Our website (https://www.online-pajak.com/) (“Site”) is operated by PT Achilles Advanced Management and its affiliates (“Achilles”, “we”, “us”, or “our”)), through which we offer certain products and services (“Services”). Untuk menjalankan Layanan, Achilles dapat mengumpulkan dan memproses data pribadi pengguna kami (“Pengguna”, “Anda”, “milik Anda”) melalui Situs dan aplikasi.
a) Indonesia: Law of the Republic of Indonesia Number 11 of 2008 concerning Electronic Information and Transactions as amended by Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Electronic Information and Transactions and its implementing regulations (“ITE Law”) applies to every company and business entity established in Indonesia.
b) Singapore: The Personal Data Protection Act 2012 of the Republic of Singapore (“PDPA”) applies to personal data collected or processed by companies incorporated in the Republic of Singapore and/or personal data collected or processed within the Republic of Singapore.
c) European Union: As we may process personal data of European citizens, Regulation (EC) No 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”) applies to it.
The types of information we collect when interacting with you in connection with the Services include:
b) shipping or billing address;
c) email address, and phone number;
d) your username and password to access our products and Services;
e) customer or corporate data that you store and use with us in connection with the filing and paying corporate taxes, information on your systems for example when you interact with us such as your IP address and browser information; and
f) feedback from Users, community discussions, chats, and other interactions conducted on our Site,
(collectively, “Personal Information”).
The Personal Information and other information that you provide and if relevant, to use, subscribe, or purchase them, including any additional information that you further provide, may be used and processed by us for the following purposes:
a) to use your information to carry out our business and help us to improve your experience with our products;
b) to notify you about the products and services available to you;
c) to provide selections as to the function of our information that is suitable for you and to improve our services for you;
d) to provide a transparent and clear explanation as to how we use the information;
e) to publish or share the information which has been combined with several Users, in a manner that certainly avoid you or the others from being identified;
f) to aggregate your account data, which has been uploaded and is non-personal in nature to avoid you being identified, with the data of other Users of the Service to improve the quality of service, design a promotion or provide a way for you to compare business practices with other Users;
g) to train our employees and also to train you as to how to maintain the security and protection of your information;
h) to obtain and collect your Personal Information, and to store your Personal Information in an electronic system owned by Achilles or third parties;
i) to review and process the User’s request about the Service;
j) to verify and validate the User’s identity and background;
k) to build communication between the User and Achilles;
l) to process payment transactions of the User about the Service;
m) to answer questions, complaints, or comments from the User;
n) to manage the User’s participation in an event or program held by Achilles;
o) to process and analyze your Personal Information, including performing market analysis, whether performed by Achilles or third parties;
p) to share your Personal Information with Achilles’ subsidiaries, affiliates, related companies, license holders, business partners, and/or service providers. A list of our business partners will be available upon request;
q) to analyze data, build algorithms, creating databases for rating systems;
r) to carry out internal activities, including internal investigation, compliance, audit, and other internal security purposes; and
s) other legal business activities of Achilles.
In accordance with Article 6 of the GDPR, your personal data are therefore processed either (1) on the basis of your consent, (2) because of the contract that binds you to Achilles, or (3) because it pursues the legitimate interests of Achilles in order to enable the execution of the above-mentioned Services.
Achilles is a global company and may access or store Personal Information in various countries, including but not limited to Singapore and Indonesia. In accordance with Article 46 of the GDPR, insofar as these countries do not benefit from an adequacy decision of the European Commission, Achilles has implemented appropriate safeguards. To the extent your Personal Information is collected in Indonesia or Singapore, it will not be deliberately transferred to any place located outside Indonesia or Singapore (as the case may be) or deliberately disclosed to third parties, except in the cases listed below:
a) to allow us to perform the purposes specified above, we may provide and/or disclose your Personal Information to our subsidiaries, affiliates, related companies, license holders, business partners, service providers, professional advisors, and external auditors, including legal counsels, financial advisors, and consultants, as well as other third parties, which may be located within or outside Indonesia.
b) we may offer a feature that connects you to our business partners, service providers, or other third parties, and for that reason, we may give some limited information related to your Personal Information to our business partners, service providers, or other third parties only for the purpose of carrying out such feature.
c) we may engage with or employ other companies or individuals to facilitate, provide certain services or perform functions on our behalf, and in relation thereof we may provide and/or disclose your Personal Information to these companies or individuals.
d) in the event of a corporate transaction, including but not limited to the sale of subsidiaries or divisions, merger, consolidation, financing, sale of assets, or other situations involving the transfer of our business assets, in part or in whole, we may disclose your Personal Information to the parties involved in the negotiation or transfer.
e) we may also disclose your Personal Information if required by law, or necessary to comply with the laws, regulations, and government, or in case of dispute, or any legal process in relation to the Service, or in case of emergency related to your health and/or security.
f) at the order of an authorized law enforcement agency or government institution pursuant to the provisions of prevailing laws and regulations, we may provide access to the law enforcement agency or government institution in question to carry out search or seizure on your data which is stored electronically in the servers of Achilles.
g) we may also share aggregated or anonymized information that does not directly identify you.
We will only keep your personal data as long as it is required for processing. However, it is possible that we may hold on longer than necessary due to legal obligations to which we are subject and, in particular, due to obligations under the Indonesian Tax Office.
In maintaining the security of your Personal Information, we have:
a) used the best methods that have been tested to protect your information;
b) carefully reviewed our security procedures;
c) complied with the applicable law and security standard;
d) ensured that your Personal Information is securely transmitted and encrypted; and
e) ensured that our employees are trained and required to participate in securing your information.
Achilles has obtained ISO/IEC 27001 (IS 652921) certification from a reputable certification body, BSI, based in London, England. ISO 27001 is an internationally renowned strict and structured certificate on information security control.
ISO/IEC 27001:2013 sets forth the requirement to establish, implement, maintain, and continuously improve the information security management system in the context of the organization. It also covers requirements for the assessment and handling of information security risks designed specifically for the needs of an organization.
The objective of this international standard is to assist an organization in building and maintaining information security management systems (ISMS). ISMS is a system used to process and control information, several risks in security also same as controlling the integrity, protection, preservation, and confidentiality of information. Achilles currently implement this system into all its business activities. This system applies to all our business activities in Singapore and Indonesia.
We will take all measures necessary to maintain the privacy and security of all Personal Information that you provide. We will notify you if any third party (such as hackers) hacks or attempts to hack our security measures or obtain unauthorized access to our data center or device that contains your Personal Information. Achilles shall not be liable for any damage caused that is not attributable to it. However, you should be aware that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet.
In accordance with the applicable laws and regulations on the protection of personal data, you benefit from a certain number of rights relating to your data, namely:
a) a right of access and information: you have the right to be informed in a concise, transparent, intelligible, and easily accessible manner of how your Personal Information is processed. you also have the right to obtain (i) confirmation that data concerning you is being processed and, where appropriate, (ii) to access such data and obtain a copy of it. However, Achilles reserves the right to deny you access to your Personal Information and may provide an explanation as required by applicable laws;
b) a right of rectification: you have the right to obtain the rectification of inaccurate data concerning you. you also have the right to complete incomplete data concerning you by providing an additional declaration. If you exercise this right, we undertake to communicate any rectification to all the recipients of your data;
c) a right of deletion: in certain cases, you have the right to obtain the deletion of your data. However, this is not an absolute right and we may, for legal or legitimate reasons, retain such data;
d) a right to limitation of processing: in certain cases, you have the right to obtain a limitation of the processing of your data;
e) a right to portability of data: you have the right to receive the data that you have provided to us, in a structured, commonly used, and machine-readable format, for your personal use or for transmission to a third party of your choice. This right only applies when the processing of your data is based on your consent, on a contract, or when such processing is carried out by automated means;
f) a right to object to the processing: you have the right to object at any time to the processing of your data for processing based on your legitimate interest and those for commercial prospecting purposes. This is not an absolute right and we may for legal or legitimate reasons refuse your request for opposition;
g) the right to withdraw your consent at any time: you may withdraw your consent to the processing of your data at any time where the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to such withdrawal; and
h) the right to complain to a supervisory authority: you have the right to contact your data protection authority to complain about our personal data protection practices.
To exercise these rights, you can contact us at the following address: [email protected]. Please note that we may require proof of your identity in order to exercise these rights and that we may charge a reasonable administrative fee for this service.
Exceptional circumstances mentioned above include (to the extent allowable under applicable law) where:
· an investigating authority or government institution objects to Achilles complying with your request; and/or
· information is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities, or contravention of the law.
Achilles shall also not provide access to your Personal Information if it could reasonably be expected to:
· threaten or cause immediate or grave harm to the safety or physical or mental health of an individual other than you;
· reveal personal data about another individual;
· reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity; or
· be contrary to the national interest.
Achilles needs your assistance to ensure that your Personal Information is current, complete, and accurate. As such, please inform Achilles of changes to your Personal Information by sending a written notification/request to [email protected].
Our Site may contain links to another website. Please note that we are not responsible for the privacy practices or policies of those websites.