Contact Us
Contact Us

Privacy Policy

Thank you for choosing and using PT MARS BUMI INDONESIA and/or our related affiliates (“Zentara” or “We” or “Ours”) to provide Our Services to you.

Our website (https://zentara.co/ and its derivative sites) (“Site”) is operated by PT MARS BUMI INDONESIA and its affiliates, through which we offer certain products and services. In order to perform the Services, Zentara may collect and process the personal data of users of our Site and applications (“User”, “you”, “your”). 

This Privacy Policy (“Privacy Policy”) are guidelines set by us regarding the use of information and the categories of personal data we may collect or hold about you, how we obtain, collect, store, control, use, process, analyze, correct, update, display, announce, transfer, assign, disclose and protect your Personal Data (“Processing Personal Data” or conducting “Personal Data Processing”) that we collect when you use our products or Services. This Privacy Policy applies to all Users, unless set out in a separate privacy policy.

Our Services include but are not limited to Zentara Cyber Security, Zentara Cyber Intelligence, Zentara Enterprise Solutions, Zentara Defence, Zentara Labs, and any other services that we may offer from time to time (hereinafter referred to as “Services”).

This Privacy Policy shall also apply to all our business activities in Indonesia and/or other countries in which Zentara operates its office/affiliates.

What kind of Personal Data do we collect from you?

The Personal Data we collect varies based on the collection situation and the type of service or transaction used. For the avoidance of doubt, Personal Data means data of an identified or identifiable natural person individually or in combination with other information either directly or indirectly through electronic or non-electronic systems which includes general or specific data such as full name, gender, nationality, religion, marital status, personal data combined to identify a person, health data and information, biometric data, genetic data, criminal records, child data, personal financial data, identification, photos, contacts, other data including personal profiles, unique identifiers associated with personal data and/or other data in accordance with the provisions of laws and regulations or as regulated in this Privacy Policy (“Personal Data”).

By reading and understanding this Privacy Policy and referring to applicable laws and regulations, User hereby agrees that we can Process Personal Data of the User, both general and specific, as follows:

  1. Identity Data is information used to specifically identify a person such as name, Identity Card (KTP), Driving License (SIM), Taxpayer Identification Number (NPWP), Passport, Limited Stay Permit Card (KITAS), Family Card (KK), user identity or other identifiers, date of birth, gender, place of birth, nationality, income, position, and/or photo;
  2. Contact Data is information used to contact a person such as service installation address including postal code and city name, document delivery or billing address, electronic mail address (e-mail), and telephone number;
  3. Eligibility Data is information that we need to further verify your new service installation application, business license, registered certificate, taxable entrepreneur confirmation letter (if any) or company deed document;
  4. Biometric Data is biometric information, such as fingerprints, faces and others that are used as authentication to use our Services;
  5. Credential Data such as passwords, hints, and similar security information used for authentication and access to our accounts and Services;
  6. Payment Data such as every time you make a purchase, such as payment method, payment amount, payment time, and information about payments such as credit card information, debit cards, bank account numbers, electronic money and other financial information;
  7. Account Data such as transaction history such as subscription packages, account numbers, initials, nicknames, credit information, and billing information;
  8. History Data such as your contact with us, such as telephone recordings between you and one of our Contact Centers, live chat on the website, electronic mail, and messages through other communication media that we provide;
  9. Log Data is a record on our system that obtains information such as the device’s IP address, date and time of access, application features or pages viewed/browsing history, application work processes and other system activities, browser type, and third-party sites or services you use before interacting with our Services;
  10. DeviceData is information about the device you use to use our Services, such as device type, hardware model, device operating system and version, software, IMEI number, file name and version, language selection, unique device identifier, advertising identifier, serial number, device location identifier, network and device performance, browser type, language, information that enables digital rights management, camera access, and/or cellular network information;
  11. Location Data includes your real-time geographic location data, location coordinates in the form of longitude latitude, and Wi-Fi location;
  12. Cookies Data includes files with small amounts of data that are commonly used as anonymous unique identifiers. Cookies are sent to your browser from the websites you visit and are stored on your device’s internal memory. Data provisions as referred to our Cookies policy at our website. Please note that our Services do not use these “cookies” explicitly. However, this application and/or website may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to accept or reject these cookies and know when a cookie is being sent to your device. If you choose to reject our cookies, you may not be able to use some parts of our Services;
  13. Your preferences for our products and Services and specific activities when you tell us such information, or our assumptions about your preferences, based on how you use our products and Services;
  14. Advertising Services (Advertising ID) used by us to conduct advertising and promotional activities;
  15. Metadata of your usage activities, data usage, activation of Additional Services (“Add-ons”), prepaid deposit amounts, advance bill payments, prepaid deposit transfers, content and package purchases, and your profile and segmentation; and/or
  16. Information we obtain from other sources, such as credit agencies, fraud prevention agencies, and from other data providers, including demographic data, interest-based data, and internet browsing behavior.

Additional information and data may be collected from you from time to time. In such cases, we will provide notice to you or through other mechanisms in accordance with laws and regulations and continue to ensure the protection of your personal data under this Privacy Policy.

How do we collect your Personal Data?

We collect your Personal Data under the following conditions:

  1. You apply for a new Services installation;
  2. You use our network or Services, not limited to the internet services we provide including free Wi-Fi, websites, and applications, including our social media such as Facebook, Instagram, X, LinkedIn, and others;
  3. You contact and use the Services of all our communication channels such as, but not limited to Contact Center, live chat, electronic mail and other communication media messages provided by us;
  4. You participate in our promotional activities, events, marketing, loyalty programs, certain surveys and other activities;
  5. You are a User of a company involved in corporate actions (mergers and acquisitions) with us in accordance with applicable laws and regulations;
  6. You visit our office area where CCTV devices are installed;
  7. Information comes from third parties who have a basis for processing your Personal Data, to the extent that we also have a basis for processing your Personal Data; and/or
  8. Your information has been made publicly available.

We collect your Personal Data only for the needs of the service process. Therefore, if you choose not to provide or provide incompletely your Personal Data to us, we may not be able to provide Services to you.

We process your personal data based on Law Number 27 of 2022 concerning Personal Data Protection (including all amendments from time to time) as follows:

  1. Your explicit valid consent for the purposes stated by us in this Privacy Policy;
  2. Fulfillment of agreement obligations in fulfilling your request for Services;
  3. Fulfillment of our legal obligations in accordance with the provisions of laws and regulations;
  4. Fulfillment of the protection of your vital interests, in the event of a threat to your life, physical, and/or property/assets or other third parties;
  5. Implementation of duties in the context of public interest, public services, or the implementation of our authority based on laws and regulations; and/or
  6. Fulfillment of other legitimate interests by taking into account the objectives, needs, and balance of our interests and yours.

What are we doing with your Personal Data?

The Personal Data and other information that you provide and if relevant, to use, or subscribe, or purchase the, including any additional information that you further provide, may be used and processed by us for the following purposes:

  1. to use your information to carry out our business and help us to improve your experience with our products;
  2. to communicate and implement Know Your User (KYC) with you;
  3. to notify you about the products and Services available to you;
  4. to provide selections as to the function of our information that is suitable for you and to improve our Services for you;
  5. to provide transparent and clear explanation as to how we use the information;
  6. to publish or share the information which has been combined with several Users, in the manner which certainly avoid you or the others of being identified;
  7. to aggregate your account data, which has been uploaded and non-personal in nature so as to avoid you being identified, with the data of other Users of the Services to improve the quality of Services, design a promotion or provide a way for you to compare business practices with other Users;
  8. to train our employees and also to train you as to how to maintain the security and protection of your information;
  9. to obtain and collect your Personal Data, and to store your Personal Data in an electronic system owned by Zentara or third parties;
  10. to review and process the User’s request in relation to the Services;
  11. to verify and validate the User’s identity and background;
  12. to build communication between the User and Zentara;
  13. to process payment transactions of the User in relation to the Services;
  14. to answer questions, complaints, or comments from the User;
  15. to manage the User’s participation in an event or program held by Zentara;
  16. to process and analyze your Personal Data, including to perform market analysis, whether performed by Zentara or third parties;
  17. to share your      Personal Data with Zentara’ subsidiaries, affiliates, related companies, license holders, business partners and/or service providers. List of our business partners will be available upon request;
  18. to analyze data, build algorithms, creating database      for rating systems;
  19. to carry out internal activities, including internal investigation, compliance, audit, and other internal security purposes; 
  20. to provide you with the latest security, versions, features, options, and controls related to your system or device;
  21. to use your information to participate in surveys or User meetings;
  22. to enable us to send you information via electronic mail (email), telecommunications (phone calls or text messages) or social media about products and Services offered by selected third parties that we think may be of interest to you;
  23. for business operations to conduct accounting, auditing, billing, reconciliation, and collection activities, including monitoring and preventing crime or fraud, protecting our legal rights, and carrying out obligations under an agreement/contract/agreement;
  24. for other legal business activities of Zentara;
  25. we may use the physical location of your device, combined with information about what advertisements you view and other information we collect, to enable us to provide personalized content and to study the effectiveness of advertising and marketing campaigns; and/or
  26. you may choose to allow or decline subscriptions or sharing of your device location by changing your device settings;

(collectively, “Purposes“).

With whom do we share or disclose your Personal Data?

Zentara is a global company and may access or store Personal Data in various countries, including but not limited to Singapore, Indonesia and/or other countries in which Zentara operates its office/affiliates. In accordance with Article 56 of Data Protection Law and Article 46 of the GDPR, we may: (i) conduct transfer of Personal Data to outside the jurisdiction of Indonesia insofar with the approval of User and in accordance with the provision of Data Protection Law; and/or (ii) to access or store the Personal Data insofar as these countries do not benefit from an adequacy decision of the European Commission, and Zentara has implemented appropriate safeguards. To the extent your Personal Data is collected in Indonesia, Singapore, and/or other countries in which Zentara operates its office/affiliates, your Personal Data      will not be deliberately transferred to any place located outside Indonesian, Singapore and/or other countries in which Zentara operates its office/affiliates  (as the case may be) or deliberately disclosed to third parties, except in the cases listed below:

  1. to allow us to perform the Purposes specified above, we may provide and/or disclose your Personal Data to our subsidiaries, affiliates, related companies, license holders, business partners, service providers, professional advisors and external auditors, including legal counsels, financial advisors and consultants, as well as other third parties, which may be located within or outside Indonesia;
  2. we may offer a feature that connects you to our business partners, service providers or other third parties, and for that      reason we may give some limited information related to your Personal Data to our business partners, service providers or other third parties only for the purpose of carrying out such feature and including for the purposes of conducting promotions, marketing, loyalty programs, events or offering Company products or Services as well as billing;
  3. we may share your Personal Data with third parties who assist us in providing information for authentication and due diligence purposes, including credit references, fraud prevention or business assessment agencies, or other credit assessment agencies, including banks;
  4. we may share your Personal Data with Public Accounting Firms and other Audit Institutions;
  5. we may engage with or employ other companies or individuals to facilitate, provide certain Services or perform functions on our behalf, and in relation thereof we may provide and/or disclose your Personal Data to these companies or individuals;
  6. in the event of a corporate transaction, including but not limited to sale of subsidiaries or divisions     , merger, consolidation, financing, sale of assets      or other situations involving the transfer of our business assets, in part or in whole, we may disclose your Personal Data to the parties involved in the negotiation or transfer;
  7. we may also disclose your Personal Data if required by law, or necessary to comply with the laws, regulations and government, or in case of dispute, or any kind of legal process in relation to the Services, or in case of emergency related to your health and/or security;
  8. at the order of an authorized law enforcement agency or government institution pursuant to the provisions of prevailing laws and regulations, we may provide access to the law enforcement agency or government institution in question to carry out search or seizure on your data which is stored electronically in the servers of Zentara;
  9. we may also share aggregated or anonymized information that does not directly identify you;
  10. we will disclose information if it is held for the purpose of protecting us from fraud, defending our rights or assets/property, or to protect the interests of our Users. We may also need to disclose your information to comply with obligations in the event of responding to legal demands, or for the legitimate interests of any subject in the context of national security, law enforcement, litigation, criminal investigations or to prevent epidemics, emergencies that have been declared by the Government. Your personal data will only be provided if we, in good faith, believe that we are required to do so in accordance with the law and based on a thorough evaluation of the provisions of the laws and regulations.

How we store your Personal Data?

The Personal Data we collect is stored in a storage place (data center) that we manage ourselves and/or that is managed by a third party located or domiciled within the jurisdiction of Indonesia or outside the jurisdiction of Indonesia. All facilities, infrastructure, and data storage systems, whether managed by us or a third party, are equipped with security controls to ensure the protection of your Personal Data.

This Personal Data may be stored in hard copy or electronic format. The storage period for your Personal Data varies greatly based on the processing purposes that have been previously stated, such as providing the Services you request, complying with our legal obligations, resolving disputes, and implementing our policies. We store your Personal Data as long as:

  1. you are still using the Services; and/or
  2. your use of the Services has passed with a maximum storage period of 5 (five) years for specific data related to your taxation and 10 (ten) years for other specific and general data; and/or
  3. in accordance with applicable laws and regulations.

How do we maintain the security of your Personal Data?

In maintaining the security of your Personal Data, we have:

  1. used the best methods that have been tested to protect your information;
  2. carefully reviewed our security procedures;
  3. complied with the applicable law and security standard;
  4. ensured that your Personal Data is securely transmitted and encrypted; and
  5. ensured that our employees are trained and required to participate in securing your information.

To protect your Personal Data, we implement international standards for Information Security Management Systems based on ISO ISMS 27001:2022 and ISO PIMS 27701:2019 as a tool for implementing security systems for data confidentiality, integrity, and availability. Therefore, our employees have been trained to understand and follow ISO ISMS 27001:2022 and ISO PIMS 27701:2019 when processing your Personal Data.

The objective of this international standard is to assist an organization in building and maintaining both the information security management systems (ISMS) and Personal Information management systems (PIMS). ISMS is a system used to process and control information, several risks in security are also the same as controlling the integrity, protection and preservation, and confidentiality of information, PIMS is a system focus on the privacy and PII  Zentara currently implements these systems into all its business activities. This system applies to all our business activities in Singapore and Indonesia.

We will take all measures necessary to maintain the privacy and security of all Personal Data that you provide. We will notify you if any third party (such as hackers) hacks or attempts to hack our security measures or obtains unauthorized access to our data center or device that contains your Personal Data. Zentara shall not be liable for any damage caused that is not attributable to it. However, you should be aware that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the internet.

What rights do you have over your Personal Data?

In accordance with the applicable laws and regulations on the protection of personal data, you benefit from a certain number of rights relating to your data, namely:

  1. the right of access and information: you have the right to be informed in a concise, transparent, intelligible, and easily accessible manner of how your Personal Data is processed. You also have the right to obtain (i) confirmation that data concerning you is being processed and, where appropriate, (ii) to access such data and obtain a copy of it. However, Zentara reserves the right to deny you access to your Personal Data and may provide an explanation as required by applicable laws;
  1. the right of rectification: you have the right to obtain the rectification of inaccurate data concerning you. You also have the right to complete incomplete data concerning you by providing an additional declaration. If you exercise this right, we undertake to communicate any rectification to all the recipients of your data;
  2. the right of end processing, deletion and/or destruction: we store and process your data as long as necessary to achieve the purposes described in this Privacy Policy and in accordance with the retention period of each data that we set in point 6 of this Privacy Policy. You have the right to terminate the processing that we do or delete your data that we control at the risk that you cannot use our Services in full because the minimum information we need to provide the Services cannot be processed. You have the right to destroy your data that we control if it does not violate the law and there is no other obligation for us to continue to store it. For the avoidance of doubt, this provision does not apply to data that is fully controlled by our partners such as the Directorate General of Taxes, the Directorate General of Treasury or the Population and Civil Registration Service. Requests for your rights can be submitted by contacting the contact in the Contact Us section of this Privacy Policy;
  3. the right to delay or limitation of processing: in certain cases, you have the right to delay or obtain a limitation of the processing of your data;
  4. the right to portability and interoperability of Personal Data: You have the right to obtain and/or use your Personal Data that has been provided to us in a form that conforms to the structure and/or format commonly used or can be read by electronic systems, such as payment history and subscription history. You also have the right to use and send your Personal Data to other Personal Data controllers, as long as our systems and the systems of other Personal Data controllers used can communicate securely with each other in accordance with the principles of Personal Data Protection based on the provisions of applicable laws and regulations;
  5. the right to object to the processing: you have the right to object at any time to the processing of your data for processing based on our legitimate interest and those for commercial prospecting purposes. This is not an absolute right, and we may for legal or legitimate reasons refuse your request for opposition;
  6. the right to withdraw your consent at any time: you may withdraw your consent to the processing of your data at any time where the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of the processing based on the consent given prior to such withdrawal;  
  7. the right to complain to a supervisory authority: you have the right to contact your data protection authority to complain about our personal data protection practices; 
  8. the right to send the personal data to the other personal data controller(s): you have the right to send your data to the other personal data controller(s), as long as the system used can communicate with each other securely and in accordance with the personal data protection’s principles; and
  9. the right to opt-out from marketing information: We may from time to time provide promotions and offers to you based on lawful processing grounds. You have the right to withdraw your consent to the processing of marketing-related Personal Data so that we do not share marketing-related information. You will still receive service-related information and will still be able to use our Services. You can withdraw your consent to the processing of marketing-related Personal Data through the media that we provide from time to time or by contacting Us via the contact information in the Contact Us section of this Privacy Policy.

To exercise these rights, you can contact us at the following address: [email protected]. Please note that we may require proof of your identity in order to exercise these rights and that we may charge a reasonable administrative fee for this service.

Exceptional circumstances mentioned above include (to the extent allowable under applicable law) where:

Zentara shall also not provide access to your Personal Data if it could reasonably be expected to:

Transfer of Personal Data abroad

We may need to transfer your information outside the jurisdiction of Indonesia to store data whose storage infrastructure (data center) is outside the jurisdiction of Indonesia and managed by a third party partner. We always maintain the security of your data by ensuring that:

  1. the country where the third party partner who receives the data transfer is domiciled has a level of personal data protection that is equal to or higher than Indonesia; or
  2. there is adequate and binding personal data protection; or
  3. you agree to the transfer of Personal Data abroad that we carry out.

Automated Resolution

In the process of analyzing new installation requests, providing promotions or offers, and preventing fraud, we use automated decision-making (meaning without human involvement), including profiling, which may have legal consequences or otherwise significantly impact you. You have the right to object to decisions based solely on automated processing through the objection mechanism in this Privacy Policy.

Provisions Concerning Persons with Disabilities

If you are categorized as a person with disabilities, then you are required to ensure that you have obtained approval from your parents (father or mother) and/or guardian in accordance with the regulations in force in Indonesia.

Personal Data Breach Notification

In the event of a leak of your personal data, we will immediately provide written notification to you no later than 3 x 24 hours via registered email, including the type of personal data disclosed and efforts to handle and restore said personal data.

Amendment to Privacy Policy

We reserve the right to amend this Policy as necessary. We may modify this Privacy Policy from time to time, particularly in order to comply with any regulatory, editorial or technical changes. We will update the date at the “last update” and indicate the date on which the changes were made. We encourage users to check this policy regularly for any changes to ensure they are informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this Policy periodically and become aware of modifications.

Language

This Privacy Policy is prepared in both Indonesian language and English language. In case there is a discrepancy or conflict between the Indonesian text and the English text of this Privacy Policy, the Indonesian text shall prevail, and the English text shall be deemed to be automatically amended to conform with the relevant Indonesian text.

Governing Law and Jurisdiction

This Privacy Policy, its subject matter and its formation (and any non-contractual disputes or claims) are governed by the laws of the Republic of Indonesia. We both agree to the exclusive jurisdiction of the Indonesian National Arbitration Board (Badan Arbitrase Nasional Indonesia or “BANI”).

Acknowledgement and Agreement

By using any of our products and/or Services or our Site, you represent that you have read, understood and agreed to the Privacy Policy, hereby you agree and commit to comply with the principles of our Privacy Policy and We are not responsible if you provide us with Personal Data relating to another individual, hereby you represent and warrant that you have obtained all consents from such individual for the Processing of such individual’s Personal Data by us. You also hereby warrant to be cooperative in the event of any request for proof of such consent by us to you at any time.

Contact

If you have any questions about this Privacy Policy or if you have any requests relating to your data, you can contact us by addressing an email to our Data Protection Officer to the following address: dpo@zentara.co.

Phone Number: 0812 9495 7450

Marketing or Publication of Services

By accepting to the terms of this Privacy Policy, you understand that we may send information material for the purpose of marketing or publicizing our Services (such as newsletters, advertisements or short message services) either through our website, electronic e-mail or third-party media platforms that partner with us to interests of commercial and non-commercial activities. If you do not wish to receive material from our marketing activities, you can stop it at any time by contacting us or selecting the “berhenti berlangganan/unsubscribe” option on the relevant marketing material.

Disclaimer

Our Site may contain links to another website. Please note that we are not responsible for the privacy practices or policy of those websites.

Approved by Director / CEO PT Mars Bumi Indonnesia (Zentara)

26 August 2025