Privacy Notice

ITSEC  |  Version 1.0  |  Effective Date: 24 September 2025

Introduction

PT ITSEC Asia Tbk (“ITSEC”, “we”) is committed to protecting your privacy when you visit our website. This Privacy Notice explains how we collect, use, store, and protect your personal data when you interact with our website.

It is developed with reference to our internal Privacy Policy, which sets out ITSEC’s general principles for personal data protection across all operations. This website does not provide user registration or login features; your interactions are limited to general browsing and contact form submissions.

Data We Collect

We may collect the following personal data when you visit our website:

• Technical data: IP address, browser type, device information, cookies, and server logs.
• Contact form data: full name, company name, email address, phone number, and message content.
• Analytics data: site usage information through third-party services (e.g., Google Analytics), depending on your cookie settings.

We do not collect account or login credentials, as this website does not offer user registration. You may browse the site anonymously or using a pseudonym.

Purpose of Processing

Your personal data is used to:

• Provide basic website functions and security (essential cookies, server logs)
• Analyse site usage (non-essential cookies, with your consent)
• Respond to inquiries submitted through the contact form
• Send marketing or publication materials with your consent

Legal Basis

Processing is based on:

• Legitimate interests in operating the website and responding to inquiries
• Consent for the use of non-essential cookies and marketing activities
• Legal obligations, where required by applicable laws

Data Sharing

We may share your personal data with service providers that assist with the operation of the website (e.g., hosting, email, CRM, analytics), group affiliates, and authorised authorities if required by law. When sharing data with service providers or third parties, ITSEC ensures that recipients have adequate data protection standards and are bound by confidentiality and data security obligations. If data is processed overseas, we ensure equivalent protection remains in place. We do not sell your Personal Data to any party.

Cross-Border Data Transfers

Your personal data may be processed outside Indonesia (e.g., on servers of service providers or ITSEC affiliates in other countries). In such cases, we ensure that equivalent protection is maintained, including through Standard Contractual Clauses (SCCs) or other lawful mechanisms. Your rights remain protected regardless of data transfer location.

Cookies

Our website uses cookies and similar tracking technologies to improve functionality and user experience.

• Essential Cookies: necessary for website functionality and do not require consent.
• Non-Essential Cookies: used for analytics, performance, and marketing. We obtain your explicit consent via a cookie banner or preference centre before using them.

You may manage or decline non-essential cookies via your browser settings or our cookie preference centre. Refusing non-essential cookies will not affect core website functions.

Data Retention and Disposal

We retain personal data only as long as necessary to fulfil its intended purposes or comply with legal obligations. Once no longer needed, data will be securely deleted or anonymised to prevent unauthorised access or recovery.

Your Rights

You have the right to:

• Access and obtain a copy of your personal data
• Correct or update inaccurate personal data
• Request deletion of your personal data as permitted by law
• Withdraw your consent at any time
• Object to or restrict specific processing activities, including direct marketing
• Request data portability
• Not be subject to fully automated decisions that significantly affect you
• File a complaint with the relevant authority

We will respond to every request in a reasonable manner and within a reasonable time frame. If additional time is required, we will inform you of the reason and estimated completion date.

Data Security and Incident Notification

We apply technical and organisational measures — encryption, role-based access control, monitoring, and security audits — to safeguard personal data.

If a data breach poses a serious risk, ITSEC will notify the relevant authority and affected individuals as required by law (e.g., within 72 hours under GDPR or 3×24 hours under Indonesian regulations).

Contact Us

For questions, concerns, or requests regarding your personal data, please contact us at:

• Email: privacy@itsecasia.com
• Noble House, Level 11, Jakarta 12950, Indonesia

Notice Updates

This Notice may be updated to reflect changes in our practices or applicable laws. The latest effective date is shown above. For material updates, we will notify you through the website or other appropriate channels. For more information, contact our Data Protection Officer (DPO) at the email address above.