Legal Document

Privacy Policy

PT Arfadia Digital Indonesia is committed to protecting your personal data in accordance with Law No. 27 of 2022 on Personal Data Protection (UU PDP) and applicable international standards.

Effective Date: March 21, 2026  |  Last Updated: March 21, 2026

1. Introduction

This Privacy Policy describes how PT Arfadia Digital Indonesia ("Arfadia", "we", "us", or "our") collects, uses, stores, and protects your personal data when you visit our website at www.arfadia.com, use our services, or interact with us through any communication channel.

We process personal data in compliance with Indonesian Law No. 27 of 2022 on Personal Data Protection (UU PDP), the General Data Protection Regulation (GDPR) where applicable, and other relevant data protection legislation. By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller Information

The data controller responsible for processing your personal data is:

PT Arfadia Digital Indonesia

Registered Address: Jakarta, Indonesia
Website: www.arfadia.com
Email: admin@arfadia.com
WhatsApp: +62 811 2502 8028

3. Personal Data We Collect

We collect the following categories of personal data depending on how you interact with us:

3.1 General Personal Data

  • Identity data: full name, job title, company name
  • Contact data: email address, phone number, WhatsApp number
  • Technical data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage data: pages visited, time spent on pages, referral source, click patterns, scroll depth
  • Communication data: messages sent through contact forms, email correspondence, WhatsApp conversations related to service inquiries

3.2 Data Collected Through Forms

When you submit a contact form, request a proposal, download an e-book, or sign up for our services, we collect the information you voluntarily provide, which may include your name, email, phone number, company name, and the nature of your inquiry.

We do not intentionally collect specific (sensitive) personal data as defined under UU PDP, including health data, biometric data, genetic data, criminal records, children's data, or personal financial data, unless explicitly required and consented to for a particular service.

4. How We Collect Your Data

We collect personal data through the following methods:

  • Directly from you: when you fill out forms on our website, send us an email, contact us via WhatsApp, or communicate with us during a consultation
  • Automatically: through cookies, pixels, and similar tracking technologies when you browse our website (see Section 6)
  • From third parties: analytics platforms (Google Analytics), advertising platforms (Meta/Facebook), and content delivery networks (Cloudflare) that collect technical and usage data on our behalf

5. Legal Basis and Purposes of Processing

Under UU PDP and GDPR, we process your personal data based on the following legal grounds:

Purpose Legal Basis Data Used
Responding to inquiries and providing services Contractual necessity, consent Identity, contact, communication data
Sending proposals and service information Legitimate interest, consent Identity, contact data
Delivering e-books and downloadable resources Consent Name, email, phone, company
Sending marketing communications (newsletters, updates) Consent Name, email
Website analytics and performance improvement Legitimate interest, consent Technical data, usage data
Advertising measurement and remarketing Consent Technical data, cookie identifiers
Website security and abuse prevention Legitimate interest IP address, technical data
Legal compliance and dispute resolution Legal obligation All relevant data

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze traffic, and serve relevant content. When you first visit our website, a cookie consent banner allows you to choose which categories of cookies to accept.

6.1 Categories of Cookies

Category Purpose Examples Can You Opt Out?
Necessary Essential for website functionality, security, and cookie consent preferences Session cookies, Cloudflare security tokens, cookie consent state No (required)
Analytics Help us understand how visitors use the website so we can improve performance and content Google Analytics (_ga, _gid, _gat) Yes
Marketing Used to deliver relevant ads and measure advertising effectiveness Facebook Pixel (_fbp, _fbc) Yes
Functional Enable enhanced features such as chat widgets and personalization WhatsApp Business API integration, language preferences Yes

6.2 Managing Your Cookie Preferences

You can manage your cookie preferences at any time by clicking the cookie settings option on our website or by adjusting your browser settings. Please note that disabling certain cookies may limit website functionality.

7. Third-Party Service Providers

We engage the following third-party service providers to operate our website and deliver our services. Each provider processes data on our behalf and is bound by their own privacy policies:

Provider Purpose Data Processed Privacy Policy
Google Analytics / GTM Website analytics, traffic measurement, conversion tracking IP address (anonymized), pages visited, session duration, device info Google Privacy Policy
Cloudflare Content delivery network (CDN), DDoS protection, SSL/TLS encryption, performance optimization IP address, HTTP request data, security tokens Cloudflare Privacy Policy
Meta (Facebook Pixel) Advertising measurement, audience building, conversion tracking Cookie identifiers, browsing actions, device info Meta Privacy Policy
Brevo (Sendinblue) Transactional email delivery (e-book downloads, form confirmations), email marketing Name, email address, email engagement data Brevo Privacy Policy
WhatsApp Business API Customer communication and service inquiries Phone number, message content, name (if provided) WhatsApp Privacy Policy

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

  • Service providers: with trusted third-party providers as described in Section 7, solely for the purposes outlined in this policy
  • Legal requirements: when required by law, regulation, legal process, or governmental request under Indonesian jurisdiction
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified of any such change
  • Protection of rights: to protect the rights, property, or safety of Arfadia, our clients, or the public

9. International Data Transfers

Some of our third-party service providers operate outside Indonesia. When your data is transferred internationally, we ensure that adequate data protection safeguards are in place, consistent with the requirements of UU PDP and GDPR. These safeguards may include contractual clauses, data processing agreements, and the provider's compliance with recognized data protection frameworks.

Specifically, Google (United States), Meta (United States), Cloudflare (United States), and Brevo (European Union) may process data outside Indonesian territory. Each provider maintains data protection standards that meet or exceed the requirements of applicable law.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. The general retention periods are:

  • Contact form submissions: 24 months from the date of submission, unless a business relationship is established
  • Client project data: duration of the engagement plus 36 months for reference and legal compliance
  • E-book download data: 24 months from the date of download
  • Marketing consent records: retained for as long as consent remains active, plus 12 months after withdrawal
  • Analytics data: as determined by the respective analytics provider (typically 14-26 months for Google Analytics)
  • Financial and tax records: as required under Indonesian tax law (minimum 10 years)

When personal data is no longer required, we securely delete or anonymize it.

11. Your Rights as a Data Subject

Under UU PDP and, where applicable, GDPR, you have the following rights regarding your personal data:

  • Right to be informed: to know the identity of the data controller, the legal basis for processing, and how your data is used
  • Right of access: to request and receive a copy of the personal data we hold about you
  • Right to rectification: to request correction of inaccurate or incomplete personal data
  • Right to erasure: to request deletion of your personal data when it is no longer necessary for the purpose it was collected, subject to legal retention requirements
  • Right to restrict processing: to request that we limit how we use your data in certain circumstances
  • Right to data portability: to receive your data in a structured, commonly used format
  • Right to withdraw consent: to withdraw your consent at any time, without affecting the lawfulness of processing that occurred before withdrawal
  • Right to object: to object to processing based on legitimate interest, including profiling and direct marketing
  • Right to lodge a complaint: to file a complaint with the relevant data protection authority

To exercise any of these rights, please contact us at . We will respond to your request within 3 x 24 hours as required under UU PDP, or within 30 days for GDPR-related requests.

12. Data Security

We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data in transit
  • Cloudflare DDoS protection and Web Application Firewall (WAF)
  • Access controls and authentication for internal systems
  • Regular security assessments and monitoring
  • Employee training on data protection and confidentiality

PT Arfadia Digital Indonesia holds Triple ISO Certification, reflecting our commitment to maintaining high standards of information security and quality management.

In the event of a data breach that poses a high risk to your rights, we will notify you and the relevant authorities without undue delay, in accordance with UU PDP requirements.

13. Children's Privacy

Our website and services are not directed at individuals under the age of 17. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child without parental consent, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at admin@arfadia.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website.

We encourage you to review this page periodically to stay informed about how we protect your data.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, you can reach us through:

Privacy Inquiries

PT Arfadia Digital Indonesia
Email:
WhatsApp: +62 811 2502 8028
Website: www.arfadia.com/contact-us

For complaints related to data protection, you may also contact the Ministry of Communication and Digital Affairs (Kementerian Komunikasi dan Digital / KOMDIGI) or the Personal Data Protection Agency (Lembaga PDP) once established, as the supervisory authority under UU PDP.

We use cookies

We use cookies to enhance your browsing experience, analyze traffic, and personalize content. See our Privacy Policy for details.

Cookie Settings
PT Arfadia Digital Indonesia

We use cookies to ensure the website runs optimally and to help us understand how you use our services. You can choose which categories to allow. Read our Privacy Policy.

Necessary Cookies Always Active

Required for basic website functionality. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with the website. Data used anonymously.

Marketing Cookies

Used to display relevant ads and measure campaign effectiveness.

Functional Cookies

Enables live chat, social media integrations, and language preferences.

Preferences saved