Privacy Policy

PT. BPOSeven Inovasi Indonesia
Jakarta - Indonesia

With the following data privacy notice, we would like to inform you about the processing of your personal data by PT. BPOSeven Inovasi Indonesia (in the following “BPO7”). From time to time, it may be necessary to adapt this privacy policy as whole as well as specific parts of it to comply with the up to date legal requirements or to cover the introduction of new services. The most recent version of our data privacy notice can be found at: benemica privacy policy

I. General Information regarding Data Protection in BPO7

  1. Controller and Data Protection Officer
The controller responsible for the processing of your personal data in the sense of data protection law is BPO7. BPO7 is one of the leading technologies and outsourcing services in Indonesia, with Benemica cloud as one of the well know product. The Legal Support Officer of BPO7 is available to answer all your questions regarding data protection at BPO7 by e-mail or mail. You can contact the BPO7 under the following address:

BPO7
To: Data Protection Officer
Email: support@bposeven.com


  1. Your Data Privacy Rights
In connection with any processing of personal data by BPO7, all data subjects have the following rights :

• Right to information;
• Right to correction;
• Right of deletion;
• Right to limitation of processing;
• Right to data transferability;
• Right of objection.

Furthermore, you have the right to revoke your consent to the processing of your personal data at any time with effect for the future. Such revocation has no effect for the past, i.e. it does not affect the effectiveness of the data processing carried out up to the revocation. If you are of the opinion that the processing of personal data by BPO7 is not in accordance with the data protection regulations or you are not satisfied with the information provided by us, you have the right to send us a complaint with the competent supervisory authority.


  1. Transfer to Third Party Countries or International Organizations
We take care not to transfer your data to recipients in countries without an adequate level of data protection (third party countries). However, in some cases, this cannot be completely avoided. Where this is the case, BPO7 has taken and will take appropriate measures to ensure an adequate level of data protection at the recipient at all times.

II. Processing of Personal Data by BPO7 for Core Business Purposes

BPO7 is offering services to customers from the various industries and sectors. Our customers, suppliers and partners are as diverse as we are. To conduct our business, it is necessary to process personal data.

  1. Type and Origin of Personal Data processed by BPO7
We process personal data only to the extent necessary to fulfil our contractual and legal obligations in connection with the business relationship with our customers, suppliers and partners. “Processing” means that we collect, store, delete or transfer personal data, to list a few examples. Personal data processed by us includes:

• Master and contact data of customers and suppliers, such as name, address, telephone number, e-mail address, function, department of our contact persons, etc.

• Data we need for invoicing and payment processing, such as bank details, tax number, credit management information, etc., as far as it concerns the data of a natural person;

• Customers and customer employee’s information (including sensitive information), in purpose to support and clarify when there is question or clarification request

• Supplier and customer relationship management information, such as order history, etc., as far as it concerns the data of a natural person;

• Special categories of personal data relating to customers of our business, such as employee personal information, employee bank account details and salary information required for payroll process.

We regularly receive the personal data processed by us within the framework of and in the course of our business relationship with our customers. In some cases, we also receive personal data from affiliated companies of BPO7, e.g. contact data from suppliers within BPO7’s supplier relationship management. In some cases, we also process personal data that we have received in another manner, in accordance with the applicable data protection laws. This is regularly the case regarding:

• Publicly accessible sources, e.g. service subscription and business registers, fairs, exhibitions, Internet sources, newspapers, HR directories, etc.

• Third parties who are not affiliated with BPO7, e.g. HR/business associations, credit agencies, insurance companies, etc.


  1. Purpose for Processing by BPO7 and Legal Basis
We process your personal data only for permitted purposes and in accordance with the applicable legal provisions of the Republic of Indonesia Law and relevant national data protection laws.

2.1 We process Data to fulfil our Contractual Obligations
All text footage, pictures, graphics, software, applications, sound samples, animations videos, corporate logos and brands, the layout of the Benemica Website, as well as other content contained in the Benemica Website, hereinafter jointly referred to as “Benemica Website Content”, are protected by trademark and copyright law and other laws for the protection of intellectual property and may be subject to third parties’ rights.

2.2 We process Data to protect Legitimate Interests
We also process personal data insofar as it is necessary to safeguard the legitimate interests of BPO7 as well as our costumers (and, if applicable, other third parties). Where this is the case, we process personal data only after due consideration of your relevant interests.
This includes in detail e.g.:

• The supply of BPO7 products and the provision of services;

• Customer service and handling of complaints;

• Direct mail, provided you have not objected to the processing of your personal data for these purposes

• The surveillance of publicly accessible rooms in our office with optical-electronic equipment (video surveillance)

2.3 We process Data with your Consent
We also process your or employee personal data if you have given us your consent. You may revoke your consent at any time. Please note, however, that data processing up to the date of revocation remains permissible.

2.4 We process Data to fulfil Legal Obligations
We are required to process certain data in order to comply with legal obligations. Such obligations may arise from certain provisions of regulators (e.g. Tax office, MoMP, BPJS). In detail, this may also result in obligations for BPO7 to safeguard, store, report and collect data, which generally serve control purposes from the respective authorities.

2.5 Information regarding Change of Purpose
Should we process your personal data for any reason other than that for which we originally collected them, we will inform you of this new purpose to the extent permitted by law.

  1. Recipients of your Data
Personal data will only be made available to other companies if and insofar as this is necessary to protect our legal and contractual rights and obligations. This, for example, can be the case for the coordination of our contractual services. Typical examples are customer management services, centralized IT services and related partners who providing services to your company or employee through our products or services.

We cooperate with external service providers to fulfil certain contractual obligations. This is the case, for example, in connection with specific supplier and customer management services, hosting of IT infrastructure and external service center, payment processing (bank payment, credit card, direct debiting, account opening), logistics and delivery, promotional activities or the transaction of online orders. As far as we involve external service providers, this always takes place within the legal limits and in compliance with the applicable data protection regulations.

We only transfer personal data to other recipients outside BPO7 if we are legally obliged to do so. In all other cases, we will only transfer your data to other third parties if you have given us your corresponding consent.

In the context of the continuous development of our business, we may divest subsidiaries or business parts or merge our business or parts thereof with another company. Such transactions typically entail the transfer of customer information pertaining to the sold or divested subsidiary or business part to the buyer or to the company created by the merger. Your personal information continues to be governed by the provisions of this privacy policy in this case. In the unlikely event of a complete sale of BPO7 thereof, your personal information will also be transferred to the buyer.

  1. Obligation to provide Data
In order to be able to provide our services to our customers, we must process certain personal data or are legally obliged to do so. We collect the corresponding data from you upon conclusion of the contract (e.g. address, business contact data and function). Without these data we cannot conclude contracts with our customers.

  1. Automated Decision-Making and Profiling
We do not use automated decision-making processes for procedures that have legal implications or a similarly significant impact on you. No decision will be made without further human review.

III. Privacy Policy Relating to GDPR

As part of our agreement with our clients, our clients may provide us with personal data that in accordance with the applicable law, and we are required to protect those data. Benemica is committed to comply with GDPR requirements, including those requirements as outlined below:

1. Benemica will only process personal data on Client’s written instructions or in accordance with applicable laws;
2. Benemica will not retain personal data for longer than is necessary;
3. Benemica will not transfer personal data to any body in any jurisdictions, without Client’s prior written consent;
4. Benemica will impose a duty of confidentiality on its staff with access to personal data;
5. Benemica will require that any sub-processor must comply, under a written agreement, with the same standards as Benemica to meet the requirements of the GDPR, and Benemica will remain fully liable for the sub-processor’s performance;
6. Benemica will, to the extent possible, assist and cooperate with Client in responding to requests made by data subjects exercising their rights under the GDPR, including rights of access, rectification, correction, erasure and portability;
7. Benemica will implement technical and organizational security measures, including encryption of personal information, implementing business continuity and disaster recovery plans, and regularly testing and evaluating security measures;
8. Benemica will assist Client with carrying out privacy and data protection impact assessments and related consultations with supervisory authorities;
9. Benemica will securely delete (or return at Client’s request) all personal data upon expiration or termination of an individual Agreement;
10. Benemica will provide information to Client and supervisory authorities reasonably required to demonstrate compliance with the GDPR and assist with audits of Benemica’s data processing activities to verify compliance with the GDPR;
11. When responding to audits or other information requests, Benemica will notify Client immediately in writing if, in Benemica´s opinion, Client´s instructions breach the GDPR;
12. Benemica will promptly notify Client in writing whenever Benemica knows or reasonably suspects a security breach has occurred, and investigate and remediate the breach, including cooperating with Client’s investigation and remediation efforts.


IV. How we use Personal Data for the purposes of our Websites

BPO7 operate websites to provide you with information regarding the company and the products and services.

  1. Type and Origin of Personal Data processed by BPO7
When you visit one of the websites of BPO7, we collect certain personal data from you. Personal data processed in this connection includes your company information, and your personal information (e.g. your name, your role or position, your phone number or email address). Data processed in connection with the operation of our websites is typically provided by you in the course of using our website. In some cases, however, personal data processed can also be provided by third parties who are not affiliated with BPO7, such as internet service providers, marketing affiliates or software plug-ins. The following data (in particular log information and device data) is automatically processed by BPO7:

• The name of your Internet Service Provider (ISP)
• Your IP address
• Your browser type and your operating system (OS)
• Date, duration and time of your visit
• Visited websites
• Extracted data & downloaded files
• Your country
• Your referrer URL
• Your search term in case you were referred to our website by a search engine


  1. Purpose for processing by BPO7 and Legal Basis
We process personal data only to the extent necessary in each case.

2.1 We process Data to fulfil our Contractual Obligations
We process personal data to fulfil our contractual obligations towards our customers or to carry out so-called pre-contractual measures, which take place upon a specific request. This may be the case when you register for certain services, for online orders or our supplier portal.

2.2 We process Data to protect Legitimate Interests
We also process personal data insofar as it is necessary to safeguard the legitimate interests of BPO7 as well as our costumers (and, if applicable, other third parties). Where this is the case, we process personal data only after due consideration of your relevant interests.
This includes in detail e.g.:

• Measures to analyze pseudonymized user behavior to further improve our websites,

• Measures to provide website functionalities such as user account management, shopping carts

2.3 We process Data with your Consent
We also process your personal data if you have given us your consent. You may revoke your consent at any time. Please note, however, that data processing up to the date of revocation remains permissible. This includes in detail e.g. :

• Newsletter registrations,
• Promotions,
• Promotions,
• Contact enquiries

  1. Recipients of your Data

3.1 BPO7 and Service Providers
BPO7 shares personal information as outlined above (see Section II. 3).

3.2 Social Media Providers
On some websites, BPO7 integrates some additional content and publications (blogs, posts, news, videos, interviews etc.) which has already been published in other social media / social networks (e.g. Facebook, LinkedIn, Twitter). As long as you do not click on any such content, no personal information will be transmitted to the respective social media provider.

By clicking on Social Media Wall content, your IP address will be transferred to the respective social media provider and stored, processed and used there in accordance with his privacy policy. An information banner at the Social Media Wall informs you that by clicking on a specific content, you agree to such transfer of your personal information.

You can find further details regarding the processing of your personal information by the social media providers here:

  1. Cookies

We use cookies. Further information regarding the nature & purpose of cookies employed by us are contained in our cookie policy, available at: Cookie Policy.

  1. Links

Our websites contain links to other websites, which are subject to separate data protection notices of the respective operators of such websites.

IMPORTANT NOTICE

Information regarding your Right of Objection

  1. Objection in particular Individual Situations
You have the right to object at any time to certain types of processing of your data for reasons arising from your particular situation. This right applies to data processing in the public interest and to data processing to protect legitimate separate interests. This right also applies to profiling, insofar as it is based on these two provisions.

In the event of a contradiction, we will cease processing your personal data. However, this does not apply if we can prove compelling reasons worthy of protection for the processing, that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

  1. Objection to processing for Direct Marketing purposes
In individual cases we process your personal data for direct marketing purposes. This is the case, for example, if we send you information about special offers or discount promotions. You have the right to object to the processing of your personal data for these purposes. This right also applies to profiling insofar as it is connected to direct marketing.

In the event of any objection, we will no longer process your personal data for these purposes.

Your objection does not require any specific form and can be e-mailed to us at: support@bposeven.com

Jakarta, August 2019