We take your privacy seriously and are always committed to protecting all of your personal information. We collect and manage your personal information in accordance with applicable laws and regulations.
As an agency that offers financial services, we need to collect, store and use personal data about you, in order to provide our products and/or services.
This Privacy Statement explains how your personal information and credit information are collected and managed by Bank MAS.
- Personal data
Based on Law No. 27 of 2022 concerning Personal Data Protection, Personal Data is data about individual persons that is identified or can be identified separately or in combination with other information, both directly and indirectly, through electronic or non-electronic systems. The "owner of personal data" refers to bank customers and/or prospective bank customers, and personal data is divided into 2 (two) categories:
- Specific Personal Data includes:
- Health data
- Biometric data
- Genetic data
- Criminal records
- Data about children
- Personal information
- Other data as stipulated by regulations.
2. General Personal Data includes:
- Full name
- Marital status
- Combined Personal Data identifying an individual.
Meanwhile, the explanation in POJK 11/2022 states that banks must obtain the consent of customers and/or prospective customers in accordance with the provisions of the laws and regulations when exchanging personal data. Personal data is also divided into 2 (two) categories:
Ordinary personal data consists of personal information related to a specific individual, but its security system is not very high, such as:
- Place and date of birth
- Postal code
Sensitive personal data, also known as special categories, are data that require deeper protection in terms of security systems because the information in these data is sensitive and can affect the privacy of the owner of personal data, such as:
- Race or ethnicity
- Political beliefs
- Religious beliefs
- Genetic or biometric data
Personal data is any data, information and/or information in any form that can identify the customer, which from time to time is submitted in/on, and/or through forms/applications relating to information regarding personal data from customers.
The personal data we collect includes:
- Personal information (name, place, date of birth, home/cellular telephone number, home address or work address, education history data);
- Identity documents (eg e-KTP, Passport, KITAS, NPWP);
- Financial information (income information, assets, debts, copies of bank statements/account statements, and credit card bills);
- Biometric information, including but not limited to your fingerprints and/or facial images;
- Video recordings or recordings of your conversations with us, in the context of opening banking facilities and/or in the form of complaints and other matters;
- Information from your device that is used to access our services or applications, such as camera, contact list, application list, usage statistics, location, device information, and network attributes.
- The use of contacts is made to facilitate input when purchasing and paying to mobile numbers on customer devices.
- The use of the camera is used to validate self-portraits or selfies by customers who register whether they are in accordance with the data previously entered.
- The use of images is used to validate the NIK and signature that the customer inputs when registering whether it is in accordance with the data registered in the e-KYC Bank's population/partner data.
- Publicly available information
Face Recognition :
- Face Recognition is one part of the process performed when customers open accounts through the Mas Mobile Application.
- Face Recognition or facial recognition process:
- Prospective customers take a photo of their ID card (KTP), which contains their NIK and facial photo.
- The NIK is checked to verify if the prospective customer is registered with the Directorate General of Population and Civil Registration (Dukcapil) or not.
- Then, the Mas Mobile Application requests prospective customers to perform Face Recognition, which involves taking a direct facial image.
- The Mas Mobile Application uses direct facial image capture as validation to ensure that the applying customer is a real person and not a photo/image of someone else.
- Face Recognition is performed to match the facial data captured by prospective customers through the Mas Mobile Application with the facial data on their ID card (KTP).
- This facial data will be matched with the face on the prospective customer's ID card (KTP) to prevent any fraudulent activities, as follows:
- This facial data is sent by Bank Mas to a third party for liveness verification.
- The third party checks the liveness of the facial data. If it passes, the facial data is forwarded to the Directorate General of Population and Civil Registration (Dukcapil) of the Ministry of Home Affairs of the Republic of Indonesia. If it fails, the facial data verification request is rejected by the third party.
- Dukcapil receives facial data verification requests from Bank MAS through the third party, and Dukcapil conducts verification with the population data they have.
- The result of Dukcapil's verification is provided as a TRUE/FALSE response and returned to the third party.
- The third party receives Dukcapil's response and forwards it back to Bank MAS.
- The facial data of prospective customers is only shared with third parties that collaborate with Bank MAS as vendors who assist in the facial recognition process.
- The photo data will be stored by Bank MAS with the following explanation:
- The Financial Services Authority (OJK) issued Circular Letter No. 14/SEOJK.07/2014 regarding the Confidentiality and Security of Consumer Personal Data and/or Information. This Circular Letter was issued in connection with the implementation of Financial Services Authority Regulation No. 1/POJK.07/2013 regarding Consumer Protection in the Financial Services Sector. The OJK Circular Letter stipulates that Financial Services Business Actors (PUJK), including banks, are required to protect consumer personal data and/or information and are prohibited in any way from disclosing consumer personal data and/or information to third parties.
- As part of the bank's policy, where it may be necessary for audits by regulators, external audits, or internal audits in the future, which require photo data when customers open accounts through the MAS Mobile Application, the storage time will always be maintained in the bank's data storage.
- The facial data will be stored for the next 30 working days after the customer captures their face image directly.
- After the storage period expires, the data will be deleted, as it is part of the bank's regulations regarding customer data information.
We may collect and maintain publicly available information, from:
- Online forums, social media (Facebook/Meta, Twitter, Linkedin, You Tube, or others) if you use social media to interact with us;
- Other public information such as population information registered with the Dukcapil/Mitra e-KYC Bank, or company information registered in the database of the Ministry of Law and Human Rights.
- We collect this information periodically.
- Use of Personal Data
In principle, we are very careful in using and managing your personal information/data. We use your information in providing our products and/or services. Also using your information for our other purposes, such as to better understand you and your needs, and to inform you about other products/services that may be of interest to you.
We may use your personal information/data in terms of:
1. Serving Our Customers
We use your personal information/data to provide products/services including for:
- Your review process and submission process for our products/services;
- Perform administration and manage our products/services that you use;
- Manage relationships with you or your business;
- Improving services to our consumers;
- Provide information about our other products/services that may interest you.
2. Improving Our Quality.
We also use your information to improve the products/services that we provide through activities such as:
- Review your feedback and evaluate how you use our products/services;
- Test and validate the effectiveness of our products and services and improve the quality of our systems;
- Monitor and review video calls, telephone recordings, online chat and other business activities for the purposes of Quality Assurance, training and compliance with applicable regulations.
3. Managing Our Operational Performance
We also use your personal information/data to manage information including to:
- Provide our products/services;
- Create and manage payments and consumer transactions;
- Manage fees and interest charged to the products/services you use;
- Collect and collect installments for credit that we give to you; as well as
- Responding to and resolving consumer complaints.
4. Manage security, risk and fraud prevention
We use your information/data to:
- Prevent, detect and investigate suspicious activity or fraud;
- Monitor our assets, for example CCTV to ensure the safety of employees and customers;
- Investigate incidents related to security or other matters involving employees and customers;
- Support the management of information and network security to prevent cyberattacks, unauthorized access, and other malicious or criminal activity.
5. Fulfillment of Our Obligations to Applicable Laws and Legislation.
If necessary, we use your personal information/data to comply with applicable laws and regulations, including obligations from regulators, in terms of:
- Confirm your identity;
- Share relevant information with law enforcement agencies, tax authorities and other regulatory bodies;
- Screening of requests and monitoring of accounts to identify criminal activity such as fraud, financing of terrorism, bribery, corruption and money laundering;
- Investigate financial crimes.
6. Manage our business
We use your information to run our business efficiently and well. Such as managing financial position, planning business capabilities, testing systems and processes, and managing communications, governance and audits.
7. Carry out analytical activities
We may combine the information we have about you with other customers (e.g. transaction information) with data obtained from other sources such as third party websites. We use this information to:
- Help us understand consumer behavior trends including how our products and/or services are used;
- Improving the products and/or services that we provide;
- Improving the quality of our data;
- Develop products and/or services that can better meet customer needs and behavior;
- Improve understanding and management of our risks.
8. New Product/Service Offerings to You (Marketing activities)
From time to time, in accordance with applicable laws and regulations, we may also use your information to notify you about products/services that are of interest to you. To do so, we may contact you via:
- Electronic mail
- Social media
- Advertisements on applications, websites or third party websites that work with us
9. If you do not wish to receive these direct marketing messages, or wish to change your contact preferences, you may notify us. Information on how to contact us at our Call Center (see How to Contact Us). We may need to identify you before we can change your preferences.
10. Determining Your Creditworthiness
We collect personal information/data related to credit, when you apply for our credit facility or use our credit service.
Credit information is your personal information regarding credit that has been given to you (including those you have submitted) which includes credit for personal needs or related to business needs, including information if you act as a guarantor for credit (guarantor).
Types of credit information that we collect, store and disclose.
We collect credit information directly from you when you apply for our credit products/services. And we can also collect this information through the Credit Information Management Agency (LPIP).
- And the types of credit information that we collect and manage are:
- Identification information.
- Name (including alias if any);
- Date of birth
- Identification information.
- Credit liability information
Information about credit loans that you have or have had. This information includes the account type, opening date and/or closing date and the credit limit obtained.
- Payment history
This information is your payment history information, including timely payments or arrears information (if any).
- Bad credit information
Information regarding details of bad credit or other credit-related violations such as fraud or fraud.
- Commonly available information such as:
- The results of the court judge's decision;
- Information regarding management positions and ownership in a company;
- Credit eligibility information
Information regarding your creditworthiness such as credit scores, credit risk ratings, summaries and evaluations.
- Our purposes for collecting and managing your credit information
When you submit a credit application to us or act as a guarantor/guarantor, we need to know information about whether you can fulfill payment obligations in accordance with the agreement that has been agreed with us. We also try to avoid providing additional credit or other facilities in the event that these additions cause you financial difficulties.
- We use your credit information to:
- Confirm your identity;
- Conduct an assessment of your credit application;
- Assessing ability to manage credit;
- Helping you to manage credit obligations and to consider requests related to financial difficulties;
- Generate assessments, ratings and evaluations related to your creditworthiness, which are used in the credit monitoring process on a regular basis;
- Collect payment information that is past due;
- Sharing information with LPIP in accordance with applicable laws and regulations.
- Credit Information Management Institution (LPIP)
We share your credit information with LPIP. This information is used to determine your eligibility for your credit application. LPIP includes this information in its reports for credit providers (including us) to assess your creditworthiness.
We may also ask LPIP to provide your overall credit score and may use information from LPIP together with other information for our assessment of your ability to manage credit.
- With whom do we share your information
We may share your personal information/data with companies related to us. We may also share your personal information/data with partners/third parties who work with us inside or outside the territory of Indonesia, as permitted by the applicable laws and regulations or for the purposes that we have explained above. When We do this, we ensure that the necessary efforts to protect your personal information/data have been made.
We emphasize that PT. Bank Multiarta Sentosa Tbk does not sell your personal information/data to partners/third parties.
Information about all parties who receive your personal information/data from us is described in the Cooperation Agreement and/or the Terms and Conditions that apply to the products/services that we provide to you.
We comply with Bank Indonesia and Financial Services Authority Regulations and the applicable Personal Data Protection Law.
- How to contact us
You can contact us by:
- Visit our nearest branch office;
- Call our 24-hour Call Center at 1500011;
- Through our Email: : email@example.com.
- We can help you to:
- Access your information;
- Request a copy of your personal information/data that we have;
- Updating your personal information/data at any time
- Data Storage and Data Security
We ensure that all of your personal information/data that is collected and/or collected by us is stored safely in accordance with the laws and regulations that apply in Indonesia.
- Declaration and Agreement
- Release the Bank from all claims, compensation and/or claims in connection with the failure to process Bank service transactions, which are caused by inaccuracies/incorrect personal information/data that you provide to us;
- That you have given us consent, permission and authority to collect, use, disclose, process, manage and provide access to personal information/data to partners/third parties for the purposes referred to above.