How we handle your personal data.

1. Who we are

PT Docotel Teknologi Informasi (referred to as "DTI", "we", "us", or "our") is an Indonesian limited liability company registered at Jl. Perjuangan No. 11H, RT 01/RW 07, Kebon Jeruk, Jakarta Barat 11530. We are the data controller (Pengendali Data Pribadi) responsible for the personal data we process through our website and business engagements.

2. What personal data we collect

We collect the following categories of personal data:

• Contact data — name, work email, phone number, company name, role, when you submit a contact form, request a demo, or correspond with us.
• Interest data — industry, product preferences, and message content from form submissions, used to route your inquiry to the correct specialist.
• Technical data — IP address, browser type, operating system, referring URL, pages visited, time spent, collected through cookies and analytics tools.
• Marketing preferences — newsletter subscription status, language preference, when you subscribe.

3. Legal basis for processing (UU PDP Art. 20)

We process your personal data based on:

• Consent — you have explicitly agreed via form checkbox to data processing for the stated purpose.
• Contract necessity — processing is required to provide services you have requested or to fulfill a contract.
• Legitimate interest — for business operations like fraud prevention, security, and analytics, balanced against your rights.
• Legal obligation — when required by Indonesian law (e.g., tax records, regulatory reporting).

4. How we use your data

We use your personal data to:

• Respond to your inquiries and provide requested information about our products and services.
• Schedule consultations and demonstrations with our specialists.
• Send marketing communications you have subscribed to (newsletters, product updates) — you can unsubscribe at any time.
• Improve our website, content, and user experience through analytics.
• Comply with legal and regulatory obligations.

5. Who we share your data with

We share your data with the following categories of third parties, under written data processing agreements where required:

• Technology partners — Tilaka, Yubico, DHealth — when your inquiry is product-specific and requires joint engagement, with your prior knowledge.
• Service providers — email service providers (e.g., Resend), analytics providers (e.g., Google Analytics), cloud hosting providers, who process data on our behalf under contract.
• Regulators and authorities — when required by law, regulation, or legitimate legal request.

We do not sell your personal data to third parties.

6. Cross-border data transfer

Some of our service providers may process data outside Indonesia. When this occurs, we ensure adequate protection per UU PDP Art. 56 — including binding contractual safeguards, the recipient country's adequacy assessment, or your explicit consent.

7. Data retention

We retain personal data for the following periods:

• Lead and inquiry data — up to 24 months from last interaction, then anonymized or deleted.
• Newsletter subscriber data — until you unsubscribe, then anonymized.
• Analytics data — 26 months (Google Analytics default), then aggregated.
• Contractual records — as required by Indonesian tax and corporate law (typically 10 years).

8. Your rights as a data subject (UU PDP Art. 5–14)

Under UU PDP No. 27/2022, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correct — request correction of inaccurate or incomplete data.
• Delete — request deletion of your personal data (subject to legal retention obligations).
• Restrict — request restriction of processing in certain circumstances.
• Withdraw consent — for processing based on consent, at any time, without affecting prior lawful processing.
• Object — object to processing for direct marketing purposes.
• Portability — receive your data in a structured, commonly used format.
• File a complaint — with the personal data protection authority.

To exercise these rights, contact us at privacy@dtisolution.id. We will respond within 30 days as required by UU PDP Art. 9.

9. Data security

We implement organizational and technical measures to protect your personal data, including:

• ISO/IEC 27001:2013 Information Security Management System certification.
• Encryption in transit (TLS) and at rest for sensitive data.
• Role-based access controls and audit logging.
• Regular security reviews and incident response procedures.
• Staff training on data protection responsibilities.

In the event of a personal data breach that poses a risk to your rights, we will notify the personal data protection authority within 3 × 24 hours and notify affected individuals as required by UU PDP Art. 46.

10. Cookies and tracking

We use cookies to provide essential website functionality, analyze usage, and (with your consent) deliver marketing communications. See our Cookie Policy for details and how to manage your cookie preferences.

11. Data Protection Officer (DPO)

For all data protection inquiries, including exercising your rights or reporting concerns, contact our Data Protection Officer:

• Email: privacy@dtisolution.id
• Postal: DPO, PT Docotel Teknologi Informasi, Jl. Perjuangan No. 11H, RT 01/RW 07, Kebon Jeruk, Jakarta Barat 11530

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified through our website or by email (for subscribers). The "Last updated" date at the top of this page reflects the most recent revision.

13. Governing law

This Privacy Policy is governed by the laws of the Republic of Indonesia, including UU No. 27/2022 on Personal Data Protection. Any disputes shall be resolved through the courts of South Jakarta, Republic of Indonesia.