Privacy policy

PRIVACY POLICY

 

Introduction

SWAM event e-Class Platform (“SWAM event”) is committed to complying with the requirements of the Indonesia law.

These principles regulate the way SWAM event collects, uses, discloses, keeps secure, and gives customers access to their personal information. (This is information about individuals and companies that identifies them). Accordingly, this Privacy Policy tells you what information SWAM event collects and keeps, what SWAM event does with such information, and what your rights are in relation to that information.

Your personal information

In order to provide services to you, SWAM event needs to collect and retain some personal information. As part of your use of SWAM event’s websites (www.SWAM event.id) (“Websites”) and/or the online products and services, SWAM event maintains information on your behalf on its servers about you and your company and its staff, that you have uploaded as forms, documents, agreements, templates, notes and alerts and other employee related records.

SWAM event considers all information about you and your staff to be private and confidential, and holds itself to the highest standards in the safekeeping and use of this information.

What kind of information will SWAM event collect?

In order to provide you with SWAM event’s online products and services, SWAM event will ask you to supply the following information:

·       Your personal contact details such as your name, title and occupation.

·       Your company contact details such as name, address and telephone number, and e-mail address.

·       Your payment method information such as credit card, online transfer, Doku, Dana, OVO and many more(in the case of purchases).

We may also ask you to supply us with:

·       Details of any search engine or other links that directed you the Websites.

·       Any marketing or promotional codes relating to your interest in SWAM event.

·       Your opinions and comments concerning the Website and online products and services.

If you do not wish to provide us with any of this information you should contact SWAM event’s Customer Privacy Officer to discuss this, but you should be aware that this may impact SWAM event’s ability to provide SWAM event’s online products and services to you.

How does SWAM event use your personal information?

SWAM event will not use your personal information for any purpose which is not related to the primary purpose for which it is collected and for other secondary purposes that are related to the primary purpose. Use of your personal information includes, but is not limited to:

·       Delivering the online products and services to you.

·       Facilitating payment of your account through SWAM event’s secure e-commerce gateway.

·       Communicating with you regarding the management of your account.

·       Marketing of SWAM event’s products and services to you.

SWAM event does not use any of the information regarding you or your Company’s staff that you upload to SWAM event’s servers for any purpose other than for statistical analysis regarding the level of your use of SWAM event’s products and services.

How does SWAM event collect personal information?

Other than information that you upload directly to SWAM event’s servers, SWAM event collects information from you through your visiting and forwarding information to us or making a purchase from the Websites, the completion and forwarding to us of forms, or through discussions with us.

When you use the Websites, SWAM event will collect information from you through the use of tagging. Tags do not contain information that can identify you but they do identify your computer to SWAM event’s servers. They are used to track information on an anonymous basis about your arrival at and use of the Websites.

SWAM event will not sell its customer information

Information about you is not and will not be sold to any other company, individual or group.

When SWAM event will release your information to others?

SWAM event will not release information about you unless one of the following conditions is met:

·       SWAM event receives your prior written consent.

·       For accounting and administration purposes customer information is required by SWAM event’s auditors or lawyers.

·       SWAM event is using any subcontractors who have agreed to be bound by the terms of this Privacy Policy.

·       SWAM event is required or authorised by law to release information to the recipient.

 

Service Providers

SWAM event’s service providers have agreed to be bound by Indonesian law. SWAM event have engaged a third party contractor to provide online credit card processing and related services. A secure server is used for all payments and the information sent through the Websites is encrypted.

SWAM event may use your information to tell you about SWAM event’s products and services

The information SWAM event holds about you may be used to market to you by providing information about SWAM event’s products and services in the form of emails, direct mail, telephone calls or newsletters. If you do not wish to receive this type of communication please let us know.

Security of your information

SWAM event and its subcontractors and service providers will take all reasonable steps to ensure the security of your personal information. Electronic information is protected by various security measures including the restriction of access to authorised parties by the use of password protection, secure socket layer protection and encryption of all subscriber transactions on the Websites and physical security measures.

Unfortunately, no data transmission over the Internet can be guaranteed as totally secure. Whilst SWAM event strives to protect such information, SWAM event does not warrant, and cannot ensure the security of, any information which you transmit to us. Accordingly, any information which you transmit to us is transmitted at your own risk. Once we receive your transmission, we will take all reasonable steps to preserve the security of such information.

Accessing and correcting personal information

You have the right to access your personal information subject to certain restrictions provided for in the Indonesia law. If you require access to your personal information, please contact SWAM event’s Privacy Officer at secretariat@pt-pgm.com

SWAM event will take all reasonable steps to ensure that your personal information is correct and up to date, but if you believe that any of your personal information is incorrect SWAM event will correct it at your request.

Any questions?

If you have any further questions relating to this privacy policy, or concerns about the way in which SWAM event has handled your personal information, please contact SWAM event’s Privacy Officer at secretariat@pt-pgm.com.

 

DATA RETENTION POLICY

1. Purpose, Scope, and Users

This policy sets the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information within SWAM event (further: the “Company”).

This Policy applies to all business units, processes, and systems in all countries in which the Company conducts business and has dealings or other business relationships with third parties.

This Policy applies to all Company officers, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to data (including personal data and/or sensitive personal data). It is the responsibility of all of the above to familiarise themselves with this Policy and ensure adequate compliance with it.

This policy applies to all information used at the Company. Examples of documents include:

·       Emails

·       Hard copy documents

·       Soft copy documents

·       Video and audio

·       Data generated by physical access control systems

 

2. Retention Rules

2.1.Retention General Principle

In the event, for any category of documents not specifically defined elsewhere in this Policy (and in particular within the Data Retention Schedule) and unless otherwise mandated differently by applicable law, the required retention period for such document will be deemed to be 3 years from the date of creation of the document.

2.2.Retention General Schedule

The Data Protection Officer defines the time period for which the documents and electronic records should to be retained through the Data Retention Schedule.

As an exemption, retention periods within Data Retention Schedule can be prolonged in cases such as:

·       Ongoing investigations from Member States authorities, if there is a chance records of personal data are needed by the Company to prove compliance with any legal requirements.

·       When exercising legal rights in cases of lawsuits or similar court proceeding recognized under local law.

 

2.3.Safeguarding of Data during Retention Period

The possibility that data media used for archiving will wear out shall be considered. If electronic storage media are chosen, any procedures and systems ensuring that the information can be accessed during the retention period (both with respect to the information carrier and the readability of formats) shall also be stored in order to safeguard the information against loss as a result of future technological changes. The responsibility for the storage falls to the Data Protection Officer.

2.4.Destruction of Data

The Company and its employees should therefore, on a regular basis, review all data, whether held electronically on their device or on paper, to decide whether to destroy or delete any data once the purpose for which those documents were created is no longer relevant. See Appendix for the retention schedule. Overall responsibility for the destruction of data falls to the Data Protection Officer.

Once the decision is made to dispose according to the Retention Schedule, the data should be deleted, shredded or otherwise destroyed to a degree equivalent to their value to others and their level of confidentiality. The method of disposal varies and is dependent upon the nature of the document.

For example, any documents that contain sensitive or confidential information (and particularly sensitive personal data) must be disposed of as confidential waste and be subject to secure electronic deletion; some expired or superseded contracts may only warrant in-house shredding. The Document Disposal Schedule section below defines the mode of disposal.

In this context, the employee shall perform the tasks and assume the responsibilities relevant for the information destruction in an appropriate way. The specific deletion or destruction process may be carried out either by an employee or by an internal or external service provider that the Data Protection Officer subcontracts for this purpose. Any applicable general provisions under relevant data protection laws and the Company’s Personal Data Protection Policy shall be complied with.

Appropriate controls shall be in place that prevents the permanent loss of essential information of the company as a result of malicious or unintentional destruction of information – these controls are described in the company’s IT Security Policy.

The Data Protection Officer shall fully document and approve the destruction process. The applicable statutory requirements for the destruction of information, particularly requirements under applicable data protection laws, shall be fully observed.

2.5.Breach, Enforcement and Compliance

The person appointed with responsibility for Data Protection, the Data Protection Officer has the responsibility to ensure that each of the Company’s offices complies with this Policy. It is also the responsibility of the Data Protection Officer to assist any local office with enquiries from any local data protection or governmental authority.

Any suspicion of a breach of this Policy must be reported immediately to Data Protection Officer. All instances of suspected breaches of the Policy shall be investigated and action taken as appropriate.

Failure to comply with this Policy may result in adverse consequences, including, but not limited to, loss of customer confidence, litigation and loss of competitive advantage, financial loss and damage to the Company’s reputation, personal injury, harm or loss. Non-compliance with this Policy by permanent, temporary or contract employees, or any third parties, who have been granted access to Company premises or information, may therefore result in disciplinary proceedings or termination of their employment or contract. Such non-compliance may also lead to legal action against the parties involved in such activities.

3. Document Disposal

3.1.Routine Disposal Schedule

Records which may be routinely destroyed unless subject to an on-going legal or regulatory inquiry are as follows:

·       Announcements and notices of day-to-day meetings and other events including acceptances and apologies.

·       Requests for ordinary information such as travel directions.

·       Reservations for internal meetings without charges / external costs.

·       Transmission documents such as letters, fax cover sheets, e-mail messages, routing slips, compliments slips and similar items that accompany documents but do not add any value.

·       Message slips.

·       Superseded address list, distribution lists etc.

·       Duplicate documents such as CC and FYI copies, unaltered drafts, snapshot printouts or extracts from databases and day files.

·       Stock in-house publications which are obsolete or superseded.

·       Trade magazines, vendor catalogues, flyers and newsletters from vendors or other external organizations.

In all cases, disposal is subject to any disclosure requirements which may exist in the context of litigation.

3.2.Destruction Method

·       Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.

·       Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.

·       Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.

·        

4. Validity and Document Management

The owner of this document is the Data Protection Officer who must check and, if necessary, update the document at least once a year.

5. Effective date :

Effective date is 14 May 2020 and date of next review will be done annually.

 

6. Appendices

Appendix – Data Retention Schedule

Financial Records

Personal data record category

Mandated retention period

Record owner

Payroll records

Seven years after audit

Finance

Supplier contracts

Seven years after contract is terminated

Finance

Chart of Accounts

Permanent

Finance

Fiscal Policies and Procedures

Permanent

Finance

Permanent Audits

Permanent

Finance

Financial statements

Permanent

Finance

General Ledger

Permanent

Finance

Investment records (deposits, earnings, withdrawals)

7 years

Finance

Invoices

7 years

Finance

Cancelled checks

7 years

Finance

Bank deposit slips

7 years

Finance

Business expenses documents

7 years

Finance

Check registers/books

7 years

Finance

Property/asset inventories

7 years

Finance

Credit card receipts

3 years

Finance

Petty cash receipts/documents

3 years

Finance

Business Records

Personal data record category

Mandated retention period

Record owner

Article of Incorporation to apply for corporate status

Permanent

Finance

Board policies

Permanent

Finance

Board meeting minutes

Permanent

Finance

Tax or employee identification number designation

Permanent

Finance

Office and team meeting minutes

Finance

Annual corporate filings

Permanent

Finance

HR: Employee Records

Personal data record category

Mandated retention period

Record owner

Disciplinary, grievance proceedings records, oral/verbal, written, final warnings, appeals

As per legal requirement

HR

Applications for jobs, interview notes – Recruitment/promotion panel Internal Where the candidate is unsuccessful Where the candidate is successful

Deleted immediately
Duration of employment

HR

Payroll input forms, wages/salary records, overtime/bonus payments Payroll sheets, copies

7 years

HR

Bank details – current

Duration of employment

HR

Payrolls/wages

Duration of employment

HR

Job history including staff personal records: contract(s), Ts & Cs; previous service dates; pay and pension history, pension estimates, resignation/termination letters

As per legal requirement

HR

Employee address details

Duration of employment

HR

Expense claims

As per legal requirement

HR

Annual leave records

Duration of employment

HR

Accident books

Accident reports and correspondence

As per legal requirement

HR

Certificates and self-certificates unrelated to workplace injury; statutory sick pay forms

As per legal requirement

HR

Pregnancy/childbirth certification

As per legal requirement

HR

Parental leave

Duration of employment

HR

Maternity pay records and calculations

As per legal requirement

HR

Redundancy details, payment calculations, refunds, notifications

As per legal requirement

HR

Training and development records

Duration of employment

HR

Contracts

Personal data record category

Mandated retention period

Record owner

Signed

Permanent

Finance

Contract amendments

Permanent

Finance

Successful tender documents

Permanent

Finance

Unsuccessful tenders’ documents

Permanent

Finance

Tender – user requirements, specification, evaluation criteria, invitation

Permanent

Finance

Contractors’ reports

Permanent

Finance

Operation and monitoring, eg complaints

Permanent

Finance

Customer Data

Personal data record category

Mandated retention period

Record owner

Platform data – inclusive of Video data, comments, attachments, profile picture, email address, first and second name

Retained whilst organisation remains a customer or deleted by user. Once an organisation requests all records to be deleted, data will be removed from the back-ups within 9 months

Customer

Live chat history

Records deleted after 1 year

Support

Screen recordings from support session

Automatically deleted after 90 days

Support

CRM data – inclusive of Name, Email address, mobile number, address, emails and phone call summaries, DPO information

Retained whilst organisation remains a customer or deleted by user. Once an organisation requests all records to be deleted, data will be removed from the back-ups within X months

Support

Metrics data

Retained whilst organisation remains a customer or deleted by user. Once an organisation requests all records to be deleted, data will be anonymised

Development Team

Non – Customer Data

Personal data record category

Mandated retention period

Record owner

Name, email address

Kept until person unsubscribes / requests to be removed from system

Marketing & Sales

Call recordings

Automatically deleted after 6 months

Sales

IT

Personal data record category

Mandated retention period

Record owner

Recycle Bins

Cleared monthly

Individual employee

Downloads

Cleared monthly

Individual employee

Inbox

All emails containing PII attachments deleted after 3 years.

Individual employee

Deleted Emails

Cleared monthly

Individual employee

Personal Network Drive

Reviewed quarterly, any documents containing PII deleted after 3 years

Individual employee

Local Drives & files

Moved to network drive monthly, then deleted from local drive

Individual employee

Google Drives, drop box

Reviewed quarterly, any documents containing PII deleted after 3 years

Individual employee