Pemberitahuan Pelindungan Data Pribadi

Pemberitahuan Pelindungan Data Pribadi

Privacy Notice

PT Bank Multiarta Sentosa Tbk

Last Updated: 31 July 2025

PT Bank Multiarta Sentosa Tbk (hereinafter referred to as "Bank MAS") is a financial services institution that is subject to the applicable laws in Indonesia. This Privacy Notice page aims to provide you with information on how Bank MAS processes and protects your personal data in accordance with the provisions of the laws and regulations related to personal data protection in Indonesia.

Legal Basis for Processing Your Personal Data

The processing of your personal data by Bank MAS is based on one or more of the following legal bases:

  • Valid Consent from the Data Subject: Bank MAS will process your personal data based on consent that you have voluntarily, explicitly, and in writing (including electronically) provided after you have received clear and complete information about the purpose of the data processing. You can withdraw this consent at any time in accordance with the provisions of the laws and regulations.
  • Fulfillment of Contractual Obligations: The processing of your personal data is necessary for the performance of a contract to which you are a party, or to fulfill your request in preparation for or formation of such a contract. Examples include opening an account, applying for a loan, or using other banking services.
  • Fulfillment of Bank MAS's Legal Obligations: Bank MAS may process your personal data to comply with legal obligations applicable to Bank MAS, such as reporting obligations to authorized parties (e.g., the Otoritas Jasa Keuangan, Bank Indonesia, Pusat Pelaporan dan Analisis Transaksi Keuangan /PPATK), compliance with anti-money laundering, terrorism financing, and weapons of mass destruction proliferation financing regulations, or court orders.
  • Protection of the Data Subject's Vital Interests: The processing of your personal data may be carried out to protect your vital interests as a data subject, in cases where you are unable to give consent for physical or legal reasons.
  • Performance of a Task in the Public Interest or Exercise of Bank MAS's Authority: Personal data processing may be carried out for the performance of a task in the public interest or the exercise of authority granted to Bank MAS based on laws and regulations.
  • Legitimate Interests of Bank MAS or Other Parties: The processing of personal data may be based on the legitimate interests of Bank MAS or other parties that align with the purpose of the processing, while considering the balance between these interests and your fundamental rights and freedoms as a Personal Data Subject. These legitimate interests will be carefully considered and will not harm your privacy rights.


Purposes for Processing Your Personal Data

Bank MAS processes your Personal Data for purposes including but not limited to:

Related to Bank MAS products, services, or infrastructure

  • Providing and developing Bank MAS services.
  • Ensuring the fulfillment of the rights and obligations of Bank MAS and you, in accordance with the agreement(s) made between the Bank and you.
  • For the purpose of analyzing the feasibility of providing products or services to you or providing credit facilities to you.
  • Offering products or services from Bank MAS or other parties collaborating with Bank MAS. With your consent, Bank MAS may contact you during working days and in business hours through your personal communication channels (such as phone, instant message, email, etc.) to offer products or services provided by Bank MAS itself or in collaboration with partners who have partnered with Bank MAS.
  • Security measures for you, such as personal data processing for a fraud detection system to help Bank MAS prevent you from becoming a victim of crimes committed by irresponsible parties.
  • Other purposes as long as they have a legal basis for personal data processing.

Related to Employment Relationships

  • The selection process for prospective Bank MAS employees.
  • Processing of personal data for employment purposes, such as salary payments, promotions, demotions, transfers, health insurance, certifications, training, tax reporting, providing business cards, etc.
  • Fulfillment of Bank MAS's obligations and risk management, such as fraud prevention through employee lifestyle monitoring programs (know your employee), implementation of personal data security controlled by Bank MAS through Data Loss Protection (DLP), installation of CCTV in work areas, etc.
  • Other purposes as long as they have a legal basis for personal data processing.

Related to Fulfillment of Contractual/Agreement Obligations

  • The procurement process, including the procurement of goods, services, provision of IT services by other parties to Bank MAS, and Bank MAS's outsourcing.
  • Performance appraisal, internal control and monitoring by Bank MAS, as well as audits conducted by Bank MAS or a party appointed by Bank MAS or another authorized party related to the procurement process or performance of work/agreements.
  • For the purpose of preventing bribery or corruption.
  • For the purpose of fulfilling the Bank's obligations, such as payments by Bank MAS to you in accordance with the agreed-upon Agreement.
  • Other purposes as long as they have a legal basis for personal data processing.

Fulfillment of Bank MAS's Legal Obligations

  • Complying with provisions related to the implementation of anti-money laundering programs, prevention of terrorism financing, and prevention of the financing of the proliferation of weapons of mass destruction in the financial services sector.
  • Fulfilling requests for reports or information or carrying out certain actions in accordance with the rules of an Authorized Party (a body, regulator, or institution authorized according to applicable law).
  • Dispute resolution processes, both in and out of court.
  • Executing court decisions, arbitration, or other dispute resolution institutions that have permanent legal force.
  • Conducting audits by Bank MAS's internal team or by an external party appointed by Bank MAS or at the appointment of an Authorized Party in accordance with company provisions or applicable laws and regulations.
  • Other purposes as long as they have a legal basis for personal data processing.
  • Other purposes that are in accordance with the provisions of the laws and regulations.

Personal Data Collected by Bank MAS

Bank MAS may collect various types of your personal data, including but not limited to:

  • Identity Data: This includes information such as full name, place and date of birth, gender, marital status, nationality, religion, mother's maiden name, address on the Indonesian ID Card (KTP), domicile address, National Identity Number (NIK) on the KTP, passport number, Taxpayer Identification Number (NPWP), photos, videos, signatures, information related to family members, and biometric data (such as fingerprints or facial recognition).
  • Contact Data: This includes email address, phone numbers (home, office, and mobile), and other contact information you provide.
  • Financial Data: This data includes bank account information, transaction history, account balance, payment details, credit/debit card information you own, loan information, credit history, income, and other financial information relevant to the Bank MAS products or services you use.
  • Transaction Data: This includes details about the banking products and services you purchase or use, including the amount, time, and parties involved in the transaction.
  • Demographic Data: Such as information on occupation, education, and lifestyle preferences.
  • Technical and Usage Data: When you access Bank MAS digital services (such as mobile banking or internet banking), Bank MAS may collect technical data such as IP address, device type, operating system, geographical location, log information, and application or website usage data.
  • Other Data Provided by You: Any information you voluntarily provide to Bank MAS in correspondence, surveys, or other interactions.

The collection of this personal data is carried out for legitimate, specific, and clear purposes, and will be processed in a limited and proportional manner to its purpose. Bank MAS will ensure that your personal data is only used for the purposes that have been informed and agreed upon, and will not be used for other purposes without additional notification and/or consent from you, unless required by law.

Security and Storage of Your Personal Data

Personal Data Storage Location

Your personal data may be stored in data center(s) located in Indonesia or outside the territory of Indonesia, in accordance with the operational needs of Bank MAS that comply with applicable laws and regulations. Bank MAS ensures that any data storage outside the territory of Indonesia will still comply with personal data protection standards equivalent to the provisions of the PDP Law, including through legal agreements and mechanisms to guarantee the security and confidentiality of your data.

Personal Data Storage Security

Bank MAS implements strong technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include but are not limited to:

  • Implementation of anonymization technology.
  • Data encryption to protect information in transit and at rest.
  • Strict access controls to ensure that only authorized personnel can access your personal data.
  • Network security systems (firewalls) and security monitoring to detect and prevent cyber threats.
  • Standard operating procedures (SOPs) and regular training for Bank MAS employees on best practices for personal data protection.

Personal Data Storage Period

Bank MAS will store your personal data for as long as necessary to fulfill the purpose of its collection. After the storage period has been fulfilled or the purpose of personal data processing ends, we will securely delete or destroy your personal data, unless other laws and regulations require it to be stored longer or you provide consent for a specific storage purpose. Bank MAS is committed to continuously improving its data security measures in line with technological and regulatory developments.

Exercising Your Rights as a Data Owner

As the Data Owner (Personal Data Subject), you have rights that you can exercise with Bank MAS. To exercise your rights, please contact Bank MAS by referring to the "Contact Us" section.

Here is a summary of your rights that you can request from Bank MAS through a written request:

  • Right to Obtain Information: You have the right to request information regarding the clarity of identity, legal basis, purpose of the request and use of Personal Data, as well as the accountability of the party requesting the Personal Data.
  • Right to Rectify Personal Data: You have the right to request Bank MAS to rectify or complete your Personal Data that is inaccurate, incomplete, or irrelevant.
  • Right to Access Personal Data: You have the right to obtain access to and get a copy of your Personal Data that Bank MAS processes, including information about the history of the data processing.
  • Right to Destroy and/or Delete Personal Data:You have the right to request Bank MAS to destroy and/or delete your Personal Data if:
    • The Personal Data is no longer relevant to the purpose of its collection.
    • You have withdrawn your consent for the processing of Personal Data.
    • The processing of Personal Data is done unlawfully.
    • The destruction and/or deletion of Personal Data does not conflict with the provisions of the laws and regulations.
  • Right to Withdraw Consent: You have the right to withdraw the consent you have given for the processing of your Personal Data, unless the processing is based on another valid legal basis (for example, a legal obligation). The withdrawal of consent does not affect the validity of the Personal Data processing that has already taken place based on the consent given previously.
  • Right to Postpone or Object to Automated Personal Data Processing: You have the right to request the postponement or objection to the processing of Personal Data that is solely based on automated processing, including profiling, which results in legal consequences or has a significant impact on you.
  • Right to Restrict Personal Data Processing: You have the right to request Bank MAS to restrict the processing of your Personal Data under certain conditions, for example, if you dispute the accuracy of your Personal Data, or the processing is unlawful, or we no longer need the Personal Data but you need it for law enforcement.

In addition, you also have the right to:

  • Right to Sue and Receive Compensation: You have the right to file a lawsuit and receive compensation from Bank MAS if Bank MAS is proven to have violated the processing of your Personal Data.
  • Right to Data Portability: You have the right to obtain and/or use your Personal Data from Bank MAS in a structured, commonly used, and machine-readable format, and have the right to transfer that Personal Data to another Personal Data Controller.

Updates or Changes to the PDP Notice

Bank MAS may review and amend this PDP Notice from time to time. Any changes will be announced on this page, and we kindly ask that you review this PDP notice periodically.

Contact Us

If you have questions or complaints regarding this PDP notice, please contact us using the contact information listed on the page:

https://www.bankmas.co.id/en/kontak-kami/


I want to: