Last modified 21 October 2021

We at Goodpass are committed to protecting your privacy. This Privacy Policy applies to information and data collected by members and Goodpass as controllers, including information collected on our Website (www.Goodpass.id) or via other channels as described below. This Privacy Notice explains how we collect, receive, use, store, share, transfer and process your personal information. It also describes your choices regarding use, as well as your rights to access and correct your personal information. If you do not agree with the data practices described in this Privacy Policy, you must not use the Website.

We periodically update this Privacy Policy. We will post any privacy policy changes on this page and, if the changes are material, we will provide a more prominent notice by sending you an email notification, or if you subscribe to the Subscription Service, through the Notification in your Goodpass App.

While we will notify you of any material changes to this Privacy Policy prior to the changes becoming effective, we encourage you to review this Privacy Policy periodically. We will also keep prior versions of this Privacy Policy in an archive for your review. Your joining into Goodpass means that you accept any new or modified terms and conditions.

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please write to us by mail to [email protected] or mail to Perum Purwomartani Baru Blok 2 No 37 RT 09 RW 03 Sub-district Purwomartani, District Kalasan, Sleman, Yogyakarta.

Table of Content;

1. Important Information
2. What Information We Collect About You
3. How We Use Information We Collect
4. How We Share Information We Collect
5. How We Transfer Information We Collect Internationally
6. How to Access & Control Your Personal Data
7. Data Protection Officer

1. Important Information

   Controller

   Goodpass.References to the terms “we”, “us” and “our” in this Privacy Policy are to Goodpass.

   Digital Venture International is a limited liability company established in Indonesia with a registration number {+62 XXX} as (“Goodpass”, “Goodpass & App”, “Goodpass Community”). Community-based credit report services and controllers of your personal data are responsible for, based on, the use and any disclosures that can be made regarding your personal data.

   Goodpass.References to the terms “we”, “us” and “our” in this Privacy Policy are to Goodpass.

   Definitions

   1. (“Agreement”) or (“Community TOU”) means these Goodpass, Terms of Use and all materials referred to or linked to here.
   2. (“Community”) means other members of the Goodpass, including yourself.
   3. (“Community Content”) means all content, including without limitation, language, data, information, and images, provided through or disclosed by the use of the Goodpass, whether by us, our customers or other members by the communities. Community Content, does not include Your Content.
   4. (“Sensitive Information”) means debit or credit card number, personal financial information, national identity or passports documents, driver license, bank account numbers, financial or health information, fraud report, loan report, including any information subject to regulations, laws, or industry standards designed to protect data privacy and security.
   5. (“Third Party Sites”) Means any third party services or websites linked from within or accessed through Goodpass App
   6. (“You” or “Your”) means the person or entity using Goodpass
   7. (“Your Content”) means all content, including without limitation, language, data, information, and images, provided through or disclosed by the use of the Goodpass, provided by You.
   8. (“We, Us, Our, Goodpass, Goodpass App, Goodpass Score or Goodpass”) means Goodpass App which is owned by PT Digital Venture International, a company registered in and under the law of Indonesia.
   9. (“Reporter or Lender”) is the person or entity, submitting a report about loan commitment, fraud or other report, whether the file is provided by Your Content, or a Community Content.
   10. (“Reportee or Borrower”) is the person or entity being reported by Your or by the Community.

   Purpose of this Privacy Policy

   It is important that you read this Privacy Policy together with any other privacy policy update or fair processing notice that we may provide on specific occasions when we are collecting or processing personal data about you.

2. What Information We Collect About You

   Our Use of the Report Service

   We use our own Report Service to build a system that people can visit and use within Goodpass. The information that we collect and manage using community generated Report Services to provide information as supporting data provided by our own members, is ours and the community that contains and is used, disclosed and protected in accordance with the terms and this Privacy Policy.

   When You Visit or Use Our Services

   You are free to browse our system (Apps & Website) by providing any Personal Information about yourself regarding community assessments and data collection. When you visit our system (Apps & Website) or register for a Service, we ask you to provide Personal Information about yourself, and we collect Information related to Goodpass’s purposes.

   Personal Information

   We collect personal information from you when you submit forms or interact with our System, for example, filing a loan report, fraud report or any other Reports, about you and the communities. We also collect personal information when you register for a Goodpass account

   “Personal Information” refers to any information that identifies you personally, including contact information, such as your name, National identification number, Passport, email address, company name, company address, telephone number and other information about yourself or your business.

   It may also refer to other individuals, to whom you file a report (about loan or other report), which has been regulated on our Terms of Use.

   Personal Information may also include information about any transaction, free or paid, that you enter on our System, and information about you available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or information we collect from the service provider.

   Personal Information includes Navigation Information or Payment Information where such information can directly or indirectly identify a person.

   Navigation information refers to information about your computer and your visits to the Website such as your IP address, geographic location, browser type, referral source, length of visit and pages viewed. Please see the “Use of Navigation Information” section below.

   Payment information includes information that we collect and process from you when you subscribe to a Subscription Service, including credit card number and billing information, using a third party PCI compliant service provider. Except for this, we do not collect any other Sensitive Information from you.

   Information Collected
   

   We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal data from consumers within the last twelve (12) month;

   Category	Explanation	Collected
   Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, National Identification number, driver’s license number, passport number, or other similar identifiers.	YES
   Financial Information	Bank account number, bank account balance, bank account statements, loan, mortgage, bonds and other monetary commitments	YES
   Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
   Biometric Information	Physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. We collect copies of photo identification for authentication purposes and record customer service phone calls for quality assurance purposes. We also collect biometric information through an identity-verification product, as explained in our Notice of Collection, Storage, Use, and Destruction of Biometric Information.	YES
   Internet or other similar activity	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
   Geolocation data	Physical location or movements.	YES
   Professional or employment-related data	Audio, electronic, visual, thermal, olfactory, or similar information.	YES
   Sensory Data	Current or past job history or performance evaluations.	YES
   Non-public education information	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	YES
   Inferences drawn from other personal information	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES

    Sharing your Personal Information
   

   In the preceding 12 months, we have disclosed the following categories of information for the business purposes described above:

   • Identifiers
   • Commercial Information
   • Internet or other similar activity
   • Geolocation data
   • Professional or employment-related data
   • Non-public education information
   • Inferences drawn from other personal information

   We disclose these categories of personal information for business purposes to the following categories of third parties:

   • Our affiliates
   • Our partners
   • Third parties to whom you or your agents authorize us to disclose your personal information in connection with the products or services we provide to you

    Selling your Personal Information

   In the preceding 12 months, we have sold the below categories of information for the commercial purposes described above.

   • Identifiers
   • Personal information categories listed in the Indonesia Customer Records statute
   • Protected classification characteristics under Indonesian.
   • Commercial Information
   • Internet or other similar activity
   • Geolocation data
   • Professional or employment-related data
   • Non-public education information
   • Inferences drawn from other personal information

   We sell these categories of personal information for commercial purposes to the following categories of third parties:

   • Employers
   • Financial Institutions
   • Consumer credit customers
   • Fraud detection providers
   • Creditors/collection agencies
   • Business customers, including but not limited to advertising networks, internet service providers, data analytics providers, operating systems and platforms, social networks, and consumer data resellers.
   • Government agencies and contractors

3. How We Share The Information We Collect

    Business Purposes
   

   We may use or disclose the personal data we collect for one or more of the following business purposes:

   • Provide, improve, and develop our products and services, which includes updating, securing, and troubleshooting, as well as providing support.
   • Personalize our products and services and make recommendations.
   • Advertise and market products and services to you from both affiliated and non-affiliated entities.
   • To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal data in order to process dispute information in your consumer report, we may use the information to update your consumer report.
   • To provide you with email or SMS alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
   • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
   • To improve our system and present its contents to you.
   • For testing, research, analysis and product development.
   • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
   • For authentication purposes when you access our products or services and to help you recover forgotten passwords.

     Sharing Personal Data

     We sometimes share personal data with third parties to carry out the above business purposes, including our affiliates and service providers. We may also share your personal data with third parties to whom you consent to us disclosing your personal data. Prior to sharing personal data with third parties, we enter into a contract that describes the purpose and requires the third party to both keep that personal data confidential and secure and not use it for any purpose except performing the contract.

     We also share personal data for the following reasons:

     Disclosure for legal reasons or as necessary to protect Goodpass, its affiliates and others.  We may release personal data to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena, court order, or other legal process; (2) in special cases, such as a physical threat to you or others, a threat to homeland security, a threat to our system or network; or (3) cases in which we believe it is reasonably necessary to investigate or prevent harm, fraud, abuse, or illegal conduct.

     Changes in our corporate structure.  If all or part of our company is sold or merged, if we make a sale or transfer of assets, or in the unlikely event of a bankruptcy, we may transfer your information, including your personal data, to one or more third parties as part of that transaction.

     We do not share personal data collected through mobile phones for authentication purposes with third-party affiliates for marketing purposes.

     Commercial Purposes

     We use and sell personal data to nonaffiliated third parties for the following commercial purposes:

     Consumer Credit Reporting.

     Some of our affiliates collect, use, and sell personal data when acting as a consumer reporting agency, as this activity is regulated under OJK (Indonesian Financial Service Authority). Acting as a consumer reporting agency, these affiliates collect personal data about your creditworthiness, credit standing, credit capacity and mode of living from a variety of data furnishers, share this information with credit providers and other entities when they make decisions to extend credit or enter into transactions with you, assist lenders and other creditors with their portfolio management, and use and/or disclose personal data for other permissible purposes under the OJK regulation, including, but not limited to, insurance underwriting, government benefits, and employment verification, and other uses at the consent of the consumer.

     Commercial Credit Reporting.

     We collect, use, and sell personal data as part of our commercial credit reporting services. These services permit our customers to make informed decisions regarding providing credit to or investing in businesses. Commercial credit reports may contain the names and other personal data of owners, principals, guarantors, or agents of the businesses.

     Workforce Solutions.

     We collect, use, and sell personal data as part of the Workforce Solutions that we provide to our employer customers. These services enable our customers to provide services and benefits to their employees, and to help manage their workforce in compliance with laws and regulations.

     Fraud Detection and Identity Management.

     We collect, use, and sell personal data as a part of our fraud detection, identity verification, and identity resolution services. These services help us and our customers prevent security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity, as well as more accurately manage the account information of their customers.

     Regulatory Compliance.

     We collect, use, and sell personal data as part of our regulatory compliance products, which help customers comply with local laws and regulations in Indonesia.

     Debt Recovery.

     We collect, use, and sell personal data as part of our debt recovery products. These products help our customers locate consumers for the purposes of collecting debts owed by the consumer.

4. How We Share Information We Collet 

   Service providers

   We employ other third party service providers to provide services on our behalf to visitors to our Website and customers and users of our Subscription Services and may need to share your information with them in order to provide information, products or services to you. We may also share data with third parties but only if the data has been unidentified in such a way that it cannot be used to identify you. Examples may include removing repetitive information from your prospect list, analyzing data or performing statistical analysis about your use of the Subscription Services or interactions on our Website, providing assistance in loading data about other people’s information against obligations that have not been adjusted to complement the information you provide. to us to provide you with better service, develop and improve products and services, and provide customer service or support. These service providers are prohibited from using your Personal Information except for this purpose, and they are required to keep your information confidential. In all cases where we share our information about you, we explicitly ask these agents to acknowledge and comply with our privacy and data protection policies and standards.

5.  

6. Goodpass Partners

   In addition, we may share data with trusted partners to contact you based on your requests to receive such communications, help us perform statistical analysis, or provide customer support. These third parties are prohibited from using your Personal Information except for this purpose, and they are required to keep your information confidential.

   We partner with trusted third parties to provide you with the necessary data covering Goodpass needs we think may be relevant to you. When you engage with these co-marketing partners, we will tell you who we share data with, and provide a link to the privacy policy of that co-marketing partner so you can learn more about how to opt out of those partner communications. These co-marketing partners are required to comply with our privacy and data protection policies. For more information on our co-marketing program, see this page. If you do not want us to share your personal information with these companies, please contact us here.

   Company Events

   If we (or our assets) are acquired by another company, whether through a merger, acquisition, bankruptcy or otherwise, that company will receive all information collected by Goodpass on the Website and Subscription Services. In this event, you will be notified via email and / or important notifications on our website, of any changes in ownership, use of your Personal Information, and choices you may have regarding your Personal Information.

   Forced Disclosure

   We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with the law, the courts. order, or legal process.

7. How We transfer The Data We Collect
   

   Transfer of Data to third parties

   Some of the third parties described in this privacy policy, which provide services to us under contract, based on privacy laws and data protection with the Republic of Indonesia. When we share customer information in Indonesia we use a variety of legal mechanisms to protect transfers, including standard contractual data protection clauses approved by the Parties, or other legal mechanisms that comply with applicable legal provisions. As for making transfers outside Indonesia, we use standard contract clauses. Please contact us if you need further information about the legal mechanisms we rely on to transfer Personal Information between Parties and Abroad.

   Privacy Protection Notice

   Goodpass is responsible for the processing of personal data that it receives under each Privacy Protection Framework and is then transferred to a third party who acts as a Service Provider to fill out forms or other conditions. Goodpass adheres to the Privacy Protection Principles for all subsequent personal data transfers of each Party.

   With respect to personal data received or transferred in accordance with the Privacy Protection Framework, Goodpass is subject to the regulatory enforcement authority of the Financial Services Authority and the Ministry of Communication. In certain situations, Goodpass may be asked to disclose personal data in response to legitimate requests by public authorities, including to meet national security or law enforcement requirements.

   You can direct any questions or complaints related [email protected]. If you have unresolved privacy or data usage issues that we haven’t addressed satisfactorily.

8. How to Acces & Control your Personal Data
   

   Reviewing, Correcting and Deleting Your Personal Information

   You have the following data protection rights:

   You have a right to request Goodpass to provide you with the following information, preceding the date your request is submitted.

   • The categories and specific pieces of personal information collected about you
   • The categories of sources of the personal information collected about you
   • The business or commercial purposes for collecting or selling your personal information
   • The categories of third parties to whom we sold your personal information         
   • The categories of third parties to whom we disclosed your personal information for a business purpose

   You have the right to request Goodpass to delete the personal information collected from you, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

   We may deny your deletion request if retaining the information is necessary for us or our service providers to:

   • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
   • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
   • Debug products to identify and repair errors that impair existing intended functionality.
   • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
   • Comply with the Indonesian Electronic Communications Privacy Act (Future).
   • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
   • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
   • Comply with a legal obligation.

   To exercise these rights, please contact us here [email protected] Attention: Privacy. We will respond to your requests to change, correct or delete your information within a reasonable timeframe and notify you of the actions we have taken.

   If you wish to access or request a change of your data with one of our Inquiry Services, please contact the Reporter directly. Goodpass acts as a processor for our Reporter and will work with our reporter to fulfill these requests where

   applicable.

   To Unsubscribe from Our Communications

   You can unsubscribe from communications with our Goodpass App & Scorre by clicking the “unsubscribe” link located at the bottom of our email, updating your communication preferences, or by contacting us here or (Goodpass email), Attention: Customers cannot choose not to receive transactional email related to their accounts with us or third-party services 

9. Data Protection Officer

   If you have any questions about this Privacy Policy or our privacy practices please contact us [email protected] or by mail at: