top of page

GDPR POLICY

Effective Date: 01.01.2025

This GDPR Compliance Policy outlines how PT PCR INVESTMENTS INDONESIA ("we", "us", "our") ensures compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") with respect to the personal data of individuals located in the European Economic Area ("EEA").

1. Purpose

This policy ensures that we:

  • Process personal data lawfully, fairly, and transparently.

  • Collect data for specified, explicit, and legitimate purposes.

  • Limit data collection to what is necessary.

  • Keep data accurate and up to date.

  • Store data only for as long as necessary.

  • Protect personal data with appropriate security measures.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who process personal data on behalf of PT PCR INVESTMENTS INDONESIA.

3. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so, including:

  • Consent: when individuals have given clear permission.

  • Contractual necessity: to perform a contract.

  • Legal obligation: to comply with legal requirements.

  • Legitimate interests: for business interests that do not override fundamental rights.

  • Vital interests: to protect someone’s life.

  • Public task: where processing is in the public interest.

4. Data Subjects' Rights

We uphold the following rights of EEA data subjects:

  • Right to be informed about data collection and use.

  • Right of access to personal data.

  • Right to rectification of incorrect or incomplete data.

  • Right to erasure (right to be forgotten).

  • Right to restrict processing.

  • Right to data portability.

  • Right to object to data processing.

  • Rights related to automated decision-making and profiling.

Requests to exercise these rights can be sent to: gdpr@pcr-group.com

5. Data Protection by Design and Default

We implement appropriate technical and organizational measures such as:

  • Data minimization and pseudonymization

  • Access controls and encryption

  • Regular audits and risk assessments

  • Data protection impact assessments (DPIAs) where required

6. International Transfers

If personal data is transferred outside the EEA, we ensure adequate protection using:

  • Standard Contractual Clauses (SCCs)

  • Binding Corporate Rules (BCRs)

  • Transfers to countries with adequate protection as deemed by the European Commission

7. Data Breach Notification

In the event of a data breach, we will:

  • Notify the relevant supervisory authority within 72 hours if the breach poses a risk to individual rights.

  • Inform affected individuals without undue delay where there is a high risk to their rights or freedoms.

  • Keep internal records of all breaches, regardless of impact.

8. Data Retention and Disposal

We retain personal data only as long as necessary for the specified purpose. After that, data is securely deleted or anonymized.

9. Roles and Responsibilities

All employees and contractors must:

  • Understand their data protection obligations.

  • Follow this policy and all related procedures.

Our designated data protection contact is responsible for:

  • Monitoring compliance

  • Advising on DPIAs

  • Serving as the point of contact for data subjects and supervisory authorities

Contact Email: gdpr@pcr-group.com

10. Training and Awareness

We provide regular GDPR training to all staff and ensure ongoing awareness of data protection principles.

11. Policy Review

This policy will be reviewed annually or whenever there is a significant change in the law or business practices.

 

Contact Information

PT PCR INVESTMENTS INDONESIA
The City Tower Lt. 12
Jl. MH Thamrin No. 81
Jakarta, Indonesia
Email: gdpr@pcr-group.com
Phone: +62(0)81413560938

bottom of page