Privacy Policy

Privacy Policy – Bank Mega Customer Complaint Service

This privacy policy explains how PT Bank Mega, Tbk (as defined below) processes your Personal Data when you contact and interact with our Complaint Service.

This Privacy Policy also outlines the types of Personal Data collected, the purposes of processing, the legal basis, the retention period, and your rights as a Data Subject within the Complaint Service in accordance with the provisions of laws and regulations regarding Personal Data Protection and applicable banking regulations.

The terms used in this Privacy Policy are defined as follows:

  1. Yourefers to all owners of Personal Data (Data Subjects) who use the Service, including but not limited to Bank Mega customers and individuals designated and/or authorized to represent customers, as well as users of the Bank Mega website and mobile app.
  2. Personal Datarefers to data concerning an individual who is identified or can be identified, either on their own or in combination with other information, either directly or indirectly, through electronic or non-electronic systems.
  3. Services are:
    1. Banking services provided by Bank Mega encompass all services and products, including but not limited to deposits, loans, investment products, bancassurance, credit cards, treasury, internet banking, mobile banking, custodianservices, and other banking services.
    2. Websites, features, applications, social media, or other communication platforms provided or used by Bank Mega.
    3. All activities carried out by Bank Mega in connection with the provision of banking services and/or the conduct of Bank Mega’s operations.
  4. Complaint Handling Service is a service provided by Bank Mega to facilitate the resolution of complaints.
  5. Personal Data Protection refers to all efforts to protect Personal Data throughout the processing chain to ensure the constitutional rights of the Data Subject.
  6. Personal Data Controllermeans any individual, public body, or international organization acting alone or jointly in determining the purposes and exercising control over Data Processing
  7. A Complaint is a complaint indicating a dispute or a complaint
  8. Personal Data Processing is a series of activities involving the acquisition, collection, processing, analysis, storage, correction, updating, dissemination, display, publication, transfer, disclosure, erasure, and destruction of Personal Data.
  9. Personal Data Processormeans any individual, public entity, or international organization acting individually or jointly in processing Personal Data on behalf of Bank Mega.
  10. Disputemeans a disagreement between a Customer and the Bank that has gone through Bank Mega’s complaint resolution process.
  11. Data Subjectmeans an individual to whom Personal Data pertains.
  12. Third Partymeans any party that has a relationship with Bank Mega, including business partners, vendors, outsourcing companies, and/or other parties;
Who We Are

We are PT Bank Mega, Tbk, headquartered at Menara Bank Mega, Jl. Kapten P. Tendean 12-14A, Jakarta 12790, Indonesia, hereinafter referred to as “Bank Mega” or “we.” We are the entity responsible for processing Personal Data in connection with our Services.

In order to provide a Complaints Service for customers and the public regarding the Services we provide, Bank Mega acts as the Personal Data Controller for the Personal Data you submit to us in writing or in recorded form, whether directly or indirectly, through forms, telephone, websites, mobile banking applications, social media, or other communication channels. All processing of Personal Data is conducted in accordance with the provisions of laws and regulations regarding Personal Data Protection as well as other applicable banking regulations.

Personal Data We Process

When you contact our Complaints Service via telephone, email, website, app, official social media, or other communication channels. We will collect and process your Personal Data to ensure the effectiveness and suitability of our Complaints Service to your needs, including for:

  1. Identity verification to ensure that the party submitting a question, request, or complaint is legitimate and authorized, as well as to maintain security and prevent potential identity theft.
  2. Handling complaints (complaint handling) regarding our Services.
  3. Providing information (information handling)related to our Services.
  4. Fulfilling requests (request handling)such as data updates or submissions for specific Services.
  5. Bank Mega’s legitimate interests (legitimate interest), including but not limited to:
    1. Analyzing trends and root causes of complaints to improve Service quality;
    2. Evaluating and monitoring the quality of complaint handling (service quality);
    3. Reporting, training, and internal audits; and
    4. Service development and experience enhancement based on feedback from Customers or the public.

In providing our Complaint Handling Service, we may collect and process your Personal Data as follows:

  1. Identity information: full name, identification number, date of birth, or other verification data required to confirm your identity.
  2. Contact information: phone number, email address, and mailing address.
  3. Account or service information: account number, type of product or service used, and transaction information relevant to your complaint or request.
  4. Interaction information: date, time, call duration, voice recordings of conversations, records of complaints or requests, and the results of follow-up by complaint service agents.
  5. Additional information (if relevant): supporting documents for the complaint, branch location, or your responses in customer satisfaction surveys.

We only process Personal Data for the purpose of handling the Complaint Service and do not use it for other purposes without a valid legal basis or without notifying you.

How Long We Retain Your Personal Data

Personal Data that we collect and process for the purposes of the Complaint Service will be retained for as long as necessary to fulfill the purposes of processing or in accordance with applicable laws and regulations.

Personal Data processed for the purposes of handling complaints, information requests, or service requests will be retained for as long as necessary for the resolution of complaints, legal purposes, and audits.

With Whom We Share Your Personal Data

We may share your Personal Data with certain parties within a reasonable scope and in accordance with applicable laws and regulations, including the Personal Data Protection Act, regulatory requirements, and other legal provisions.

Any Personal Data we share with certain parties for the purpose of handling the Customer Complaint Service is done carefully, upholding the principles of transparency, security, and confidentiality of your Personal Data.

The parties that may be involved in processing your Personal Data for the handling of customer Complaint Services include:

  1. Personal Data Processors

    To support the operational activities of the Complaint Service, we may appoint Third Parties to act as processors of your Personal Data, including: The disclosure of Personal Data to these third parties is limited, in accordance with the purpose of processing and based on cooperation agreements that require the third parties to maintain confidentiality, security, and compliance with Personal Data Protection provisions in accordance with applicable laws and regulations.

    1. Providers of information technology services, system security, data storage, and digital infrastructure;
    2. Support service providers, information delivery providers, or customer satisfaction survey administrators, including third parties collaborating with the Bank in handling and following up on complaints, delivering notifications, providing complaint status updates, conducting customer satisfaction surveys for the Complaint Service, and other supporting activities relevant to improving service quality
    3. In certain cases, such third parties may include payment system operators, payment system network operators, and/or switchinginstitutions (both national and international), partner insurance companies, collection agencies, merchants, or other partners, or other relevant financial service institutions, to the extent necessary for the verification, clarification, or resolution of complaints.
  2. Authorities/Law Enforcement Agencies and Competent RegulatorsWe may disclose your Personal Data to government authorities, law enforcement agencies, the Financial Services Authority (OJK), Bank Indonesia (BI), or other competent authorities if required by applicable laws and regulations, or in order to fulfill our obligations.

Under certain circumstances, Personal Data may be transferred without your consent, including for:

  1. The performance of an agreement or the Services you have requested;
  2. Compliance with applicable laws and regulations; or
  3. The execution of legitimate banking transactions.

Your Personal Data may be stored and/or processed by parties that officially collaborate with Bank Mega, both within and outside the territory of the Republic of Indonesia, while ensuring the security, confidentiality, and integrity of your Personal Data.

Your Rights

If you choose not to provide the Personal Data required for the Complaint Service, we will be unable to process your request and/or provide certain services that require such Personal Data.

We are committed to respecting and addressing every request regarding the rights of Data Subjects in a transparent, proportionate manner, and in accordance with procedures set forth in our internal policies and applicable laws and regulations.

To submit a request regarding your rights as a Data Subject, you may contact MegaCall at 08041500010 or visit the nearest branch office.

We will consider each of your requests while taking into account all applicable laws and regulations as well as our legitimate interests.

We may refuse to fulfill your request if there are exceptions as provided for by law.

Your Obligations

You are responsible for actively ensuring the accuracy of your Personal Data. You are required to notify Bank Mega and request that we correct, complete, and/or update your Personal Data. In the event of inaccuracies in the Personal Data you provide and after making reasonable efforts—we reserve the right to suspend the processing of any Complaint Service you have submitted to us.

You are also responsible for maintaining the confidentiality of your Personal Data—including information regarding your username, password, email address, and One-Time Password (OTP)—from anyone, and for always safeguarding and taking responsibility for the security of the devices you use.

Security of Your Personal Data

Bank Mega will not sell, exchange, and/or disclose your Personal Data. In an effort to protect and secure your Personal Data from unauthorized processing by third parties, Bank Mega consistently strives to implement best practices in procedures and the use of electronic systems equipped with adequate security measures in accordance with the requirements of regulatory authorities and applicable laws and regulations, and Bank Mega will update these security measures from time to time.

In the event of unauthorized access to or illegal activities involving your Personal Data which are beyond our control, we will notify you as soon as possible so that you can mitigate the risks arising from such incidents.

The security of your Bank Mega account also depends on how you maintain the confidentiality of your account password, Personal Identification Number (PIN), and other access information. If you share your account information with others, they may gain access to your account and Personal Data.

Providing information over the internet carries security risks, which are also your responsibility.

Changes to the Privacy Policy

We may amend, update, and/or add to some or all of the provisions in this privacy policy, in accordance with Bank Mega’s future business strategies and policies and/or changes in laws and regulations. If this privacy policy is amended, updated, or supplemented, we will notify you through Bank Mega’s official communication channels.

We encourage you to review this Privacy Policy periodically to ensure you are aware of any changes made to it.

References

The Personal Data Protection Law, Bank Indonesia Regulations (PBI), Financial Services Authority Regulations (POJK), and other applicable laws and regulations.