Notice as required by the laws and for a maximum of 10 (ten) years from the cessation date of your relationship with the Bank;

unless the Bank is otherwise justified by laws or such personal data are data that cannot be deleted or destroyed due to technical limitations.

5. Outbound transfer of your personal data

In case the Bank is required to send or transfer your personal data to a person overseas, such as, your counter party or the Bank's counter party, the Bank’s representative, the Bank’s overseas branches, the Bank’s affiliates, or international agency or organization, it must be noted that the recipient country may have inadequate standard for personal data protection as required by laws. The Bank will nevertheless provide appropriate measures to ensure that your personal data sent to such recipient is sufficiently secured.

6. The data collection through the Bank’s website and/or applications

The Bank will automatically collect certain information from your use of the Bank’s website and/or applications for the purposes stated in this Privacy Notice, for example, the information recorded or collected by cookies and similar technologies utilized by the Bank will be used for statistical analysis, other activities of the Bank’s website, and/or applications or the Bank's business so as to enable the Bank to enhance your experience when browsing the Bank’s website and/or applications, as well as improving the efficiency and quality of the Bank's website and/or applications services.

7. Rights of the personal data subject

Subject to the exception provided by the prevailing laws and regulations, your rights as the personal data subject are as follows:

7.1 Right to request access and obtain a copy of personal data

You have the right to request access to and obtain a copy of your personal data in the Bank's responsibility in accordance with the provisions of laws and regulations in a form that conforms to the structure and/or format commonly used or can be read by electronic systems.

7.2 Right to obtain or send or transfer personal data to another data controller

You have the right to obtain your personal data provided to the Bank with your consent, or collected by the Bank as may be necessary for the performance under the agreement or application made to the Bank or as prescribed by the relevant Personal Data Protection laws and regulations, where the Bank has made such personal data in a form readable or generally usable by means of automated tools or devices and such personal data can be used or disclosed by automated means. In addition, you also have the right to (1) request the Bank to send or transfer personal data in the said form to another data controller when it can be processed via automated means and (2) request to obtain personal data sent or transferred by the Bank in the above-mentioned form to another data controller unless it cannot be technically effected.

7.3 Right to object

You have the right to object to the Bank’s collection, use or disclosure of your personal data in the event that:

1. (1) the Bank has collected your personal data to the extent necessary for the purpose of performing the Bank’s tasks for public interest or exercising of rights entrusted to government agencies, or for legitimate interest of the Bank or other persons or juristic persons;
2. (2) the Bank has collected, used or disclosed your personal data for direct marketing purposes, or
3. (3) the Bank has collected, used or disclosed your personal data for scientific, historical or statistical purposes;

unless it is necessary to perform the Bank’s task for public interest.

7.4 Right to erase or destroy personal data

You have the right to request the Bank to erase, destroy or anonymize your personal data if:

1. (1) your personal data is no longer necessary for the Bank to keep for the purposes here in;
2. (2) you withdraw your consent and the Bank has no lawful basis to collect, use or disclose such personal data;
3. (3) you object to the collection, use, and disclosure of your personal data already collected by the Bank for the necessity of performing the Bank’s tasks for public interest or exercising of rights entrusted to government agencies or for legitimate interests of the Bank or other persons or juristic persons, and the Bank has no justifiable ground to reject such objection;
4. (4) you object to the collection, use or disclosure of your personal data for direct marketing purposes; or
5. (5) your personal data has been unlawfully collected, used or disclosed, provided that the Bank may keep your personal data as necessary for its compliance with any laws, institution of legal claims, exercising of the Bank's rights or the Bank’s defending of other parties’ claims.

7.5 Right to suspend the use of personal data

You have the right to suspend the use of your personal data in the event that:

1. (1) the Bank is in the process of verifying your personal data to be accurate and up-to-date as requested;
2. (2) the Bank has unlawfully collected, used or disclosed your personal data;
3. (3) it is no longer necessary for the Bank to collect, use or disclose your personal data for any purpose, but you have requested the Bank to collect your personal data for your lawful interest; or
4. (4) the Bank is in the process of verification or examination of your objection request to the Bank’s collection, use or disclosure of your personal data.

7.6 Right to rectify personal data

You have the right to request the Bank to rectify your personal data so as to be accurate, up-to-date, complete and not misleading.

7.7 Right to withdraw consent

You have the right to withdraw your consent given to the Bank for the collection, use and disclosure of your personal data at any time.

7.8 Right to give notice of revocation of consent

You have the right to revoke your consent for the collection of personal data already collected by the Bank before Law No. 27 Year 2022 regarding Personal Data Protection came into effect by giving a notice of revocation of consent to a main branch or unit of the Bank from which you utilize or used to utilize the Bank’s services.

7.9 Right to lodge a complaint

You have the right to lodge a complaint to any competent agency or any entity with legal authority in the event that the Bank or its data processor, including employees or contractors of the Bank violate or do not comply with laws on personal data protection.

If you wish to exercise any rights under Clauses 7.1 to 7.7 set forth above, you can submit a request to the Bank through any branch of the Bank or through any other channel prescribed by the Bank. Once the Bank receives your request, the Bank will consider your request in accordance with the rules and regulations prescribed by the laws, comply with your request, and notify you of the result of the consideration and action taken within 30 (thirty) calendar days from the date of receipt of the request and all the supporting documents.

If you exercise any right of personal data subject, you may not be able to utilize certain services of the Bank while the Bank is in the process of considering or complying with your request.

The Bank will not charge a fee for exercising the said right, unless the Bank deems that your request is excessive or unreasonable. The Bank may charge a fee for compliance with your request at the rate announced by the Bank.

Provided that you may request to exercise your rights as from the date Law No. 27 Year 2022 regarding Personal Data Protection comes into effect.

8. Amendment to this Privacy Notice

The Bank may amend this Privacy Notice from time to time as it deems appropriate and the Bank will notify you of such amendment through the Bank's branches, websites and applications. The Bank recommends that you read and check the details of Privacy Notice every time any such amendment is made.

9. Contact Information

If you wish to contact or would like to receive more information or explanations on the collection, use and disclosure of your personal data, as well as the exercise of rights of the personal data subject specified in this Privacy Notice, please contact a main branch or unit of the Bank from which you utilize or used to utilize the Bank’s service.

Furthermore, you can contact Data Protection Office at email address dpo@permatabank.co.id.

Updated October 2024

© Copyright 2024 - PT Bank Permata, Tbk. All rights are protected by law.

Information Policy

The use and content of this website are provided for your convenience. The information presented in this website is provided for you, without any kind of guarantee, either written or implied, included but not limited to the guarantee on tradeworthy goods and/or services, the compatibility for any purpose, promotion for a product without violating any rule.

This website may contain technical guidance that is inaccurate and typographical errors. Permata Bank reserves the right to correct and/or modify the information in this website at any time and by any methods, without prior notice.

Permata Bank is not responsible or liable for any material and non-material loss, which may be suffered by anyone or any party, as directly or indirectly resulted from the use of the information contained in this website, either in part or in entirety.

Link to Other Websites 

For your convenience, Permata Bank can also provide some links to other sites in the Internet, which are owned and/or operated by any party. Please note that those sites are not under Permata Bank control, and therefore, Permata Bank is not responsible for the content of such websites.