Privacy Policy

CLounge privacy policy

CLounge service (hereinafter referred to as ‘service’) of PT Next Transformtech Indonesia (hereinafter referred to as ‘Company’) complies with the personal information protection regulations under relevant laws and regulations that information and communication service providers must comply with, such as the “Personal Information Protection Act” and the “Act on the Protection and Use of Location Information,” and does its best to protect the personal information of users by establishing a privacy policy in accordance with relevant laws and regulations.
Through the disclosure of the personal information processing policy, the company informs users of the purpose and method of using user’s personal information and what measures are being taken to protect user’s personal information.
Personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken.

Article 1. Items of personal information to be processed

  1. The company collects and processes the following personal information for service use and smooth customer consultation.
    • User information 
      • Required: name, ID (e-mail address), password, employee number, organization
      • Optional: birthday, mobile phone number, employment information (position/title/grade)
    • Business Information 
      • Required: Business name, representative name, and company registration number.
      • Optional: Representative contact information, representative email, copy of business registration certificate, and address.
    • Billing Contact Information
      • Optional: name, department/position, phone number, email address, account information, copy of bank statement.
    • Location Information
      • Optional (when verifying attendance only for customers who use the attendance management service): Personal location information.
  2. The following information may be automatically generated and collected during service use or business processing.
    • IP address, cookie, date and time of visit, service usage history, bad usage history, etc.
  3. In the process of using the service, the following information may be additionally collected only for customers using specific services.
    • When linked with Google Workspace

For customers who wish to link with Google Workspace, the company can view Google Workspace’s usage information through portlets such as the number of unread emails, lists, and Google Calendar events on the main page of the portal. The company provides customized services the way we can, and support the smooth operation of Google Workspace for customers.

To this end, the company collects the following personal information and may not allow account access if the user does not want to link. Even if the company allows account access, users can view and remove access from their Google Account at any time.

Scope
Personal Information Collected
Types and methods of data collection
Non-sensitive
Default Profile, Email, Google Drive

Login linkage

Drive file search, link creation

Sensitive
Google calendar usage information
Calendar (see a list of accessible calendars and check schedules)

For more information on data and using Google API services, please see the Google API Services Disclosure Page.

  1. The company collects personal information provided by members or business operators or entered by users through an interlocking system, and in some cases, personal information may be collected through printed paper documents or files.
  2. The company does not request personal information that may violate human rights (such as race and ethnicity, ideology, and beliefs, national origin, and place of residence, political affiliation, and criminal records, health status, sexual life, etc.).

Article 2. Purpose of processing personal information

The company processes the collected information for the following purposes.

  • Request a service demo
  • Service use consultation and consulting
  • Contract fulfillment and settlement of fees for service provision
  • Membership management: Identification and authentication according to the provision of membership services, maintenance and management of member qualifications, prevention of unauthorized use of services, various notices and notifications, grievance handling, record preservation for dispute settlement, etc.
  • Utilization for marketing and advertising: development of new services (products) and provision of customized services, provision of event and advertising information and opportunities to participate, provision of services and advertisements according to demographic characteristics, validation of services, identification of access frequency or statistics on members’ use of services, etc.

Article 3. Personal information processing and retention period

  1. In principle, personal information is destroyed without delay when the purpose of collection and use of personal information is achieved according to the company’s internal policy. In order to protect service users, the period of ‘without delay’ shall not exceed a maximum of 7 days, as recovery requests may occur immediately after service termination or deletion of personal information. However, in the case of the introduction consultation inquiry record, it can be kept for one year for service consultation history management and customer response.
  2. If there is a record of the user’s unauthorized use or suspected unauthorized use in accordance with the Company’s terms and conditions, the company retains and destroys it for 5 years from the time of collection, despite the user’s request for withdrawal and withdrawal of personal information consent.
  3. If it is necessary to preserve in accordance with relevant laws and regulations, the Company will only keep personal information for a specified period of time. In this case, the company uses it only for archiving purposes, and the retention period is as follows.
    ① Records on contract or subscription withdrawal, etc
    Retention basis: Act on Consumer Protection in Electronic Commerce, etc.Retention period: 5 years.
    ② Records on payment and supply of goods, etc.Retention basis: Act on Consumer Protection in Electronic Commerce, etc.Retention period: 5 years
    ③ Records of consumer complaints or dispute handling (including chat and consultation contents)
    Grounds for retention: Act on Consumer Protection in Electronic Commerce, etc.
    Retention period: 3 years.
    ④ Log-in records
    Retention basis: Act on the Protection of Communications Secrets.
    Retention period: 3 months.
  4.  

Article 4. Provision of Personal Information to Third Parties

The Company processes personal information only within the scope specified in Article 2 (Purpose of Processing Personal Information) and provides personal information to third parties only under user consent and special provisions of the law.

Article 5. Consignment of personal information processing

  1. The company entrusts the following personal information processing tasks to professional companies for smooth personal information processing.
Entrust person (trustee)
Contents of entrusted business
Consigment Period
Knowledge Cube Co., Ltd.
Providing Infrastructure
Until the withdrawal of membership or the completion of entrusted business
Crinity Co., Ltd.
Creation of organization and user accounts when using the mail services
Until the suspension of service use or the completion of the entrusted business
  1. The company supervises whether the trustee handles personal information safely by stipulating matters necessary for the safe management of personal information when signing a personal information processing business consignment contract.
  2. If the contents of the consignment work or the trustee are changed, we will disclose it through this personal information processing policy without delay.

Article 6. Rights and obligations of users and legal representatives and methods of exercising those rights and obligations

  1. Users can exercise their rights to the company at any time, such as requesting to view, correct, delete, and stop processing personal information.
  2. The exercise of rights under paragraph (1) may be conducted in writing, by email, fax, etc, and the company will take action without delay.
  3. The exercise of rights pursuant to Paragraph (1) can be done through an agent, such as a user’s legal representative or an entrusted person.
  4. Request for correction and deletion of personal information cannot be requested if the personal information is specified as subject to collection in other laws and regulations.
  5. The company shall verify whether the person who made the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, according to the user’s rights, is the person or a legitimate agent.

Article 7. Matters concerning the installation, operation an refusal of automatic personal information collection device

  1. The Company operates ‘cookies’ that store and retrieve user information from time to time. Cookies are small text files that are transferred to the user’s device and stored on the user’s computer’s hard disk when the user accesses the website to ensure efficient and safe web use. When the user visits the website in the future, the website server reads the contents of the cookie stored on the user’s hard disk to maintain the user’s preferences and provide customized services.

  2. The Company uses cookies for the following purposes.
    ① It is used to determine whether a pop-up is enabled.
    ② It is used when setting the default domain address for domain access to use the service.

  3. Cookies do not automatically or actively collect information that identifies individuals, and users have the option to install cookies. Therefore, the user may allow all cookies by setting options in the web browser, go through confirmation whenever a cookie is stored, or refuse to store all cookies.
  4. However, if the user refuses to store cookies, the user may have difficulty using some of the company’s services that require login.
  5. Users can specify whether or not to allow cookie installation as follows.
    • When using the Internet Explorer browser
      ① Select [Interent Options] from the [Tools] menu.
      ② Click the [Privacy] tab.
      ③ Users can set their personal information in the [Advanced] setting.
    • When using the Microsoft Edge browser
      ① Select [Settings] from the More menu at the top right of the browser.
      ② Users can manage cookies and stored data in [Cookies and Site Permission] settings.
    • When using the Chrome browser
      ① Select [Setting] from the More menu at the top right of the browser.
      ② Users can manage cookies and other site data in the [Privacy and Security] settings.

Article 8. Destruction of personal information

  1. The Company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
  2. If the personal information retention period agreed to be preserved in accordance with other laws and regulations, the personal information shall be moved to a separate database (DB) or preserved in a different storage location.
  3. The procedure and method of destroying personal information are as follows.
    ① Destruction procedure
    The Company selects the personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the person in charge of personal information protection of the company.
    ② Destruction method
    Information in the form of electronic files is destroyed using technical methods that make the records unrecoverable.

Personal information printed on paper is shredded with a shredder or destroyed by incineration.

Article 9. Measures to ensure the safety of personal information

The Company takes the following measures to ensure the safety of personal information.

  1. Establishment and implementation of the internal management plan.
    The Company establishes and implements an internal management plan for the safe handling of personal information.
  2. Minimization and training of staff handling personal information.
    We are implementing measures to manage personal information by designating staff handling personal information and limiting them to those in charge.
  3. Technical measures in preparation for hacking, etc.
    The Company installs a security program to prevent leakage and damage of personal information caused by hacking or computer viruses, etc., periodically updates and inspects it, installs the system in an area where access from outside is controlled, and They are physically monitored and blocked.
  4. Encryption of personal information
    Users’ personal information is stored and managed with passwords encrypted, so only the user can know it, and for important data, separate security features such as encrypting files and transmission data or using a file lock function are used.
  5. Retention of access records and prevention of forgery and alteration
    Records of access to the personal information processing system are stored and managed for at least six months, and security functions are used to prevent forgery, alteration, theft, and loss of access records.
  6. Restriction of access to personal information
    We take necessary measures to control access to personal information by granting, changing, or canceling access rights to the database system that handles personal information, and we control unauthorized access from outside using an intrusion prevention system.
  7. Document storage
    In principle, we do not separately use documents or auxiliary storage media containing personal information.

Article 10. Personal location information

  1. The Company provides the following location-based services by using the current location of the user or the area that includes the current location collected directly or from location information providers.
    • Provides a function to authenticate T&A by collecting location information at the time of pressing buttons such as going to work, leaving work, and checking at home (immediately destroying personal location information after pressing the button of authenticate T&A management).
  2. The Company uses the location information for one-time use when the user authenticates attendance, destroys the personal location information immediately after authentication, and does not arbitrarily transmit the user’s location to the server or provide it to a third party.
  3. The Company shall be deemed to have the consent of the person in the following cases (hereinafter referred to as “children under 8 years of age”, etc.) if the obligee of protection agrees to the uses or provision of personal location information for the protection of life or body of children under 8 years of age, etc.
    ① Children under 8 years of age, etc.
    ② Adult guardians
    ③Persons with mental disabilities and a person with a severe disability.
  4. A guardian who wishes to consent to the user or provision of personal location information for the protection of the life or body, such as a child under the age of 8, must submit written consent from to the company along with a document proving that he or she is a guardian. The obligee of protection may exercise the rights of the subject of personal location information when consenting to the use or provision of personal location information such as children under the age of 8, etc.

If there are any questions regarding this privacy policy you may contact us using the information below.

Location

Mangkuluhur City - Tower One 16th Floor South Jakarta, DKI Jakarta