Privacy Policy

This Personal Data Protection Policy ("Policy") constitutes Your agreement and is an integral part of the terms of service outlined in all applications owned by us, allowing Your Personal Data to be processed and utilized by PT Lippo General Insurance Tbk and/or its affiliates (collectively referred to as "LGI"). Hereafter, the term "we" or "us" in this Policy refers to "LGI".

By giving your consent to process the personal data, you declare your approval to include the Personal Data of dependents and/or participants, either individually or collectively. Furthermore, you also guarantee that you have obtained the necessary consent from the dependents and/or participants, either individually or collectively, for the use of their Personal Data by LGI

The term "You" or "Your" in this Policy refers to all our stakeholders, including customers, business partners, vendors, and other related parties.

The term "Personal Data" in this Policy refers to data related to an individual that is identifiable either on its own or in combination with other information, whether directly or indirectly, through electronic or non-electronic systems.

We are committed to protect Your Personal Data in accordance with Law No. 27 of 2022 on Personal Data Protection, along with its implementing regulations and any amendments from time to time, as well as other relevant laws and regulations on Personal Data Protection ("Data Protection Regulations"). We request that You carefully read this Policy, as it contains important information regarding the collection, use, processing, and disclosure of Personal Data that we hold or control.

I. COLLECTION OF PERSONAL DATA

1. The Personal Data collected by LGI refers to data or information about You that can be identified either (a) from the data alone; or (b) from the data combined with other information and can be collected by us either directly or indirectly.


2. The Personal Data that You may provide to us includes both specific and general data as defined in the Data Protection Regulations, namely:

   (i) Specific data:
    - health data and information;
    - biometric data;
    - genetic data;
    - criminal records;
    - child data;
    - personal identification data; and/or
    - other data as stipulated by applicable laws and regulations.
   

   (ii) General data:
    - full name;
    - birthdate;
    - birth place;
    - gender;
    - nationality;
    - religion;
    - family data, including marital status, spouse’s name, number of children, number of dependents.
    - Bank account
    - occupation;
    - identity card number (NIK)
    - identity card (KTP) for Indonesian nationals
    - Passport and/or KITAS for foreigners
    - Email address
    - Phone number
    - Digital records such as geolocation, IP address, operation system, and/or
    - Personal Data combined to identify an individual.

3. Personal Data may be collected, either directly or indirectly:
   

   (i)  when You respond to our promotions and other initiatives, subscribe to our mailing list or applications, or respond to our market surveys;
   (ii) when You use or purchase our products and/or services or when You submit a form related to any of our products and/or services;
   (iii) when You attend events organized by us or participate in promotional activities or other activities owned, managed, or operated by us;
   (iv) when You visit our website or application or when You register for or use our services on websites or applications owned or operated by us, or when You register as a member on one of our websites or applications owned and/or operated by us;
   (v) when You engage in transactions with us, or express interest in doing so, including in relation to any insurance products we manage or distribute;
   (vi) when You submit Your Personal Data to us for any reason;
   (vii) when You communicate with us via phone, mobile text, email, video conference, or CCTV recordings, including non-electronic or analog data.

4. We also collect Personal Data from third-party sources, such as:
   

   (i) from our affiliates, insurance agents, insurance brokers, business partners, and third-party service providers that offer advertising, marketing, or promotional services on our behalf;
   (ii) from family members or friends who provide Your Personal Data to us on Your behalf; and/or
   (iii) from public institutions or other publicly available sources.

5. In the event that You do not submit a written objection to us in the manner outlined in this Policy, regarding our collection of Your Personal Data as specified in this Policy, You agree that we may process Your Personal Data in accordance with the Data Protection Regulations.


6. We assume that the Personal Data You provide to us is accurate and up-to-date. If it is later found that the Personal Data You provided is inaccurate or outdated, it is Your responsibility to correct it. You are also liable for any damages caused to us and/or third parties due to the inaccuracy of the Personal Data provided.


7. In certain circumstances, You may also provide Personal Data of individuals other than Yourself. If You do so, You guarantee that You have informed them of our purpose for collecting their Personal Data and that they have consented to the disclosure of their Personal Data to us for that purpose, including all purposes set out in this Policy. You agree to indemnify and hold us harmless from any and all claims made by those individuals concerning the collection, use, and disclosure of their Personal Data to us, in accordance with this Policy.

II. PURPOSE OF COLLECTION, USE, TRANSFER, OR DISCLOSURE

1. We may collect, use, process, store, and/or disclose Personal Data for the following purposes:
   
   1. to verify Your identity in connection with the implementation of Know Your Customer (KYC) requirements as mandated by Financial Services Authority Regulation No. 8 of 2023 regarding the Implementation of Anti-Money Laundering, Counter-Terrorism Financing, and Counter-Proliferation of Weapons of Mass Destruction Programs in the Financial Services Sector, along with its implementing regulations and any amendments;
   2. for marketing our products and/or services by sending You information and marketing materials related to products and/or services (including but not limited to those of our affiliates or third parties working with us) through various communication channels, whether these products and/or services exist now or are developed in the future;
   3. to facilitate transactions (e.g., underwriting processes and payments; providing requested products and/or services), fulfill our obligations, or exercise our rights as stipulated in binding contractual terms;
   4. to provide services to You (e.g., updating You on the status of our policies, requirements, and other administrative information);
   5. to process and maintain Your membership account on our website or application;
   6. to invite You to our marketing events;
   7. to manage all aspects of the insurance product sales process, including verifying Your identity;
   8. to update bank account details and business records to follow up on outstanding payments or other financial obligations;
   9. for correspondence or notifications as may be required, based on insurance product sales documentation, contracts binding between us and You, or as requested or agreed upon by You;
   10. to prevent, detect, and investigate crimes, including fraud and money laundering, and to analyze and manage other commercial risks as well as operational management;
   11. for research and analysis aimed at reviewing, developing, managing, and improving LGI’s products and/or services;
   12. to protect and enforce contractual rights and obligations, address disputes, and conduct or facilitate investigations;
   13. for security and safety purposes related to LGI's premises or events organized by LGI, including background checks, security screenings, and access control;
   14. to respond to legal processes or fulfill regulatory obligations, including but not limited to disclosures required by laws binding upon us and/or our affiliates;
   15. to protect the legitimate interests of us and/or our affiliates, including but not limited to our operational objectives such as (i) ensuring property and premises security; (ii) data analysis; (iii) product and/or service quality assurance; (iv) audits; (v) network and IT security; and (vi) risk management;
   16. to facilitate corporate actions or potential corporate actions involving us, our affiliates, or both, such as the purchase, sale, merger, consolidation, or acquisition of a corporation or part of a corporation;
   17. to facilitate any proposed or actual business task, transfer, participation, or sub-participation, involving any of our rights and obligations and negotiations related to Your relationship with us;
   18. for other reasonable purposes related to the above matters or any information You have provided to us.
2. We may also collect, use, process, store, and/or disclose Personal Data for other purposes related to our business and in circumstances beyond those specified in this Policy, where necessary or permitted by the Data Protection Regulations.
3. We intend to use Your Personal Data for direct marketing purposes related to products and/or services offered by us, as well as by our business partners or selected third-party providers. The use of Personal Data for direct marketing of our products and/or services will be limited to marketing activities within the territory of the Republic of Indonesia.

III. TRANSFER OR DISCLOSURE OF PERSONAL DATA

     We may disclose Personal Data to the following parties, whether located within or outside Your country of residence, for the purposes specified or referred to in this Policy:

     1. our affiliates, business partners, joint venture partners, agents, contractors, third-party service providers, auditors, consultants, lawyers, and advisors;

     2. third parties to whom You have authorized the disclosure of Your Personal Data;

     3. third parties outside Indonesia, in accordance with the Data Protection Regulations;

     4. Financial Services Authority (OJK), courts, judicial bodies, law enforcement agencies, and other authorities as mandated by applicable laws and regulations;

     5. business partners or investors for the purpose of asset transfer or transactions involving LGI; and

     6. banks, credit card companies, and their respective service providers.

IV. ACCURACY

We rely on the Personal Data that You (or Your authorized representative) provide. To ensure that Your Personal Data is up-to-date, complete, and accurate, please notify us in writing of any changes to Your Personal Data.

V. SECURITY AND RETENTION

1. To protect Your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, transfer, or similar risks, we have implemented appropriate administrative, physical, and technical measures to safeguard against unwanted incidents.


2. However, You should be aware that no method of transmission over the internet or electronic storage is entirely secure, and we cannot and do not guarantee that our systems or applications are immune to security breaches. We do not warrant or represent that the use of our systems or applications is free from viruses, worms, trojan horses, or other vulnerabilities. Therefore, You hereby agree to release us from any claims, lawsuits, and/or penalties from any party arising in connection with the collection, use, or disclosure of Your Personal Data by us.


3. We retain Your Personal Data only for as long as necessary to fulfill the purposes for which it was collected and to meet our business and/or legal requirements, including audit, accounting, or regulatory reporting obligations. In some cases, we may anonymize Your Personal Data, making it no longer identifiable to You, and we reserve the right to retain and use such data without limitation.

VI. YOUR RIGHTS

1. You may access and/or correct Your Personal Data collected by us by contacting us.


2. You can terminate all collection of information by deleting the application or stopping using the service, or


3. You can contact our officer to exercise the following rights:
   1. object to the collection, use, or disclosure of Your Personal Data at any time;
   2. restrict the use of Your Personal Data;
   3. terminate processing, delete, and/or destroy Your Personal Data.
   If You withdraw Your consent for the processing of Personal Data or take the actions mentioned in point 2 of Section VI, we reserve the right to terminate the services provided to You, should the applicable laws require the processing of Personal Data to deliver those services.

VII. CHANGES TO THIS POLICY

1. We regularly review this Policy. If we make changes to this Policy, we will notify You by posting the updates on www.lgi.co.id, so You can stay informed about what data we collect and how we use it


2. If You continue to provide Personal Data to us as described in this Policy or its revisions, or if You continue to use our products and/or services, it will be deemed as Your acknowledgment and acceptance of the revised Policy. If required by the Data Protection Regulations, You will be given an option at that time regarding the use of Your Personal Data according to the revised Policy. If You disagree with the revisions, this may affect the provision of products and/or services to You.

VIII. HOW TO CONTACT US

If You have any questions or comments about this Policy or the use of Your Personal Data, or if You wish to file a complaint, please contact our officer at: Email Address:pdp@lgi.co.id.

We will investigate Your inquiries, comments, or complaints and will make reasonable efforts to respond in accordance with applicable laws and regulations.

IX. WAIVER

All parties agree to waive their respective rights and obligations under applicable laws in the event of the termination of this Policy, to the extent that such laws require any judicial declaration for the termination of this Policy.

X. GOVERNING LAW

This Policy is governed by the laws of the Republic of Indonesia. For the avoidance of doubt, all applicable data protection regulations will apply to the processing of Your Personal Data.