1. Who We Are

   The data protector in the sense of PDP (“Personal Data Protection”) is PT Global Sukses Solusi Tbk (hereinafter referred to as “We”), located in Sleman Regency, Special Region of Yogyakarta, at Jalan Wahid Hasyim No. 06, Condongcatur, Depok, Sleman, Special Region of Yogyakarta, 55283 Indonesia.

2. Contact Us

   If Users have questions about Personal Data Protection and/or wish to exercise their rights, they can do so electronically or directly through:

   • Secara Elektronik

     Data Protection Officer (DPO)
     dpo@runsystem.id

   • Secara Langsung

     Head Office:

     RUN System HeadQuarter (HQ)
     Jalan Wahid Hasyim No. 06, Condongcatur, Depok, Sleman, Daerah Istimewa Yogyakarta, 55283 Indonesia.

     Indonesian Representative Office:

     Jalan Kebagusan I No 17A, Ps. Minggu, Kota Jakarta Selatan, Jakarta, 12520 Indonesia.

     International Representative Office:

     651 N Broad St, Suite 201, Delaware, USA, 19709

1. User Provisions

   Users are Personal Data Subjects in the sense of Personal Data Protection (hereinafter referred to as “Users”). Our Users are individuals in various jurisdictions who have legal rights regarding their Personal Data. By using our Services, Users are subject to and comply with this Privacy Policy, which is governed and interpreted in accordance with the laws applicable in the Republic of Indonesia (hereinafter referred to as “Applicable Law”). As Users of our Services, Users must comply with all applicable laws; in other words, Users declare that they have met all the necessary legal requirements to use our Services.

   We prioritize legitimate interests in processing any identified or identifiable User Data, either alone or in combination with other information, directly or indirectly through electronic or non-electronic systems (hereinafter referred to as “Personal Data”) in accordance with applicable law. Users have the right to refuse the processing of their Personal Data directly at any time by sending an email to us at dpo@runsystem.id. If Users submit a refusal and/or objection, we will cease processing their Personal Data for the relevant purposes unless we have compelling reasons to continue processing or it is necessary for legal claims.

   Our Services are only intended for individuals over the age of 18 (eighteen). Individuals under the age of 18 (eighteen) must obtain consent and/or permission from a parent or guardian. Compliance with this provision (hereinafter referred to as the “Age Limit”) is required. Please contact us if Users become aware that someone who does not meet the Age Limit has provided Personal Data to us, and we will take steps to delete that Personal Data. By choosing to meet the Age Limit, Users declare that they have met the Age Limit set by us and have obtained consent from a parent and/or guardian and agree to release us from any claims, demands, or legal actions arising from such incidents.

   This Privacy Policy may be translated into other languages and is for informational purposes only (“Translation”). In the event of any inconsistencies between language versions of this Privacy Policy, the Indonesian version shall prevail.

2. User Rights

   Users of our Services have rights regulated in accordance with applicable law:

   • The right to obtain information about the use of their Personal Data;
   • The right to correct errors and/or inaccuracies in their Personal Data;
   • The right to access and obtain copies of their Personal Data;
   • The right to terminate processing, delete, and/or destroy their Personal Data in accordance with applicable laws;
   • The right to withdraw consent for the processing of their Personal Data;
   • The right to object to automated processing, including profiling, that has significant effects on the Personal Data Subject;
   • The right to suspend or restrict the processing of Personal Data proportionally;
   • The right to obtain and/or use their Personal Data;
   • The right to use and transfer their Personal Data to other Data Controllers, as long as the systems used can securely communicate in accordance with the principles of Personal Data Protection; and
   • Other rights as regulated by applicable law.

Our Privacy Policy only applies to any Personal Data present in our Infrastructure. This includes Personal Data, content generated, transmitted, or stored by Users while accessing and using our Services. Identified Personal Data and/or data provided by Users during their visit or use of our Services will be collected, stored, maintained, used, and disclosed under certain conditions.

1. Data We Protect

   We only protect Personal Data that is under our control (hereinafter referred to as “Our Infrastructure”), meaning we only provide protection for Users’ Personal Data within Our Infrastructure. Although we strive to maintain the security of Personal Data, Users should be aware that Personal Data on the internet is not completely secure, and we cannot guarantee 100% protection. Therefore, we recommend that Users periodically change their passwords to maintain the security of their accounts. We are not responsible for any losses arising from Users’ negligence in maintaining the security of information, which results in a failure to protect Personal Data.

2. Data Not Protected by Us

   Any Personal Data and data stored outside of our infrastructure or that falls under the control of Users of our Services (hereinafter referred to as “User Infrastructure”) is entirely the responsibility of the Users. In other words, we are not responsible for the Personal Data and such data that Users manage themselves; it is the personal responsibility of the Users.

3. Protection Failure

   We will notify Users if we detect suspicious activities or indications of a data breach in our services. Conversely, if Users suspect or become aware of any indications of a breach of Personal Data or privacy issues, Users can file a complaint with us through the Data Protection Officer (DPO) at dpo.privacy@runsystem.id. We will promptly respond to and address the complaints according to our Privacy Policy and applicable laws, such as:

   1. Identifying each complaint submitted by Users
   2. Providing information and responses to each complaint submitted to us; and/or
   3. Making efforts to address or rectify the complaints submitted by Users.

   We are not responsible for any losses or damages that occur, unless caused by our negligence or intentional acts. Users agree to release us from any demands or claims related to such incidents. Here’s the translation of the provided text:

1. Acquisition

   We obtain Personal Data from the Data that Users provide to us or that is collected by Users when using our Services, whether as Users or merely Visitors. By providing or collecting data to us, Users declare that the Data we receive is valid and does not violate applicable laws (hereinafter referred to as “Legally Valid”).

   In cases where Personal Data is obtained from other sources, such as but not limited to employees, staff, labor, third parties, and/or publications (“Indirect Data”), the officer processing the data who provides or collects data to us hereby declares that all Data and information collected or submitted to us can be accounted for and is legally valid.

2. Types and Purposes

   We may process, collect, use, store, and transfer various types of Personal Data. This data consists of Personal Data combined to identify an individual (hereinafter referred to as “General Data”) and Personal Data that has a greater impact on Users (hereinafter referred to as “Specific Data”). We only collect Users’ Personal Data based on the consent and acceptance provided by Users (hereinafter referred to as “Permission”). The following are the types of Personal Data that we process and have categorized based on each of our Services as follows:

   • RUN System Enterprise Resource Planning (RUN System ERP)

     We collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is General Data, which includes:

     1. Identity data such as name, gender, place of birth, date of birth, marital status, and blood type;
     2. Address data including city name, sub-district, village, neighborhood unit, community unit, and postal code; and
     3. Additional information such as marriage date, mobile number, education, and employment status.

     We also collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is Specific Data, which includes:

     Employment data such as employee code, entity, site, division, department, position, status of position, section, work group, recruitment point, joining date, training graduate status, level, payroll group, payroll type, payment period, taxpayer identification number (NPWP), non-income tax, bank name, branch name, clothing size, and shoe size.

     Our purpose for using Personal Data is to meet Users’ needs in accordance with the description and functions of our services, and for the benefit of Users. This includes improving efficiency and reducing errors in business, automating business processes to reduce operational time and costs, increasing employee productivity, providing real-time reports and analysis, workforce management, and complying with regulations and industry standards by providing better reporting and auditing systems. In other words, the purpose of data collection is to provide the best service to Users.

   • RUN System One (R1)

     We collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is General Data, which includes:

     1. Identity data such as name, address, identification number, and contact information like email and mobile number; and
     2. Registration data when Users use Our Services.

     We also collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is Specific Data, which includes:

     1. Financial data such as bank account information, salary, tax data, information about purchases, sales, and other financial transactions;
     2. Inventory and procurement data such as details about goods and materials managed, including quantity, location, condition, supplier information, contracts, and negotiations;
     3. Sales data such as customer information, purchase history, and preferences; and
     4. Performance data such as individual or team performance analysis in an operational context.

     Our purpose for using Personal Data is to meet Users’ needs in accordance with the description and functions of our services, and for the benefit of Users. This includes purposes for registration, verification, login, password recovery, and alternative backup verification of data and contacts. In other words, the purpose of data collection is to provide the best service to Users.

   • RUN Market by RUN System

     We collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is General Data, which includes:

     1. Identity data in the form of the User’s name; and
     2. Contact data including email address and mobile number.

     Our purpose for using Personal Data is to meet Users’ needs in accordance with the description and functions of our services, and for the benefit of Users. This includes purposes for registration, verification, login password, and what we use as an alternative backup for verifying data and contacts. In other words, the purpose of data collection is to provide the best service to Users.

   • iKas

     We collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is General Data, which includes:

     1. Identity data in the form of the User’s name; and
     2. Contact data including email address and mobile number.

     We also collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is Specific Data, which includes:

     1. Data of health insurance program participants such as the Social Security Agency (BPJS); and
     2. Data of customers of the State Electricity Company (PLN).

     Our purpose for using Personal Data is to meet Users’ needs in accordance with the description and functions of our services, and for the benefit of Users. This includes purposes for registration, verification, login, password recovery, and alternative backup verification of data and contacts. Additionally, we also process this data to facilitate payment processes on behalf of Users. In other words, the purpose of data collection is to provide the best service to Users.

   • RUN System Platform

     Specifically for this Service, the processing and analysis of Personal Data are categorized into three categories:

     1. User Browser Data

        This refers to any Personal Data collected from the User’s device and activity while using Our Service, either as a User or simply a Visitor through a web browser.

     2. Our Infrastructure

        This is the infrastructure system we use to run Our Service. Data within this Infrastructure is divided into two types: Data that is stored or placed within our infrastructure system, such as databases or data warehouses (Data at rest), and Data that is currently being transmitted (Data in transit). We strive to protect the Personal Data stored in Our Infrastructure to ensure the security and confidentiality of Users’ Personal Data.

     3. User Infrastructure

        Data stored as (Data at rest), this is the Infrastructure chosen by the User to interact with Our Service. In other words, this Infrastructure is separate from Our Infrastructure, and the responsibility for data protection outside of Our Infrastructure lies entirely with the User.

     For this Service, Users are also categorized based on specific features possessed by Users (hereinafter referred to as “Access Rights”) with the following provisions:

     • Admin

       Is a User of Our Service. As an Admin, they have operational rights over the Service, which include:

       1. Admin has full access to manage all aspects of the Service, including configuration, settings, and account management;
       2. Admin can customize new applications within the existing Service infrastructure, grant approvals, and can specify billing accounts;
       3. Sell the results of applications created within the existing Service infrastructure to other buyers (customers).

     • Editor

       is a User with operational rights under the admin, with the right to edit applications created within the Service infrastructure.

     • User

       Is a User of Our Service with basic feature access, interacting with the content available on the Platform, and receiving services.

       In this case, both admin, editor, and user together or individually are hereinafter referred to as “Users.”

     We collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is General Data, which includes:

     1. Identity data in the form of the User’s name;
     2. Contact data including email address and mobile number; and
     3. Registration data when Users use Our Service.

     4. We also collect Users’ Personal Data based on the Permission granted by Users. The Personal Data we process is Specific Data, which includes:

        Company name and information regarding the company.

        Our purpose for using Personal Data is to meet Users’ needs in accordance with the description and functions of our services, and for the benefit of Users. This includes purposes for contact data registration (phone numbers and address book), verification, login, password recovery, and alternative backup verification of data and contacts. Additionally, we also process this data for grouping Users while using Our Services. In other words, the purpose of data collection is to provide the best service to Users.

     We also collect non-personal Data and Information that can be used to identify Users, such as the organization name, business entity, business address, business phone number, business email address, Business Identification Number, User’s Internet Protocol (IP) address, geographical location data, type of operating system, nationality, User’s search preferences, and other general data available on the internet.

     All Personal Data we obtain will be processed according to its processing purpose as well as explicitly stated purposes, and in accordance with the Terms & Conditions of the service, Privacy Policy, and applicable laws. The Personal Data of Users that we obtain and collect through Our Service is for the following purposes:

     1. To register, manage, and handle the use and/or access to Our Service;
     2. To manage, operate, handle, and provide Users with existing offers or services;
     3. To contact Users regarding matters related to the use and access of promotions or Our Services, as well as to provide confirmation of questions or requests made by Users to Us (and vice versa);
     4. To adjust features or User experience while using Our Service;
     5. To publish reviews, comments, or ratings provided by Users through Our Service in any form including digital and print for public access;
     6. To measure and improve the User experience while using Our Service;
     7. To implement and apply the Terms & Conditions of Our Service as well as dispute resolution, problem-solving, complaints, or to collect payments; and/or
     8. Other purposes that We will inform Users about at the time of collecting and/or using Users’ Personal Data.

     Under certain conditions, we may use Personal Data and non-personal information of Users for various purposes, including marketing new services, special offers, newsletters, and surveys. This information will be communicated through various media, such as posters, infographics, and text. The Personal Data may also be used for market research, while respecting User trust. This data will be presented in an anonymous form and solely for statistical purposes.

     Therefore, Users can choose to unsubscribe from the marketing communications we send at any time by following the instructions provided in the promotional materials and Terms & Conditions of the Service.

3. Processing and Analysis

   Data processing and analysis are crucial aspects of our Information Security Policy, where we appoint a Data Protection Officer (DPO) to ensure that all practices regarding the processing of Personal Data comply with applicable data protection laws. The DPO is responsible for providing training to employees and maintaining transparency in data management, ensuring that every stage of processing, from collection to data analysis, adheres to Standard Operating Procedures (SOP), Information Security Policies, Privacy Policies, compliance with applicable laws, and relevant global regulations.

4. Storage

   We protect Users’ Personal Data by implementing strict security measures, including the use of Secure Socket Layer (SSL) for transmitting sensitive data, data backups, and confidentiality-based data protection by storing data in a private network that can only be accessed through strict authentication with limited access. This aims to maintain the confidentiality of Users’ Personal Data and prevent unauthorized access, in accordance with the principle of confidentiality in Personal Data protection.

   We store and protect Users’ Personal Data on our Infrastructure according to its collection purpose. We will take necessary steps to ensure that this Personal Data remains secure.

5. Data Correction and Update

   We provide Users with the opportunity to access and correct their Personal Data under our control, under the following conditions:

   1. If Users are aware or believe there are errors or discrepancies in the Personal Data submitted to us;
   2. Corrections to Users’ Personal Data cannot be made independently; and/or
   3. Other reasons as long as they do not impact the disclosure of other Users’ Personal Data, in accordance with SOP, Data Security Policies, our Privacy Policy, and do not contradict applicable laws.

6. Presentation, Announcement, Transfer, Dissemination, or Disclosure

   We will only share Users’ Personal Data with companies affiliated with us, authorities such as the government, our trusted business partners, suppliers, or agents from time to time and anywhere. Users understand that we may share Users’ Personal Data in certain situations such as:

   1. Defending against any claims, lawsuits, or demands;
   2. Complying with laws, processes, and/or court orders requested by law enforcement officials or authorities;
   3. Conducting investigations into fraud or other errors as required or necessary for compliance with applicable laws, or to protect our legitimate interests;
   4. To our Customers in connection with the execution of sales, services, transfers, or other work, either partially or entirely related to our business activities;
   5. To maintain and protect our rights, those of our other Users, or third parties at our discretion; and
   6. Other conditions as permitted by law.

7. Deletion or Destruction

   We will delete and/or destroy Users’ Personal Data if:

   1. The Personal Data is no longer necessary to fulfill the purpose of its collection;
   2. Storage is no longer required for compliance with applicable laws;
   3. A legitimate request or application is made by the User, with clear intent and purpose;
   4. For other reasons in accordance with applicable laws and our data security and privacy policies.

   We will delete and/or destroy Users’ Personal Data within 1 (one) year after the aforementioned conditions in points a, b, and d. However, as long as Users do not object, we will continue to store non-personal data and other business contact information relevant to our business purposes.

   As the Data Controller, we will notify Users of the deletion and/or destruction of their Personal Data. With the deletion of Users’ Personal Data from our Infrastructure, Users release us from any responsibility for any consequences arising in the future related to that data.

Cookies are small text files that identify Users’ computers, tablets, or smartphones to our servers and are stored in Users’ Internet browsers. Cookies allow us to recognize Users’ Internet Protocol (IP) addresses and improve the Services we provide. We inform Users that we only use Cookies for their convenience in using our Services.

In addition to Cookies, we also collect location data (hereinafter referred to as “Location”) if necessary when Users first access our Services. The browser will send a notification to request Users to enable that Location beforehand.

By accessing, browsing, using, registering, or creating a new account on our Services, Users consent to us and our affiliated companies collecting, using, disclosing, transferring, and/or processing Personal Data as outlined in this Privacy Policy (hereinafter referred to as “Recorded Consent”).

At any time, Users may withdraw their consent regarding their Personal Data by providing written notice to us with a clear reason. We will then stop collecting, using, or transferring, disclosing Users’ Personal Data. However, this does not apply in cases required by law or when we conduct legitimate business activities or for legal purposes to retain it (“Withdrawal of Consent”).

In the event that Users withdraw their consent regarding their Personal Data, we may delay and restrict the processing of Users’ Personal Data, which may reduce the performance of our Services. Under certain conditions, we may not be able to continue providing services to Users, and for this, Users agree to release us and will not hold us responsible for any losses or damages arising or related to the cessation of our Services.