Privacy Policy

We value your privacy and are committed to handling your data securely and transparently. This Privacy Policy outlines how CTBC Bank Indonesia ("we," "us," or "our") collects, manages, updates, stores, transfers, disposes of, deletes, and uses your personal data.

 What Data We Collect

  • Form Data

When you fill out our website's forms, such as applications or surveys, and printed documents (hardcopy), we may ask you to provide information, including your name, ID number, phone number, email address, and physical address.

  • Website Services

When you register for an account on our website, we may ask you to provide information based on the nature of the services you are registering for, including your name, username, phone number, email address, and physical address.

  • Other Data

When you visit or inquire on our website, we store relevant data that is automatically generated by the server, including your IP address, device type, browser, duration of visit, and your activities. Unless we obtain your prior consent, we cannot and will not match this data with your personal identity. External websites linked to and from our website may also collect and use your personal information. We are not responsible for the privacy policies or practices of any external websites, so you must ensure that those external websites have obtained consent to access your personal information.

  • Cookies

Cookies are small files that are typically sent by websites through your internet browser and stored on the user's hard drive. Cookies allow the site to remember user preferences and other information, such as usernames, to enhance convenience and speed of use. If we have a legitimate interest, we will create, read, and modify cookies on your browsing device. Such interests include:

a) Providing a better and more personalized user experience, and

b) Monitoring visitors and their activities to analyze browsing patterns and help improve our services.

If you do not want cookies to be stored on your device, you can disable them through your browser's privacy settings. For example, in Chrome, go to Settings > Advanced > Privacy and Security > Site Settings > Cookies. However, if you disable cookies, some personalized services and activities on our website may not function or be fully accessible.

Types of Cookies We Use:

  • Performance Cookies

These cookies are used to collect information about how users as a whole interact with the website, including data such as duration of visit, pages viewed, and devices used. All information collected is anonymous and is used to improve the overall website experience.

  • Analytical Cookies

These cookies also serve the same purpose of collecting aggregate data about user behavior on the website. This data is used to create statistical reports that help understand general usage patterns of the website.

External websites linked to and from our website may also collect and use your personal information. We are not responsible for the privacy policies or practices of any external websites, so you must ensure that those external websites have obtained consent to access your personal information.

Purpose and Legal Basis for Processing Personal Data

We will use the most appropriate legal basis for processing in accordance with the Purpose of Processing Your Personal Data based on the Personal Data Protection Law (UU PDP). The basis for processing your Personal Data by CTBC Indonesia may be based on one or more of the following processing grounds: fulfillment of contractual obligations, compliance with legal obligations, protection of your vital interests or those of others, with your explicit consent, and for other legitimate interests. The collection of Personal Data is conducted in a limited and specific manner, covering only relevant and essential information to maximize service support.

  • Form Data

We process data collected through forms as necessary for the purpose of its collection, except as required by law or with your consent. These purposes include providing financial products, participating in website contests, and conducting market research analysis. In addition, the Personal Data collected aims to accurately identify you as a user of our services. We will fulfill our legal obligations to maintain the confidentiality of this information.

  • Other Data

The "website services" information you provide, as described above, will only be used as a reference in the design of services and website activities. Regarding the "other data" collected, such as your IP address, device type, browser, duration of visit, and activities, we may use and process it for statistical analysis of overall user behavior. We do not analyze individual user behavior.

  • Marketing

We process data collected through forms as necessary for the purpose of its collection, except as required by law or with your consent. These purposes include providing financial products, participating in website contests, and conducting market research analysis.

  • Other Activities

We also process the personal data of Data Subjects for other purposes, including employee recruitment activities, site visitors, cooperation with third parties, fulfillment of interests and legal obligations, and other activities.

Transfer of Personal Data to Other Countries

We may need to transfer your personal data abroad for processing, storage, or customer service purposes. This transfer is conducted to ensure that we can continue to provide the best services to you.

  • Destination Countries and Level of Data Protection

Your personal data may be transferred and processed in countries that have an adequate level of data protection due to having:

(a) Legal regulations for Personal Data Protection;

(b) Supervisory authorities for Personal Data Protection; and

(c) International commitments or subject to other obligations related to Personal Data Protection.

  • Legal Basis for Data Transfer Abroad

The transfer of your personal data abroad is conducted with full compliance and is binding, based on:

a) Your explicit consent;

b) Contractual agreements with data recipients abroad; and

c) Binding corporate rules within a corporate group.

d) Protective Measures for Data Transfer Abroad

  • Implementation of Data Transfer Protection Abroad

To protect your personal data during transfer abroad, we implement the following security measures:

a) Use of encryption to safeguard data during transmission;

b) Data protection agreements with third-party data recipients;

c) Recording and mapping the flow of personal data transfers and their implications;

d) Ensuring that the transferred data is adequate, relevant, and limited to the purpose of the transfer;

Regular re-evaluation within a reasonable timeframe to ensure compliance with data protection.

Disclosure of Personal Data

We will never disclose, share, sell, exchange, rent, or otherwise provide your personal information to any third-party group or individual except under the following circumstances:

  • With Your Consent

If a service or activity, such as promotional offers, requires us to share your data with third parties, we will do so only if you have first provided your consent on the relevant service or activity application page.

  • As Required by Law

When judicial authorities, financial regulatory agencies, tax authorities, or other government units with investigative powers request us to provide certain personal data through legal means, we will cooperate to the extent necessary after confirming that the authority has followed all relevant legal and formal procedures.

  • Other Needs

We may also send you promotional materials and other information if you have previously provided your email for this purpose or agreed to receive emails from us. Such materials will indicate that they are sent by us and include links and instructions on how to remove your email address. Some services and activities offered through our website, such as promotional offers, may require third parties to send emails to participants. In such cases, we will first disclose, on the relevant service and activity page, that your personal information may be shared with third parties.

In the event of a failure to protect personal data, including failure to maintain the confidentiality, integrity, and availability of Personal Data, including security breaches, whether intentional or unintentional, that lead to destruction, loss, alteration, disclosure, or unauthorized access to Personal Data that has been transmitted, stored, or processed, we will provide written notice to you after the occurrence of the event. This notice will include:

a) The Personal Data that was disclosed;

b) When and how the Personal Data was disclosed; and

c) The measures taken to address and recover from the disclosure of Personal Data by the Data Controller.

Data Recipients

For specific processing purposes, CTBC Indonesia may disclose and/or transfer your Personal Data to relevant parties that are deemed necessary, including but not limited to:

  • Other Financial Institutions

Personal data may be transferred to correspondent banks, insurance companies, or other financial institutions, for example, to support international transactions or insurance-related services.

  • Third-Party Service Providers

CTBC Indonesia may collaborate with vendors or third-party service providers that offer technology services, payment processing, security, or other related services. Third parties may have limited access to personal data to provide the necessary services.

  • Government Authorities or Regulators

In certain situations, CTBC Indonesia may be required to transfer personal data to supervisory authorities, regulators, or government agencies, both domestic and international, to comply with applicable laws or regulations.

In conducting data transfers, we implement the following security measures to protect your personal data during transfer:

a)  Use of encryption to protect data during transit

b)  Strict data security policies

c)  Monitoring of data access by authorized personnel

Storage and Retention of Personal Data

We will delete your personal data when the duration of its storage reaches the limit in accordance with the Bank's data retention provisions and applicable laws, or if the purpose of its collection is no longer valid.

Rights and Requests of Data Subjects

Regarding the personal data that we collect and store, unless otherwise specified by law, you have the right to:

a) Obtain information related to the identity and processing of Personal Data;

b) Complete, update, and correct Personal Data;

c) Obtain access to and copies of Personal Data;

d) Terminate processing, delete, and destroy Personal Data;

e) Withdraw consent, as well as object to the use of decisions based solely on automated processing (including profiling regarding the personal data we collect and store);

f) Suspend or restrict the processing of Personal Data, as well as transfer Personal Data to other Data Controllers. You may submit requests to us for any of the above at any time. We will handle your requests in accordance with the Personal Information Protection Act and other relevant laws and internal regulations.

We will proactively delete your personal data when the duration of its storage reaches the legal limit or if the purpose of its collection is no longer valid.

If a Data Subject requests the deletion of their Personal Data, the Data Subject needs to understand the following:

a) Your Personal Data may have been shared with third parties. If the Bank has shared your Personal Data with authorities and/or other government-designated agencies for cooperation with the Bank, then the storage and processing of such Personal Data will follow the privacy policies of each relevant agency.

b) The Bank will make reasonable efforts to delete your Personal Data. However, there is a possibility that the Bank may not be able to fully delete all data or information that has been made available or published on the CTBC Indonesia website.

c) The Bank reserves the right to deny your request for deletion of Personal Data if permitted or required by applicable law. This also applies if the deletion request is made for reasons that the Bank deems unfounded, insincere, or impossible to fulfill.

What You Can Do

We take our responsibility for your privacy seriously, but there are also some practical actions you can take to help keep your data secure:

  • Create strong passwords and change them regularly.

  • Never disclose your password to third parties.

  • Always log out after you finish using our site.

Engage in self-awareness training about the dangers of cyberattacks that can steal personal identity.

Contact Us

You can reach our customer service center at the Call Center number 0807-1-221111 or via email at callcenter@ctbcbank.co.id if you have any questions, comments, or requests regarding our Privacy Policy or your personal data.

Notice of Changes or Updates to CTBCI Bank's Privacy Notice

We will change this Privacy Policy as necessary to protect your privacy and comply with relevant laws and regulations. Before making any changes to the Privacy Policy, we will notify you by posting a notice on our website.

Copyright Notice

We own all rights to the content of this website. No part of this website may be reproduced in any way or in any form without our permission or approval.