Privacy Notice
as of 1 October 2024
BCA Syariah Privacy Notice
Introduction
Through this Privacy Notice, PT Bank BCA Syariah ("BCA Syariah") outlines its unwavering commitment to protecting and maintaining the confidentiality of the Personal Data of all parties involved with BCA Syariah. The privacy notice, unless otherwise specified in the privacy notice distinct from the one above, applies to all features, services, and products offered by BCA Syariah, including the website (www.bcasyariah.co.id).
Definition
The following are the definitions in this Privacy Notice.
- Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Information is defined as data, facts, and explanations that can be seen, heard, and read. It can also be presented in a variety of packaging and formats in line with the advancement of information and communication technology, either electronically or non-electronically.
- Processing Personal Data includes the acquisition and collection, processing and analysis, storage, correction and updating, appearance, announcement, transfer, dissemination, or disclosure, and/or erasure or destruction.
- Personal Data Controller means any individual, public entity, and international organization that decides on the goal and maintains control over the processing of personal data independently or in cooperation with others.
- Personal Data Processor means any individual, public entity, and international organization that acts individually or jointly in processing personal data on behalf of BCA Syariah (as Personal Data Controller).
- Data Subject is an individual to whom personal data is attached. In BCA Syariah, The Data Subject is associated with BCA Syariah's consumers, employees, and parties that are affiliated with or have a relationship with the company.
Scope of Privacy Notice
BCA Syariah enforces rules regarding the procedures and policies used in the processing of personal data as the Controller and/or Processor of Personal Data.
Privacy Notice relates to the use of banking products and/or services, which are as follows:
- Banking services, including fund, financing products and banking services such as internet banking, mobile banking, and others.
- Website, social media, or other forms of communication provided or used by BCA Syariah.
- Hereafter, points 1 and 2 above will be referred to as the "Services".
Either specific and general personal data are acquired by BCA Syariah in relation to banking products and/or services.
Rights of Data Subject
The following are the rights of Data Subject.
- Data Subject has the right to obtain information about the clarity of identity, the basis of legal interest, the purpose of the request, how the personal data will be used, and who will be deemed accountable for the personal data.
- Data Subject has the right to complete, update, and/or correct any mistakes and/or inaccuracies in personal data about them in accordance with the purpose of processing personal data.
- Data Subject has the right to access and obtain a copy of personal data about them in accordance with the provisions of laws and regulations.
- Data Subject has the right to terminate the processing, deletion, and/or destruction of personal data about them in accordance with the provisions of laws and regulations.
- Data Subject has the right to withdraw the consent for BCA Syariah to process personal data about them.
- Data Subject has the right to object to decision-making actions that are based solely on automated processing, including profiling, which have legal consequences or have a significant impact on Data Subject.
- Data Subject has the right to postpone or restrict the processing of personal data proportionately in accordance with the purpose of processing the personal data.
- Data Subject has the right to refute and receive compensation for violations of processing personal data about them in accordance with the provisions of laws and regulations.
- Data Subject has the right to receive and utilize personal information about them from BCA Syariah in a format and/or structure that is compatible with widely used electronic systems.
- Data Subject has the right to use and transmit personal data about them to companies affiliated with BCA Syariah, if the system used can communicate with each other securely in accordance with the principles of Personal Data Protection.
The Rights of Data Subjects in no. 4, no. 5, no. 6, no. 7 and no. 9 above, are exempted to:
- national defense and security interests;
- the interests of the law enforcement process;
- public interest in the context of state administration;
- the interests of the supervision of the financial services sector, monetary, payment system, and financial system stability carried out in the context of state administration; or
- the importance of statistics and scientific research.
Purpose of Processing Personal Data
BCA Syariah processes personal data which are obtained or collected for the following purposes:
- The provision of BCA Syariah Banking Services includes but is not limited to the purpose of opening/closing/blocking accounts;
- verification of the suitability and/or eligibility of information and/or personal data for the use of BCA Syariah services and/or not limited to the Know Your Customer (KYC), Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) and other due diligence processes in accordance with applicable banking regulations or government regulations;
- compliance with applicable legal provisions related to the prevention of corruption, money laundering, and illegal financial transactions but not limited to Anti-Money Laundering, Prevention of Terrorism Financing, and Prevention of Financing of the Proliferation of Weapons of Mass Destruction (AML-PPT and PPPSPM);
- personalization of BCA Syariah banking products and/or services provided to customers as Data Subject;
- sending information/information and/or personal data to Halo BCA or a third party of BCA Syariah partners for the purpose of providing BCA Syariah electronic banking services, including banking transaction processes requested by customers.
- follow-up to any complaints about BCA Syariah's products and/or services;
- evaluating, developing, and/or updating features of BCA Syariah banking products and/or services;
- advertising/promotional or marketing offerings for BCA Syariah's products and/or services or other parties in collaboration with BCA Syariah as well as the implementation of loyalty programs and/or referrals to customers;
- for internal and external administrative purposes such as (i) audits, (ii) data analysis for testing, research, and/or product development, (iii) audits by the Financial Services Authority and/or Bank Indonesia and/or (iv) recordings into the BCA Syariah database.
- resolve any issues related to access to BCA Syariah banking products and/or services; and
- other purposes if permitted or required by applicable legal provisions.
BCA Syariah's Role in Personal Data Processing
BCA Syariah in processing personal data may act as a Personal Data Controller, Personal Data Processor or Joint Personal Data Controller. BCA Syariah's role in processing personal data refers to the type of cooperation agreement entered by BCA Syariah with affiliates and/or Third Parties.
How BCA Syariah Obtains and Collects Personal Data
BCA Syariah obtains and collects Personal Data through various activities, including:
-
Websites, Applications, and Forms
BCA Syariah may obtain and collect personal data from the device used by the Data Subject when accessing the website or application provided by BCA Syariah, and from the application for banking services submitted either by filling out the form, completing the application data through the website, applications owned by BCA Syariah, and other media provided by BCA Syariah or parties collaborating with BCA Syariah. -
Communication and Interaction of Data Subject with BCA Syariah
BCA Syariah may obtain and collect personal data when Data Subject communicate and interact with BCA Syariah, including when contacting BCA Syariah banking services, answering questions, providing information or feedback, or participating in promotions, contests, surveys, or conferences organized by BCA Syariah. -
Transaction Activities
BCA Syariah collects information on the transaction activities of the Data Subject and/or the authorized representative of the Data Subject to conduct transactions with or through the means provided by BCA Syariah. -
Social Media
BCA Syariah may obtain and collect personal data through BCA Syariah's social media platforms and websites used by the Data Subject or through BCA Syariah's online forums accessed by the Data Subject. -
Physical Locations
BCA Syariah may obtain and collect personal data either directly or indirectly, when the Data Subject and/or Data Subject's authorized representative visits BCA Syariah's branches, offices, and other physical locations. -
Affiliates and Third Parties
BCA Syariah may obtain and collect personal data from BCA Syariah affiliates or other parties who cooperate with BCA Syariah.
Types of Personal Data Processed
Specific Personal Data
The following are the specific Personal Data which processed by BCA Syariah:
- Biometric data that can uniquely identify individuals but not limited to facial images, fingerprints, speech recordings.
- Personal financial data but not limited to income, deposits, financing, investments, banking and financing transaction history, and Taxpayer Identification Number.
- Mobile phone number.
- Other Personal Data in accordance with the provisions of applicable laws and regulations.
Other specific Personal Data, including personal profiles that form a combination of personal data, is the choice of the Data Subject to provide to BCA Syariah in addition to data for personalization of services and/or products provided by BCA Syariah.
General Personal Data
The following are general Personal Data which processed by BCA Syariah:
- Full name.
- Residential address.
- Place and date of birth.
- Gender.
- Citizenship.
- Birth mother girl names.
- Religion.
- Work.
- Education.
- Position.
- Population Identification Number / Passport / Child Identification Card / Student Card.
- Email address.
- Work/home phone number,
- Personal Data which is combined to identify a person.
Legal Basis for Processing Personal Data
These are legal basis for processing personal data:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary for the purposes of the legitimate interests pursued by BCA Syariah.
Retention of Personal Data
BCA Syariah is committed to storing personal data used for the provision of services and/or products with secure protection to maintain the trust of Data Subject in BCA Syariah.
BCA Syariah stores personal data based on the needs and purposes of personal data processing. The personal data retention period is adjusted to BCA Syariah's data retention policy and applicable laws and regulations in the Republic of Indonesia.
BCA Syariah will stop storing personal data, deleting and destroying it in accordance with the applicable laws and regulations in the Republic of Indonesia.
Processing of Personal Data
The scope of personal data processing carried out by BCA Syariah is as follows:
- acquisition and collection;
- processing and analysis;
- storage;
- repairs and updates;
- appearance, announcement, transfer, dissemination or disclosure; and/or
- removal or destruction.
The processing of personal data carried out by BCA Syariah meets several principles, including:
- The collection of personal data is carried out in a limited and specific manner, legally valid, and transparent;
- the processing of personal data is carried out in accordance with the purpose;
- the processing of personal data is carried out by guaranteeing the rights of Data Subject;
- The processing of personal data is carried out accurately, completely, not misleading, up-to-date, and accountable
- The processing of personal data is carried out by protecting the security of personal data from unauthorized access, unauthorized alteration, misuse, destruction and/or unauthorized disclosure, unauthorized alteration, loss of personal data
- The processing of personal data is carried out responsibly and can be clearly proven.
Access to Personal Data
Data Subject may request access to personal data from BCA Syariah. In fulfilling the request for access to personal data, BCA Syariah may refuse if the requested personal data meets the following conditions:
- Compromise the security or physical or mental health of the Data Subject and/or any other person.
- Impact on the disclosure of personal data belonging to others.
- Contrary to national defense and security interests.
Further information can be requested directly to BCA Syariah through the available communication channels.
Correction and Updating of Personal Data
BCA Syariah may correct, complete and/or update the Personal Data managed, by visiting the nearest Branch Office, or contacting BCA Syariah through the available channels.
BCA Syariah urges Data Subjects to play an active role in ensuring the accuracy, completeness, validity and accuracy of Personal Data by Data Subject. All consequences arising from the mistakes of the Data Subject in terms of the truthfulness, completeness, validity and accuracy of personal data shall be borne by the Data Subject.
BCA Syariah will correct, complete and/or update the Personal Data within a period of 3 x 24 (three times twenty-four) hours from the date BCA Syariah receives the request for update/correction of the data submitted by Data Subject.
Erasure and Destruction of Personal Data
Requests for deletion and/or destruction of Personal Data can be made by the Personal Data Subject, except in the following cases:
- If the Personal Data Subject is still using BCA Syariah services and/or products or becoming a partner of BCA Syariah for the required period.
- To fulfill legal obligations, and applicable laws and regulations.
- Personal Data is still in the retention period based on applicable laws and regulations.
Personal Data Security
As a company engaged in banking, BCA Syariah's top priority is to maintain the security and confidentiality of personal data belonging to Personal Data Subjects. BCA Syariah is committed to providing the best protection and security to maintain the trust of Data Subject and the public.
BCA Syariah has specific internal policies and procedures regarding information security. BCA Syariah also has certifications related to information security management systems and ensures that the practices carried out are in accordance with current technological developments.
If illegal access and activities are found to be used for personal data beyond BCA Syariah's control, BCA Syariah will immediately notify the Personal Data Subject to reduce the risk arising from the incident.
BCA Syariah urges Data Subject to always maintain the confidentiality of their Personal Data information, including but not limited to securing usernames, passwords, mobile phone numbers, access codes, emails, OTP codes from anyone and be responsible for the security of devices used by Data Subject.
Withdrawal of Consent
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Data Subject may withdraw their consent, so they will not receive advertising, or other activities related to the processing of personal data for commercial purposes through communication channels designated by BCA Syariah, or through other mechanisms established by BCA Syariah.
Acknowledgment and Consent
This Privacy Notice may be amended and/or updated as required by BCA Syariah. Data Subject should read carefully and check this page periodically for changes to this notice.
Contact Us
If Data Subject has any questions related to this Privacy Notice, has a complaint related to BCA Syariah services in relation to the handling of legal disputes on Personal Data Protection, please contact us through the following communication channels:
- By Email
BCA Syariah's Personal Data Protection Officer can be contacted via email to: dpo_pdp@bcasyariah.co.id with the subject "Data Privacy Question". - Come to the Nearest Branch
Data Subject able to visit the nearest branch of BCA Syariah to obtain further information regarding the processing of Personal Data carried out by BCA Syariah.
The trust of customers and the public in BCA Syariah is the main thing and BCA Syariah is committed to maintaining the privacy and security of personal data.
Reference
- Law of the Republic of Indonesia Number 1 of 2024 concerning the Second Amendment to Law Number 11 of 2008 concerning Information and Electronic Transactions
- Law of the Republic of Indonesia Number 4 of 2023 concerning the Development and Strengthening of the Financial Sector
- Financial Services Authority Regulation (POJK) Number 22 of 2023 concerning Consumer and Community Protection in the Financial Services Sector
- Law of the Republic of Indonesia Number 27 of 2022 concerning Personal Data Protection.
- Government Regulation Number 71 of 2019 concerning the Implementation of Electronic Systems and Transactions
- Law of the Republic of Indonesia Number 19 of 2016 concerning Amendments to Law No. 11 of 2008 concerning Information and Electronic Transactions
- Law of the Republic of Indonesia Number 11 of 2008 concerning Information and Electronic Transactions
- Law of the Republic of Indonesia Number 21 of 2008 concerning Sharia Banking