Home
Webmail | Gunanusa.net

• Personal Data Protection

PT GUNANUSA UTAMA FABRICATORS - PERSONAL DATA PROTECTION


This outlines how the Gunanusa and group of companies in Indonesia and Singapore collects, uses, discloses, and disposes of personal data.


PERSONAL DATA PROTECTION LAW
On October 17, 2022, Personal Data Protection Law No. 27 of 2022 on Personal Data Protection (“PDP Law”) was enacted. The PDP Law, which references the provisions set out under the European Union’s General Data Protection Regulation (“EU GDPR”), is intended to guarantee every individual’s right to adequate data protection.


PDP Law defines personal data as data on individuals who are identified or can be identified individually or combined with other information, either directly or indirectly, through electronic or non-electronic systems. PDP Law introduces several stakeholders or involved parties within personal data processing activities, including:

  1. Personal Data Subject: An individual on which the personal data is associated with and enjoys the rights granted by the PDP Law regarding the protection of their data;
  2. Personal Data Controller: Every individual or company, public agency, and international organization that acts individually or jointly in determining purposes and exercising control over the processing of Personal Data;
  3. Personal Data Processor: An individual or company, public agency, and international organization that acts individually or jointly in processing Personal Data on behalf of the Personal Data Controller; and
  4. Data Protection Officer (“DPO”): An official or officer appointed by the personal data controller and Personal Data Processor to carry out the Personal Data Protection function, who may come from within and/ or outside the respective Personal Data Controller and Personal Data Processor.

The GUNANUSA (PT. Gunanusa Utama Fabricators) follow PDP Law grants several rights to personal data subjects regarding their data, which consists of:

  1. Right to be informed which provides the rights for personal data subjects to know who is processing their personal data and identity clarity, basis of legal interest, purpose of requesting and using personal data, and accountability of parties that request personal data;
  2. Right to rectification which provides the rights for personal data Subject to complete, update, and correct errors in their data;
  3. Right to access which provides the rights for personal data Subjects to access their data and additional information;
  4. Right to erasure and restriction of processing which provides the rights for the personal data subject to terminate the processing, erasure, and/or destruction of their data;
  5. Right concerning automated decision-making and profiling which provides the rights for personal data subjects to object to any decision-making actions based on automated processing and profiling;
  6. Right to object which provides the rights for personal data subjects to object to the processing of their data and even profiling;
  7. Right to claim compensation which provides the rights for personal data subjects to obtain compensation as well as obligations from those to be fulfilled by the personal data controller and the personal data processor; and
  8. Right to data portability which provides the rights for personal data subjects to obtain and reuse their data for their purposes across various services.

GUNANUSA is responsible to make ‘reasonable security arrangements’ to prevent any unauthorized access of the personal data and is required to stop retention of personal data when no longer necessary for business or legal purposes. The PDP considers the following concepts:

  1. Consent – Company may collect, use or disclose personal data only with the individual’s knowledge and consent;
  2. Purpose – Company may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
  3. Reasonableness – Company may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

The GUNANUSA IT Manager is appointed as the company’s Data Protection Officer (DPO) to oversee the data protection responsibilities within the company and ensure compliance with the PDPA. The DPO is responsible to:

  1. Develop good policies for handling personal data that are in compliance with the PDPA and are suitable to the organization’s needs;
  2. Communicate internal data protection policies and processes to employees, and customers;
  3. Handle personal data related queries or complaints;
  4. Alert the company to any risks that might arise with regard to personal data; and
  5. Liaise with the Personal Data Protection Commission (PDPC) on data protection matters, if necessary.

DATA COLLECTION

The GUNANUSA collect such Personal Data may include name, ID, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which he/she has provided in any forms he/she may have submitted, or via other forms of interaction. Generally, we obtain Personal Data in various ways, such as:

  1. When a candidate submits a job application.
  2. When the company receives references from business partners and third parties, for example, where an individual has been referred by them.
  3. When we seek information from third parties about an individual in connection with job applications, for example, from hir/her ex-employer or ex-colleague.

The Gunanusa collects, uses and discloses your Personal Data for the following purposes:

  1. Responding to your queries and requests;
  2. Verifying due diligence checks;
  3. Submitting training course and government grant applications;
  4. Managing the administrative operations of Human Resource aspects and complying with internal policies and procedures; and
  5. Any other purpose reasonably related to any of the above.

If you submit an application to the Company as a candidate for an employment or representative position, Gunanusa collects, uses and discloses your Personal Data for the following purposes:

  1. Conducting interviews;
  2. Processing your application (including pre-recruitment checks involving your qualifications);
  3. Providing or obtaining employee references and for background screening;
  4. Evaluating and assessing your suitability for the position applied for; and
  5. Any other purposes reasonably related to any of the above.

PROTECTING DATA:

The security of your Personal Data is our priority. The handling of your information is only limited to authorized personnel. He is required to ensure the confidentiality of your information and to always respect your privacy. Employee(s) who have access to this information will be subjected to disciplinary action should they fail to observe this Data Protection Policy and other guidelines, codes or policies which the company may issue to them from time to time.

If we disclose any of your Personal Data to our authorized agents or service providers, we will require them to appropriately safeguard the Personal Data provided to them.

We will only retain your Personal Data for as long as necessary to fulfill the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements. Human Resource Department is required to store them in locked file cabinets. Information and documents which are no longer needed will be properly disposed of through shredding or similar means. Personal Data is confidential, your Personal Data held by the Human Resources Department shall be kept confidential.

Employees and candidates should ensure that all Personal Data submitted to the company is complete, accurate, true, and correct. Failure on your part to do so may result in our inability to provide you with services you have requested/applied for.

The company is committed to ensuring that the Personal Data we hold about you is accurate, complete, and up to date. If there are any changes to your Personal Data or if you believe that the Personal Data, GUNANUSA have about you is inaccurate, incomplete, misleading or not up to date, please keep Human Resources Department informed so that we may take steps to update your Personal Data.

Contact of Data Protection Officer (DPO):

Name: Asrofil
Designation: IT Manager
Telephone: +62 21 5703329 ext.113
Email: asrofil@gunanusa.co.id