Denny Pratama ("we", "us", "our") operates dennypratama.com (the "Site"), including any e-commerce services offered through it. We are committed to protecting your personal data in compliance with applicable Indonesian and international law.
This Privacy Policy applies to all visitors, users, and customers of the Site. Please read it carefully before using our services.
1. Legal Framework
We process personal data in accordance with:
- Indonesian Law: Undang-Undang No. 27 Tahun 2022 tentang Perlindungan Data Pribadi (UU PDP); Undang-Undang No. 11 Tahun 2008 jo. No. 19 Tahun 2016 tentang Informasi dan Transaksi Elektronik (UU ITE); Peraturan Pemerintah No. 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik; Undang-Undang No. 8 Tahun 1999 tentang Perlindungan Konsumen.
- EU/EEA users: EU General Data Protection Regulation (GDPR) 2016/679.
- California residents: California Consumer Privacy Act (CCPA) as amended by CPRA.
- Email marketing: CAN-SPAM Act (United States).
2. Data Controller
- Controller: Denny Pratama
- Country: Indonesia
- Website: https://dennypratama.com
- Contact: [email protected]
3. Personal Data We Collect
3.1 Data You Provide Directly
- Name, email address, and phone number (contact forms, project inquiries)
- Billing and shipping address (e-commerce orders)
- Payment information — processed exclusively by PCI-DSS-compliant third-party processors; we do not store raw card numbers
- Project details, requirements, and communications
- Account credentials if you register on the Site
3.2 Data Collected Automatically
- IP address, browser type, operating system, and device identifiers
- Pages visited, time on page, scroll depth, and click patterns
- Referring URL and search terms
- Cookie identifiers and session tokens (see Section 7)
3.3 Transaction and Order Data (E-commerce)
- Order ID, items purchased, quantities, and prices
- Payment status, transaction reference numbers
- Delivery preferences and delivery status
- Correspondence relating to orders, returns, or disputes
4. How We Use Your Data
| Purpose | GDPR Legal Basis | UU PDP Basis (Pasal 20) |
|---|---|---|
| Processing and fulfilling orders | Contract performance (Art. 6(1)(b)) | Pelaksanaan perjanjian |
| Responding to inquiries and support | Legitimate interests (Art. 6(1)(f)) | Kepentingan yang sah |
| Sending transactional emails (order confirmation, receipts) | Contract performance (Art. 6(1)(b)) | Pelaksanaan perjanjian |
| Sending marketing and promotional communications | Consent (Art. 6(1)(a)) | Persetujuan (consent) |
| Site analytics and performance improvement | Legitimate interests (Art. 6(1)(f)) | Kepentingan yang sah |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) | Kepentingan yang sah |
| Compliance with legal obligations (tax, audit) | Legal obligation (Art. 6(1)(c)) | Kewajiban hukum |
5. Sharing Your Data
We do not sell your personal data. We may share your data only with the following categories of recipients, each bound by appropriate data processing agreements:
- Payment processors (e.g., Midtrans, Stripe, PayPal) — to process transactions securely
- Hosting and cloud infrastructure providers — to operate the Site
- Analytics providers (e.g., Google Analytics) — to understand Site usage in aggregated form
- Email service providers — to deliver transactional and marketing emails
- Professional advisors (lawyers, accountants) — under confidentiality obligations
- Law enforcement or regulatory authorities — when required by applicable Indonesian or international law
6. International Data Transfers
Some of our third-party service providers may be located outside Indonesia or the EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission (for EU data subjects)
- Compliance with data localisation requirements under PP No. 71 Tahun 2019 where applicable
- Ensuring recipients provide a level of protection equivalent to Indonesian and applicable international standards
7. Cookies and Tracking Technologies
We use the following categories of cookies:
- Essential cookies: Strictly necessary for the Site to function (session management, security). Cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with the Site (e.g., Google Analytics). Anonymised where possible.
- Preference cookies: Remember your settings and preferences.
You can control or delete cookies through your browser settings. Disabling non-essential cookies may reduce some Site functionality. For more information, visit aboutcookies.org.
8. Data Retention
- Contact inquiries: Retained for 3 years from the date of last contact
- Transaction and order records: Retained for 10 years as required by Indonesian tax law (UU No. 36/2008 tentang Pajak Penghasilan and related regulations)
- Marketing consent records: Retained for the duration of the marketing relationship plus 3 years
- Analytics data: Retained for 26 months (Google Analytics default)
- Account data: Retained until account deletion, then purged within 30 days (except where longer retention is legally required)
9. Your Rights
9.1 Rights Under Indonesian UU PDP (Pasal 5–16)
- Hak akses — Right to obtain information about and access to your personal data
- Hak koreksi — Right to correct inaccurate or incomplete personal data
- Hak penghapusan — Right to request deletion of your personal data
- Hak penarikan persetujuan — Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
- Hak keberatan — Right to object to processing of your personal data
- Hak penundaan pemrosesan — Right to request restriction of processing
- Hak portabilitas — Right to receive your data in a structured, commonly used format
- Hak gugatan — Right to bring a claim for violation of your personal data rights
9.2 Additional Rights Under GDPR (EU/EEA Residents)
- Right not to be subject to solely automated decision-making with legal or similarly significant effects (Art. 22)
- Right to lodge a complaint with your national supervisory authority
9.3 Rights Under CCPA (California Residents)
- Right to know what personal information is collected, disclosed, or sold
- Right to delete personal information
- Right to opt out of the sale of personal information (we do not sell data)
- Right to non-discrimination for exercising your rights
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal information
To exercise any of the above rights, please contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
10. Data Security
We implement appropriate technical and organisational security measures, including:
- SSL/TLS encryption for all data in transit
- Secure hashing of passwords (never stored in plain text)
- Role-based access controls and authentication requirements
- Regular review of our security practices
- Use of PCI-DSS-compliant payment processors
No method of transmission over the internet is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
11. Children's Privacy
Our Site and services are not directed to children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it promptly.
12. Third-Party Links
The Site may contain links to third-party websites. This Privacy Policy applies only to dennypratama.com. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on this page with an updated "Last Updated" date. Your continued use of the Site after any changes constitutes your acceptance of the new policy. If changes are significant, we may also notify you by email.
14. Complaints and Contact
For any privacy-related questions, requests, or complaints, please contact us:
- Email: [email protected]
- Website: dennypratama.com
If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
If you are located in Indonesia, you may file a complaint with Kementerian Komunikasi dan Informatika (Kominfo) or the designated data protection authority established under UU PDP.
