Indekost is serious about protecting the privacy of our users. Therefore, Indekost applies the ITE Indonesian Law to ensure that their privacy is protected.
Should Indekost ask you (the user) to provide certain information by which you can be identified when using this website, be assured that it will only be used in accordance with this privacy statement.
Please, read the following carefully to understand our views and practices regarding personal data and how we process it.
The Data Controller is:
– PT Indonesia Digital Ekosistem (also referred as “Indekost”)
– Registered at the Registrar of Companies for Indonesia under number 5903966
– Address: Prudential Centre, 5th Unit-B Kota Kasablanka, South Jakarta, Indonesia 12870
– Phone: (+62) 21-2947-5518
– ICO Registration Number: ZA188069
Indekost may collect and process the following data:
a) Users may give us information about themselves by filling in forms on indekost.co.id or by corresponding with us by phone, e-mail address or otherwise. This includes information you provide when you register for a Customer Account. This information includes but is not limited to name, email address, postal address, billing address, telephone number, username and password.
b) Users may also give us information about the properties that they advertise using our Services, including the property address.
c) Upon each of the User’s visits to indekost.co.id, we may automatically collect technical information, including the Internet Protocol (IP) address used to connect users’ computers to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
d) Indekost may also collect information about users’ visit to indekost.co.id, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
e) Indekost does not collect payment card details of our users. In order to pay for the fees related to our Services we use third party payment processors that will collect and process the payment card details of our users.
f) Indekost is also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers) and may receive information about you from them.
The purposes for which the personal data are processed are the following.
– Providing users with the Indekost Services;
– Support and assist users in using the Services
– Customize the Services to the individual needs of users;
– Notify users about changes to our Services.
– Providing users with the information requested through the webforms;
– Providing users with information about other services we offer that are similar to those that users have already purchased or enquired about (only if users have consented to this). We inform that in each commercial communication users receives, we will provide users with the appropriate information to exercise their right of objection in case they wish to object to the sending of commercial communications. The acceptance to send commercial information is always revocable, without retroactive effects.
– Understanding and optimizing how Services are used, and improve the Services including by ensuring content is presented in the most effective manner for users and their computers;
– Measuring or understanding the effectiveness of advertising we serve to users and others, and to deliver relevant advertising to users;
Indekost will not use users’ personal data for profiling purposes and will not take any automated decision based on it.
The data shall only be stored for the time strictly required for each purpose of the processing and shall promptly be deleted straight afterwards, without prejudice to the legal storage obligations provided for by the law. According to that:
– In case where users purchase Indekost products or subscribe to Indekost Services through the website, the personal data will be kept as long as the contractual relationship between the parties is maintained and, in any case, until legal liabilities are extinguished definitively (by expiry of the statute-of-limitations period).
– In all other cases, the personal data provided will be kept as long as the data deletion is not requested by the user. Likewise, data will be kept according to the legal time-frame set forth in legal, fiscal and accounting matters, taking as reference the date of the request for data deletion.
The legal bases for the processing are the following:
– In case where users purchase Indekost products or subscribe to Indekost Services through the website, the legal basis for the processing is the performance of the contract entered into the parties.
– In all other cases, the legal basis for the processing is the consent provided by the user.
Users personal data may be disclosed to third parties which are companies that provide services to Indekost.
These third parties are:
– Paypro a subsidiary of PT DigI Asia Indonesia which renders trading and logistics services regarding Indekost web and software.
– Other service providers, such as our channel managers, payment providers and third party applications which integrate with the Services, for the performance of any contract we enter with them or our users;
– Advertisers that require the information to select and serve relevant adverts to our users and others; and
– Analytics providers that assist Indekost in the improvement and optimization of indekost.co.id and the Services.
Some personal data of our users may be stored in or transferred to a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for Lodgify or one of our business partners or service providers. By using the Services, users acknowledge and agree that we may be transferring, storing and processing their personal data outside of the country in which they reside. Indekost will take all steps reasonable necessary to ensure that users’ data are treated securely.
Lodgify also may disclose personal data of our users as required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or the safety of others, investigate fraud, or respond to a government request.
Each user (data subject) have the following rights regarding its personal data:
a) Right of confirmation: to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may at any time contact our data protection officer or another employee of the controller.
b) Right of access: to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.
c) Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
d) Right to erasure (Right to be forgotten): to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and as long as the processing is not necessary:
– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
– The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing.
– The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR.
– The personal data have been unlawfully processed.
– The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
– The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
e) Right of restriction of processing: to obtain from the controller restriction of processing where one of the following applies:
– The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
– The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
– The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
f) Right to data portability: to receive the personal data concerning the user, which was provided to a controller, in a structured, commonly used and machine-readable format. The user shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided as long as the processing is based on consent and the processing is carried out by automated means. Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and does not adversely affect the rights and freedoms of others.
g) Right to object: to object, on grounds relating to the user’s particular situation, at any time to processing of personal data concerning the user which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.
i) Right to withdraw data protection consent: to withdraw consent to processing of the user personal data at any time.
If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Lodgify by sending the appropriated request at the following addresses:
– Spain, Barcelona, street d’Aragó Num. 182, P. 6.
– [email protected]
Finally, each data subject has the right to lodge a complaint before the appropriate Data Supervisory Authority.
We are committed to ensuring that users information is secure. In order to prevent unauthorised access or disclosure, Indekost has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
When our users enter sensitive information on our site, we encrypt the transmission of that information using secure socket layer technology (SSL).
Nevertheless, please note that no data transmission over the Internet or information storage technology can be guaranteed to be totally secure. As a result, whilst we strive to protect our users’ information, we cannot ensure or warrant the security of any information which users send to us, and the users do so at their own risk.
www.indekost.co.id may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, Indekost cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.