This Privacy Notice applies to You, either as a Merchant or a Customer (“User” or “You”) of Our mobile applications (including Midtrans Mobile, GoPay Merchant App), website (including www.midtrans.com and its subsidiary sites), features, services and products (mobile applications and websites hereinafter collectively are referred to as “Applications”), and other services or products provided by Us from time to time, whether used within or outside Our Application (Application as well as other services or products referred herein shall collectively be referred to as “Service”), unless covered by a separate privacy notice.
Please read this Privacy Notice thoroughly to ensure that You understand Our data protection practices. For Your ease of understanding, We have provided a Summary that highlights all the important points.
By agreeing to the Privacy Notice, You acknowledge that You have read and understood this Privacy Notice and agree to its terms. In particular, You agree and consent for Us to Processing Your Personal Data in accordance with this Privacy Notice.
In circumstances where You provide Us with Personal Data relating to other individuals (such as Personal Data relating to Your spouse, family members, friends, employee or other parties), You represent and warrant that You have obtained such individual’s consent, and hereby consent on behalf of such individual to Processing of Personal Data by Us. We can request any evidence of such consent to You at any time.
You may withdraw Your consent to any or all collection, use or disclosure of Your Personal Data at any time by giving Us reasonable notice in writing using the contact details stated below. You may also withdraw Your consent for us to send certain communications and data from Us through the "opt-out" facility, the "unsubscribe" option available in the messages We send, or using the options available on each communication medium We use to contact You. In accordance with the circumstances and the nature of the consent which You are withdrawing, You must understand and acknowledge that after such withdrawal of consent, You may no longer be able to use the Services. A withdrawal of consent by You may result in Us being unable to provide Services, deletion of your account or termination of your contractual relationship with Us, with all rights and obligations that arise remaining fully fulfilled. Upon receipt of Your notice to withdraw consent for any collection, use or disclosure of Your Personal Data, We will inform You of the likely consequences of such withdrawal so that You can decide if indeed You wish to withdraw consent.
We collect Personal Data when You use Our Service, including identity data, contact data, eligibility data, transaction data, financial data, payment data, log data and/or location data. We also collect device and technical data from You, and other data that You may submit or transmit when You use Our Services. If You choose not to provide such data, We may not be able to provide the Services and Applications to You optimally.
We use Your data to administer and manage Your account with Us, communicate with You, and otherwise provide You with the various features, services and functions available in Our Applications and Services.
If You are a Merchant, We use Your data to verify that You can use Our Services, set up and manage Your account with Us including but not limited to managing the connectivity of Your personal data to other GoTo Group applications, communicating with You, as well as providing You with various services and functions available on Our Applications and Services.
If You are a Customer, We use Your Personal Data to fulfil Our obligation to You in a secure manner, including but not limited to verifying Your transaction, processing Your payment, and/or resolving any dispute pertaining to Your transaction, providing Our Service to Merchants, and complying with the Applicable Laws.
Whether You are a Merchant or a Customer, We also use Your data to carry out maintenance on Our Services as well as to customise Our Services to your preferences. In addition, We use Your data to offer You marketing contents of Our Services, as well as products and services from Our partners, agents, or affiliated companies (with your consent if required by the Applicable Laws).
We share Your data with Our third party partners to facilitate the performance of Services for or by You, to the extent necessary for them to provide their services, including but not limited to, payment processing, provision of products and data verification processes.
We use these third parties’ services solely to process and/or store Your data for the purposes as described in this Privacy Notice. We also share Your Personal Data with Our affiliates for the purposes described in this Privacy Notice as well as with the government and regulatory bodies as required by Applicable Laws.
Your Personal Data is stored and processed in Indonesia, but may also be stored or processed outside Indonesia by Our personnel who work for Us in other countries, or by Our third party service providers, vendors, suppliers, partners, contractors or affiliates, to the extent permitted by Applicable Laws. In doing so, We comply with the relevant requirements that apply to Us.
We will process Your data for as long as You give Your consent for Us to process Your Personal Data to fulfil the purpose for which it was collected and obtained, or as required by Applicable Laws.
You may have various rights with respect to Your Personal Data under the Applicable Laws.
If You wish to exercise Your rights, You can submit a request for data subject rights to Us, including a request for deletion of Your data, which may be delivered to Us through Our email as mentioned under this Privacy Notice. Upon receipt, We will review Your request in accordance with the Applicable Laws.
In the event that You have questions, comments, complaints, or claims regarding this Privacy Notice, or that You wish to gain access and/or make corrections to Your Personal Data, please contact Us through the following email: email@example.com.
We will amend this Privacy Notice from time to time and notify You of the updated versions via Our Applications or Your email that is registered with Us. Please check regularly for any update of or changes to this Privacy Notice.
“Personal Data” means any data, whether accurate or not, pertaining to any identified or identifiable individual, both individually or collectively with other information, directly or indirectly through electronic or non-electronic systems. Personal Data includes, but is not limited to, name, address, date of birth, occupation, telephone number, email address, bank account and credit card details, gender, identification (including passport or national identity document) or other government-issued identification, photos, nationality, telephone numbers of Users and non-Users in Your mobile phone contact list, financial related data, biometric data (including but not limited to fingerprint recognition and facial recognition), and other data that is included as Personal Data in accordance with the Applicable Laws.
For the avoidance of doubt, applicable laws means all applicable laws, by-laws, statutes, regulations, regulatory policies, ordinances, protocols, industry codes, road traffic codes, regulatory permits or court requirements, tribunal, or any governmental, regulatory, judicial, administrative or regulatory authority or body, in force from time to time during the term of this Privacy Notice (“Applicable Laws”). In addition, when other data, including personal profiles and/or unique identifiers, are associated or combined with Personal Data, then that data also constitutes Personal Data.
The types of Personal Data that We collect depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.
If You are a Merchant, to the extent permitted by Applicable Laws, We may process, collect, use, store and transfer different kinds of Personal Data, consisting of general and specific/sensitive Personal Data about You, including but are not limited to:
Identity Data includes name, identity card, taxpayer identification number, user ID, or other identifier, title, date of birth, gender, place of birth, occupation, nationality, photos and/or biometric data.
Contact Data includes billing address(es), shipping address(es) and labels, office address(es), email address(es), telephone number(s) and contact list.
Eligibility Data includes, in relation to Merchants, such as permits, approvals and licences.
Transaction Data includes the amount of transaction value and information related to orders or purchases of goods and/or services in accordance with the detail and information required in performing the payment.
Financial Data includes bank account and payment card details such as the type of payment card or account used, the name of the issuer of that payment card or account, the name of the holder for that payment card or account, the identification number of such payment card or account, the verification code of that payment card or account, and the expiration date of that payment card or account, as applicable, virtual account information, financial history (including but not limited to payment card or account transaction history, payment card or account details, CVV codes and mapping and/or payment card or account status and states), tax identification number and credit score.
Payment Data includes details of payments or transfers made through Our Services, including but not limited to data relating to usage, payments, recipient details (including their account details), payment methods used, payment amounts paid, billing details, and invoice details.
If You are a Customer, We may process, collect, use, store and transfer different kinds of Personal Data in connection with the purchase of goods and/or services offered by Merchant, including but not limited to Transaction Data, Customer’s name, email address and telephone number (“Customer Contact Data”), as well as Customer Financial Data which includes among others:
the type of card or payment account used, the name of the issuer of the card or payment account, the name of the holder of the card or payment account, the identification number of such payment card or account, the verification code for the payment card or account, the expiration date of the payment card, and the service code, if You make payment using a credit card or debit card method; and/or
the type of electronic money, name of the electronic money user and telephone number of the electronic money user, if you make payment using the electronic money method.
In addition to the aforementioned Personal Data and information, We may also process, collect, use, store and transfer the data in connection with the visit of User, either as Merchant or Customer, to Our Application, including but not limited to:
Technical Data includes details on Your usage of Our Applications such as identification generated by the Application (user id), internet protocol (IP) address, information as web pages previously or subsequently viewed, duration of every visit/session, the internet device identity (ID) or media access control address, mobile advertising ID and other device information including information regarding the manufacturer, model, and operating system of the device you use to access the Application and crash logs.
Device Data includes device data, including the type of device You are using to access the Application, including hardware model, operating system and version, software, IMEI number, file name and version, language preference, unique device identifier, advertising identifier, serial number, device movement information, and/or mobile network information.
Log data includes records on the server that receive data such as device IP address, date and time of access, application features or pages viewed, application work processes and other system activities, browser type, and/or third party sites or services that the User used before interacting with the Application.
Location Data includes Your real-time geo-location information, location coordinates in the form of longitude latitude and Wi-Fi location.
We may create, use, licence or disclose aggregated data such as statistical or demographic data for any purpose. Aggregated Data could be derived from Your Personal Data but would not be considered Personal Data as this data will not directly or indirectly reveal Your identity as We will ensure: (i) that all identifiers have been removed such that the data, alone or in combination with other available data, cannot be attributed to or associated with or cannot identify any person, and (ii) the data is then combined with similar data such that the original data forms a part of a larger data set (“Aggregated Data”).
When We need to collect Personal Data by law, or under the terms of an agreement We have with you, and you choose not to provide such Personal Data or provide incomplete Personal Data to Us when requested, We may not be able to provide the Services and carry out the agreement that We have or are in the process of agreeing with You.
The Personal Data which We collect may be provided by You directly or by third parties (for example: when You register for or use the Services, when You contact Our customer services, or You otherwise provide Personal Data to Us). We may collect information in various forms and for various purposes (including purposes permitted under Applicable Laws).
Information obtained from You or from Your mobile device directly
You may give Us Your Identity Data, Contact Data, Eligibility Data, Transaction Data, Financial Data, and/or Payment Data, including in situations where requested by Us or where required by Applicable Laws, when interacting with Us directly or by corresponding with Us via post, phone, email or otherwise. This includes Personal Data You provide when You:
i. register to the Service, including when You create an account using the Applications;
ii. perform identity verification required to use the Services;
iii. use the Services, either if You register as a Merchant or use the Services as a Customer of the Merchant;
iv. make and receive payments using available methods including but not limited to payments using credit cards, debit cards, payment links, virtual accounts, bank transfers, electronic money facilities and/or electronic wallets (either as Merchant or Customer);
v. use the chat feature (including but not limited to product discussions, chat with sellers, chat with customer service) on the Application; and
vi. give Us feedback or contact Us.
Information collected whenever You use the Applications
You may provide Us with Technical Data, Device Data, Log Data and/or Location Data each time You use the Service.
We may also use features provided by third parties in order to improve Midtrans services and content, including assessing, customising and presenting offers to you based on your interests or visit history. If you do not want the offer to be displayed based on these adjustments, then you can set it through the features available on the platform used to display the offer.
Information collected from third parties
We may also collect Your Personal Data from third parties (including affiliates, agents, vendors, suppliers, contractors, partners, government institutions and other parties who provide services to Us, collect Personal Data and/or perform tasks on Our behalf, or with other parties who collaborate with Us). In these conditions, We will only collect Your Personal Data for or in connection with the purposes involving the third party or the purpose of Our collaboration with such third parties, including but not limited to performing Our responsibilities to provide Our Services to You, conducting verification, complying with the Applicable Laws, and/ or upon Your consent, enabling You to use the credential You own on a third party platform to register and/or login into Our Services.
In particular, when verifying, registering a payment card or account through the Application and/or accessing, adding and/or connecting your payment card or account on the Application (as applicable in Your country), We may collect verification data, certain Financial Data and financial records (including but not limited to transaction records, payment card or account details and assignments, and/or the status and country of Your payment card or account) from the issuer of such payment credentials or from other third parties.
Information about third parties You provide to Us
You may provide Us with Personal Data relating to third party individuals (including Personal Data relating to Your partner, family member, friend, employee, or other individual). In such circumstances, You will require the consent of such third party individual — see “Acknowledgement and Consent” above, for further information.
We may use the Personal Data collected for any of the following purposes as well as for such other purposes as are permitted by Applicable Law (“Purposes”):
Where You are a User of payment gateway service, We may use Your Personal Data:
i. to identify and register You as a User and to create, verify, deactivate, or manage Your account on the Application that We provide or other GoTo Group applications;
ii. to facilitate or enable any verification that We consider necessary before We provide Services or before We register you as a User, including carrying out the KYC (Know Your Customer) process and/or credit scoring (if required);
iii. to enable Us to provide services, whether Services that are already available, Services that you request, or Services that will be available in the future;
iv. to process and facilitate orders and payment transactions that You make, including as applicable, transactions made via payment cards, electronic money and/or electronic wallets, or accounts available on the Services;
v. to notify You of transactions or activities that occur in the Services or other systems connected to Our Services;
vi. to facilitate account and/or e-wallet activation, if You are a Merchant that chooses to activate certain account and/or e-wallet as a payment method;
vii. to communicate with You and send You data in connection with Your use of the Services;
viii. to notify you of any updates to the Application or changes to the Services provided;
ix. to manage, process, resolve and respond to complaints, problems, questions and suggestions that We receive;
x. to maintain, develop, test, improve and personalise the Services to meet Your needs and preferences as a User, including enabling features to personalise User accounts;
xi. to monitor and analyse User activities, behaviour and demographic data including habits and use of various features available on the Services;
xii. to offer or provide services from Our affiliates or partners; and
xiii. to send You direct or targeted marketing communications, advertisement, vouchers, surveys, and information on special offers or promotions as and when such events, promotions, features or launches occur.
Where You are a User of GoPay Merchant App, We may use Your Personal Data:
i. to identify and register You as a User and to create, verify, deactivate, or manage Your account on the Services that We provide, particularly GoPay Merchant App or other GoTo Group applications;
ii. to facilitate or enable any verification that We consider necessary before We provide services or before We register you as a User, including carrying out the KYC (Know Your Customer) process and/or credit scoring (if required);
iii. to enable Us to provide Services, whether Services that are already available, Services that you request, or Services that will be available in the future;
iv. to notify You of transactions or activities that occur in GoPay Merchant App or other systems connected to GoPay Merchant App;
v. to communicate with You and send You data in connection with Your use of GoPay Merchant App;
vi. to notify you of any updates to GoPay Merchant AppServices provided;
vii. to process, process, resolve and respond to complaints, problems, questions and suggestions that We receive;
viii. to maintain, develop, test, improve and personalise the Gopay Merchant App Services to meet Your needs and preferences as a User, including enabling features to personalise User accounts;
ix. to monitor and analyse User activities, behaviour and demographic data including habits and use of various features available on GoPay Merchant App;
x. to offer or provide services from Our affiliates or partners; and
xi. to send You direct or targeted marketing communications, advertisements, vouchers, surveys and data, and data about special offers or promotions and when such events, promotions, features or launches occur.
Whether You are a Merchant or a Customer that uses Our payment gateway Service and/or GoPay Merchant App, We may also use Your Personal Data more generally for the following purposes (although We will in each such case always act reasonably and use no more Personal Data than what is required for the particular purpose):
i. to undertake associated business processes and functions;
ii. to monitor usage of the Applications and/or Services and administer, support and improve the performance efficiency, growth, User experience and the functions of the Applications and/or Services;
iii. to provide assistance in relation to and to resolve any technical difficulties or operational problems with the Applications and/or Services;
iv. to generate statistical information and analytics data for the purpose of testing, research, analysis, product development, commercial partnership, and collaboration;
v. to prevent, detect and investigate any prohibited, illegal, unauthorised or fraudulent activities;
vi. to facilitate business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving Us and/or any of Our affiliates;
vii. to enable Us to comply with Our obligations under any Applicable Laws, including but not limited to responding to regulatory enquiries, investigations or decree, complying with statutory or regulatory filing, reporting, and licensing requirements, and conducting audit checks, due diligence and investigations; and
viii. for any other purpose that We notify You of and, where required by Applicable Laws, obtain Your consent to.
We may disclose to, allow access to, or share with Our affiliates and other parties Your Personal Data for any of the following purposes as well as for such other purposes as are permitted by Applicable Laws:
where You are a Consumer, to enable Merchants or partners to receive feedback from You and provide Services or process transactions, including in the events of refunds, chargeback, dispute resolution, and/or to contact You;
where You are a Merchant, to enable Consumers to request or receive Services from You, including to contact You and administer promotions, contests or special services available on the Services;
where required or authorised by Applicable Laws (including but not limited to responding to regulatory enquiries, investigations or decree, or complying with statutory or regulatory filing, reporting, and licensing requirements), for the purpose so specified in that Applicable Laws.
where instructed, requested, required or authorised by the government authorities, for the purpose as specified in the government policy, regulations or Applicable Laws;
where there is any form of legal proceeding between You and Us, or between You and another party, in connection with, or relating to the services, for the purposes of that legal proceeding;
where You are a Merchant, in relation to any verification as We or other third party may consider necessary before We the Merchant provide You with the Services or We register You as a Merchant, including but not limited to for KYC (Know Your Customer);
where Our Services are available on and/or cooperate with any third party’s platform, (i) to assist Us in obtaining Your Personal Data; (ii) to register You or enable You to use Our Services from such platforms; and/or (iii) enable You to use the credential that You have to register and/or login into Our affiliates’ service platform as may be applicable.
in an emergency concerning Your health or safety (whether You are a User or a Seller) for the purposes of dealing with that emergency;
in connection with, any merger, sale of company assets, consolidation or restructuring, financing or acquisition of all or a portion of Our business by or into another company, for the purposes of such a transaction (even if the transaction is eventually not proceeded with);
to third parties (including agents, vendors, suppliers, contractors, partners and any others who provide services to Us or You, perform functions on Our behalf, or whom We enter into commercial collaboration with) for or in connection with the purposes for which such third parties are engaged, to perform certain disclosure to the relevant third parties which are technically required to process Your transaction or for the purposes of Our collaboration with such third parties (as the case may be), which may include allowing such third parties to introduce or offer products or services to You, authenticate You or connect with Your account, or conducting other activities including marketing, research, analysis and product development; and
where We share Personal Data with Our affiliates, We will do so for the purpose of them helping Us to provide the Services, to operate Our business (including, where You have subscribed to Our mailing list for direct marketing purposes), or for the purpose of them conducting data processing on Our behalf.
Where it is not necessary for the Personal Data to be associated with You, We will use reasonable endeavours to remove the means by which the Personal Data can be associated with You as an individual before disclosing or sharing such information.
We will not sell or lease Your Personal Data.
Other than as provided for in this Privacy Notice, We may disclose or share Your Personal Data in which We will notify You or ask for Your consent for the disclosure or sharing.
Confidentiality of Your Personal Data is of utmost importance to us. We will use all reasonable efforts to protect and secure Your Personal Data against access, collection, use or disclosure by unauthorised persons and against unlawful processing, accidental loss, destruction and damage or similar risks. Unfortunately, the transmission of information via the Internet is not completely secure. Although We always do Our best to protect Your Personal Data, You acknowledge that We cannot guarantee the integrity and accuracy of any Personal Data which You transmit over the Internet, nor guarantee that such Personal Data would not be intercepted, accessed, disclosed, altered or destroyed by unauthorised third parties, due to factors beyond Our control. You are responsible for keeping Your account details confidential and You must not share Your account details, including Your password and One Time Password (OTP), with anyone and You must always maintain and fully responsible for the security of the device that You use.
Your Personal Data will only be held for as long as it is necessary to fulfil the purpose for which it was collected, during the retention period or for as long as such retention is required or authorised by Applicable Laws. We shall cease to retain Personal Data, or remove the means by which the Personal Data can be associated with You as an individual, as soon as it is reasonable to assume that the purpose for which that Personal Data was collected is no longer being served by retention of Personal Data, there is a request from You to delete Your account, and retention is no longer necessary for legal or business purposes.
We will delete and/or anonymise User Personal Data under Our control when (i) User Personal Data is no longer necessary to fulfil the purpose for which it was collected; (ii) end of retention period and (iii) storage is no longer necessary for the purpose of compliance with Applicable Laws.
Please note that there is still the possibility that some of Your Personal Data might be retained by the other party, including by the government institutions in some manner. In the event We share Your Personal Data to the authorised government institutions and/or other institutions that may be appointed by the government authorities or have a cooperation with Us, You agree and acknowledge that the retention of Your Personal Data by the relevant institutions will follow their respective policy on data retention.
Data that is submitted through communications between Merchant and Consumer that are carried out other than through the use of the Services (such as via telephone calls, SMS, mobile messages or other means of communication and collection of Your Personal Data by Our agents) can also be stored in several ways. We do not allow the processing of Personal Data between Merchant and Consumer that occurs outside Our Application. Therefore, Merchants and Consumers are fully responsible for such Processing of Personal Data.
To the fullest extent permitted by Applicable Laws, You agree to indemnify and release Us from and against any and all claims, losses, liabilities, expenses, damages and costs (including but not limited to legal costs and expenses on a full indemnity basis) resulting directly or indirectly from any activities outside Our Services.
You may have certain rights under Applicable Laws to request us for access to, correction of and/or deletion of Your Personal Data in Our possession and control. To the extent these rights are available to You under Applicable Law, You may exercise these rights by contacting us at the details provided in the section below.
We may refuse Your request for access to, correction of and/or deletion of, some or all of Your Personal Data that We control or control if permitted or required based on Applicable Laws. This includes circumstances where the Personal Data may contain references to other people or where the request for access or request to correct or delete is for reasons that We consider to be irrelevant, frivolous, far-fetched, or indicated to be related to an act of infringement terms and conditions or violation of law.
In accordance with Applicable Laws, We reserve the right to charge an administrative fee for each access and/or correction request.
Applications and Marketing Materials (as defined below) may contain links to websites operated by third parties. All processing of personal data on the website is fully controlled by the third party and is under the responsibility of the third party. If You agree to access websites operated by such third parties, then You are subject to the terms and conditions and privacy notices of those third party websites. Therefore, We recommend that You read the terms and conditions and privacy notices of such third party websites to find out how they collect and use Your Personal Data.
We and Our partners (including vendors, suppliers, merchants and/or other third-parties that engaged with us for commercial and/or non-commercial activities may send You direct marketing, advertisement, and promotional communications via push-notification app, message in Applications, post, chat platform, social media, and e-mail (“Marketing Materials”) if You have agreed to subscribe to Our mailing list, and/or consented to receive marketing and promotional materials from Us. You may opt out from receiving such marketing communications at any time by clicking on any “unsubscribe” facility embedded in the relevant message, other methods available on the promotional media, or otherwise contacting Us using the contact details stated below.
Please note that if You opt out, We may still send You non-promotional messages, such as receipts or information about Your account.
We may review and amend this Privacy Notice at Our sole discretion from time to time, to ensure that it is consistent with Our future developments, and/or changes in applicable legal or regulatory requirements. If We decide to amend this Privacy Notice, We will notify You of any such amendments by means of a general notice published on the Application and/or website, or otherwise to Your e-mail address set out in Your account. You agree that it is Your responsibility to review this Privacy Notice regularly for the latest information on Our data processing and data protection practices, and that Your continued use of the Services , communications with Us, or access to and use of the Services following any amendments to this Privacy Notice will constitute Your acceptance to this Privacy Notice and all of its amendments.