Privacy Policy

This policy ("Privacy Policy") is applicable to PT VFirst Komunikasi Indonesia ("ValueFirst”). It provides the practices and policies applicable to ValueFirst (including its employees, interns, contractors, consultants, clients, customers or any other party directly or indirectly engaged for the purpose of business or otherwise) for handling of or dealing in Personal Information, including Sensitive PD or Information (as defined below) that is lawfully collected by ValueFirst. We collect PD of our employees, potential employees, clients, suppliers, business contacts, shareholders and website users or any other individual or entities wherever required for business purposes or otherwise.

ValueFirst attaches great importance to your right to privacy and the protection of your PD. We want you to feel secure that when you deal with ValueFirst, your PD are in good hands.

ValueFirst protects your PD in accordance with applicable laws and our data privacy policies. In addition, ValueFirst maintains the appropriate technical and organizational measures to protect your PD against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.

General Definitions

  • Reference to “you” or “your” in this Privacy Policy refers to any natural person (including the employees of ValueFirst) who provides to ValueFirst any information referred in Appendix 1 of this document.
  • “Act” shall mean the Act No. 27 Year 2022 concerning PD Protection ("PDP Act”).
  • “Information” shall mean General PD as may be collected by ValueFirst, which stated in the PDP Act as a detail of statements, ideas, and signs that contain values, meanings, and messages, both data, facts, and explanations that can be seen, heard, and read presented in various packages and formats in accordance with the development of information and communication technology comprehensively electronic or non-electronic.
  • “PD (“PD”)” shall have the same meaning as under PDP Act which is information about specific people who can be directly or indirectly identified—either independently or in combination with other information—through electronic or non-electronic methods.
  • “Registered User” shall mean such user whose registration is accepted by ValueFirst.
  • “General PD” shall mean full name, gender, citizenship, religion, marital status, phone number, Email, registered address, and social media.

All words and expressions used and not defined in this document but defined in the PDP Act shall have the meanings respectively assigned to them in the PDP Act.

ValueFirst is fully committed to respecting your privacy and shall ensure that your Information is safe. This privacy policy sets out the practices adopted in respect of Information, including the types of Information that is collected, how the Information is collected, how the Information is used, how long the Information is retained and with whom it is shared (“Privacy Policy”). This Privacy Policy is published in compliance with the provisions of the PDP Act made thereunder that require publishing the privacy policy on ValueFirst’s website.

Collection of Information:

You may use ValueFirst’s website to access Information, learn about its products and services, read publications and check career opportunities etc. without providing any PD. ValueFirst may collect and process PD provided by you in the following forms:

  1. Should you opt to access such services of ValueFirst, which are available only to Registered Users, information is required to be provided by you at registration
  2. Information that you provide directly to ValueFirst via email or electronic communication.
  3. Information that you provide to ValueFirst over telephone. ValueFirst may make and keep a record of such information shared by you.
  4. Information that you provide to ValueFirst in physical form whether sent through post or courier or handed over to a ValueFirst representative in person.
  5. PD collected by ValueFirst from its employees, suppliers, clients, prospects or onsite consultants or by lead generation for the purpose of employment, availing/providing services etc.

You will at all times have the option of not providing ValueFirst with PD that ValueFirst seeks to collect. Even after you have provided ValueFirst with any PD, you will have the option to access, modify, rectify or withdraw the consent given earlier by contacting ValueFirst at legal.indo@vfirst.com. In such cases, ValueFirst will have the right to not provide or discontinue the provision of any service that is linked with such PD.

Use of Information Collected:

Any information, if collected will be used in connection with the relevant purpose as communicated by ValueFirst to you via verbal or written method of any sort. The provider of information availing any Services from ValueFirst shall be deemed to have consented to ValueFirst for the use of such information as under this policy. We might use platforms such as SMS, Voice, Email, WhatsApp and others to reach out to you. Employees, suppliers, clients, prospects or consultants of ValueFirst shall be duly advised about the purpose for which any Information is being collected at the time of such collection. We will not use your PD for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.

Sharing of Information:

Where PD is required to be shared, arising out of any contractual obligation, ValueFirst shall part with such PD only in accordance with your consent for the same. To the extent necessary to provide you the requested Services or to the extent required under applicable law, we may transfer PD with individuals or following third parties in connection with a (potential) corporate or commercial transaction. Before we do so, we shall take the necessary steps to ensure that your PD will be given adequate protection as required by relevant data privacy laws and ValueFirst’s internal policies. ValueFirst may also transfer your PD to any of its global affiliates/partners in furtherance of any visits to our ValueFirst locations:

  1. Employees or Consultants (including auditors, authorized vendors) on a 'need to know' basis under a Non-Disclosure Agreement.
  2. Governmental authorities, in such manner as permitted or required by applicable law; and
  3. Legal proceedings: In the event, ValueFirst is required to respond to subpoenas, court orders or other legal process, your PD may be disclosed pursuant to such subpoena, court order or legal process, which may be without notice to you.

Security of Information:

ValueFirst strives to ensure the security, integrity and privacy of your PD and adequacy of protection of your Information against unauthorized access, alteration, disclosure or destruction. Stringent security measures (physical, electronic and managerial) are in place to protect against the loss, misuse, and alteration of the PD under our control. ValueFirst’s servers are accessible only to authorized personnel and your Information is shared with employees and authorized personnel strictly on a 'need to know' basis. ValueFirst periodically assesses, audits and updates its information security protocols and policies to achieve the highest standards on a continuous and ongoing basis. You may review the Information you have provided to ValueFirst at any time. On your request, ValueFirst will ensure that any PD notified to be inaccurate or deficient, shall be corrected or amended. However, ValueFirst shall not be responsible for the authenticity of the PD.

Notwithstanding anything contained in this Privacy Policy or elsewhere, ValueFirst shall not be held responsible for any loss, damage or misuse of your PD, if such loss, damage or misuse is attributable to a Force Majeure Event.

Employees/Relevant Individuals Obligations & Consequences of Violations:

Every ValueFirst Employee/Relevant Individual, who deals with or comes into contact with PD regardless of its origin, shall have a responsibility to comply with the applicable law concerning data privacy and specific privacy practices. The Employee/Relevant Individual should seek advice in the event of any ambiguity while dealing with PD or in understanding this Policy. The Employee/Relevant Individual shall be diligent and extend caution while dealing with PD of others, in the course of performance of his/her duties and shall also, at all times:

  1. Prevent any un-authorized person from having access to any computer systems processing PD, and especially:
  2. un-authorized reading, copying, alteration, deletion or removal of data
  3. un-authorized data input, disclosure, uploading, transmission/transfer of PD
  4. Abide by ValueFirst internal logical and physical security policies and procedures.
  5. Ensure that authorized users of a data-processing system can access only the PD to which their access right refers.
  6. Keep a record of which PD have been communicated, when and to whom.
  7. Not provide any PD to any third party without first consulting with his/her Manager or the Human Resources Department.
  8. Ensure that PD processed on behalf of a third party (client) can be processed only in the manner prescribed by such third party.
  9. Ensure that, during communication of PD and transfer of storage media, the data cannot be read, copied or erased without authorization.
  10. Immediately, on becoming aware report and notify any vulnerabilities and privacy related breach/security breaches (including potential risks).
  11. Attend trainings on security and data privacy

Failure to comply with the Policy and applicable laws may have serious consequences and can expose both ValueFirst and the Employee/Relevant Individual to damages, criminal fines and penalties. It is important to note that any non-compliance with this Policy is taken very seriously by ValueFirst and may lead to initiation of appropriate disciplinary actions including but not limited to Employee dismissal or Relevant Individual termination.

Retention and Revocation of Information:

It is ValueFirst’s policy to retain certain PD of the relevant individuals when they cease to be employed/ engaged by ValueFirst. This PD may be required for ValueFirst’s legal and business purposes, including any residual activities relating to the employment/engagement, including for example, provision of references, processing of applications for re-employment/re-engagement, matters relating to retirement benefits (if applicable) and allowing ValueFirst to fulfil any of its contractual or statutory obligations.

We will retain your PD only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that PD is deleted after a reasonable time according to the following retention criteria:

  • We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us)
  • We will only keep the data while your account is active or for as long as needed to provide services to you
  • We retain your data for as long as needed in order to comply with our global legal and contractual obligations

Once ValueFirst no longer requires the PD, it is destroyed appropriately and securely or anonymized in accordance with the law. Services transactional data is retained for three years.

Inquiries/Notification of Changes for Employees

You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:

  • Request access to the PD we process about you: this right entitles you to know whether we hold PD about you and, if we do, to obtain information on and a copy of that PD
  • Request a rectification of your PD: this right entitles you to have your PD be corrected if it is inaccurate or incomplete
  • Object to the processing of your PD: this right entitles you to request that ValueFirst no longer processes your PD
  • Request the erasure of your PD: this right entitles you to request the erasure of your PD, including where such PD would no longer be necessary to achieve the purposes
  • Request the restriction of the processing of your PD: this right entitles you to request that ValueFirst only processes your PD in limited circumstances, including with your consent
  • Request portability of your PD: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of PD that you have provided to ValueFirst, or request ValueFirst to transmit such PD to another data controller

You may contact ValueFirst at legal.indo@vfirst.com

Legal & Policy