PRIVACY POLICY
1. Introduction
PT Arasys Inovasi Indonesia, hereinafter referred to as “Arasys”, “we”, “us”, “our”, or “the company”, respects and protects the privacy of every user, customer, prospective customer, partner, and other party who communicates with us through our website, applications, customer service channels, social media, Instagram, Facebook Messenger, WhatsApp, email, online forms, or other official communication channels.
This Privacy Policy explains how we collect, use, store, protect, share, and delete personal data that we receive in connection with our services, including when users contact our official social media accounts or use customer support services integrated with third-party systems such as Chatwoot, Meta, Instagram, Facebook, WhatsApp, email, and other supporting systems.
By contacting us, using our services, sending messages to our official accounts, submitting forms, placing orders, or using our customer support features, users are deemed to have read and understood this Privacy Policy.
2. Scope of This Policy
This Privacy Policy applies to all data processing activities carried out by Arasys in connection with:
-
Customer support and business communication.
-
Product or service information requests.
-
Management of incoming messages from Instagram, Facebook Messenger, WhatsApp, email, website, live chat, or other official channels.
-
Quotations, orders, contracts, invoices, technical support, and after-sales services.
-
Integration with third-party platforms, including Meta Platform and Chatwoot.
-
Administrative, operational, security, audit, and legal compliance purposes.
This Policy does not apply to third-party websites, applications, or services that we do not directly manage, even if links to such services are available through our communication channels.
3. Types of Data We Collect
We may collect and process the following types of data, as needed for our services:
a. Identity Data
This may include name, social media account name, Instagram or Facebook username, business name, organization name, position, and other identity information voluntarily provided by users.
b. Contact Data
This may include phone number, WhatsApp number, email address, office address, service address, shipping address, and other contact information required for communication or service delivery.
c. Conversation and Customer Support Data
This may include message content, conversation history, attachments sent by users, responses from our team, ticket status, internal customer support notes, message timestamps, and information related to user needs or complaints.
d. Data from Meta Platform
If users contact us through Instagram, Facebook Messenger, or other Meta channels, we may receive certain data provided by Meta in accordance with platform permissions and terms, such as platform user ID, profile name, username, profile picture where available, message content, media attachments, message reactions, message status, and communication metadata required to receive and respond to messages through our customer support system.
e. Transaction and Administrative Data
This may include order information, quotations, invoices, payment proof, service history, administrative documents, company data, tax information where required, delivery information, and other transaction-supporting data.
f. Technical Data
This may include IP address, browser, device, operating system, access logs, access time, cookies, security data, and other technical information used to maintain security and improve our services.
g. Voluntarily Provided Data
Users may voluntarily provide additional information, such as project requirements, technical issues, service preferences, images, videos, documents, or other information sent to us.
4. Sources of Data
We may obtain personal data from:
-
Users directly through conversations, forms, email, telephone, WhatsApp, Instagram, Facebook, or live chat.
-
Third-party communication platforms, such as Meta, Instagram, Facebook, WhatsApp, Chatwoot, email providers, and other supporting service providers.
-
Business partners, corporate customers, or parties representing the user’s organization.
-
Our internal systems that record customer service, transaction, and technical support activities.
We do not intend to collect personal data that is irrelevant to the purpose of our services. Users are advised not to send unnecessary sensitive information, such as passwords, PINs, OTP codes, confidential bank data, health data, children’s data, or other confidential information through general conversation channels.
5. Purposes of Data Use
Personal data is used for the following purposes:
-
Responding to user questions, complaints, and requests.
-
Providing customer support through Chatwoot, Instagram, Facebook Messenger, WhatsApp, email, or other official channels.
-
Processing quotation requests, orders, contracts, invoices, payments, deliveries, and technical support.
-
Managing service tickets, communication history, follow-ups, and issue resolution.
-
Sending service-related information, request status updates, reminders, and administrative communications.
-
Improving service quality, system security, and user experience.
-
Preventing abuse, spam, fraud, unauthorized access, and unlawful activities.
-
Conducting internal analysis, reporting, audits, and service development.
-
Fulfilling legal, regulatory, tax, accounting, and lawful authority requests.
-
Protecting the rights, security, and legal interests of Arasys, users, customers, partners, and other related parties.
We do not sell users’ personal data to third parties.
6. Legal Basis for Processing
We process personal data based on one or more of the following grounds:
-
User consent, for example when users contact us or provide data through official channels.
-
The necessity to provide services, respond to requests, or perform a contractual relationship.
-
Our legitimate interest in providing customer support, maintaining security, and improving services.
-
Compliance with legal obligations or lawful requests from competent authorities.
7. Use of Data from Instagram, Facebook, and Meta Platform
If users send messages to our official Instagram or Facebook account, conversation data may be received through Meta’s official API or services and forwarded to our customer support system.
Such data is used only to:
-
Receive and read user messages.
-
Respond to user messages through the same channel.
-
Manage conversations within our customer support system.
-
Provide support, product information, technical services, and request follow-up.
-
Maintain conversation history so that services can be continued consistently.
We do not use data from Meta Platform for purposes not described in this Privacy Policy. We also do not sell, rent, or trade data obtained from Meta Platform to third parties.
8. Integration with Chatwoot and Third-Party Service Providers
To manage customer conversations, we may use Chatwoot or other customer support systems. Such systems help us receive, manage, assign, and respond to messages from various communication channels in one dashboard.
We may also use other service providers for hosting, email, data storage, security, analytics, payment support, notification delivery, and business operations.
These third parties are only granted access as necessary for service purposes and are expected to maintain confidentiality and data security in accordance with applicable requirements.
9. Data Sharing with Third Parties
We may share personal data in a limited manner with:
-
Customer support system providers such as Chatwoot.
-
Communication platform providers such as Meta, Instagram, Facebook, WhatsApp, and email providers.
-
Hosting, server, cloud, storage, security, and IT infrastructure providers.
-
Technical partners or vendors assisting in service delivery, installation, technical support, delivery, or maintenance.
-
Legal, accounting, tax, or audit consultants where necessary.
-
Government institutions or competent authorities when required by law.
We will not share personal data unlawfully or outside reasonable service purposes.
10. Data Storage and Retention
We retain personal data for as long as necessary for service delivery, administration, issue resolution, business records, legal compliance, audits, security, and dispute resolution.
In general, conversation history and customer support data may be stored while the service relationship remains active or as long as required for operational and legal purposes. Once no longer needed, data may be deleted, anonymized, or archived in accordance with our internal policies and applicable laws.
11. Data Security
We make reasonable technical and organizational efforts to protect personal data from unauthorized access, loss, misuse, alteration, disclosure, or destruction.
These measures may include:
-
Limited access for authorized personnel.
-
Server and communication system protection.
-
HTTPS usage for online services.
-
Credential and access rights management.
-
System activity logging where necessary.
-
Internal access restrictions based on job requirements.
However, no electronic system is entirely risk-free. Users are also responsible for maintaining the security of their accounts, devices, and information sent to us.
12. User Rights
Subject to applicable laws and requirements, users may have the right to:
-
Request information regarding personal data we process.
-
Request correction of inaccurate data.
-
Request deletion of certain personal data.
-
Request restriction of data processing under certain conditions.
-
Withdraw consent, where processing is based on consent.
-
Object to certain processing activities.
-
Submit questions or complaints regarding personal data protection.
Requests may be sent to the contact email listed in this Privacy Policy.
13. User Data Deletion Request
Users may request deletion of personal data related to our services by contacting:
Email: info@arasys.co.id
Email Subject: Data Deletion Request
In the request, users are advised to include:
-
Full name.
-
Instagram/Facebook/WhatsApp/email account used to communicate with us.
-
The type of data or conversation the user wants to delete.
-
Proof that the user owns the account or is an authorized party, if required.
After receiving the request, we will conduct reasonable verification. If the request is valid and does not conflict with legal obligations, legitimate interests, transaction records, dispute resolution, or administrative requirements, we will delete or anonymize the relevant data within a reasonable period.
Some data may remain retained where necessary to comply with legal obligations, accounting, security, fraud prevention, legal claims, or dispute resolution.
14. Children’s Data
Our services are not intended for children under the age required by applicable law. We do not knowingly collect personal data from children without consent from a parent or legal guardian.
If a parent or guardian becomes aware that a child has provided personal data to us without permission, please contact us so that the data can be reviewed and, where necessary, deleted.
15. Cross-Border Data Transfer and Storage
In using third-party services, hosting, cloud, Meta Platform, Chatwoot, or other technology providers, data may be processed or stored on servers located outside Indonesia. By using our services, users understand that cross-border processing may occur as required for operational purposes and according to the relevant provider’s terms.
We will make reasonable efforts to ensure such processing remains appropriately protected.
16. Cookies and Similar Technologies
Our website or systems may use cookies, logs, pixels, or similar technologies to manage user sessions, improve performance, understand service usage, maintain security, and support website functionality.
Users may manage cookie preferences through their browsers. However, disabling certain cookies may affect service functionality.
17. Third-Party Links
Our services may contain links to third-party websites, applications, or services. We are not responsible for the privacy policies, security, content, or data processing practices of such third parties. Users are advised to read each third party’s privacy policy.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in services, technology, law, or operational needs. Changes will be effective from the update date stated in this document or when published through our website/official channels.
19. Contact
If users have any questions, requests, or complaints regarding this Privacy Policy, users may contact:
PT Arasys Inovasi Indonesia
Email: info@arasys.co.id
Website: https://arasys.co.id