Terms and Conditions


Home Digital Channel PermataAPI Syarat dan Ketentuan

Permata API Terms and Conditions

The following are the General Terms and Conditions for Host to Host Usage (hereinafter referred to as “GTC”), which applies in PT Bank Permata, Tbk., a banking company that has been registered and supervised by the Financial Services Authority domiciled in Jakarta (hereinafter referred to as “Bank” ):

Article 1

Definition

As long as it is not specified otherwise in the context of the sentence, the terms with the initial capital letters used in this GTC have the following meanings:

  1. "API Key" is one of the Authentication Devices provided by the Bank for the Customers to validate their authority when accessing Host to Host.
  2. “Service Fees” are fees other than Transaction Fees, which must be paid by the Customer to the Bank for using Host to Host to conduct banking activities as regulated in this GTC.
  3. “Transaction Fees” are fees that must be paid by the Customer to the Bank for making Transactions.
  4. "Technical Document" is a document containing technical provisions stipulated by the Bank to be developed and prepared by and in the Customer's system in order to be able to access and obtain Host to Host service.
  5. "Features" are types of Transactions that can be made by the Customer, and / or banking services provided by the Bank, as listed in the Attachment and as submitted by the Customer in the Form and approved by the Bank.
  6. "Forms" refer to forms related to the use of Host to Host which are made following the Bank standards, including, but not limited to, the application Form for using Host to Host.
  7. “Group ID” is a unique code for Customer's registration at the Bank which is used to identify a Host to Host user, where one Group ID may consist of one Customer or a combination of several Customers.
  8. “Business Day” is a day on which the Bank operates and conducts clearing in accordance with Bank Indonesia's regulations.
  9. "Instructions" refer to the instructions or orders given by the Customer to the Bank via Host to Host to process the Transactions.
  10.  "Public IP" is the IP address that will be used by the Customer to be able to access Host to Host.
  11. "Computer" is any form of device that can be used to process electronic, magnetic, optical, or system data that performs logic, arithmetic and storage functions, which the Customer can use to access Host to Host, namely servers, desktops, laptops, or other forms.
  12. "Attachments" refer to the attachments of this GTCt that becomes an integral and inseparable part of the GTC.
  13. "Bank Transaction Limit" is the minimum and maximum nominal value of Transaction which can be made by the Customer as determined by the Bank from time to time.
  14. “Customer Transaction Limit” is the minimum and maximum transaction nominal value set by the Customer, where the minimum limit must not be less than the minimum Bank Transaction Limit and the maximum limit must not exceed the maximum Bank Transaction Limit.
  15. "Customer" is an individual or business entity which submits an application to use Host to Host and / or make a Transaction, and the application has been approved by the Bank.
  16. "Customer Information File Number or CIF Number" is a unique number of Customer's registration at the Bank which is used as the identification of ownership for all accounts on behalf of the Customer at the Bank, both current accounts, savings, time deposits, and other accounts (if any).
  17. "Host to Host" is a banking service provided by the Bank for Customers named as Permata API that enables customers to conduct transactions electronically where there is a system connection between the Customer's system and the Bank's system.
  18. "Client Secret Key" is one of the Authentication Devices provided by the Bank to the Customer in the form of a secret code consisting of a combination of numbers, letters, symbols, other characters, or a combination in which is a key for Client ID to be able to use Host to Host.
  19. "Client Static Key" is one of the Authentication Devices provided by the Bank to the Customer, which functions to form an electronic signature in the process of exchanging data electronically.
  20. "Account" is a giro account or other account on behalf of the Customer at the Bank, which is registered by the Customer in the Form as the account that will be used to make Transactions.
  21. "Minimum Account Balance" is the minimum amount that must be available in the Account and cannot be withdrawn by the Customer as long as the Account is not closed as regulated by the Bank from time to time.
  22. "Authentication Device" is a security device contained in the Host To Host system which is used by the Customer as a security and verification code in accessing and using Host To Host which consists of Client ID, Client Secret Key, Client Static Key, and API Key, or the other form determined by the Bank.
  23. "Transaction" refers to a banking transaction that can be carried out by the Customer electronically by using Host to Host.
  24. “User ID” is an Authentication Device in the form of a unique name owned by the Customer to be used as Customer's identity in accessing Host to Host.
  25. "Time of Receiving Instructions" is a time limit for the Bank to be able to receive Customer Instructions on Host To Host.
  26. "Usage Time" is the time when the Customer can use Host to Host to make transactions.
  27. "Transaction time" refers to the time in which the transaction can be processed by the Bank.

Article 2

Host to Host Registration

  1. Host to Host can only be used by customers who have met the following requirements: 
    1. The Customer already has an Account at the Bank and all Customer required documents to open the Account have been completely received by the Bank.
    2. The Customer has filled in, signed, and submitted to the Bank the Form, GTC, and other documents determined by the Bank from time to time (if any).
    3. The Customer has registered the Customer's Public IP on the Form and the Bank has registered the Customer's connection to Host to Host by using the Public IP that has been registered by the Customer in the Form.
  2. When filling out the Form, the Customer is required to provide a group name for Host to Host registration purposes. Furthermore, the Bank will provide a Group ID to the group name specified by the Customer. The provisions in this paragraph also apply if in one Form consists of several names of Customers, both individuals and other forms of business, which merge into one Host To Host ID Group.
  3. Customers who are members of one Group ID will be able to access all information and Transactions of Customer's Account that are in that one Group ID. The Bank is not responsible for the misuse of information obtained or any Transaction made by the Customer as referred to in this paragraph.
  4. If all the requirements stipulated in paragraph 1 of this Article have been fulfilled, the Bank will process the Customer's application as described in the Form using and based on the data and information written in the Form and other documents received by the Bank from the Customer. Furthermore, the Bank will hand over to the Customer the Authentication Device needed by the Customer to use Host to Host and make transactions in accordance with the provisions in this GTC.
  5. Upon the registration of the Account into Host to Host, the CIF Number attached to the Account will also be automatically registered into Host to Host, so that all or part of the information regarding the Account will be accessible for the Customer through Host to Host.
  6. The Customer can register, change and close Host to Host as desired, and all consequences thereof are fully the responsibility of the Customer.
  7. Although all requirements to use Host to Host as described in this GTC have been fulfilled by the Customer, at the Bank's own discretion, the Bank has the right to: 
    1. Reject the Host to Host registration application submitted by the Customer.
    2. Reject a certain Account submitted by the Customer for making Transaction by notifying the reason for the rejection to the Customer, unless otherwise stipulated by the prevailing laws and regulations.

Article 3

Transaction

Transaction Instruction and Implementation

  1. The procedure of making a Transaction through Host to Host must be followed and implemented correctly by the Customer, the procedures are as follows: 
    1. Perform all security processes in conducting banking activities through Host to Host, in accordance with the provisions stipulated in the Technical Document, by using the Authentication Device sent by the Bank.
    2. All processes that occur while sending electronic data which is related to Transaction information are fully the Customer's responsibility.
  2. The nominal value of the Transaction made by the Customer must be within and not exceeding the Customer's Transaction Limit.
  3. Customers can make transactions at any time during the Usage Time by paying attention to the provisions regarding the Time of Receiving Instructions. Every Instruction received by the Bank will be processed within the Transaction Time.
  4. Usage Time, Time of Receiving Instruction, and Time of Transaction are determined by the Bank from time to time and will be informed to the Customer in accordance with the prevailing laws and regulations.
  5. The Customer is obliged to monitor the Transaction status which has been done through the Transaction status notification provided by the Bank. In the event of Transaction failure or duplication with the same reference number (double transaction) caused by the Customers who do not monitor the status of the Transaction, all risks and consequences that arise are entirely the burden and responsibility of the Customer.
  6. Each Instruction will only be processed by the Bank in compliance with and following the policies and procedures applicable to the Bank.
  7. The Customer cannot cancel a Transaction if the Instruction for the related Transaction has been received by the Bank.
  8. Instructions received by the Bank will be processed based on the verification and authentication process of the correct Authentication Device without verifying the identity and authority of the parties sending the Instruction, therefore each Instruction will bind the Customer.
  9. If there is an instruction which, based on the Bank's internal regulations and / or the provisions of applicable laws and regulations and / or according to the Bank's consideration, may result in the Bank being burdened with a responsibility and / or experiencing demands, complaints, losses, either directly or indirectly from any party, then the Bank has the right to refuse and not process the related Instruction and / or cancel the Transaction that has been processed as long as it is possible according to the systems and procedures applicable in the Bank, and for this incident the Bank will notify the Customer.
  10. All Instructions that the Customer sends to the Bank via Host to Host will be deemed to have the same authority as the instructions submitted to the Bank through a document signed by the Customer.

Transaction Currency
Transactions can be made by Customers in Rupiah.

Provision of Funds
In each Instruction or Transaction made by the Customer at Host To Host, the Account must provide a minimum amount of funds equal to the total amount of the Transaction plus Transaction Fees and Service Fees arising from the related Transactions. The Customer should still pay attention to the minimum account balance based on the provisions of the minimum account balance in each type of product or account applicable in the Bank. The Customer hereby acknowledges and understands that if the amount of funds in the Account is insufficient at the time of making a Transaction, the related Transaction cannot be processed by the Bank.

Article 4

Fees

  1. For using Host to Host to make Transaction, the Customer is required to pay Service and Transaction Fees to the Bank in the amount that has been determined for each Feature.
  2. Service fee consists of: 
    1. Inquiry feature usage fees (fund transfer recipient information feature);
    2. Other fees (if any).
  3. For certain Features, the Customer can choose to charge the Transaction Fee to the Transaction sender or Transaction recipient. The provisions for the Transaction Fee which is charged to the recipient prevail that the amount of the transaction to be received by the recipient is the amount of the Transaction after deducted by the Transaction fee. If a return on Transaction occurs, the amount that will be returned to the sender's account is as much as the amount that should be received by the Transaction recipient. The choice of Transaction Fees imposition by the Customer is the responsibility of the Customer.
  4. The amount of each Service and Transaction Fee will be determined by the Bank from time to time which will be published by the Bank in accordance with applicable laws and regulations through brochures and / or other appropriate methods.
  5. By using Host to Host, the Customer hereby authorizes the Bank to debit the Account for a number of Service and Transaction Fees which are the Customer's obligations.

Article 5

Safety

  1. In using Host To Host, the Customer is obliged to comply with the security standards determined by the Bank in the Technical Document such as authentication and authorization security standards, encryption in data transmission, security against potential risks of "man in the middle attack" and others that are regulated in the Technical Document.
  2. The Customer is obliged to maintain security and confidentiality and is responsible for the use of the Authentication Device. All risks, losses, and any legal consequences that arise in connection with the use of the Authentication Device are the full responsibility of the Customer.
  3. The provisions regarding Authentication Devices are as follows: 
    1. The Authentication Device is the property of the Bank and will be provided by the Bank to the Customer, by sending separately in 2 sets, namely: 
      • The first set consists of the Client ID, Client Secret Key, and Client Static Key.
      • The second set consists of the Group ID and API Key.
    2. For process security purposes, the Bank recommends that the Customer implement a dual control process of receiving Authentication Devices by differentiating the recipient's PIC for each set of Authentication Devices.
    3. Change, closure, or reset of the Authentication Device provided by the Bank, will be carried out by the Bank.
    4. If necessary, the Customer can replace one of the Authentication Devices by sending a replacement request letter to the Bank via facsimile and / or e-mail, by following the terms and conditions regarding sending letters or documents via facsimile and / or e-mail as stipulated in Article 8 in this GTC. Each request to replace one of the Authentication Devices will immediately change the Authentication Device at the same time.
    5. The Bank grants the right to use the Authentication Device to the Customer from the time the Customer is registered as a Host to Host user until the Customer stops using Host to Host. As long as the right to use the Authentication Device is granted to the Customer, all risks and consequences arising from the use and control of the Authentication Device will be borne and solely the responsibility of the Customer.

Article 6

Information and Proof

  1. The Bank provides information regarding Accounts, and other matters related to Customer's transactions and activities through Host to Host.
  2. Although the information regarding Accounts, other matters related to Transactions and Customer activities is provided by the Bank through Host to Host, Customers are still required to monitor the latest information regarding these matters at the Bank office where the Account, Transaction and Customer's activities are administered by the Bank or through other media determined by the Bank and accessible by the Customer. If there is a discrepancy between the information obtained by the Customer through Host to Host and the information at the Bank office, the Customer is obliged to immediately report it to the Bank and ask the Bank for clarification to ensure that the Customer can make Transactions based on the correct and accurate information.
  3. In accordance with the prevailing laws and regulations, the Bank has the right to disclose information regarding Transactions to government agencies and / or other authorized parties.
  4. Evidence of instructions and communications transmitted electronically in making a Transaction, including documents in the form of computer records or evidence of Bank transactions, tape or cartridges, computer printouts, copies or other forms of information storage in the Bank, and all the tools or documents are the only valid and perfect evidence for each Transaction made by the Customer, even though no written or signed document is issued by the Bank and / or the Customer, as stipulated in Law No. 11 of 2008 concerning Electronic Information and Transactions including its changes, updates and / or replacements.
  5. All data, information, statements and documents that have been submitted by the Customer will become the property of the Bank, and the Bank has the right to verify, assess, document, archive or use it for the benefit of the Bank in accordance with the provisions of the applicable laws and regulations, without the Bank being obliged to notify or ask for approval, provide guarantees or compensation for any reason to the Customer.

Article 7

Termination of Internet Communications

  1. To avoid Host to Host misuse by unauthorized parties, the Bank unilaterally and at its sole discretion has the right to: 
    1. Disconnect the internet communication if the Customer, within the period determined by the Bank, does not make any transactions or conduct any activities through Host to Host.
    2. Stop or suspend the Transaction process without prior notification to the Customer if Host to Host, Account, and other related matters, are indicated to be used by the Customer or any other party to commit crimes or illegal activities.
  2. In connection with the implementation of the actions as referred to in paragraph 1 of this Article, the Customer agrees that the Bank will not provide compensation and / or liability in any form to the Customer or any party for all claims, lawsuits and / or requests for compensation in any form submitted by any party, which matters are the full burden and responsibility of the Customer.

Article 8

Documents and Letters Delivery

If the delivery of a letter and / or data and / or documents and / or instructions by the Customer to the Bank can be done via facsimile or e-mail based on the provisions stipulated in the GTC and / or other provisions applicable to the Bank, then, the following terms applies and binds the Customer:

  1. The delivery of letters and / or data and / or documents and / or instructions from the Customer to the Bank will be made via a facsimile machine and / or e-mail address that have been specified and registered by the Customer as stated in the Form.
  2. If the Customers change their facsimile number and / or e-mail address, the change will be valid in no later than 7 (seven) Business Days after the Bank receives a written notification from the Customer regarding the change.
  3. Before what is written in the letter and / or data and / or documents and / or instructions is processed, received, or executed by the Bank, the Bank has the right but is not obliged to confirm beforehand to the Customer regarding the validity of the letter and / or data and / or documents and / or instructions. If the Bank does not receive confirmation of its validity, the Bank has the right to reject, postpone, not conduct the matters written in the letter and / or data and / or related documents and / or instructions.
  4. Instructions sent by facsimile or e-mail will be executed by the Bank at the Transaction time as referred to in the Instruction as long as the Instruction has been received by the Bank within the Time of Receiving Instruction as stipulated by the Bank, or on the following Business Day if the Instruction sent via facsimile or e-mail is received after the Time of Receiving the Instruction has passed.
  5. The Customer is obliged to comply with any Bank policies related to the provisions of the Transaction and the delivery of the original letters and / or data and / or documents and / or instructions, both which have been or will be determined in the future by the Bank (which the changes will be notified in advance by the Bank to the Customers, in accordance with the applied laws and regulations). In this regard, if the Bank requires the Customer to send the original letters and / or data and / or documents and / or instructions after what is written in them is processed, received, or executed by the Bank, the Customer is obliged to send the original letter and / or data and / or documents and / or instructions to the Bank at the time determined by the Bank. If there is a difference between letters and / or data and / or documents and / or instructions sent by facsimile or e-mail with original letters and / or data and / or documents and / or instructions, including but not limited to the total amount of the Transaction, then the Customer hereby agrees that what applies is letters and / or data and / or documents and / or instructions that have been sent by facsimile or e-mail.
  6. If the process, reception and implementation by the Bank of the matters mentioned in the letter and / or data and / or documents and / or instructions sent by facsimile and / or e-mail requires the Customer's authority, the Customer hereby authorizes to the Bank to conduct the matters, and all costs arising from these matters shall be borne entirely by the Customer.
  7. The Customer hereby declares and guarantees the Bank for the following matters: 
    1. The Customer is obliged to and shall ensure that the party sending the letters and / or data and / or documents and / or instructions for and on behalf of the Customer is the authorized party of the Customer.
    2. The Customer receives and validates any action taken by the Bank in order to carry out the matters described in letters and / or data and / or documents and / or instructions sent by facsimile or e-mail.
    3. The Customer is obliged to and shall always maintain the security of the system and / or media used to send letters and / or data and / or documents and / or instructions via facsimile or e-mail, from any misuse by unauthorized parties.
    4. The Customer is obliged to and shall always be aware of the possibility of authority abuse committed by the Customer or other parties.
    5. Customers, in the current and future times, are responsible for all legal consequences that arise and will not file any objections, demands, claims or rebuttals to the Bank.
  8. The Customer agrees that letters and / or data and / or documents and / or instructions in the form of a facsimile or e-mail received by the Bank are the only valid evidence for the implementation of Transaction or other things requested by the Customer as stated in the letter and / or data and / or documents, which can be used both inside and outside the court. If a dispute or problem related to this matter arises in the future, the Customer agrees to set aside the original letter and / or data and / or document and / or instruction.
  9. If there is a discrepancy between the proof of delivery of letters and / or data and / or documents and / or instructions of the Customer and proof of receipt of letters and / or data and / or documents and / or instructions of the Bank, the Customer agrees that the proof of receipt belongs to the Bank is the one which is valid.
  10. With a prior notification by the Bank to the Customer in accordance with the applicable laws and regulations, the Bank has the right to change, add, and / or cancel Bank policies regarding sending letters and / or data and / or documents and / or instructions via facsimile or e-mail, and the Customer is required to comply with all Bank policies related to this matter.
  11. If, in the future, there are regulations prohibiting, not justifying or not allowing the process, reception, or implementation of matters as stated on the letters and / or data and / or documents and / or instructions sent via facsimile or e-mail, the Bank has the right to immediately take necessary actions, including to refuse and / or not carry out the matters requested by the Customer even though all the requirements set by the Bank have been fulfiiled by the Customer.

Article 9

Consent and Authority

  1. The Customer hereby gives consent to the Bank to: (i) use the data and information related to the Customer obtained by the Bank, including but not limited to, all data and information contained in the Form, for the purpose of implementing customer requests and instructions, and for the marketing purposes of the Bank's products  or other parties cooperating with the Bank, and all other needs as long as it is possible and permitted by the prevailing laws and regulations; (ii) disclose the data and information to third parties, including but not limited to, authorized agencies by taking into account the provisions of the prevailing laws and regulations for the use and disclosure of data and information that requires approval from other parties.
  2. All authorities given by the Customer to the Bank contained in this GTC, Forms and documents related to the Transaction in any form are an inseparable part of the Transaction and other administrative actions in connection with the use of Host to Host, therefore, there is no need to create other form of writing for authorization process aside from this GTC, Form and documents related in the Transaction., These authorities will continue to be valid and will not be expired for any reason, including the causes listed in articles 1813, 1814 and 1816 of the Civil Code applicable in the Republic of Indonesia, as long as the Customer still has obligations, including payment obligations to the Bank or until there is a written notification regarding the revocation of authority from the Customer to the Bank. The Bank must receive notification regarding the revocation of authority no later than 30 (thirty) days before the revocation of authority becomes effective.

Article 10

Customer Responsibilities

  1. The Customer is obliged to ensure that any and all data and information along with respective supporting documents provided by the Customer through the Form as well as in the context of sending Instructions to the Bank are true, complete, accurate, not misleading and still valid.
  2. If there is a change in the data and information that has been sent to the Bank, the Customer is obliged to immediately notify the change in writing to the Bank.
  3. To avoid fraud, crime or abuse of authority conducted by parties designated by the Customer in using Host to Host or other unauthorized parties, the Customer is fully obliged, responsible and authorized to make arrangements, supervision and security for the flow or process of the Transaction or administrative actions that uses Host to Host, including but not limited to the following: 
    1. Have an internal procedure regarding the distribution of authority from parties appointed by the Customer to receive the Authentication Device from the Bank, make Transaction and administrative actions which is related with Host to Host, including separating the authority given to the parties appointed by the Customer to make Transaction in such a way, where the authority to make Transaction and the authority to approve Transaction are given to different persons. 
    2. Have an internal procedure to prevent the risk of Authentication Devices misuse.
    3. Establish and supervise the process of Transactions and administrative actions of Host to Host.
  4. The Customer is obliged to ensure that the parties that can give Instructions and carry out a series of Transaction processes for and on behalf of the Customer are persons or parties appointed and authorized to perform the activities by the Customer. The Bank does not carry out any verification for the Instruction received by the Bank, whether regarding the contents of the Instruction, the Transaction process flow, the authority or the identity of the people or parties involved in the making process, delivery or approval of the Instruction received by the Bank until the Transaction is successful. All risks and legal consequences that arise as a result of abuse of authority, errors in sending instructions and other related matters become the full responsibility of the Customer.
  5. Customer should keep the security of the computer used to access Host to Host, along with all systems or supporting instruments from the computer, by conducting the following ways but not limited to: 
    1. Regularly update the latest version of the anti virus program and scan the computer for viruses.
    2. Limit the access authority of the computer used to access Host to Host.
    3. Establish a system, procedure or mechanism for securing the computer used by the Customer.
  6. The customer agrees that all risks and legal consequences may arise because (i) the Customers do not fulfill their obligations as stipulated in this Article and other Articles in the GTC (including Attachments and other related documents), (ii) unauthorized use of the Authentication Device, (iii) misuse of Host to Host by parties appointed by the Customer to make Transactions through Host to Host (iv) errors or delays in the Transaction process made by the Customer, (v) the Bank submits the information regarding the Transaction to the government agencies and / or the authorities as referred to in Article 6 of this GTC (vi) error or negligence of Customers who do not implement the things described in Article 8 of this GTC (vii) use, inclusion and disclosure of data and information made by the Customer to the Bank as referred to in Article 9 of this GTC (viii) the Customer is failed to perform security standards specified in the GTC and Technical Documents, including but not limited to, any loss of profits, demands, lawsuits or claims experienced or addressed to the Bank and / or the Customer and / or any other party, becomes a full responsibility of the Customer, and the Bank will not provide compensation and / or liability in any form to the Customer or any party, and the Customer is willing to be subject to sanctions based on the applicable laws and regulations and / or the Bank's internal policies, including the closure of Host to Host by the Bank for all the consequences that arise as long as the risks and legal consequences are not caused by mistakes or negligence committed by the Bank.
  7. If, based on any lawsuit or claim, the Bank must pay or pay in advance an amount of money to any person or party, due to the Customer Transaction, then the Customer is obliged to pay or provide reimbursement to the Bank in the amount that has been paid by the Bank along with interest and penalties (if any) in the time determined by the Bank.

Article 11

Force Majeure

The Bank will not provide compensation and / or liability in any form to the Customer or any party for any claims or losses that may arise, in the event that the Bank is unable or late in conducting the Instruction either partially or completely due to incidents or causes beyond the power or ability of the Bank, including but not limited to, natural disasters, war, riot, malfunctioning equipment, systems or transmissions, power outages, telecommunications or internet network disruptions, government policies, and other events or causes beyond the power or ability of the Bank as long as the Bank has carried out all of its obligations in accordance with the applicable laws and regulations in connection with the Force Majeure.

Article 12

Transaction Delay and Host to Host Closure

Without taking out other provisions stipulated in a separate Article in this GTC, the Bank has the right to postpone or not carry out instructions or even close the Host to Host service (as applicable) if one or more of the following are fulfilled:

  1. The Customer submits a written application to the Bank to close the service of Host to Host using a Form from the Bank.
  2. Customer closes all registered accounts used to make Transactions.
  3. There are laws and regulations that prohibit the use of Host to Host  or similar services for making transactions.
  4. The customer uses an identity and / or provides or includes fake or false information.
  5. The Bank acknowledges or has an indication that the Host to Host or the Account is used by the Customer or any other party to commit fraud, crime or other illegal acts that violate or are not in accordance with the applicable laws and regulations. 
  6. For any reason, at the discretion and policy of the Bank, based on the results of the review carried out by the Bank on the use of Host to Host by the Customer, and the Customer hereby agrees to any action that will be taken by the Bank to carry out the Customer instruction, and therefore the Customer with this agrees that the Bank will not provide compensation and / or liability in any form to the Customer or any party in relation with the actions taken by the Bank.

Article 13

Other Provisions

Other Matters and Changes
The Bank has the right to make changes at any time to the contents of the GTC by giving a notification to the customer in accordance with the applicable laws and regulations. The customer hereby agrees that the change in the GTC will become an inseparable part of this GTC.

Choice of Law and Domicile
This GTC along with all the amendments or additions and or renewals are made, interpreted and implemented under the laws of the Republic of Indonesia. Any disputes arising under or following this GTC will be resolved as follows:

  1. If possible, any disputes will be resolved by deliberation.
  2. Any dispute or disagreement that cannot be resolved by deliberation by the Parties will be resolved through mediation in the banking sector.
  3. Any dispute or disagreement that cannot be resolved either by deliberation and / or mediation in the banking sector, will be resolved in one of the District Courts in Indonesia, thus without taking out the right of the Bank to file a lawsuit against the Customer through other Courts, within or outside Indonesia, and the Customer hereby declares to waive their right to file an exception regarding the relative authority to the Court selected by the Bank.

Address of Notification

  1. Any notification that needs to be sent by each party to the other regarding or in connection with the use of Host to Host must be made by written letter, via courier or electronic media including e-mail, facsimile, telex or short message system ("SMS ") Or telephone, namely: 
    1. If addressed to the Customer:
      In accordance with the data and information contained in the Form as well as the changes that have been submitted to the Bank and have been processed in accordance with the policies and procedures applicable in the Bank.
    2. If addressed to the Bank:
      In accordance with the data and information listed on the Bank's official media, including but not limited to the official Permata Bank website.
  2.  Any notification and or communication addressed to as the above information is deemed to have been received or delivered: 
    1. If sent directly by courier or expedition on the date of receipt and / or;
    2. If sent by registered mail, 7 (seven) calendar days after the date of delivery, and / or;
    3. If sent by telex or facsimile, on the day of delivery (with the recipient's confirmation).
    4. If sent by e-mail, upon confirmation that the e-mail has been received.
    5. If sent via SMS, when there is no confirmation that it has failed to be sent.
  3. Any correspondence data changes from each party must be notified immediately in the form of writing to the other party.

Validity
The legality and validity of the provisions in the GTC will not be affected, even if one or more provisions in the GTC become invalid, unenforceable or invalid.

Transfer and Maintenance of Services
Bank has the right to:

  1. Transfer the Transaction process or use of Host to Host to a third party;
  2. Perform maintenance, repairs, and changes to Host to Host which may result in temporary unavailability or inaccessibility of Host to Host.
  3. Statements and Guarantees 
    All statements and guarantees submitted by the Customer in the Form and GTC are true, without force from any party and cannot be withdrawn or canceled and will not end for any reason without a written approval from the Bank. All risks arising from these statements and guarantees are the sole responsibility of the Customer, and the Customer agrees that the Bank will not provide compensation and / or liability in any form to the Customer and / or any party for all risks and consequences arising from the statements and guarantees by the Customer or its implementation conducted by the Bank.
  4. Applicable Language
    If the GTC and other documents related to Host to Host are issued or made by the Bank and / or signed by the Customer in Bahasa Indonesia and English, then if there is a difference in meaning or interpretation between the Indonesian and the English version of the GTC or other documents, what will apply is the Bahasa Indonesia version, including its composition, interpretation and implementation.
  5. Service and Complaint Settlement
    The Customer hereby acknowledges that the Bank has service procedures and complaint settlement in connection with the use of Host to Host which can be accessed by the Customer through the website www.permatabank.com and or other official media.

BY SIGNING THE GTC, THE CUSTOMER ACKNOWLEDGES AND UNDERSTANDS ALL CONTENTS OF THE GTC AND THE CUSTOMER AGREES AND IS BINDED TO THE GTC, APPENDIX, FORM, AND OTHER PROVISIONS SET BY THE BANK IN RELATION WITH THE IMPLEMENTATION OF TRANSACTIONS THROUGH HOST TO HOST WHICH WILL BE NOTIFIED BY THE BANK TO THE CUSTOMER, IN ACCORDANCE WITH THE APPLICABLE LAWS AND REGULATIONS

...

Privacy Notice

Privacy Notice

Permata Bank

Personal Data Protection Information under Personal Data Protection Law In Indonesia

PT Bank Permata Tbk, a banking company which has been licensed and supervised by Financial Service Authority (the “Bank”, “we” and/or “us”) intends to provide you with quality services in order to meet your expectations, and the Bank realizes the importance of the protection of your personal data and compliance with Law No. 27 Year 2022 regarding Personal Data Protection and relevant laws and regulations.

As part of our commitment to protect your personal data transparently, the Bank has prepared this Personal Data Protection notice (“Privacy Notice”) to inform you, as the personal data subject, of personal data protection and your rights as the personal data subject rights who are:

  1. (1) individuals interacting with the Bank whether an existing, former or prospective customer of the Bank;
  2. (2) individuals, who are permanent and/or non-permanent employees, outsourced employees, officials, representatives, shareholders, directors, beneficial owners, administrators (in the context of suspension of debt payment obligations), curators (in the context of bankruptcy), liquidators (in the context of dissolving a business entity), contact persons, agents, or any person related to a legal entity or individual as mentioned in (1) above, a guardianship (for children or those under guardianship) or a group of people who interact with the Bank, whether as prospective customers, customers or former customers of the Bank;
  3. (3) individuals, who are a former, current or prospective shareholder of the Bank, or any person related thereto;
  4. (4) individuals, who are prospective employees/employees, permanent and/or non-permanent employees/employees, outsourced employees/employees, former employees/employees, officials, directors or commissioners of the Bank, former officials, directors or commissioners of the Bank or prospective directors or commissioners of the Bank or persons related thereto;
  5. (5) individuals related to the Bank, who are permanent and/or non-permanent employees, outsourced employees, officials, representatives, shareholders, directors, beneficial owners, administrators (in the context of suspension of debt payment obligations), curators (in the context of bankruptcy), liquidators (in the context of dissolving a business entity), contact persons, agents, or any person related either as a provider of goods and/or services, former provider of goods and/or services, or prospective provider of goods and/or services to the Bank;

of the protection of your personal data that the Bank receives or will receive from business operation and service provision of the Bank through branches, websites, telephones, electronic channels, applications, social media or other sources, in order to assure you that the Bank will take care of your personal information, and will obtain, collect, use or disclose your personal information only if the Bank deems it necessary, correct and appropriate, the legal basis for the Bank in processing your personal data and efforts to protect personal data. and to notify you of the personal data subject rights as stipulated in this Personal Data Protection Notice.

1. Personal data to be collected, used and disclosed.

Personal Data to be obtained, collected, used, and disclosed by Bank are as follows:

1.1 Data which can identify you as a personal data subject, whether directly or indirectly

  1. (1) Personal information, namely: full name (and aliases, if any), resident identification number, resident identification card (ID Card), family registration card, birth certificate or death certificate, taxpayer identification number, social security number, driving license, place and date of birth, citizenship, passport, temporary/permanent/ limited stay permit, and/or work permit (expatriate), occupation/ occupation history, sex, marital status, marriage certificate, other family member information, including mother’s maiden name, signature, facial photograph, education/ education history, organisation membership, other data and information.
  2. (2) Contact information, namely, residential address according to ID Card and any other residential address (if any), address for document delivery, electronic mail address (email address), home phone number, mobile phone number, facsimile number, information of contact person provided to the Bank, working address and contact number (if any);
  3. (3) Information regarding financial conditions and transaction with the Bank, namely, saving account number, deposit account number, investment account number, current account number, credit card number, debit card number, type of credit and debit cards, deposit account movement, information on transactions made through electronic cards or via electronic or digital channels, income and expenditure information, credit information, credit rating information, debt payment information, asset information, financial status information, risk assessment information (such as information relating to suitability test for investment, financial transaction, investment aptitude, debt payment, or compliance with terms and conditions of service agreements), information generated from an analysis of personal data, information on any wrong doing including accusation thereof, information on any litigation or prosecution instituted against the personal data subject and enforcement thereof, information relating to taking out of insurance initiated by, or investments made through, the Bank, information on making or receiving payments, information for compliance with laws on Anti-Money Laundering and the US Foreign Account Tax Compliance Act (FATCA), any other information related to the use of or request for services and to the making of transactions with the Bank;
  4. (4) Information relating to any contact with the Bank, namely, information received by the Bank through branches, telephones, electronic or digital channels, social media, information from closed circuit TV (“CCTV”) camera and off-site services which may be displayed or recorded in written form, voice or transaction tape recording, photos or videos;
  5. (5) Technical information, namely, internet protocol (IP) address, media access control (MAC) address, the identification code affixed to the network and the devices connected thereto (MAC Address), log, device ID, application programming interface (API), cookies, type and version of plug-in, browser, operating system and platform, internet system or mobile network, geographic location, device setting and other technical data derived from the use of platform, application and operating system of the Bank;
  6. (6) Usage information, namely, username, password, search information, visit statistics, menu used, time spent on the website, platform and application, timestamp of last click, favorite items, Q&A, log file, communication information with the Bank;
  7. (7) Behavioral information, namely, information relating to personal interests or preferences, and manner of use or of service utilization.

1.2 Sensitive personal data that the Bank must obtain your consent before collection thereof, namely, information concerning biometric data (such as facial recognition, fingerprint recognition, iris recognition and voice recognition data), religion, criminal record, health data, disability or any other data as prescribed by the Personal Data Protection laws and Regulations.

The Bank will only collect personal data of children under the age of 18 (eighteen) years only if the child is a customer of the Bank, or if you provide your child's personal data and consent to its processing. In any processing we do related to a child's personal data, we assume that the child's guardian has done what is supposed to be done, including reading and understanding this Privacy Notice.

2. Purposes of collection, use and disclosure of your personal data

Bank will collect, use and disclose your personal data in accordance with the processing basis prescribed by the laws, namely:

  1. (1) fulfilment of contract obligations made with, or compliance with your request/application made to Bank;
  2. (2) fulfilment of legal obligations which are required to be complied with by Bank;
  3. (3) fulfilment of other legitimate interest of the Bank or any other person or juristic person without disregarding the rights of personal data subjects, especially in efforts to improve Bank products and/or services;
  4. (4) carrying out duties in the context of public interest, public services, or exercising the authority of the Personal Data Controller based on laws and regulations;
  5. (5) fulfilment of the protection of vital interest for prevention of danger to a person’s life, body or health; or
  6. (6) an explicit valid consent from you for 1 (one) or several specific purposes that has been submitted by Bank to you in cases that do not fall within the processing basis specified in (1) to (5);

for the following purposes:

2.1 communicating or providing information related to or in connection with the products or services of the Bank that you utilize or will utilize;

2.2 performing the Bank’s obligations as stated in your request/application or agreement made to the Bank, or in connection with such request/application or agreement, such as, sending and receiving of documents and debt collection, as well as compliance with an agreement made between the Bank and any other person which is necessary and related to services provided to you;

2.3 managing your relationship with the Bank, and preparing details or records of your utilization of services for providing further service to you;

2.4 managing the information of corporate customers or non-individual which may contain your personal data;

2.5 complying with relevant laws and regulations;

2.6 verifying and identifying your identity in accordance with the Know Your Customer procedures of the Bank, including verifying your information and auditing such verification in accordance with the procedures prescribed by the laws and the Bank;

2.7 taking any action as required or recommended by the supervisory authorities, such as actions to prevent vulnerable customers from certain restrictions or to prevent elderly customers from engaging in certain types of transactions, and actions for damage control;

2.8 managing and administrating the Bank's internal operations, such as, supervising, improving and auditing the Bank's internal operations;

2.9 managing or dealing with the risks, such as:

  1. (1) preventing, dealing with, or mitigating, risks arising from illegal actions that may occur to you, the Bank’s customers, staffs and the Bank, by using those information for improvement of security system relating to the utilization of services via various channels, the operating system and the security system in the Bank’s information technology operation;
  2. (2) providing security, such as, video recording (through CCTV) of visitors or customers who contact or transact with the Bank and identity card exchange before entering a building for the purpose of security within the Bank’s premises;
  3. (3) risk management related to business operation of financial institutions, such as, credit risk, operational risk, compliance risk, legal risk, reputation risk, liquidity risk, strategic risk and market risk;

2.10 providing and offering products, services and their alternatives to you, which include public relations, communication, notification, offering or presenting privileges, benefits, rewards or information relating to products or services of the Bank, companies in the Bank's financial business group or business partners that may be of your interests; or organizing events and promotions, participating in the sweepstakes, or providing drawing prize for you;

The Bank will ask for your consent separately for additional or new product or service offering activities as listed above, for example when opening an account. You may also withdraw your consent to the processing of your personal data for the purposes of these offering activities at any time by contacting the Bank Contact as stated in this Privacy Notice.

2.11 examining the use of services or transactions/ activities effected in accordance with your or your counter party’s instructions;

2.12 administering services and managing complaints, such as examining transactions/activities resulting from the use of financial services, erroneously effected financial transaction, or transmitting of data within the Bank or between the Bank and any other party, or accommodating customer complaints, providing compensation, or using information to improve the work process on such matters;

2.13 making statistical analysis or research related to the business operation of the Bank and the companies in the Bank's financial business group or the Bank’s affiliates;

2.14 making adjustment to the Bank’s strategy, protecting benefit or evaluating the performance or services of the Bank;

2.15 evaluating, developing and improving the Bank’s products or services, or exercising the Bank's rights (such as making credit scoring model, behavior scoring, and market surveys), and disclosing information generated from such evaluation to you for your financial planning or utilization of other services of the Bank or to the companies within the Bank's financial business group or business partners;

2.16 organizing promotional projects or activities, meetings, seminars, recreation and workplace site visits as well as recording information or photographs for publication or advertisement, and performing and complying with applicable laws;

2.17 storing data in a cloud storage and in other systems used by the Bank;

2.18 performing the Bank’s obligations under terms and conditions specified in an agreement to which the Bank is a party or enforcing legal or contractual rights of the Bank;

2.19 connecting to or facilitating the access to website, applications and platforms of the Bank or any other person;

2.20 performing personal background check as necessary or relevant to the consideration on your qualification as required by laws and specified by the Bank;

2.21 acting as representative, performing its obligation, executing, or carrying out any action in relation to a course of business of the Bank; or

2.22 managing any matter related to securities holders or proxies, attorneys or members of provident/ pension fund as well as performing its obligations as a securities issuer, or a business operator in relation to or in connection with securities business, or a contracting party with a securities issuer, or a business operator in relation to or in connection with securities business.

The collection, use or disclosure of your personal data as aforesaid shall also include the sending or transferring of your personal data overseas that the Bank has proceeded in accordance with the said principles.

3. Persons or entities to whom the Bank may disclose your personal data

The Bank may be required to disclose your personal data to other persons or entities located in Indonesia or overseas in order to achieve the purposes stated in this Privacy Notice, namely:

3.1 The controlling shareholders of the Bank and affiliated parties of the Bank as published on the Bank’s website;

3.2 The Bank’s business partners, such as, business partners of the Bank relating to financial business, banking, service provision, investment, marketing, transportation, telecommunication, healthcare center, general insurance, life insurance, health (non-life) insurance or any person involved in any promotion or loyalty program or data analysis; or platform provider or person whose name or logo appears in an agreement with the Bank, or electronic card, website or any other service channels of the Bank;

3.3 Third Parties involved in the Bank’s provision of services, such as, those who act as intermediaries in banking transactions, settlement or payment service providers, the Bank’s service partners, outsource service providers, the Bank’s contractors or sellers of goods or services or the Bank’s agents both domestically and internationally, with whom the Bank has agreement or contract, e.g. infrastructure development service providers, internet service providers, telecommunication and communication service providers, technical infrastructure service providers, electronic system or information technology development service providers, logistics and warehousing service providers, cloud service providers, and research service providers, data analysis service providers, communication service providers, survey service providers, event and activities organizers, identity verification system service providers, Dip Chip service providers, identity verification service providers, credit rating agencies, courier service providers, producing of, and recording of data on, electronic cards service providers, the service providers who offers to sell the Bank's financial products or services and security and fraud prevention service providers;

3.4 Persons or authorities prescribed by laws. The Bank may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of government agencies, regulatory authorities or where the Bank believes that any action is necessary for compliance with the laws for protection of the rights of the Bank or any other person, for the safety of any person, for prevention and investigation of, or dealing with fraud, or for security or safety in various aspects;

3.5 The Bank’s consultants, such as financial consultant, legal consultant, notary, technical consultant and auditor;

3.6 Assignees of rights, obligations or claims of the Bank, including those involved in corporate restructuring, business transfer, investment, merger and acquisition, purchase or sale of assets, shares, or business, in which case the persons involved in such actions will also comply with this Privacy Notice;

3.7 Other persons related to you, such as, owners of a joint saving or deposit account, joint debtors, trustees, beneficiaries, estate administrators, authorized persons, guarantors or any persons placing assets as security for your debt payment to the Bank, administrator or receiver;

3.8 Associations, organizations, clubs and agencies, such as, the National Bankers' Association, banks and financial institutions;

3.9 Websites and social media, such as, LinkedIn, Facebook, Google, or Instagram.

4. Storage and retention period of your personal data

4.1 Retention of your personal data. The Bank has established security measures for protection of your personal data, whether in document and electronic form, in order to prevent loss, unauthorized or unlawful access, use, alteration, correction or disclosure of personal data.

4.2 Retention period of your personal data. The Bank will collect your personal data for the purposes notified to you in this Privacy Notice as required by the laws and for a maximum of 10 (ten) years from the cessation date of your relationship with the Bank;

unless the Bank is otherwise justified by laws or such personal data are data that cannot be deleted or destroyed due to technical limitations.

5. Outbound transfer of your personal data

In case the Bank is required to send or transfer your personal data to a person overseas, such as, your counter party or the Bank's counter party, the Bank’s representative, the Bank’s overseas branches, the Bank’s affiliates, or international agency or organization, it must be noted that the recipient country may have inadequate standard for personal data protection as required by laws. The Bank will nevertheless provide appropriate measures to ensure that your personal data sent to such recipient is sufficiently secured.

6. The data collection through the Bank’s website and/or applications

The Bank will automatically collect certain information from your use of the Bank’s website and/or applications for the purposes stated in this Privacy Notice, for example, the information recorded or collected by cookies and similar technologies utilized by the Bank will be used for statistical analysis, other activities of the Bank’s website, and/or applications or the Bank's business so as to enable the Bank to enhance your experience when browsing the Bank’s website and/or applications, as well as improving the efficiency and quality of the Bank's website and/or applications services.

7. Rights of the personal data subject

Subject to the exception provided by the prevailing laws and regulations, your rights as the personal data subject are as follows:

7.1 Right to request access and obtain a copy of personal data

You have the right to request access to and obtain a copy of your personal data in the Bank's responsibility in accordance with the provisions of laws and regulations in a form that conforms to the structure and/or format commonly used or can be read by electronic systems.

7.2 Right to obtain or send or transfer personal data to another data controller

You have the right to obtain your personal data provided to the Bank with your consent, or collected by the Bank as may be necessary for the performance under the agreement or application made to the Bank or as prescribed by the relevant Personal Data Protection laws and regulations, where the Bank has made such personal data in a form readable or generally usable by means of automated tools or devices and such personal data can be used or disclosed by automated means. In addition, you also have the right to (1) request the Bank to send or transfer personal data in the said form to another data controller when it can be processed via automated means and (2) request to obtain personal data sent or transferred by the Bank in the above-mentioned form to another data controller unless it cannot be technically effected.

7.3 Right to object

You have the right to object to the Bank’s collection, use or disclosure of your personal data in the event that:

  1. (1) the Bank has collected your personal data to the extent necessary for the purpose of performing the Bank’s tasks for public interest or exercising of rights entrusted to government agencies, or for legitimate interest of the Bank or other persons or juristic persons;
  2. (2) the Bank has collected, used or disclosed your personal data for direct marketing purposes, or
  3. (3) the Bank has collected, used or disclosed your personal data for scientific, historical or statistical purposes;

unless it is necessary to perform the Bank’s task for public interest.

7.4 Right to erase or destroy personal data

You have the right to request the Bank to erase, destroy or anonymize your personal data if:

  1. (1) your personal data is no longer necessary for the Bank to keep for the purposes here in;
  2. (2) you withdraw your consent and the Bank has no lawful basis to collect, use or disclose such personal data;
  3. (3) you object to the collection, use, and disclosure of your personal data already collected by the Bank for the necessity of performing the Bank’s tasks for public interest or exercising of rights entrusted to government agencies or for legitimate interests of the Bank or other persons or juristic persons, and the Bank has no justifiable ground to reject such objection;
  4. (4) you object to the collection, use or disclosure of your personal data for direct marketing purposes; or
  5. (5) your personal data has been unlawfully collected, used or disclosed, provided that the Bank may keep your personal data as necessary for its compliance with any laws, institution of legal claims, exercising of the Bank's rights or the Bank’s defending of other parties’ claims.

7.5 Right to suspend the use of personal data

You have the right to suspend the use of your personal data in the event that:

  1. (1) the Bank is in the process of verifying your personal data to be accurate and up-to-date as requested;
  2. (2) the Bank has unlawfully collected, used or disclosed your personal data;
  3. (3) it is no longer necessary for the Bank to collect, use or disclose your personal data for any purpose, but you have requested the Bank to collect your personal data for your lawful interest; or
  4. (4) the Bank is in the process of verification or examination of your objection request to the Bank’s collection, use or disclosure of your personal data.

7.6 Right to rectify personal data

You have the right to request the Bank to rectify your personal data so as to be accurate, up-to-date, complete and not misleading.

7.7 Right to withdraw consent

You have the right to withdraw your consent given to the Bank for the collection, use and disclosure of your personal data at any time.

7.8 Right to give notice of revocation of consent

You have the right to revoke your consent for the collection of personal data already collected by the Bank before Law No. 27 Year 2022 regarding Personal Data Protection came into effect by giving a notice of revocation of consent to a main branch or unit of the Bank from which you utilize or used to utilize the Bank’s services.

7.9 Right to lodge a complaint

You have the right to lodge a complaint to any competent agency or any entity with legal authority in the event that the Bank or its data processor, including employees or contractors of the Bank violate or do not comply with laws on personal data protection.

If you wish to exercise any rights under Clauses 7.1 to 7.7 set forth above, you can submit a request to the Bank through any branch of the Bank or through any other channel prescribed by the Bank. Once the Bank receives your request, the Bank will consider your request in accordance with the rules and regulations prescribed by the laws, comply with your request, and notify you of the result of the consideration and action taken within 30 (thirty) calendar days from the date of receipt of the request and all the supporting documents.

If you exercise any right of personal data subject, you may not be able to utilize certain services of the Bank while the Bank is in the process of considering or complying with your request.

The Bank will not charge a fee for exercising the said right, unless the Bank deems that your request is excessive or unreasonable. The Bank may charge a fee for compliance with your request at the rate announced by the Bank.

Provided that you may request to exercise your rights as from the date Law No. 27 Year 2022 regarding Personal Data Protection comes into effect.

8. Amendment to this Privacy Notice

The Bank may amend this Privacy Notice from time to time as it deems appropriate and the Bank will notify you of such amendment through the Bank's branches, websites and applications. The Bank recommends that you read and check the details of Privacy Notice every time any such amendment is made.

9. Contact Information

If you wish to contact or would like to receive more information or explanations on the collection, use and disclosure of your personal data, as well as the exercise of rights of the personal data subject specified in this Privacy Notice, please contact a main branch or unit of the Bank from which you utilize or used to utilize the Bank’s service.

Furthermore, you can contact Data Protection Office at email address dpo@permatabank.co.id.

Updated October 2024

...

Terms of Use

© Copyright 2024 - PT Bank Permata, Tbk. All rights are protected by law.

Information Policy

The use and content of this website are provided for your convenience. The information presented in this website is provided for you, without any kind of guarantee, either written or implied, included but not limited to the guarantee on tradeworthy goods and/or services, the compatibility for any purpose, promotion for a product without violating any rule.

This website may contain technical guidance that is inaccurate and typographical errors. Permata Bank reserves the right to correct and/or modify the information in this website at any time and by any methods, without prior notice.

Permata Bank is not responsible or liable for any material and non-material loss, which may be suffered by anyone or any party, as directly or indirectly resulted from the use of the information contained in this website, either in part or in entirety.

Link to Other Websites 

For your convenience, Permata Bank can also provide some links to other sites in the Internet, which are owned and/or operated by any party. Please note that those sites are not under Permata Bank control, and therefore, Permata Bank is not responsible for the content of such websites.