Last Modified: March 1, 2026 10:16:04 UTC+7 (Jakarta/Bangkok)
GDPR Policy
Effective Date: March 1, 2026 06:44:26
This GDPR Policy sets out YPYM Company's commitment to the standards of the General Data Protection Regulation (EU) 2016/679 ("GDPR"). As a company incorporated in Indonesia, YPYM is not currently subject to GDPR as a primary legal obligation. However, we voluntarily adopt GDPR-equivalent standards as part of our global privacy framework, and commit to full GDPR compliance whenever our activities fall within its territorial scope - including when serving clients or individuals in the EEA, United Kingdom, or Switzerland. This policy supplements our main Privacy Policy.
1. Scope of This Policy
This policy applies when:
- We offer goods or services to individuals in the EEA/UK/Switzerland
- We monitor the behavior of individuals in the EEA/UK/Switzerland
- We process personal data on behalf of an EEA/UK/Swiss-based controller
2. Data Controller Information
YPYM Company
PT ADI TJANDRA TEKNOLOGI · NIB: 1003260083966
Indonesia Stock Exchange Tower 1 Level 3, Unit 304, Jl. Jendral Sudirman Kav. 52-53, Senayan, Kebayoran Baru
Jakarta, Indonesia, 12190
Email: [email protected]
3. Legal Basis for Processing (Article 6)
We process personal data only when we have a valid legal basis under GDPR Article 6:
| Legal Basis | When We Use It |
|---|---|
| Consent (Art. 6(1)(a)) | Marketing emails, non-essential cookies, newsletter subscriptions |
| Contract (Art. 6(1)(b)) | Providing services you've requested, processing orders, account management |
| Legal Obligation (Art. 6(1)(c)) | Tax reporting, regulatory compliance, fraud prevention |
| Legitimate Interest (Art. 6(1)(f)) | Analytics, security monitoring, service improvements, direct marketing to existing customers |
4. Your Rights as a Data Subject
Under GDPR, you have the following rights regarding your personal data:
| Right | GDPR Article | Description |
|---|---|---|
| Access | Art. 15 | Obtain a copy of your personal data and information about how it is processed |
| Rectification | Art. 16 | Correct inaccurate or incomplete personal data |
| Erasure | Art. 17 | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Art. 18 | Limit how we process your data in certain circumstances |
| Portability | Art. 20 | Receive your data in a structured, machine-readable format |
| Objection | Art. 21 | Object to processing based on legitimate interests or direct marketing |
| Automated Decisions | Art. 22 | Not be subject to solely automated decision-making with legal effects |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.
5. International Data Transfers
As we are based in Indonesia, personal data of EEA/UK residents may be transferred to countries outside the EEA/UK. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where available
- Binding Corporate Rules for intra-group transfers
- Your explicit consent where other mechanisms are unavailable
6. Data Protection Contact
Under GDPR Article 37, a formal Data Protection Officer (DPO) designation is mandatory only for public authorities, organisations conducting large-scale systematic monitoring of individuals, or those processing special categories of personal data at scale. YPYM Company does not currently meet any of these thresholds and has therefore not formally designated a DPO.
All data protection and GDPR-related enquiries - including requests to exercise data subject rights - are handled by our dedicated data protection contact. We commit to responding within 30 days, consistent with GDPR timelines, as part of our readiness posture.
YPYM Company (PT ADI TJANDRA TEKNOLOGI)
NIB: 1003260083966
Email: [email protected]
Address: Indonesia Stock Exchange Tower 1 Level 3, Unit 304, Jl. Jendral Sudirman Kav. 52-53, Senayan, Kebayoran Baru, Jakarta, Indonesia, 12190
7. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Art. 33)
- If the breach is likely to result in high risk to your rights, we will notify you directly without undue delay (Art. 34)
- We maintain a breach register documenting all incidents, their effects, and remedial actions taken
8. Right to Lodge a Complaint
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. We encourage you to contact us first at [email protected] so we may attempt to resolve your concern.
9. Contact Us
For GDPR-related inquiries or to exercise your data subject rights:
YPYM Company
PT ADI TJANDRA TEKNOLOGI · NIB: 1003260083966
Email: [email protected]
Address: Indonesia Stock Exchange Tower 1 Level 3, Unit 304, Jl. Jendral Sudirman Kav. 52-53, Senayan, Kebayoran Baru, Jakarta, Indonesia, 12190