GDPR Compliance
Last Updated: December 2024
PT Immenzo Jaya International ("Immenzo") is committed to protecting the privacy and security of personal data. This page outlines our approach to GDPR compliance and how we handle data from EU/EEA residents.
1. Our Commitment
Although Immenzo is headquartered in Indonesia, we recognize the importance of GDPR as a global standard for data protection. We have implemented measures aligned with GDPR principles to ensure robust protection of personal data, regardless of where our users are located.
2. Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so, including: contractual necessity (to provide our services), legitimate interests (to improve our services), consent (where specifically requested), and legal obligations (to comply with applicable laws).
3. Data Subject Rights
We support the following rights for all users: Right of Access - request information about data we hold about you; Right to Rectification - request correction of inaccurate data; Right to Erasure - request deletion of your data; Right to Restriction - request limitation of processing; Right to Data Portability - receive your data in a structured format; Right to Object - object to certain types of processing.
4. Data Protection Measures
We implement comprehensive security measures including: encryption of data in transit and at rest, access controls and authentication, regular security audits and assessments, employee training on data protection, incident response procedures, and privacy by design in our product development.
5. Data Transfers
Personal data is primarily processed within Indonesia. For any international transfers, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other mechanisms recognized under applicable data protection laws.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our standard retention periods are defined in our service agreements and Privacy Policy.
7. Data Protection Officer
For data protection inquiries, please contact our Data Protection team at [email protected]. We are committed to responding to all data protection requests within 30 days.
8. Compliance with UU PDP
In addition to GDPR alignment, Immenzo fully complies with Indonesian Law No. 27 of 2022 on Personal Data Protection (UU PDP), ensuring comprehensive data protection for all users.