Copyright © 2023 PT BNI Sekuritas is a subsidiary of PT Bank Negara Indonesia (Persero) Tbk
Copyright © 2023 PT BNI Sekuritas is a subsidiary of PT Bank Negara Indonesia (Persero) Tbk
This Privacy Notice is effective as of 22nd May 2025
Welcome to our Privacy Notice page. We aim to provide clarity and assurance to User regarding how we collect, use, and protect User’s Personal Data and information. By reading Privacy Notice below, we hope User feel secure and reassured that the security of User’s Personal Data and privacy is our utmost priority.
The use of the terms in Privacy Notice below is as follows:
The Personal Data we process consists of Personal Data provided and will be provided to us by User, including Personal Data as described in the Acquisition and Collection of Personal Data section herein for the purpose of providing the Company’s products and/or services as requested by User, including for the fulfillment of our agreement or legal obligations under laws and regulations, at the time User visits, accesses, and/or utilizes the Company’s products and/or services, including our websites/applications/electronic systems (“Services”).
By utilizing our Services, the User declares that he/she has read, known, and understood the entire contents of this Privacy Notice, and also declares that User is legal and authorized party to provide User’s Personal Data to the Company through the Company’s Services channels.
We may amend, eliminate, and/or update this Privacy Notice from time to time as necessary. If such amendments, erasure, and/or updates are information changes that require User to be notified pursuant to the Prevailing Regulations, we will perform reasonable efforts to notify User beforehand through our official communication channels. We recommend that User read the following Privacy Notice in conjunction with our Terms and Conditions of Service, as they may contain specific information relating to the Services, including how the Company processes User’s Personal Data.
The version of the Privacy Notice displayed on our websites/applications/electronic systems constitutes the latest update and supersedes all our previous versions. Therefore, we encourage User to regularly review this Privacy Notice on our websites/applications/electronic systems.
It is important for User to understand the categories and types of User’s Personal Data that may be processed. These types of data include:
We use cookies and similar tracking technologies to monitor activities in our Services and to store certain information. Cookie is a file with small amounts of data, that may include anonymous unique identifier. Cookies are sent to the User’s browser from a website and are stored in the User’s device. Tracking technologies that also used are sounds, tags, and scripts to collect and track information, as well as to enhance and analyze our Services.
Browsers may be set to reject all cookies or notify when a cookie is being sent. However, if cookies are not accepted, some parts of the Services might be inaccessible.
Kind of cookies that we use:
To support us in providing optimal services to User, we will collect User’s Personal Data from various sources, including the following:
The processing of User’s Personal Data by the Company is carried out for the following purposes:
The Company shall only process Personal Data to the extent that the Company has fulfilled one or more of the following processing bases:
We are committed to storing and managing User’s Personal Data with the highest level of protection for as long as necessary to provide our services. We will process User’s Personal Data while User remains a Customer or user of our services. Thereafter, User’s Personal Data will be retained according to our retention period upon the termination of business relationship with the User, or for a longer period if such retention is required or necessary under prevailing regulations.
The Company may delete and/or destroy the User’s Personal Data from our systems so that the data no longer identifies the User, except in the following cases:
When destroying Personal Data, we will take adequate standard security measures to destroy, delete, and render such Personal Data to be practically irrecoverable. The specific method of destruction will depend on the type of Personal Data being destroyed, as well as how it was collected and stored.
Where necessary, we may share User’s personal information within the Business Group and/or any third parties that collaborate with us and/or the Business Group in carrying out the Company’s business activities ("Business Partners"), for the purposes set out in the Use of Personal Data section. We may also disclose User’s Personal Data to financial supervisory institutions, legal entities, authorities, or Government in accordance with the provisions of prevailing laws and regulations.
For the purposes of Personal Data Processing as described in the Use of Personal Data section, we may process User’s Personal Data outside of Indonesia. In the event of transferring User’s Personal Data outside of Indonesia, we will ensure that the destination country has a level of Personal Data protection that is equal to or higher than the level of Personal Data protection provided in Indonesia. If the destination country doesn’t have an equivalent or higher level of Personal Data protection, we will implement adequate and binding protection (such as entering into contracts with the recipient of the User’s Personal Data and/or applying written terms and/or instruments), or if such protection cannot be fulfilled, the Company may still transfer the Personal Data outside of Indonesia based on the User’s consent.
The Company has implemented Personal Data protection measures that are reviewed periodically to ensure the security of User’s Personal Data and to ensure that User can obtain its rights as Personal Data Subjects in accordance with prevailing regulations. If User requests details on Personal Data protection measures, such information can be provided upon request.
Please note that the transfer of Personal Data outside of Indonesia is not entirely secure. While we have made our best efforts to protect User’s Personal Data, there remains a possibility that such transfer processes may be subject to interference by unauthorized parties. In conducting the Personal Data transfer outside of Indonesia, the Company will make its best efforts to conduct the transfer process of User’s Personal Data using proper, reliable, and secure electronic systems to protect User’s privacy rights over Personal Data.
We are committed to ensuring that the User’s information or Personal Data obtained through the Company’s services, remains secure throughout the Personal Data Processing period (and during the Retention Period). To implement this commitment, the Company has established procedures and utilizes electronic systems equipped with adequate security measures as required by Prevailing Regulations, such as limiting access to User’s Personal Data that solely can be conducted by authorized parties on a need-to-know basis; ensuring that those who process User’s Personal Data merely conduct so in authorized ways and are obligated to maintain the confidentiality of the User’s information or Personal Data; forming dedicated units responsible for the security of User’s Personal Data; and applying other security measures as required by Prevailing Regulations.
When User accesses the Company’s services or products, User is advised to download the Company’s services or products through the App Store or Play Store and not from links provided by unauthorized parties. In addition, the Company may require User to:
Please note that the transmission of information online is not entirely secure. While we have made our best efforts to protect User’s Personal Data, there remains a potential risk to the security of data/information that User transmitted through the networks used by User. Once we receive the data/information from the User, we will apply strict procedures and secure features as part of our efforts to prevent unauthorized access.
In the event of unauthorized access or illegal activities affecting the confidentiality of User’s Personal Data that are beyond the Company’s control, the Company will promptly notify User at the earliest opportunity so that User may take appropriate measures to mitigate the resulting risks.
User is responsible for maintaining the confidentiality of its information and Personal Data details, including usernames, passwords, email, and OTPs, and must not disclose them to anyone. User is also responsible for maintaining and ensuring the security of the devices User uses.
User has the right to:
If User aim to exercise its rights, or seek clarification regarding User’s rights, please contact us through one of the communication channels listed in the Contact Us section.
To exercise User’s rights, User may submit a request by contacting us through one of the channels listed in the Contact Us section. The exercise of certain rights may result in consequences related to the provision of Services; therefore, we will confirm the User's request and/or application for the exercise of User’s rights might not be able to fulfill if exceptions to the exercise of such User’s rights are permitted under Applicable Regulations. Furthermore, we will make best efforts to exercise of the User's rights and/or provide confirmation and/or respond to the User's request within the predetermined period of time set forth by Applicable Regulations, specifically no later than 3x24 (three times twenty-four) hours from our receipt, among others:
Any exercise of User’s rights as a Personal Data Subject related to alleged violations by the Company in the Personal Data Processing, must be submitted in writing to the Company in accordance with the terms and conditions required under the Applicable Regulations. The Company will then act and/or respond to the User’s request within 3x24 (three times twenty-four) hours or within another period of time permitted by Applicable Regulations and/or prevailing civil procedural law, starting from the Company’s receipt of the report on Personal Data protection incident from the User, along with the selection of the court as the forum for dispute resolution.
User is required to provide accurate data, information, and Personal Data to the Company. Failure to provide certain data and/or information may result in the Company being unable to provide full services to the User. When User provides us with Personal Data about another person (or an individual), the User represents that the User has been duly appointed and authorized by that individual to provide others’ Personal Data and/or act on their behalf, and the User ensures and warrants that the individual has understood and agreed that its Personal Data will be further processed in accordance with the Prevailing Regulations. This includes providing consent for:
We may collect User with Disabilities’ Personal Data by communicating with and obtaining consent from the User with Disabilities and/or their guardians in accordance with the provisions of prevailing laws.
We may send information about our products and/or services, as well as carefully selected third parties’ services through official Company’s channels or direct communication tools with User, including via mail or electronic tools such as telephone, email, social media, or other electronic media, detailing products, services, and any special offers. We will solely conduct this if the User has given consent for us to contact them through electronic or non-electronic tools.
Withdrawal of consent to receive direct marketing, whether through electronic or non-electronic media can be conducted by using one of the channels listed in the Contact Us section. Upon receiving the withdrawal request, we will confirm receipt and proceed to cease User’s Personal Data Processing for such purposes. Please note that if the User chooses not to receive one kind of direct marketing, we still reserve the right to send the User messages related to our services or other products or services that the User utilizes.
Users may contact us through the following channels: