Privacy Policy

PT Kokoh Inti Arebama Tbk. respects the rights to privacy of all individuals. To ensure that your personal data is protected, we created this privacy notice to explain the collection, use, disclosure, deletion, and destruction of your personal data in electronic and other formats under Law No. 27 of 2022 on Personal Data Protection and other applicable laws and regulations in Indonesia ("PDP Laws").

Definitions

1. "We" means PT Kokoh Inti Arebama Tbk.
2. "SCG Companies" means PT Kokoh Inti Arebama Tbk. and its affiliated companies listed in the appendix.
3. "You" means individuals who are our customers or potential customers, as well as contact persons, legal representatives, directors, employees, staff, advisors of customers or potential customers, or other individuals acting on behalf of customers or potential customers.
4. "Processing" means collecting, analyzing, storing, correcting, updating, displaying, announcing, transferring, disseminating, using, disclosing, deleting, and/or destroying personal data.
5. "Personal data" means any data relating to an identified or identifiable natural person that can be identified on its own or in combination with other information directly or indirectly through an electronic or non-electronic system.

Purposes of Processing

1. Contractual necessity: Providing services/products, managing your account, deliveries, accounting/finance, after-sales, returns/refunds.
2. Legitimate interests: Operations and IT, security and access control, marketing and data analysis (emails, SMS, apps, social media, telephone, direct mail), questionnaires/interviews, legal claims.
3. Vital interests: Protecting you or others (emergency contact, disease control).
4. Legal compliance: Meeting legal obligations.
5. Public interest: Tasks carried out in the public interest.
6. Consent: Communications (us, group companies, partners sending news/privileges) and additional consent-based activities communicated when obtained.

Personal Data We Collect

Sources: Directly from you and indirectly from reliable sources (public organizations, SCG Companies, recruitment platforms, business partners, lawful disclosers, trusted providers).

Use of services and membership (services, purchases, loyalty program, website/app): Personal info (name, mobile, email); contact info (email, phone); purchase history; data you provide when contacting us, after-sales, research/interviews.

Online interactions: Registration info (name, email, mobile, passwords); device info (IP, location, identifiers); browser info (type/version, plug-ins).

Contact and participation: Personal info (name, DOB, photo, ID number); contact info (name, last name, phone, email, address); participation info (activity history, photos).

Specific personal data: If needed (financial, health, biometric, or other sensitive data), we will clearly inform you and apply proper safeguards.

Third-party data disclosure: If you disclose others' data, you must do so lawfully, inform them of this notice, and obtain required consent.

Cookies

We use cookies and similar technologies as described in our Cookies Notice.

Consent, Withdrawal, and Consequences

• Right to withdraw: You can withdraw consent at any time; withdrawal does not affect prior lawful processing.
• Consequences: Withdrawal/refusal may prevent us from meeting some/all purposes.
• How: Follow instructions in the consent channel or email PDPL.KMKP@PT-KOKOH.COM.
• Minors/incapacitated: Require guardian authorization.
• On behalf of others: You must have legal authority.

Retention Period

• Duration: Keep as needed; some data up to 30 years for legal defense or customary period if unclear.
• Deletion/Destruction: Audit system to delete/destroy when retention ends or data is no longer needed.
• After withdrawal: Processing stops; data may be kept to record withdrawal/respond to future requests.

Disclosure of Your Personal Data

Recipients: SCG Group companies; dealers; transport/logistics; postal services; data processors; marketing providers; contractors; financial services (banks, payment/e-payment, credit); IT services (cloud, blockchain, analytics, SMS/email); IT developers; auditors/consultants; government agencies; insurers; other relevant parties for business needs.

Separate notices: Some recipients have their own privacy notices.

Business restructuring: In restructuring/sale/transfer/acquisition/merger, data may be disclosed to counterparties and advisors under PDP compliance.

Protection: Recipients must protect data, process only as necessary, and prevent unauthorized use/disclosure.

International Transfers

Purposes: Transfers outside Indonesia with explicit consent (after being informed of risks), for contract performance, contracts in your interest, public interest, legal claims, or vital interests when consent is not possible.

Storage/Processing: Data may be stored on servers/clouds abroad and use software/applications from foreign providers with appropriate security.

Compliance: We comply with PDP Laws and require recipients to protect data appropriately.

Security Measures

We implement technical and organizational measures (encryption, access controls, admin/technical/physical safeguards, user access management) and review/update as needed. For specific personal data, we apply additional safeguards.

Your Rights

You have rights to information, withdraw consent, access, data portability, object, erasure, restriction, object to automated decision-making, rectification, and lodge complaints with the authority. Requests are processed per PDP Laws within required timelines.

How to exercise: email PDPL.KMKP@PT-KOKOH.COM.

Data Controller and DPO

• Data Controller: PT Kokoh Inti Arebama Tbk.
• Business Address: Graha Mobisel Jl. Warung Buncit Raya No.139, Jakarta Selatan.
• Contact: PDPL.KMKP@PT-KOKOH.COM

Miscellaneous

If amended, a new privacy notice will be announced on our website or other channels and becomes effective upon announcement.