PERSONAL DATA PROTECTION POLICY

1. INTRODUCTION

1.1 We at Assegaf Hamzah & Partners (“AHP,” “we”, “us” or “our”) take our responsibilities under the applicable personal data protection laws and regulations in Indonesia (collectively, the “PDP Regulations”) seriously.

1.2 This Personal Data Protection Policy (“Policy”) is designed to assist you in understanding how we process the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data. All terms used in this Policy have the meaning ascribed to it under the PDP Regulations unless otherwise defined below.

1.3 The processing of your personal data by us may be a requirement or optional in nature depending on the Purposes (defined below) for which your personal data is processed. Where we request you to provide us with your personal data, and if you fail or choose not to provide us with such data, or do not consent to this Policy, we will not be able to provide our services or otherwise deal with you, at all.

1.4 The terms of this Policy are to be read together with our standard terms of engagement, all of which apply to you should you engage us.

 

2. PURPOSES FOR PROCESSING OF PERSONAL DATA

2.1 The personal data which we collect from you may be processed for various purposes, depending on the circumstances, including:

  1. providing legal service to you;

  2. facilitating payment for our services;

  3. maintaining and updating internal record keeping, files and contact lists;

  4. operating and maintaining our time billing and billing databases;

  5. complying with or meeting any legal or regulatory requirements relating to provisions of our services, or by order of any court of competent jurisdiction or any competent judicial, governmental, regulatory or supervisory body; or

  6. conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities in order to enhance your relationship with us or for your benefit, or to improve any of our services for your benefit;

  7. storing, hosting, backing-up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Indonesia;

  8. responding to complaints, queries and/or requests;

  9. sending you information about any administrative changes, updates and/or amendments to our policies, terms and conditions;

  10. sending your personal data as potential referees to editors/researchers in legal ranking publications and potential clients who request for referees of past work in our credential statements, tenders and submissions;

  11. sending you seasonal greeting messages, newsletters, articles, write-ups, updates on Indonesian law from time to time;
  12. sending you invitations to join our and/or our associate and affiliate offices’ events, conferences, talks and seminar and organizing and facilitating your participation in such events or other marketing/promotional activities organized by us or associate and affiliate offices; and/or

  13. any other purposes which we notify you of at the time of obtaining your consent,

(collectively, the “Purposes”).

[MIS Note: Have the list of purposes above reflected everything?]

As the purposes for which we may/will process your personal data depend on the circumstances at hand, such purposes may not yet appear above. We will notify you of [the possibility] for such other purpose(s) at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDP Regulations or by law.

2.2 In order to conduct our business operations and legal practice, we may also disclose the personal data you have provided to us to our third-party service providers, agents and/or our affiliates whether situated in or outside Indonesia, for one or more of the Purposes. Such third-party service providers, agents and/or affiliates would be processing your personal data either on our behalf or otherwise, for one or more of the Purposes.

 

3. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

3.1 As a general practice, we will first seek your consent to do so. However, we may disclose your personal data to third parties, an inexhaustive list of which is reproduced below, for one or more of the Purposes:

  • our associate and affiliate offices within the Rajah & Tann Asia network;

  • your immediate family members and/or emergency contact person as may be notified to us from time to time;

  • any person which we have engaged to discharge our obligations to you including our auditors, consultants, accountants, insurers, lawyers, or other financial or professional advisers;

  • any party in relation to legal proceedings or prospective legal proceedings;

  • data centres and/or servers, storage facility and records management providers located within or outside Indonesia for data storage purposes;

  • Government agencies, law enforcement agencies, courts, tribunals, regulatory/professional bodies, industry regulators, offices or municipality in any jurisdiction, if required or authorised to do so, to satisfy any applicable law, regulation, order or judgment of a court or tribunal or queries from such authorities;

  • counterparties or their professional advisers, agents and representatives in connection with the provision of our services to you;

  • the general public when you participate in our events, conferences, talks and seminars by publishing your name, photographs and other personal data without compensation for advertising and publicity purposes;

  • any third party (and its advisers or representatives) in connection with any proposed or actual reorganization, merger, sale, consolidation, acquisition, joint venture, assignment, transfer, funding exercise or asset sale relating to any portion of Assegaf Hamzah & Partners or the Rajah & Tann Asia network; and/or

  • any other person reasonably requiring such data in order for us to operate and maintain our business operations and legal practice, and to carry out the activities set out in the Purposes or as instructed by you.

4. ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA

4.1 We will take reasonable efforts to ensure that your personal data is accurate and complete. However, this means that you must provide accurate and complete information to us and update us of any changes in your personal data that you had us with. We will not be responsible for inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data that you had initially provided to us.

4.2 We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. However, we cannot and do not assume responsibility for any unauthorized use of your personal data by third parties which are attributable to factors beyond our reasonable control.

4.3 We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that: (i) the purpose for which that personal data was collected is no longer being met by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes. Our information technology storage facilities and servers may be located in other jurisdictions outside of Indonesia. This may include, but not limited to, instances where your personal data may be stored on servers located outside Indonesia. In addition, your personal data may be disclosed or transferred to entities located outside Indonesia. Please note that these foreign entities may be established in countries that might not offer a level of data protection that is equivalent to that required under the laws of Indonesia. Accordingly, by engaging us, you expressly consent to us transferring your personal data outside of Indonesia for such purposes. We shall endeavour to ensure that reasonable steps are taken to procure that all such third parties outside of Indonesia shall not use your personal data other than for that part of the Purposes and to adequately protect the confidentiality and privacy of your personal data.

 

5. PERSONAL DATA FROM MINORS AND OTHER INDIVIDUALS

5.1 To the extent that you have provided (or will provide) personal data about your family members, spouse, other dependents and/or other individuals, you confirm that you have explained to them that their personal data will be provided to, and processed by, us and you represent and warrant that you have obtained their consent to the processing (including disclosure and transfer) of their personal data in accordance with this Policy.

5.2 In respect of minors (i.e. individuals under 21 years of age) or individuals not legally competent to give consent, you confirm that they have appointed you to act for them, and to consent on their behalf to the processing of their personal with this Policy.

 

6. CONTACT & COMPLAINT PROCESS

6.1 If you have any queries on this Policy; wish to withdraw your consent in respect of any of the approvals set out in this Policy; would like to exercise your statutory rights under the PDP Regulations; or if you have any complaints or grievance regarding how we handle your personal data or our compliance with the PDP Regulation, please contact us at:

E-mail : dpo@ahp.id

Office address : Capital Place, Level 36 & 37
        Jalan Jenderal Gatot Subroto Kav. 18
        Jakarta 12710, Indonesia

Attention: Data Protection Officer

 

7. UPDATES ON THIS POLICY

As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time. This Policy may therefore be amended from time to time. Any amendment to this Policy will be posted on our website and can be viewed at https://www.ahp.id/privacy. You are encouraged to visit our website from time to time to ensure that you are aware of our latest policies in relation to personal data.

Last Updated on 26 February 2019