Indonesia – PDPA Policy Statement


Personal Data Protection Policy Statement

  1. Introduction


1.2. acts as the (subsidiary to JB Foods Ltd).  PT JEBEKOKO and its subsidiaries shall be referred to as “PT JEBEKOKO”.

1.3. This document outlines the policy implemented by PT JEBEKOKO and to manage the collection, usage and disclosure of personal data under Law No.27 of 2022 (hereinafter referred to as PDP laws).

1.4. This Policy applies to Contractors and Vendors, Customers and Third Parties.

1.5.  If there is conflict between this policy and current legislation, the latter shall prevail.


  1. Purpose

2.1. Organisations that collect, use and disclose personal data are required to develop and implement policies and practices that are necessary for the organisation to comply with the Personal Data Protection laws of Indonesia (“PDP laws”). The intention of the laws is to address the concerns from individuals in and out of Indonesia, and corporations about how their personal data is being used and maintain their trust in organisations that manage data.

2.2. PT JEBEKOKO will ensure that:

2.2.1. only fair, proper and legitimate means are employed to collect personal data;

2.2.2. personal data collected and used is accurate;

2.2.3. personal data is protected by appropriate safeguards and made available only to authorised persons; and

2.2.4. individuals have the right to rectification (access) and request correction of their personal data.


  1. Compliance with PDP Laws

3.1. PT JEBEKOKO is required to process on the following basis:


Basis for Personal Data Processing

Article 20 of the PDP Law specifies the basis for Personal Data Processing by PT JEBEKOKO Controllers, as follows:

(1) Consent: An explicit consent must be obtained from the Data Subject. Such consent shall relate to one or more purposes which have been explained to the Data Subject;

(2) Contract: Fulfilment of contractual obligations to which the Data Subject is a party, or to fulfil the request of the Data Subject at the time of entering into an agreement;

(3) Legal Obligation: Fulfilment of the legal obligations of the Controller in accordance with the applicable laws;

(4) Vital Interest: Protection of the Data Subject’s vital interests;

(5) Public Task: Implementation of tasks in the context of public interest, public services, or the implementation of the authority of the Data Controller in accordance with the applicable laws; and/or

(6) Legitimate Interest: Fulfilment of other legitimate interests which shall be carried out by balancing the Data Controller’s interests and the Data Subject’s rights.


  1. Personal Data Protection Principles

4.1. In handling personal data, PT JEBEKOKO abides by the following personal data protection principles:

4.2. Notification of purpose and consent

4.2.1. Unless otherwise required or permitted by law, PT JEBEKOKO will notify the individual of the purposes for which PT JEBEKOKO intends to collect, use or disclose personal data. This will occur on or before the time of the collection, use or disclosure. PT JEBEKOKO will limit the personal data collected to that which is necessary for, or related to, these purposes;

4.2.2. Unless otherwise required or permitted by law, PT JEBEKOKO will only collect, use or disclose personal data with explicit consent; and

4.2.3. An individual may withdraw their consent for PT JEBEKOKO to collect, use and disclose their personal data.

4.3. Rectification (Access and correction)

4.3.1. Upon request, PT JEBEKOKO will provide an individual with access to their personal data and information about the ways in which their personal data may have been used or disclosed in the past year, as required or permitted by laws;

4.3.2. An individual may also verify the accuracy and completeness of their personal data, and request that it be amended, if appropriate. PT JEBEKOKO will respond to these requests in accordance with its personal data practices and policies and in accordance with the law.

4.4. Accuracy

4.4.1. PT JEBEKOKO aims to keep records of personal data accurate and up to date as is necessary to fulfil the purposes for which the data was collected and used. For this reason, individuals are required to update their personal data by informing PT JEBEKOKO of any changes promptly.

4.5. Safeguards

4.5.1. PT JEBEKOKO will protect personal data with security safeguards that are reasonable and appropriate to the sensitivity of the personal data, in order to protect it from unauthorized access, use or disclosure.

4.6. Retention

4.6.1. PT JEBEKOKO complies with applicable regulatory requirements with respect to the retention of personal data

4.7. Openness

4.7.1. PT JEBEKOKO has appointed designated individuals who are responsible for monitoring ongoing compliance relating to PDP laws.

4.7.2. PT JEBEKOKO will make information about personal data protection policies, practices and complaint process available to you through this Statement, and upon request


  1. Personal Data

5.1. The PDP Law Indonesia defines Personal Data as any data concerning a person, whether identified or who may be identified independently or combined with other information, either directly or indirectly, through an electronic or non-electronic system. The individuals to whom Personal Data is attached are referred to as Data Subjects.

5.2. Examples of personal data include:

5.2.1. Personal particulars, such as name, NRIC Number, Passport number or other personal identification number;

5.2.2. Contact details such as your telephone number, email address, or fax number;

5.2.3. Information about personal use of PT JEBEKOKO’s websites and services, including cookies, IP addresses, subscription account details and membership detail; and

5.2.4. Any other information relating to you which you have provided us in any form you may have submitted to us, or in other forms of interaction with individuals.

5.2.5. Financial, bank details and other personal data including credit card details, gender, nationality, race, marital status, including details of nominees;

5.2.6 Service performance and conduct reports, and service fee reviews, records relating to non-availability for service;


  1. How Personal Data is Collected

6.1. A non-exhaustive list of how data is collected:

6.1.1. When an individual contacts the PT JEBEKOKO via form submission on our website or through email;

6.1.2. When an individual interacts with the PT JEBEKOKO during face-to-face meetings or through tele-conferencing;

6.1.3. When an individual submits a job application

6.1.4. When an individual asks to be included in an email or mailing list;

6.1.5. When an individual responds to any market surveys conducted by PT JEBEKOKO;

6.1.6. When an individual browses PT JEBEKOKO’s website at


  1. How Personal Data is Used

7.1. PT JEBEKOKO might use personal data for the following and therefore Data Subject consents explicitly to:

7.1.1. confirm personal identity

7.1.2. confirm the accuracy of the information collected

7.1.3. properly administer the services PT JEBEKOKO provides

7.1.4. communicate and respond to queries or instructions

7.1.5. provide ongoing information and services

7.1.6. make payments

7.1.7. recover any debts owed to PT JEBEKOKO

7.1.8. detect, investigate and prevent fraud, or other unlawful or improper activities

7.1.9.  comply with all legal and regulatory requirements within and outside Indonesia including disclosures to judicial, regulatory, government, statutory authorities and industry entities

7.1.10.  resolve complaints, and handle requests for data access or correction

7.1.11.  conduct compliance monitoring and audit reviews;

7.1.12. compile statistics to design and improve services, or participate in industry exercises and studies;

7.1.13. conduct research to understand current and future needs, for example, to conduct surveys and other forms of market research and analysis;

7.1.14. perform any functions and activities related to products or services including but not limited to marketing, audit, reporting, research, analysis and finance;

7.1.15. comply with any contractual or other commitment or arrangement with local or foreign regulators, governmental bodies, or industry recognised bodies (whether within or outside Indonesia) that is assumed by or imposed on us

7.1.16. exercise any rights PT JEBEKOKO may have in connection with the provision of services;

7.1.17. enable an actual or proposed assignee, transferee, participant or sub-participant of our rights or business to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation;

7.1.18 To transfer personal data within the jurisdiction or outside of Indonesia.

7.1.19. for any other purposes specifically provided for in any particular product or service offered by PT JEBEKOKO or permitted or required by law or the relevant authorities.


7.2.1. to administer the relationship, including the verification of your identity and/or the identity of your proxy (as may be applicable);

7.2.2. to inform you of PT JEBEKOKO’s performance and any relevant information and disclosures through the sending of circulars, reports, newsletters and communications;

7.2.3. to communicate changes and development to PT JEBEKOKO policies, terms and conditions and other administrative information; and

7.2.4. any other purpose relating to any of the above.

7.3. If an individual is a prospective Contractor/Vendor/Customer:

7.3.1. to provide or to obtain references for background screening/vetting;

7.3.2. processing service applications including quotations from you;

7.3.3. determining and reviewing service fee and/or package and terms;

7.3.4. consideration for service determination and allocation and/or development, secondment or transfer, performance monitoring, health and safety administration and security and access control;

7.3.5. monitoring compliance with our internal rules and guidelines, policies and SOPs;

7.3.6. complying with the compliance and disclosure requirements of any and all governmental and/or quasigovernmental departments and/or agencies, regulatory and/or statutory bodies;

7.3.7. to enforce our rights under any applicable laws to defend our rights under the law including but not limited to any disciplinary action or actions relating to the termination or dismissal of contract service;

7.3.8. to process service and declarations forms that require the transfer of Personal Data into it: Application Forms for the purposes of Access Card, Car Sticker; This list is non-exhaustive;

7.3.9. to process and tract service providers attendance through the use of biometric systems inclusive but not limited to electronic fingerprint collection or signature matching;

7.3.2. any other purposes relating to the aforesaid.


  1. Whom Personal Data is Disclosed to

8.1. Personal data held by PT JEBEKOKO will be kept confidential, but it may be disclosed or transferred such personal data to the following persons and/or entities (whether within or outside Indonesia) for any of the purposes set out in paragraph below:

8.1.1. any other purposes relating to the aforesaid.

8.1.2. any person in connection with any claims made by or against or otherwise involving an individual in respect of any services;

8.1.3. any agent, contractor or third-party service provider who provides administrative, consultative, telecommunications, computer, information technology, payment, data processing or storage in connection with the operation of our business, including any custodian, administrator, investment manager, investment advisor or distributor;

8.1.4. any credit reference agencies or, in the event of default, any debt collection agencies;

8.1.5. any financial advisor, bank partner, broker, introducer or other intermediary (including their employees);

8.1.6. reinsurers (including proposed reinsurers) and medical service providers;

8.1.7. any person which has undertaken to PT JEBEKOKO to keep such personal data confidential;

8.1.8. any person to whom PT JEBEKOKO is under an obligation or otherwise required to make disclosure under the requirements of any laws, rules, regulations, codes of practice, guidelines or guidance binding on or applicable to us including but not limited to any local or foreign regulators, governmental bodies, or industry recognized bodies; or

8.1.9. any person to whom are under an obligation or otherwise required to make disclosure pursuant to any contractual or other commitment or arrangement with local or foreign regulators, governmental bodies, or industry recognized bodies that is assumed by or imposed on us by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign regulators, governmental bodies, or industry recognized bodies.


  1. Withdrawal of Consent

9.1. An individual may withdraw consent for PT JEBEKOKO to collect, use or disclose his / her personal data for any purpose (e.g. send marketing messages) by contacting PT JEBEKOKO directly. Upon receipt of notice to withdraw consent, PT JEBEKOKO will inform of the likely consequences of the consent withdrawal. In some cases, withdrawing consent may have an impact on PT JEBEKOKO ability to provide information and applicable services to the individual.


10.    Failure to supply personal data

  • Contractor/Vendor/Customers’ ought to be aware that failure to supply such data will result in us being unable to process service applications, or affect our ability to perform our obligations under any potential or existing service contract and/or your ability to enjoy the benefits of your partnership with us.
  • If an application for service is successful, data about Contractors/Vendors/Customers, including sensitive personal data, may also be collected from Contractors/Vendors/Customers during the period of their service with us and from other sources such as third-party background checks, any registered credit reporting agency, any regulatory authorities and any authority, central depository or depository agent in relation to the securities industry.


11.    Transfer of Personal Data Outside Indonesia

11.1. PT JEBEKOKO operates its business in Indonesia and for contractual, legal or business reasons, it may transfer personal data to service providers located within the jurisdiction of Indonesia and outside of Indonesia with the Data Subject consent stated heein. PT JEBEKOKO will use legally binding instruments and other safeguards to ensure that appropriate levels of protection necessary to maintain the security of personal data are in place and that any transferred personal data is processed only in accordance with the Act and any other applicable laws and regulations.


12.     Use of Cookies

12.1. Cookies are small text files that may be automatically stored on a web browser that can be retrieved by PT JEBEKOKO’s website. PT JEBEKOKO may use cookies to enable or enhance the functionality of the website, or to analyze visitor traffic for marketing or other purposes. PT JEBEKOKO may also use web analytic consultants to research certain usage and activities on parts of the website. Cookies can make our website more useful by storing information about your preferences, thus enabling us to provide a more personalised service.

12.2. Most web browsers are initially set to accept cookies. Individuals can adjust settings on their web browser so that they will be notified when receiving a cookie. If preferred, an individual can set your web browser to disable cookies. However, by disabling them, certain functions of the website might be disabled.


13.    Changes to Statement of Personal Data Protection

13.1. This PDP Statement is available on PT JEBEKOKO’s website at

PT JEBEKOKO reserves the right to modify or change this Policy at any time. The date as stated below indicates the last time this Statement was materially revised. If PT JEBEKOKO makes any material changes to the Statement, it provides notification via update on PT JEBEKOKO’s website. PT JEBEKOKO urges individuals to review this webpage periodically to read and understand latest policies regarding the handling of personal data.


Contact Information

The Data Protection Officer