Privacy Policy

Kebijakan Privasi dan Pengamanan - Internet Banking

Privacy Policy

This Privacy Policy represents PT Bank Mega, Tbk. (“Bank Mega”) firm commitment to respecting and protecting your right to privacy regarding your Personal Data when you use Bank Mega’s products and/or services, as well as to safeguarding your right to determine how your Personal Data will be used.

In order to protecting and safeguarding your Personal Data, Bank Mega implements policies and practices in accordance with applicable Personal Data Protection regulations. Therefore, you are encouraged to read this Privacy Policy to understand Bank Mega’s Personal Data processing practices.

This Privacy Policy applies to you as a prospective customer/customer, job candidate/employee, partner, or affiliate, and other third parties related to the use of Bank Mega’s products and/or services.

The terms used in this Privacy Policy are defined as follows:

  1. “Bank Mega” refers to PT Bank Mega Tbk;
  2. “Corporate Data” refers to data of corporate users of the Services;
  3. “Personal Data” refers to data about individuals or Corporate Data that can be identified individually or in combination with other information, either directly or indirectly, through electronic or non-electronic systems;
  4. “Services” are:
    1. Bank Mega’s banking services encompass all services and products, including but not limited to deposits, loans, investment products, bancassurance, credit cards, treasury services, internet banking, mobile banking, custodial services, and other banking services.
    2. Websites, features, applications, social media, or other forms of communication media provided or used by Bank Mega.
    3. All activities carried out by Bank Mega in connection with the provision of banking services and/or the conduct of Bank Mega’s operations.
  5. “Personal Data Processing” means the activities of obtaining, collecting, processing, analyzing, storing, correcting, updating, disseminating, displaying, announcing, transferring, disclosing, deleting, and destroying Personal Data;
  6. “Third Party” means any party that has a relationship with Bank Mega, including business partners, vendors, outsourcing companies, and/or other parties;
  7. “You” means all owners of Personal Data (Data Subjects) who use the Services, including but not limited to Bank Mega customers and individuals designated and/or authorized to represent customers, users of Bank Mega’s website or application, employees/job candidates, and Third Parties associated with Bank Mega; and
  8. “Personal Data Protection Law” or “PDP Law” refers to Law No. 27 of 2022 on Personal Data Protection, as well as its implementing regulations and any amendments thereto as may be enacted from time to time.

This Privacy Policy covers the following matters:

  1. COLLECTION AND PROCESSING OF PERSONAL DATA

    Bank Mega, as a commercial bank established under the laws of the Republic of Indonesia, always conducts its business activities in accordance with applicable laws and regulations, including but not limited to the Banking Law, Financial Services Authority (OJK) Regulations (POJK), Bank Indonesia (BI) Regulations (PBI) and other relevant laws and regulations.

    In collecting Personal Data for the provision of Services, Bank Mega consistently complies with laws and regulations regarding Personal Data, including but not limited to the provisions of the Personal Data Protection Act (PDP), Bank Indonesia Regulations (PBI), and Financial Services Authority Regulations (POJK) related to Consumer Protection.

  2. PERSONAL DATA COLLECTED

    Pursuant to these terms and conditions, you are required to provide Personal Data when using Bank Mega’s Services. Bank Mega obtains and collects data that is identified and/or identifiable, either on its own or in combination with other information, either directly or indirectly through electronic and/or non-electronic systems. Bank Mega will collect Personal Data for purposes permitted by the applicable laws and regulations of the Republic of Indonesia. If you fail and/or are unwilling to provide the Personal Data that Bank Mega requires to provide the Services and fulfill Bank Mega’s legal obligations to you, Bank Mega will be unable to fulfill its obligation to provide the Services to you or process your application for the Services.

    If you fail and/or are unwilling to provide the Personal Data that Bank Mega needs to provide the Services and fulfill Bank Mega’s legal obligations to you, Bank Mega will be unable to fulfill its obligation to provide the Services to you or process your application for the Services.

    1. The Personal Data that Bank Mega collects for the provision of Services includes, but is not limited to:
      1. General Data
        1. Full name;
        2. Gender;
        3. Nationality;
        4. Religion;
        5. Marital status;
        6. Identification number (National Identity Number/Passport/Child Identity Card/Student ID);
        7. Date of birth and/or age;
        8. Phone number;
        9. Address;
        10. Email address;
        11. Mother’s maiden name;
        12. Other Personal Data combined to identify an individual;
      2. Specific Data:
        1. Biometric data uniquely identifying an individual, including but not limited to facial images, fingerprints, signatures, and voice recordings;
        2. Personal financial data, including but not limited to bank deposit balances, credit card information, and income;
        3. Other data in accordance with applicable laws and regulations;
      3. Corporate Data, including but not limited to the name, address, phone number, and identification documents such as Resident Identity Cards (KTP), passports, or residence permits of corporate officers, including the Board of Directors, Board of Commissioners, and/or shareholders;
      4. Other data submitted or made accessible by you to Bank Mega.
    2. Personal Data obtained from your use of Bank Mega’s Services, including but not limited to:
      1. Details of your activities, including but not limited to information related to the assessment of your profile or transactions.
      2. Internet Protocol (IP) addresses, location information, your device data, and data regarding your transaction activities at Bank Mega.
      3. All data regarding the content you use.
    3. Personal Data obtained from Third Parties that collaborate with Bank Mega regarding the processing of Services.
    4. Personal Data of other individuals that you provide to Bank Mega (such as your family members, friends, relatives, or people in your contact list). When you provide another person’s Personal Data to Bank Mega, you must declare and guarantee that you have informed that individual and obtained their consent for their Personal Data to be submitted to Bank Mega and processed in accordance with the information set forth in this Privacy Policy. If necessary at any time, Bank Mega may ask you to provide written proof of consent from each of these individuals.

    If you fail and/or are unwilling to provide the Personal Data that Bank Mega needs to provide the Services and fulfill Bank Mega’s legal obligations to you, Bank Mega will be unable to fulfill its obligation to provide the Services to you or process your application for the Services.

  3. YOUR RIGHTS AND OBLIGATIONS

    Your Rights

    As a Data Subject, you have the right to:

    1. To obtain information regarding the identity of the requesting party, the legal basis for the request, the purpose of the request and the use of Personal Data, and the accountability of the party requesting the Personal Data.
    2. To supplement, update, and/or correct errors and/or inaccuracies in your Personal Data in accordance with the purpose of processing such Personal Data.
    3. To access and obtain a copy of your Personal Data in accordance with applicable laws and regulations.
    4. To cease the processing, delete, and/or destroy your Personal Data in accordance with applicable laws and regulations.
    5. Withdraw the consent for the processing of your Personal Data that you have previously granted to Bank Mega.
    6. Object to decision-making actions based solely on automated processing, including profiling, that result in legal consequences or have a significant impact on the Data Subject.
    7. Suspend or restrict the processing of Personal Data in a manner proportionate to the purposes of such processing.
    8. To file a lawsuit and receive compensation for violations of the processing of your Personal Data in accordance with the provisions of applicable laws and regulations.
    9. To obtain and/or use your Personal Data from Bank Mega in a form that is consistent with commonly used structures and/or formats or that is readable by electronic systems.
    10. To use and transfer your Personal Data to other Personal Data Controllers, provided that the systems used can communicate securely with one another in accordance with the principles of Personal Data Protection as stipulated by applicable laws and regulations.

    To exercise your rights, you may contact MegaCall at 08041500010 or visit the nearest Bank Mega branch. Bank Mega will consider each of your requests in accordance with all applicable laws and regulations, as well as Bank Mega’s legitimate interests.

    Your Obligations

    You are responsible for actively ensuring the accuracy of your Personal Data. You are required to notify Bank Mega and request that it correct, complete, and/or update your Personal Data. In the event of inaccuracies in the Personal Data you provide, and after making reasonable efforts, Bank Mega reserves the right to suspend Services and/or reject transaction requests.

    You are also responsible for maintaining the confidentiality of your Personal Data including information regarding your username, password, email address, and One-Time Password (OTP) from anyone, and for always maintaining and ensuring the security of the devices you use.

  4. PURPOSES OF PERSONAL DATA PROCESSING

    Bank Mega will process your Personal Data for the following purposes as well as other purposes permitted by applicable laws and regulations:

    1. To identify, register, and manage your profile as a Service user, including conducting Know Your Customer procedures;
    2. To manage, operate, and provide the Services you request or process transactions you instruct;
    3. To evaluate and make decisions regarding your risk profile and eligibility for Bank Mega products, such as funding products, loans, credit cards, derivative transactions, insurance, or investments;
    4. To develop, enhance, and provide Bank Mega Service features, including analyzing how the Services are used to meet your needs;
    5. Sending Service-related information, including promotions, product information, Service updates, and other information that Bank Mega deems important for you;
    6. Preventing, detecting, investigating, and addressing any illegal, prohibited, unauthorized, or fraudulent acts that may occur, including but not limited to fraud, embezzlement, theft, and money laundering;
    7. Internal administrative purposes, such as documentation, audits, data analysis, reports, and database records;
    8. Resolving your issues regarding the use of the Service;
    9. Communicating with you regarding all matters related to the Service;
    10. Purposes supporting future business activities and other Services after obtaining your consent.
       
  5. AUTOMATED PROCESSING OF PERSONAL DATA

    Bank Mega may use automated systems to process your Personal Data, including but not limited to profiling to support the provision of the Services and for other purposes, provided such processing is permitted or required by applicable laws and regulations in the Republic of Indonesia. You have the right to object to decisions based entirely on automated processing of Personal Data and to request that Bank Mega review such decisions.
     

  6. DATA COLLECTION PROCESS
    1. Bank Mega will collect your personal data, including but not limited to, when you:
      1. Register for and/or open an account with Bank Mega, or use Bank Mega’s Services;
      2. Are identified and verified during the Know Your Customer process or when using Bank Mega’s Services;
      3. Enter into an agreement, submit documents, or provide other information in connection with your interactions with Bank Mega;
      4. Interact with Bank Mega, such as via telephone, mail, in-person meetings, social media platforms, and email;
      5. Use Bank Mega’s electronic services;
      6. Conduct transactions using Bank Mega’s Services;
      7. Submit feedback, suggestions, or complaints to Bank Mega; or
      8. Submit Personal Data to Bank Mega for any reason.
    2. Bank Mega may collect your Personal Data from you, third parties, other users of the Services or other parties, and from other sources, including publicly available data or data sourced from the government.
       
  7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

    For the purpose of supporting the Services, Bank Mega may collaborate with Third Parties that provide services to Bank Mega, such as credit scoring, data analysis, payment processing, information technology and and infrastructure, message delivery via communication channels (including email, SMS, and WhatsApp), credit card processing, verification, commercial purposes, and other services. Bank Mega may share your personal information with relevant third parties so they can provide the necessary services, or they may send you marketing communications if you have opted in to receive such information. Bank Mega will share the personal information you provide through the Services in accordance with the purposes for which the Personal Data was collected and in compliance with applicable laws and regulations.

    Bank Mega will only provide the Personal Data necessary for Third Parties to perform their services. Bank Mega will take all reasonable steps necessary to ensure that your Personal Data is handled securely and in accordance with this Privacy Policy and applicable regulations.

    The Third Parties referred to include, but are not limited to:

    1. Entities conducting identification or verification processes, such as the Population and Civil Registration Office (Dukcapil), to verify your identity—such as through the Know Your Customer (KYC) process—including, but not limited to, your biometric identification, such as facial images and other biometric data;
    2. Regulators or government institutions if required or mandated by applicable laws and regulations;
    3. Bank Mega’s affiliated companies in connection with purposes related to the provision of Bank Mega’s services, business management, and other activities for the purposes set forth in Section IV above;
    4. Parties performing audit functions or conducting investigations into regulatory and legal violations; and
    5. Other parties such as agents, vendors, suppliers, contractors, notaries, and Land Deed Officers (PPAT), as well as other parties that provide services to Bank Mega or to you, perform tasks on behalf of Bank Mega, or enter into commercial partnerships with Bank Mega.
       
  8. TRANSFER OF PERSONAL DATA OUTSIDE INDONESIA

    Bank Mega may transfer your Personal Data outside Indonesia to the extent such activities are necessary for the provision of Services to you (such as for remittance purposes). In such cases, Bank Mega will make every effort to ensure that your Personal Data receives a standard of protection at least equivalent to that provided under applicable Indonesian law and/or has obtained your consent.
     

  9. STORAGE OF PERSONAL DATA

    Bank Mega will store your Personal Data for as long as necessary to provide Bank Mega’s Services in the manner and for the duration prescribed by applicable laws and regulations and Bank Mega’s policies.

    Some of your Personal Data may also be managed, processed, and stored by Third Parties collaborating with Bank Mega to support the performance of the Services, while complying with access obligations and effective oversight in accordance with applicable laws and regulations.

    In addition, Bank Mega also has a legal obligation to retain your Personal Data if it relates to the resolution of an ongoing legal proceeding. Bank Mega will take commercially reasonable steps to delete, anonymize, or destroy Personal Data that has exceeded its retention period and no longer serves any legal or business purpose.

    In the event that Bank Mega shares your Personal Data with authorized government agencies and/or other institutions designated by the competent government authorities or with which Bank Mega has a partnership, you agree and acknowledge that the storage of your Personal Data by such institutions will be governed by each institution’s respective data retention policies. Bank Mega will cease storing or will delete your Personal Data if (i) the User’s Personal Data is no longer necessary to fulfill the purpose for which it was collected; and (ii) storage is no longer necessary for the purpose of compliance with applicable laws and regulations.
     

  10. PERSONAL DATA SECURITY

    Bank Mega will not sell, exchange, and/or disclose your Personal Data. In an effort to protect and secure your Personal Data from unauthorized processing, Bank Mega consistently strives to implement best practices and electronic systems equipped with adequate security measures in accordance with regulatory requirements and applicable laws and regulations, and Bank Mega will update these security measures from time to time.

    In the event of unauthorized access to or illegal activities involving your Personal Data which are beyond Bank Mega’s control, Bank Mega will notify you as soon as possible so that you can mitigate the risks arising from such incidents.

    The security of your Bank Mega account also depends on how you maintain the confidentiality of your account password, Personal Identification Number (PIN), and other access information. If you share your account information with others, they may gain access to your account and Personal Data. Furthermore, although Bank Mega uses its best efforts to secure and protect your Personal Data, Bank Mega cannot fully guarantee the security of the data you provide or transmit to Bank Mega via the internet.

    Providing information via the internet still carries security risks, which are also your responsibility.
     

  11. CHANGES TO THE PRIVACY POLICY

    Bank Mega may amend, update, and/or add to some or all of the provisions in this Privacy Policy, in accordance with Bank Mega’s future business strategies and policies and/or changes in laws and regulations. If this Privacy Policy is amended, updated, or supplemented, Bank Mega will notify you through the communication channels designated by Bank Mega.

    Bank Mega urges you to review this Privacy Policy periodically to ensure you are aware of any changes made to it.

    All policies regarding your Personal Data with Bank Mega are subject to the latest version of Bank Mega’s Privacy Policy.
     

  12. STATEMENT REGARDING YOUR PERSONAL DATA

    Based on the Privacy Policy above, you hereby declare:

    1. That the Personal Data you provide is accurate and valid; therefore, you grant Bank Mega consent to obtain, collect, process, analyze, store, display, disclose, transmit, disseminate, delete, and destroy such data in accordance with this Privacy Policy and applicable laws and regulations;
    2. That by using the Services—whether through forms, applications, the Bank Mega website, and/or Bank Mega’s internet banking—you acknowledge that you have been made aware of, have read, and understand this Privacy Policy, along with all terms of use, practices, processing, and transfer of your information or Personal Data by Bank Mega as set forth in this Privacy Policy.
    3. That you release Bank Mega from any claims, lawsuits, damages, and/or demands arising from the failure to process Service transactions at Bank Mega caused by inaccuracies or discrepancies in the Personal Data you provided to Bank Mega; and
    4. That you have given your consent to Bank Mega to transfer and/or provide access to your Personal Data to Third Parties for the processing purposes as referred to in Section IV above.
    5. That you agree that Bank Mega may take the necessary measures to maintain the confidentiality and security of your Personal Data.
       
  13. REFERENCE

    The Personal Data Protection Law, Bank Indonesia Regulations (PBI), Financial Services Authority Regulations (POJK), and other applicable laws and regulations.