Facebook Pixel

Privacy Policy & GDPR Compliance

Last updated: August 9, 2025

Quick Summary: We respect your privacy. This policy explains how we collect, use, and protect your data in compliance with GDPR and Indonesian data protection laws.

1. Data Controller

Company: Sminar.id

Address: Indonesia

Email: privacy@sminar.id

DPO Contact: dpo@sminar.id

2. Data We Collect

Personal Information

  • Name and contact details (email, phone)
  • Account credentials and preferences
  • Payment and billing information
  • Profile information and preferences

Technical Data

  • IP address and device information
  • Browser type and version
  • Usage data and analytics
  • Cookies and tracking technologies

3. Legal Basis for Processing

✓ Consent

Marketing communications, analytics, personalization

✓ Contract

Service provision, account management, payment processing

✓ Legal Obligation

Tax records, compliance reporting, fraud prevention

✓ Legitimate Interest

Security, service improvement, business operations

4. Your GDPR Rights

Under GDPR, you have the following fundamental rights:

1.
Right to Access

Request a copy of your personal data

2.
Right to Rectification

Correct inaccurate personal data

3.
Right to Erasure

Request deletion of your data

4.
Right to Restrict

Limit how we process your data

5.
Right to Portability

Export your data in a standard format

6.
Right to Object

Stop processing for certain purposes

7.
Automated Decisions

Not subject to automated decision-making

8.
Withdraw Consent

Revoke consent at any time

📧 To exercise any of these rights, contact us at: privacy@sminar.id

We will respond within 30 days as required by GDPR.

5. Cookies and Tracking

🍪 Cookie Categories

Essential CookiesAlways Active
Analytics CookiesConsent Required
Marketing CookiesConsent Required
PersonalizationConsent Required

6. Data Retention

  • Account Data: 7 years after account deletion
  • Order History: 7 years for tax and legal compliance
  • Marketing Data: 1 year after consent withdrawal
  • Analytics Data: 2 years from collection
  • Support Records: 3 years after resolution

7. International Data Transfers

Your data may be processed by our trusted partners:

  • Supabase (US): Database hosting - Standard Contractual Clauses
  • Email Services (EU): GDPR compliant providers
  • Analytics (US): Privacy Shield / SCCs framework

8. Data Security

🔒 Technical Measures

  • • End-to-end encryption
  • • Secure database hosting
  • • Regular security audits
  • • Multi-factor authentication

👥 Organizational Measures

  • • Staff privacy training
  • • Access control policies
  • • Data breach procedures
  • • Privacy by design

9. Contact & Complaints

📧 Contact Us

privacy@sminar.id

Data Protection Officer

Response: Within 30 days

🏛️ Supervisory Authority

EU residents can file complaints with their local data protection authority

Indonesian residents: Ministry of Communication and Informatics

10. Policy Updates

We may update this privacy policy from time to time. Material changes will be communicated via email or prominent website notice at least 30 days before taking effect.

Privacy Actions

Exercise GDPR RightsCookie PreferencesContact Privacy Team

This privacy policy complies with GDPR (EU) 2016/679, Indonesian Law No. 27/2022, and other applicable data protection regulations.

← Back to Home