Personal Data Processing Policy
OOO BLUE OCEAN CAPITAL
Overview
- The main condition to implement the goals of PT BLUE OCEAN CAPITAL (NPWP 42.115.597.9-905.000 ALAMANDA OFFICE 5THFLOOR JALAN BY PASS NGURAH RAI BANJAR KERTHAYASA NOMOR 67, Kel. Kedonganan,Kec. Kuta, Kab. Badung, Provinisi Bali, Kode Pos: 80361) (hereinafter — the Company) is providing a quality level of data protection services, in particular those of personal data protection and processing.
- Personal data protection is Company's priority.
- Data processing and information security related to the personal data is performed by the Company under the Russian law.
- This Policy was drafted under the Federal Law as of July 27, 2006 No. 152-FZ “On Personal Data” and defines the principles, order, terms, and conditions of personal data processing for various categories of data subjects, whose personal data is processed by the Company.
- Personal data constitutes confidential, closely guarded information, and is covered by all the requirements established by the Company's internal code of conduct and related to protecting the confidential information.
Definition and Contents of Personal Data
- The list of the processed personal data, which shall be protected by the Company, is formed in accordance with the Federal Law as of July 27, 2006 No. 152-FZ “On Personal Data”, the Company Charter and the Company's internal code of conduct.
- The Company considers the information, which constitutes personal data, to be any information, directly or indirectly related to a particular or identifiable individual (data subject).
Personal Data Processing Purposes
The Company processes personal data for the following purposes:
- preparation to contract execution, execution and implementation of agreements and contracts, promotion of the Company’s products (Services) at the market, joint products of the Company and the third parties, in favour of which the Company acts, the products (goods, works, services) of the third parties, in favour of which the Company acts;
- performing the functions that the Company undertakes under the Indonesian law;
- identification of the client and/or their representative, in relation to the client and any third parties;
Personal Data Processing Principles and Conditions
1. The Company processes the personal data based on the following principles:
- legal validity and justness of the purposes and methods of personal data processing;
- correspondence of the personal data processing purposes with the purposes defined and declared before personal data collection, according to the Company’s authorisations;
- correspondence of the volume and nature of the personal data processed with the purposes of personal data processing;
- accuracy of personal data, its sufficiency for the purposes of processing, prohibition to process personal data excessive in relation to the purposes declared before personal data collection;
- prohibition to unify databases containing personal data created for unrelated purposes;
- personal data shall be stored in the form, which allows to define the data subject for the period not exceeding the period required for its processing, in case the term of storage of the personal data is not established by the federal law or an agreement, to which the data subject is a party, beneficiary or recipient;
- destruction of personal data upon achievement of its processing goals or in case of lack of necessity to achieve these goals, unless otherwise provided for by the federal law.
2. Personal data processing shall be performed based on the terms and conditions defined by the Indonesian law.
3. When processing the personal data, the Company provides its accuracy, sufficiency and, if required, applicability in relation to the purposes of personal data processing. The Company shall take the required measures (provide their implementation) to delete or destruct incomplete or inaccurate personal data.
4. The Company shall not publish the personal data of the data subject in publicly available sources without their prior consent.
Terms of Personal Data Processing
The terms of personal data processing shall be defined in accordance with the term specified in the data subject's consent, and other requirements of the Indonesian law and the Company’s regulatory documents.
Personal Data Protection
The Company shall take all the required organisational and technical measures to protect personal data from accidental and unauthorised access, destruction, updating, blocking and other unauthorised actions.
Final Provisions
- This Policy shall be amended and updated in case of amending the effective regulatory enactments and in case of new regulatory enactments and specialised documents on personal data processing and protection.
- The liability of the Company’s officers, who have access to the personal data, for failure to comply with the regulations which govern personal data processing and protection shall be defined in accordance with the Indonesian law and Company's internal code of conduct.