Connect with us Contact Button
Home Privacy Policy

Privacy Practices

Privacy Practices

Digital Realty Bersama and its affiliated entities (collectively, “Digital Realty Bersama” and may also include the terms “we”, “us”, “our,” or similar terms) are committed to respecting and protecting the privacy rights of individuals who interact with us through our websites and our portals, when accessing our premises, when using our products and services, or with whom we otherwise communicate.

 

(A) This Privacy Notice

This Notice describes how Digital Realty Bersama collects, uses, shares, and/or otherwise processes your personal information in compliance with all applicable data protection laws in the Republic of Indonesia and in the context of our business activities. It is addressed to all individuals outside our organization with whom we interact (together, “you”). Defined terms used in this Notice are explained in this Notice or in Section (O) below.

When using the term “Personal Data,” we mean information that relates to you as an individual and that allows us to identify you either directly or in combination with other information that we may hold.

This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable Indonesian law. We will notify you in case of material changes. We encourage you to read this Notice carefully. If you have any questions regarding how Digital Realty Bersama processes your data, please get in touch with the Digital Realty Bersama Privacy Team. For relevant contact details, please see section (N).

 

(B) Your relationship with us

In the context of our services, we may collect or obtain Personal Data about you as an individual in the following situations:

  • As a visitor to our office locations and/or data center facilities
  • When you use and/or interact with us through our websites or through social media
  • In the context of our business relationship (including, though not limited to, customer, vendor/supplier, consultant, and service provider)
  • As a registered customer representative using and accessing our Portals
  • As an authorized representative of our customers, vendor/supplier, consultant, or service provider(s) accessing our secure data center facilities
  • As an applicant in our recruitment process
  • As a business representative who corresponds with us via email, voicemail, or audio or video conferencing
  • As a business prospect representative who shows interest in our services
  • As a participant in our conferences, events, and learning sessions

 

(C) Collection of Personal Data

We may collect or obtain Personal Data from you and about you from various sources. We limit the collection of Personal Data to what is required to achieve the purpose(s) for which the data was collected.

Directly from you:

  • Data you provide to us: We obtain Personal Data when contact details are provided to us (e.g., in the context of a contractual business relationship, either by registration on the website, by email or telephone, or by any other means, or when you provide us with your contact details during a business or trade event, or as a candidate in the recruitment process).
  • Relationship data: We collect or obtain Personal Data in the ordinary course of our contractual relationship with you (e.g., we provide a service to you, or to your employer).

Indirectly from you:

  • Security data: We collect information about your visits to our data center facilities and other premises, including records of the locations accessed and the credentials processed (“data center access records”), and CCTV images captured during your visit to our data centers.
  • Website data: We may collect or automatically obtain Personal Data when you visit our websites or our Portals, or when you use the features or resources available and associated with our websites.
  • Registration and access details: We collect or obtain Personal Data when you use, or register to use, our websites, Portals, or services, including records of your interactions with us, such as details of your access to our Portals.
  • Relationship data through your employer or your agent: We collect or obtain Personal Data from our customers, vendors/suppliers, consultants and service providers who provide your details to us as your employer or as your agent.

Indirectly through a third party:

  • Third-party information: We may collect or obtain your Personal Data from third parties, including, though not limited to,  law enforcement authorities and marketing firms.
  • Content and advertising information: If you interact with third-party content or advertising on a website (including third-party plugins and cookies), we may receive Personal Data from the relevant third-party provider of that content or advertising.

Children:

Our websites, products, and services are not intended for use by minors, and Digital Realty will never knowingly collect Personal Data from minors.

 

(D) We use your Personal Data for the following purposes and processing activities

Processing activities Personal Data and purposes
  • Operating and managing our data center facilities and in the performance of contracted data center services to our customers, including provisioning, implementation of work orders by our vendors/suppliers and service providers, customer and technical support services, and allowing access to and/or use of our customer Portals
  • Financial Management and Administration of Contracted Services
  • We obtain your personal data for authentication and identification purposes and to allow you access to our secure data center facilities. This Personal Data includes:
    • Your name and your [government-approved] personal identification,  subject to applicable law.
    • Your [business] contact and employer details, including email address, and phone and mobile number
    • Data center access records, including dates, times, locations of your physical access, and any location data or biometric data subject to local requirements.
    • CCTV footage and images of you near, entering, or inside our facilities
  • Sales, marketing, and maintenance of our customer relationship, including communicating with you via any means, and for providing you with information about similar products and services in which you may be interested, inviting you to complete surveys, and obtaining your views about our services
  • Direct marketing communications sent to you as a prospect regarding our products and services, and upcoming promotions, using contact details that you have provided to us, subject to obtaining your prior opt-in consent to the extent required under applicable law and enabling you to unsubscribe from our promotional email list at any time.
  • We use your Personal Data for the purpose of managing our business relationship with you as our customer, or as a prospect, as well as for sales and marketing purposes of our services. This Personal Data includes:
    • Your name and position
    • Your [business] contact and employer details, including your email address, phone, and mobile number
    • Information on whether you have opted out of receiving emails for [direct] marketing purposes
    • Records of consent you have given, together with date and time, means of consent, and any related information (e.g., subject matter of consent)
  • Provisioning (and improving) our websites and Portals and communicating with you in relation to your visit to our websites and Portals; content and advertising, and any other communications with you, including use of cookies and similar tracking technologies in accordance with our Cookie Policy (see Section L).
  • We may automatically collect your personal data in relation to your visit to our websites and Portals, subject to applicable law. This Personal Data includes:
    • Device type, operating system, browser type, browser settings, IP address, language setting, dates, and times of connecting to a website
    • Records of your interactions with our online advertising and content, any interaction you may have with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part), and any touchscreen interactions
    • Portal usage statistics, Portal settings, dates and times of connecting to a Portal, username, password, security login details, usage data, aggregate statistical information, records of consent you have given, together with date and time, means of consent, and any related information (e.g., subject matter of consent)
  • Management of Information Technology (IT) systems: management and operation of our IT and security systems, and audits (including security audits) and monitoring of such systems
  • Detecting and investigating criminal offenses and breaches (including fraud detection); establishing, exercising, and defending legal rights in the context of legal proceedings; compliance with our legal and regulatory obligations under applicable law
  • We obtain your Personal Data for managing and maintaining our IT systems in compliance with applicable information security frameworks in Digital Realty Bersama, for investigation purposes, and for exercising legal rights and obligations. This Personal Data includes:
    • Your contact and employer details (including business email address and business phone number)
    • Login details, if applicable
  • Health and safety risk assessment and recordkeeping for the purpose of providing a safe and secure environment at our premises and compliance with related legal obligations related to Occupational Health and Safety requirements, subject always to the extent this may be required by applicable law.
  • We may obtain your Personal Data in relation to protecting your health and safety related to Occupational Health and Safety, subject to applicable law. This Personal Data includes:
    • Your contact and employer details
    • Your data center access records, if applicable
    • Vaccination or health check records, subject to applicable law
  • Recruitment and job applications, recruitment activities (including interviews), background checks, analysis of suitability for relevant positions, records of hiring decisions, offer details, and acceptance details.
  • We obtain your Personal Data for the purpose of recruitment activities and handling job applications. This Personal Data includes:
    • Your personal contact details (name, surname, postal address, email address, home phone number, and/or mobile phone number)
    • Basic information in the recruitment procedure: your curriculum vitae, your application letter, your assessment, and/or other information, if applicable
    • Records of consent you have given, together with date and time, means of consent, and any related information (e.g., subject matter of consent)

 

(E) Legal basis for processing your Personal Data

We may process your Personal Data, as described under section (D), based on one of the following legal bases. Such legal basis may depend on the specific context and purpose for which your Personal Data is processed, and subject to applicable law.

Performance of a Contract – We may use your Personal Data to prepare for, enter, and fulfill contractual obligations:

  • In the context of our contractual business relationship
  • In relation to the performance of the contracted services

Legitimate interests – We may use your Personal Data for our legitimate interests as lawfully allowed, to the extent these legitimate interests are not overridden by your interests, fundamental rights, or freedoms (see Section (M)). Such legitimate interests include the following:

  • Improving our services
  • Providing information to our customers, prospective customers, and other interested parties about our products and/or services
  • Ensuring the security of our data center facilities
  • Ensuring network and information security
  • Preventing and detecting fraud
  • For administrative and legal compliance purposes

Your Consent – We may process your Personal Data based on your consent, given voluntarily and in an affirmative way. Your consent can be withdrawn at any time. Examples of where we rely on consent include, though are not limited to, the following situations:

  • When you opt-in to receive selected marketing communications about our products and services and/or promotional materials
  • When you accept the use of cookies and similar tracking technologies when visiting our websites and Portals
  • When you are an employment applicant in our recruitment process
  • When, as a customer representative, you agree to share your business contact details with one or more other customers for business-related purposes

Compliance with a legal obligation – We may use your Personal Data to comply with legal obligations in accordance with applicable law in Indonesia. This includes the following situations:

  • For fulfilling our administrative and tax obligations
  • For fulfilling our obligations under local health department orders
  • To comply with the provisions of the laws and regulations concerning Personal Data Protection in force in Indonesia.

Protection of vital interests – We may need your Personal Data to protect your interests or the interests of others, such as for the purposes of contacting emergency services in the event of an accident or incident at our data center or office facilities.

 

(F) Sharing of Personal Data with third parties

We will only share your Personal Data with third parties in the following situations:

  • We may share your Personal Data with our contracted service providers, suppliers, and other third-party processors, who act on our behalf and only process your Personal Data in accordance with our prior documented instructions. These providers are authorized to use your Personal Data only as necessary to provide us with their services. Where we engage any service providers, we take all reasonable and adequate measures to ensure that the confidentiality and security of the Personal Data is protected, together with any additional requirements under applicable laws.
  • We may share your Personal Data with other entities within the Digital Realty Bersama group, for legitimate business purposes and for the operation of our websites, and for providing our services to you, in accordance with our contractual obligations and applicable law.
  • We may share your Personal Data with other customers based on your prior consent (e.g., for cross-connection purposes within our data center facilities or enabling interaction within the Digital Realty Bersama Marketplace).
  • We may share your Personal Data in the context of a (potential) business transaction, such as a transaction to buy, sell, merge, or otherwise reorganize our business.
  • We may share your Personal Data with legal authorities and external advisors as necessary in connection with legal proceedings, and for investigating, detecting, or preventing fraud and criminal offenses.
  • We reserve the right to disclose your Personal Data to the authorities if required to do so by law, to the extent we believe it is reasonably necessary to comply with applicable law, and/or it is in the interest of the rights, property, or safety of our employees, customers, or the public.

Digital Realty Bersama does not sell personal data to third parties.

(G) Transfer of Personal Data Internationally

Due to the international nature of our business, we may transfer your Personal Data within the Digital Realty Bersama group, and to third-party Data Processors as noted in Section (F) above, for the specific purposes set out under Section (D) in this Notice. For this reason, we may transfer Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located Republic of Indonesia. We comply with all relevant laws pertaining to the transfer of your personal data between countries to keep your data protected.

Where we transfer your Personal Data from Indonesia to recipients located in a country outside Indonesia, we do so on the basis of the Indonesian Law No. 27 year /2022 concerning Personal Data Protection (“PDP Law”). In carrying out the transfer of Personal Data, we, as the Personal Data Controller, are obligated to ensure that the country in which the Personal Data Controller and/or Personal Data Processor receiving the transfer of Personal Data is established has a level of personal data protection equivalent to or higher than that stipulated under the Personal Data Protection Law (UU PDP), and must ensure that adequate and binding personal data protection measures are in place. Digital Realty Bersama will also implement the applicable Standard Contractual Clauses set out the rights and obligations for us as the responsible party and for the receiving party to ensure appropriate data protection safeguards for the transfer to the receiving party. They also include specific technical and organizational measures implemented by the receiving party to ensure that the security of the Personal Data will be essentially equivalent to the PDP Law (See also under section (H)).

(H) Data security

Digital Realty Bersama employs appropriate physical, technical, and organizational controls within our organization designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, or disclosure in accordance with applicable laws and regulations. Our controls are subject to periodic assessment and evaluation by both internal and external auditors. The overall program is evaluated regularly to ensure proper safeguards are in place for the ever-changing cyber environment.

 

(I) Data accuracy

We take every reasonable step to ensure that:

  • Your Personal Data that we Process is accurate, and, where necessary, kept up to date; and
  • Where any of your Personal Data that we Process is found to be inaccurate, having regard to the purposes for which the Personal Data is Processed, is erased, or rectified without delay.

From time to time, we may ask you to confirm the accuracy of your Personal Data.

 

(J) Data minimization

We take every reasonable step to ensure that your Personal Data that we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Notice.

 

(K) Data retention

We will retain your Personal Data for as long as necessary or as permitted by law in relation to the purposes under section (D) for which your Personal Data was obtained. The criteria for determining our retention periods includes:

  • The duration of an ongoing business relationship with you
    • Where we provide services and/or carry out a contract with you and/or your employer
    • Where you are lawfully included in our mailing list and have not unsubscribed
  • Where we have a legitimate interest in processing the Personal Data for the purposes of operating our business and fulfilling our obligations with you and/your employer
  • Where there is a restricted retention period subject to applicable local laws and regulations
    • CCTV recordings for physical security in our data centers
    • Biometric data relating to secure access to data centers
    • Personal information of applicants during the recruitment process (employment law restrictions vary per country)
    • If applicable, any other processing of Personal Data where Indonesian laws or regulations requires a restricted retention period
  • In compliance with legal obligations to which we are subject per applicable law, we have statutory minimum retainment periods
    • e.g., to keep your Personal Data for business records, administrative and tax requirements
  • Protecting our legal position
    • To preserve evidence during any applicable limitation period under applicable law (any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant for defending our interests in the context of judicial proceedings)

Once the retention periods have expired, we will permanently and securely delete, destroy or anonymize the relevant Personal Data.

 

(L) Cookies and similar technologies

When you visit our website or use one of our Portals, we may place Cookies onto your device, or read Cookies already on your device, subject to obtaining your consent where required, and in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We Process Personal Data through Cookies and similar technologies, in accordance with our Cookie Policy.

 

(M) Your rights and how you can exercise them

Depending on the applicable data protection and privacy laws, you may have several rights regarding the collection and Processing of your Personal Data, including:

  • The right to know whether we process your Personal Data, and if so,
  • The right to request access to, or receive copies of, your Personal Data, together with information regarding the nature, purposes of Processing and with whom we have shared your Personal Data.
  • The right to request rectification of any inaccuracies in your Personal Data.
  • The right to request, on legitimate grounds:
    • The erasure of your Personal Data and/or the right to be forgotten, and
    • Restriction of Processing of your Personal Data (e.g., for direct marketing purposes).
  • The right to have certain Personal Data transferred to another Controller, provided that the systems used are able to communicate securely in accordance with the principles of Personal Data Protection as stipulated under the PDP Law.
  • The right to object to decisions taken solely by computer or other automated processing (including profiling) which produce legal or similarly significant effects on you.
  • Where the Processing of Personal Data is based on consent, the right to withdraw your consent to such processing (note that any withdrawal does not affect the lawfulness of any Processing prior to the date of such withdrawal).
  • The right to lodge complaints regarding the Processing of your Personal Data with the competent Data Protection Authority.
  • You may file a complaint and/or objection with the institution designated by the President of the Republic of Indonesia and regulated by a Presidential Regulation as stipulated under the PDP Law.

You may file a complaint and/or objection with the institution designated by the President of the Republic of Indonesia and regulated by a Presidential Regulation as stipulated under the PDP Law.

 

(N) How to contact us

To exercise one or more of these rights or to ask a question about these rights or any other provision of this Notice, or about our Processing of your Personal Data, please use the inquiry form or contact us at any time using one of the below contact details.

Where required by applicable law, we will respond to a valid request relating to your rights within 1 (one) month of receipt, or within 3 (three) months where a request is complex and/or requires more time. Please note that:

  • In some cases, it will be necessary to provide evidence of your identity before we can give effect to the outlined rights, and
  • Where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request promptly.

Contact details

For the purposes of this Notice, the relevant controllers are the affiliates of Digital Realty Bersama., including the Digital Realty Group.

 

(O) Definitions

  • “Adequate Jurisdiction” means a jurisdiction that has been formally designated by the government of the Republic of Indonesia as providing an adequate level of protection for Personal Data.
  • “Cookie” means a small file that is placed on your device when you visit a website or portal (including our websites and portals). In this Notice, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
  • “A Personal Data Controller” means any individual, public body, or international organization that, individually or jointly, determines the purposes of and exercises control over the processing of Personal Data and has primary responsibility for complying with the applicable data protection laws.
  • “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
  • PDP law means the Law of the Republic of Indonesia Number 27/2022 concerning Personal Data Protection, including its existing and future implementing regulations.
  • “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, whether individually or in combination, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual, whether through electronic or non-electronic systems.
  • “Portal” means any online portal that provides information or interactive functionality.
  • “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Processor” means any person or entity, acting individually or jointly, that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
  • “Profiling” means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  • Information means details, statements, ideas, and symbols containing value, meaning, and messages, whether in the form of data, facts, or their explanations, which can be seen, heard, and read, and are presented in various packages and formats in accordance with the development of information and communication technology, either electronically or non-electronically.

 

Fields marked with * are required.

"*" indicates required fields

Connect with us.
All fields marked with * are required
Consent*