Overview

Privacy Policy

Privacy Policy

PT Divistant Teknologi Indonesia (trading as "Divistant")


Last Updated: February 24, 2026


1. Introduction and Data Controller


This Privacy Policy explains how PT Divistant Teknologi Indonesia ("Divistant", "we", "us", or "our"), a company incorporated under the laws of the Republic of Indonesia, collects, uses, stores, shares, and protects your personal data. Divistant acts as the Data Controller for the personal data described in this policy.


Company Details:

  1. Legal Name: PT Divistant Teknologi Indonesia
  2. Address: Jakarta, Indonesia
  3. Website: divistant.com
  4. Contact: divistant.com/contact-us


2. Scope and Applicability


This Privacy Policy applies to all personal data collected through:

  1. Our website (divistant.com and its subdomains)
  2. Our SaaS products and cloud-based platforms
  3. IT consulting and professional services engagements
  4. System integration projects
  5. Managed services and ongoing support
  6. Sales, marketing, and business communications
  7. Recruitment and employment processes


By accessing our services or providing your personal data, you acknowledge that you have read and understood this Privacy Policy.


3. Types of Data We Collect


We collect the following categories of personal data:


a. Personal Identification Data

Name, email address, phone number, job title, company name, and other contact information you provide directly to us.


b. Account and Authentication Data

Username, password (encrypted), account preferences, and authentication tokens when you register for our services.


c. Technical Data

IP address, browser type and version, device information, operating system, screen resolution, and other technical identifiers collected automatically when you access our services.


d. Usage Data

Pages visited, features used, time spent on pages, click patterns, navigation paths, and interaction data within our platforms.


e. Transaction Data

Billing information, payment history, invoice details, service subscription records, and contract information.


f. Communication Data

Content of emails, support tickets, chat messages, feedback forms, and other communications with us.


4. How We Collect Data


a. Directly from You

When you fill out forms, register for accounts, subscribe to services, request demonstrations, submit inquiries, or communicate with us.


b. Automatically

Through cookies, web beacons, server logs, and similar technologies when you access our website and platforms. Please refer to our Cookie Policy for details.


c. From Third Parties

From business partners, referral sources, publicly available databases, social media platforms (when you interact with our social presence), and analytics providers.


5. Legal Basis for Processing


We process your personal data based on the following legal grounds, in accordance with Indonesia's UU PDP (Undang-Undang Perlindungan Data Pribadi, UU No. 27/2022) and, where applicable, the EU General Data Protection Regulation (GDPR):


  1. Consent: When you have given explicit consent for specific processing activities, such as receiving marketing communications.
  2. Contractual Necessity: When processing is necessary to perform a contract with you or to take pre-contractual steps at your request.
  3. Legal Obligation: When processing is required to comply with applicable laws, regulations, or court orders.
  4. Legitimate Interest: When processing is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms.


6. Purposes of Data Processing


We use your personal data for the following purposes:

  1. Service Delivery: To provide, operate, maintain, and improve our IT consulting, SaaS products, system integration, and managed services.
  2. Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  3. Communication: To respond to inquiries, send service notifications, provide technical support, and deliver relevant updates.
  4. Billing and Payments: To process invoices, manage subscriptions, and handle payment-related activities.
  5. Analytics and Improvement: To analyze usage patterns, measure performance, and improve our services and user experience.
  6. Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats.
  7. Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  8. Marketing: With your consent, to send promotional communications about our products and services.


7. Data Sharing and Third Parties


We do not sell, trade, or rent your personal data. We may share your data in the following circumstances:

  1. Service Providers: With trusted third-party vendors who assist us in operating our business (e.g., cloud hosting, payment processing, analytics), bound by confidentiality agreements and data processing terms.
  2. Legal Requirements: When required by law, regulation, legal process, or government request.
  3. Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction.
  4. With Your Consent: When you have given explicit consent for sharing with specific third parties.


8. International Data Transfers


Your personal data may be transferred to and processed in countries other than Indonesia. When we transfer data internationally, we ensure that appropriate safeguards are in place, including:

  1. Ensuring the receiving country provides an adequate level of data protection as required by UU PDP
  2. Implementing Standard Contractual Clauses (SCCs) or equivalent mechanisms for EU/EEA data transfers under GDPR
  3. Requiring contractual obligations from receiving parties to protect your data


9. Data Retention


We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. General retention periods include:

  1. Account Data: For the duration of your active account, plus 12 months after account closure.
  2. Transaction Data: Up to 10 years as required by Indonesian tax and commercial regulations.
  3. Communication Data: Up to 3 years from the last interaction.
  4. Technical/Usage Data: Up to 24 months from collection.
  5. Marketing Consent Records: For as long as the consent is valid, plus 3 years after withdrawal.

After the retention period expires, data is securely deleted or anonymized.


10. Your Rights


Under applicable data protection laws (UU PDP and, where applicable, GDPR), you have the following rights:

  1. Right to Access: Request a copy of the personal data we hold about you.
  2. Right to Correction: Request correction of inaccurate or incomplete personal data.
  3. Right to Deletion: Request deletion of your personal data, subject to legal retention obligations.
  4. Right to Data Portability: Request your data in a structured, machine-readable format.
  5. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  6. Right to Restriction: Request restriction of processing under certain circumstances.
  7. Right to Withdraw Consent: Withdraw your consent at any time without affecting the lawfulness of prior processing.


To exercise any of these rights, please contact us at divistant.com/contact-us. We will respond to your request within 30 business days.


11. Cookies


We use cookies and similar tracking technologies on our website and platforms. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.


12. Children's Privacy


Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly.


13. Data Security


We implement comprehensive technical and organizational measures to protect your personal data, including:

  1. Encryption of data in transit (TLS/SSL) and at rest
  2. Role-based access controls and multi-factor authentication
  3. Regular security assessments, penetration testing, and vulnerability scanning
  4. Employee security awareness training
  5. Incident response and data breach notification procedures
  6. Secure software development practices


14. Changes to This Privacy Policy


We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we may also notify you via email or through our platforms.


15. Regulatory References


This Privacy Policy is designed to comply with:

  1. UU PDP: Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi (Indonesia's Personal Data Protection Law)
  2. GDPR: EU General Data Protection Regulation (Regulation 2016/679), applicable when processing personal data of EU/EEA residents
  3. PP 71/2019: Peraturan Pemerintah tentang Penyelenggaraan Sistem dan Transaksi Elektronik


For detailed information on our compliance with specific regulations, please refer to our GDPR Compliance Documentation and UU PDP Compliance pages.


16. Contact Us


If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns regarding the handling of your personal data, please contact us:


  1. General Inquiries: divistant.com/contact-us
  2. Data Protection Officer: divistant.com/contact-us
  3. Company: PT Divistant Teknologi Indonesia, Jakarta, Indonesia


Thank you for trusting Divistant with your personal data.