GDPR
POLICY

Effective January 1, 2026

PT Digital Solusi Grup is committed to complying with the General Data Protection Regulation (GDPR) for all services involving the personal data of individuals in the European Union (EU). This policy outlines our compliance approach, the rights of EU data subjects, and how we handle personal data in accordance with GDPR requirements.

WHAT IS GDPR?

The General Data Protection Regulation (GDPR) is an EU privacy law effective from May 25, 2018. It replaces the Data Protection Directive 95/46/EC and establishes a unified framework for data protection across EU member states. Key principles include:

  • Processing personal data lawfully, fairly, and transparently.
  • Allowing individuals to access, correct, or delete their data.
  • Implementing appropriate security measures to protect personal data.

WHO DOES GDPR APPLY TO?

GDPR applies to:

  • All organizations established in the EU.
  • Organizations outside the EU that process the personal data of individuals located in the EU.

Personal data includes:

  • Direct identifiers: name, email address, postal address.
  • Indirect identifiers: IP addresses, cookies, location data.

WHAT PERSONAL DATA DO WE COLLECT?

For details on the personal data we collect and how we use it, please refer to our Privacy Policy and Cookie Policy.

GDPR COMPLIANCE MEASURES

  1. Lawful Basis for Processing

    We process personal data based on one or more lawful bases, including:

    • Consent: You have given clear consent for us to process your personal data.
    • Contract: Processing is necessary to fulfill a contract with you.
    • Legal obligation: Processing is required to comply with applicable laws.
  2. Data Subject Rights

    Under GDPR, EU individuals have the right to:

    • Access their personal data.
    • Rectify inaccurate or incomplete data.
    • Erasetheir data ("right to be forgotten") under certain conditions.
    • Restrict processing of their data.
    • Data portability — receive data in a structured, machine-readable format.

    To exercise these rights, contact us at [email protected].

  3. Data Security

    We implement appropriate technical and organizational security measures, including:

    • SSL/TLS encryption for data in transit.
    • Access controls and authentication mechanisms.
    • Regular security audits and assessments.
  4. Third-Party Data Processors

    Where we engage third-party processors, we ensure they comply with GDPR through Data Processing Agreements (DPAs) that define responsibilities and safeguards.

  5. Data Breach Notification

    In the event of a personal data breach, we will notify the relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR.

INTERNATIONAL DATA TRANSFERS

When transferring personal data outside the EU/EEA, we rely on appropriate safeguards including:

  • Adequacy decisions issued by the European Commission.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.

CONTACT US

For GDPR-related inquiries or to exercise your rights, contact:

PT Digital Solusi Grup
Jl. Dirgantara Permai Blok C IV No. 35,
Village/Sub-district Lesanpuro, Kedungkandang, Malang City
East Java 65138, Indonesia

[email protected]

(0341) 3024534