Privacy Notice

Personal Data means information or data, whether true or not, about an individual who can be identified through the data, or other data and information that the organization has or may have access to. We will collect User's Personal Data when User registers on Our Site or uses Our Services.

1. Collection of Personal Data
   The Personal Data We will collect from Users includes, but is not limited to:
   1. General information, such as name, gender, e-mail address, telephone number, nationality, and User Identification (User ID).
   2. If you are a Business Entity, additional information will be required, such as the registered business or company name provided by the User, as well as the National Identity Card (KTP) of the Director or the owner’s KTP (for non-business entities).
   3. Information regarding payment transactions through online services, including but not limited to bank account data, credit card information, instant payment, internet banking, electronic wallet (e-wallet), and the transaction amount processed on our Site, once the User is successfully connected to our system.
   4. Information about where the User is located, as an approximate location.
2. Collection of Personal Data once You use our application or visit Our Site
   1. Once You use the application or visit our website, we may collect Your personal data such as your name, office address or geographic location, email address, phone number, User Identification (User ID), location, identification number (KTP), online transaction payment information, photos, and videos.
   2. Once You use the application or visit Our Site, We may collect certain technical data relating to Your use such as, Personal Data, internet protocol (IP) address, activities on Our Site page, duration of each visit / session, internet device identity or media access control address, and information about the manufacturer, model, and operating system of the device You use to access Our Apps or Site.
   3. When You use the Apps or visit Our Site, certain information can also be collected automatically using Cookies. A "cookie" is a small text file that is placed onto an Internet user’s web browser or device and is used to remember as well as obtain information about that party. You might be assigned a cookie when visiting Our Site or when using Our Apps. In some instances, where permitted under the applicable law, cookies may also be used for the purposes of certain email campaigns.
      
      What types of cookies we use and how we use them are as follows:
      
      Functional Cookie – these Cookie support the use of the Site and Apps and enable certain features to enhance Your experience. For example, We use Functional Cookie to facilitate Your booking and to remember Your selections as You move from page to page. We also use Functional Cookie for remembering things like your sign-in information and Bobobox Pods preferences to avoid You having to re-enter it.
      
      Performance Cookie – these Cookies collect information needed to support the Site and Our Apps and allow Us to improve Our Site and identify any problems that You faced while visiting Us. For example, Performance Cookies may provide Us with information about how You came to Our Site and how You navigated around Our Site during Your visit. We also use these cookie to provide Us with certain statistical and analytics information, such as how many visitors came to our Site or how effective Our advertising is.
      
      Targeting Cookie – these cookie are used to collect information from You to help Us to improve Our products and services as well as serve You with targeted advertisements that We believe will be relevant for You. We use Targeting Cookie across Our Site and Apps for various marketing initiatives and campaigns.
      
      Third-party cookies: We use a number of third-party service providers to help Us manage, carry out and improve Our advertising. These parties may set Cookie at Our direction to help Us collect information and provide You with advertisements that We believe would be relevant for You. In some instancies these third parties may also assist Us by providing certain statistical and analytics information in relation to Our marketing practices. We also may share information collected through Cookie (and other tracking technologies) with third parties to use for their own analytics and marketing purposes.
      
   4. Managing cookies: You can choose to visit our website without cookies, but in some cases certain services, features, and functionality may not be available. To visit without cookies, you can configure your browser to reject all cookies or notify you when a cookie is set. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
3. Collection of Personal Data each time you agree to make a Carbon donation:
   1. Whenever You agree to make a Carbon donation, We may collect Your Personal Data such as Your full name;
   2. Your Personal Data in the form of name will be sent to the Third Party (Carbon Credit provider) to be written a Carbon Certificate to You.

We may use Personal Data collected for the following purposes as well as for other purposes permitted by applicable law ("Purpose"):

1. to communicate and transmit information in connection with transactions conducted using our services;
2. to identify Users and to administer and/or verify your account in connection with your account registration process and account management;
3. to perform data validation and verification prior to completing transactions conducted by You;
4. for transaction and/or payment service purposes, to monitor the validity of transactions made within Your account;
5. to collect Your actual location information in connection with bidding at the relevant location. In addition, your location can be estimated from your IP address and GPS.
6. to improve the quality of our services; and
7. for marketing activities;
8. to resolve disputes and address any issues that may arise; and
9. to enable us to comply with all obligations under applicable laws and regulations (but not limited to responding to requests, investigations, or regulatory directives) and conduct audits, due diligence, and investigations.

We process Your Personal Data based on the following legal basis, in accordance with applicable laws and regulations:

1. Consent
   We will process Your Personal Data upon obtaining Your valid consent when You access Our Site and/or place an order for Our services.
2. Fullfillment of Contractual Obligations
   Processing of Personal Data may be necessary to fulfill Our obligations under an agreement or contract that You have entered into with Us. This includes, but is not limited to, processing required to provide services that You have requested.
3. Legal Obligations
   We may process Your Personal Data as necessary to comply with applicable legal obligations, government authorities, regulatory bodies, including laws and regulations related to data protection, taxation, or other legal compliance.
4. Emergency/Vital Interests
   In emergency situations that threaten an individual's life or health, We may process Your Personal Data without consent to protect those vital interests.
5. Legitimate Interests
   We may process Your Personal Data based on legitimate interests pursued by Us or a third party, provided that such interests do not override Your fundamental rights and freedoms. These interests may include service improvements, product development, or fraud investigation.

Your Personal Information will only be kept as long as is necessary to fulfill the purpose of its collection, or as long as such storage is required or permitted by applicable laws and regulations. We will stop storing Personal Information, or remove the intent of associating that Personal Information with You, as soon as it is deemed that the purpose for the collection of Personal Information is no longer needed for business or legal purposes.

We will take reasonable steps to protect Your Personal Data from unauthorized access, unauthorized use, unauthorized disclosure, and other forms of unlawful processing. Our security measures include encryption, strict access controls, and timely data deletion policies.

Please note that certain aspects of your Personal Data may still be retained or controlled by other parties, including government institutions, in specific ways. In cases where We share Your Personal Data with authorized government institutions and/or other institutions appointed by the relevant authorities or cooperating with Us, You acknowledge and agree that the storage of Your Personal Data by these institutions will adhere to each institution’s respective data retention policies.

As a data subject, You have the following rights in relation to Your Personal Data:

1. Right to Information
   You have the right to obtain clear and transparent information regarding the collection, use, processing, and storage of your Personal Data, including the purposes of data collection, third parties who receive the data, and the data protection policies implemented by the Data Controller.
2. Right to Access Data
   You have the right to request access to your Personal Data that We manage, to be provided no later than 3 x 24 hours (three times twenty-four hours) from the time We or the Data Controller receives the access request.
3. Right to Rectify Data
   You have the right to request the correction or updating of Personal Data that is inaccurate, incomplete, or no longer accurate.
4. Right to Erasure Data
   As further explained in the section “Personal Data Storage,” You have the right to request the deletion of your Personal Data under certain conditions.
5. Right to Suspend or Restrict Processing Data
   You have the right to request the suspension or restriction of the processing of Your Personal Data in certain situations.
6. Right to Object to Processing Data
   You have the right to refuse or object to the processing of your Personal Data.
7. Right to Data Portability
   You have the right to request that Your Personal Data managed by the Data Controller be transferred to another third party if technically feasible.
8. Right to Withdraw Consent
   You have the right to withdraw Your consent related to the processing of Your Personal Data no later than 3 x 24 hours (three times twenty-four hours) without affecting the legality of processing based on consent prior to such withdrawal.
9. Right to Lodge a Complaint
   If your Personal Data is compromised or used for unlawful purposes, You have the right to file a complaint with the relevant data protection authority in accordance with applicable laws and regulations.

You have the right to submit requests for access, modification, or deletion of your Personal Data held by Us as the data controller, either electronically or non-electronically, with the following details:

1. Electronic media / online requests can be submitted via:
   1. A Form that available in the footer section of our Site;
   2. sent to the official email of Our representative.
2. Non-electronic media includes, written requests sent to the address listed under the "Contact Us" section.

After the retention period has ended, or when the Personal Data is no longer relevant to the purposes for which it was collected, We will ensure that the data is securely deleted or destroyed in accordance with applicable regulations. The deletion of data will be carried out in a manner that prevents further access or recovery of the data by unauthorized parties.
Additionally, You may delete Your registered account on the Apps as long as you are not currently checked in, do not have any upcoming reservation schedules, and have no outstanding payments. After successfully deleting your account, You will lose all the benefits that were previously associated with Your account, including Your Bobopoints, which will become "0" (null). Deleted accounts can be reactivated within 30 (thirty) days from the date of deletion by contacting Customer Service. However, if the account is not reactivated within 30 (thirty) days, all Your personal data will be permanently deleted. The data that will be deleted from the system includes:

1. Personal Data (name, gender, date of birth, occupation, email, phone number, profile picture);
2. Bobopoints;
3. Identification cards.

Meanwhile, data that will remain stored includes transaction history data such as reservation numbers and/or booking numbers, and other similar data.
You can create a new account using the same email or phone number as the deleted account, but you will not retain the Bobopoints from the previously deleted account.

You acknowledge and consent that your Personal Data may also be stored or processed outside your country by parties working for Us in other countries, or by third-party service providers, vendors, suppliers, partners, contractors, or affiliates. In such cases, We will ensure that the Personal Data remains subject to a level of protection comparable to that required by the laws of your country (and, in any case, consistent with Our commitments under this Privacy Policy) under the following provisions:

1. Data Transfer Policy
   We may transfer your Personal Data to other countries outside Indonesia when necessary for data processing or to provide better services. Cross-border data transfers will be conducted in compliance with applicable laws and regulations, including the Personal Data Protection Law in Indonesia.
2. Security of Personal Data
   We ensure that your Personal Data transferred to other countries will be afforded adequate protection in accordance with the standards set by the Personal Data Protection Law. Protective measures include implementing strict security policies and entering into contracts that guarantee an equivalent level of protection for Personal Data in the destination country.
3. User Consent
   Cross-border transfers of Personal Data will be conducted based on your clear consent unless the transfer is required by law or necessary for the performance of a contract between You and Us.
4. Data Recipients Abroad
   We will only transfer your Personal Data to third parties abroad that provide a level of Personal Data protection equal to or higher than that required by the Personal Data Protection Law. We also ensure that these third parties will only use Your Personal Data for the purposes that have been approved.
5. Compliance with International Regulations
   In carrying out cross-border data transfers, We will comply with the provisions of international regulations concerning the protection of Personal Data applicable in the receiving country, as well as the data protection regulations in Indonesia.

The confidentiality of your Personal Data is the most important thing for Us. We will always provide reasonable and maximum security efforts to protect and secure all of your Personal Data that We collect both through our Apps and Our Site, from access, collection, use or disclosure by unauthorized persons and from processing that violates the law, accidental loss, destruction, and damage that is not in accordance with the law. All Personal Data that We collect will be protected and kept confidential, in accordance with applicable legal provisions.

However, transmission of information over the internet is not entirely secure. While We will make every effort to protect your Personal Data, You acknowledge that We cannot guarantee the integrity and accuracy of any Personal Data You transmit over the internet or that such Personal Data will not be intercepted, accessed, disclosed, altered, or destroyed by unauthorized third parties due to factors beyond Our control. You are responsible for keeping Your Account details and any authentication codes sent to Your phone number in connection with transactions conducted through Our Site confidential and for maintaining the security of the devices You use.

In the event of a data breach involving Your Personal Data, We will make reasonable efforts to inform You, either directly or indirectly, of the breach and will strive to protect against any misuse.

We may review and amend this Personal Data Protection Policy at Our discretion to ensure that it remains consistent with Our future developments and/or to reflect changes in legal or regulatory requirements from time to time. You agree that such amendments will replace the previous Personal Data Protection Policy and apply retroactively. Should We decide to amend this Personal Data Protection Policy:

1. We will inform You of such changes through a general notice published on the App and/or Site, or by other means to the email address listed in Your account.
2. Any changes will be reflected in this Personal Data Protection Policy.

You agree that it is Your responsibility to review this Personal Data Protection Policy regularly for the latest information on Our data processing and data protection practices, and that BY CONTINUING TO USE OUR SERVICES AFTER THE EFFECTIVE DATE OF ANY CHANGES TO THIS PERSONAL DATA PROTECTION POLICY, YOU CONSENT TO THE POLICY AND ALL REVISIONS.

We, our affiliates and / or partners can send you direct marketing, advertising and promotional communications through applications, messages through applications, post, telephone calls, short message services (SMS) and e-mails ("Marketing Materials") if You agree to receive marketing and promotional material from Us. You can choose not to receive marketing communications at any time by clicking the "unsubscribe" option in the message in question, or contacting Us through the contact details listed below. Please note that if you choose to leave, we can still send You non-promotional messages, such as information about Your account.

We may make, use, license or disclose the available Personal Information, with the record, (i) that all identifiable things have been deleted so that the data, either alone or in combination with other available data, cannot be linked to or associated with or cannot identify an individual or business entity, and (ii) similar data has been combined so that the original data forms part of a larger data set.

Our Sites may contain or reference trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes or other proprietary rights of Bobobox and/or other parties. No license to or right in any such trademarks, patents, copyrighted materials, trade secrets, technologies, products, processes and other proprietary rights of Bobobox and/or other parties is granted to or conferred upon you.

Applications, Site and Marketing materials may contain links to websites operated by third parties. We do not control or accept responsibility for these websites and for the collection, use, maintenance, sharing or disclosure of data and information by these third parties. Please read the terms and conditions and Personal Data Protection policy of these third-party websites to find out how they collect and use Your Personal Data.

This Policy is part of and supplemented by the terms of use We apply. If Our site is experiencing issues or if you have other questions regarding this Personal Data Protection Policy, or if You wish to update Your Personal Data, You may contact Us at:

Email : dpo.id@bobobox.com
Address :
To : DPO of Bobobox,
Jl. Dr. Djunjunan No.3, Pamoyanan,
Kec. Cicendo, Kota Bandung, Jawa Barat 40173.