PT Proteksi Digital Pialang Asuransi (“PRODIGI”) is an insurance brokerage company that has been licensed by the Financial Services Authority (“OJK”) as an insurance broker with a Certificate of Proof of License from OJK Number KEP-341/KM.10/2011 dated April 18, 2011 so that the implementation of its business activities is strictly supervised by OJK based on Financial Services Authority Regulation Number 70/POJK.05/2016 (“POJK 70” as amended by Financial Services Authority Regulation Number 28 of 2022 concerning the Implementation of Insurance Brokerage Companies, Reinsurance Brokerage Companies, and Insurance Loss Assessment Companies

Special Provisions

“Personal Data” is all data, statements, information, and documents of the User and related parties of the User (family, colleagues, employees, companies, or service providers for the User and other related parties) that are stored, maintained, and safeguarded including data, information and related documents or derivatives that:

1. are required or obtained by PRODIGI from the User or submitted, disclosed, downloaded, or submitted by the User through the PRODIGI platform or PRODIGI resources;

2. obtained or accessed legally by PRODIGI based on PRODIGI's internal policies and procedures related to PRODIGI Services as long as the User is still bound by this Personal Data Collection and Use (PPDP); and/or;

3. is data or information that must be submitted and/or has been provided by the User as an obligation according to the provisions of the agreement or voluntarily from time to time while still considering the provisions of existing laws and regulations.

Purpose

PRODIGI has the right to request, obtain, collect, process, store, and use User Personal Data in the context of or related to efforts or purposes:

1. Assessment, analysis, verification, implementation of the provisions of the Know Your Customer Principle, validation or examination of:

1. insurance application or application;

2. process or application for registration as an insurance recipient;

3. User Profile;

2. Fulfillment of PRODIGI's rights and obligations based on the provisions of laws and regulations, agreements;

3. Implementation and supervision of the implementation of the Agreement;

4. Implementation of PRODIGI's business and operational activities from time to time;

5. Surveys, research, evaluation, and/or development of products or services by PRODIGI or other interested parties; and/or

6. Implementation of PRODIGI's Standard Operating Procedure (SOP) while still considering the general provisions in the Policy Guidelines and Security Control Objectives so that it can still recommend a series of specific and safe security controls.

7. Law enforcement and PRODIGI's compliance with legal provisions and regulations.

The above objectives are a provision that becomes the legal basis for PRODIGI to store, process, and use User Personal Data even though this PPDP no longer binds the User, to use it, submit it, or disclose it with the purpose and good faith to:

1. Banking and non-banking financial institutions, credit assessment bureaus, collection agencies and/or other interested third-party service providers as long as they are bound by a confidentiality responsibility for User Personal Data;

2. Representatives, Any party related to or part of PRODIGI and is under the responsibility of confidentiality of User Personal Data for certain purposes; and/or

3. Financial Services Authority, courts, prosecutors, police, and other government institutions either on PRODIGI's initiative or as required by legal provisions and regulations, directives, instructions, or policies of government institutions or government officials.

Method of Obtaining, Collecting, and Storing Personal Data

1. PRODIGI has the right to obtain, collect and store Personal Data from and/or through the PRODIGI Platform, telephone, short messages, obtained from PRODIGI tools, systems or resources, affiliates or related parties or representatives of PRODIGI, or accessed by PRODIGI and/or submitted by Users through and/or obtained from systems, hardware, software or equipment (devices) that PRODIGI or Users use or are involved in the utilization and use of PRODIGI Services and/or the PRODIGI Platform.

2. Storage of Personal Data by PRODIGI is for a minimum of 5 (five) years following the provisions of 15 paragraph (3) of the Regulation of the Minister of Communication and Information Technology Number 20 of 2016 concerning the Protection of Personal Data in Electronic Systems. PRODIGI will carry out this storage by the Implementation of PRODIGI Standard Operating Procedures (SOP) while still paying attention to the general provisions in the Policy Guidelines and Security Control Objectives, either through the PRODIGI system or the system, server, or database of another party or other third-party service provider within the territory of the Republic of Indonesia.

Limitations and Compensation

Subject to the provisions of applicable laws and regulations, PRODIGI is fully committed not to sell User Personal Data to any party, including making reasonable efforts that each of its employees is not involved in the sale and purchase of User Personal Data to any party.

PRODIGI is not responsible for any loss in any form or risk of loss experienced by the User or the User or any party due to or related to the Personal Data including failure to protect the confidentiality of Personal Data, submission, access, acquisition, processing, storage or use or transfer, including but not limited to disputes, investigations, audits, law enforcement and any investigation process, which is not proven to be caused by, negligent or involving PRODIGI or employees, representatives, attorneys, affiliates or other PRODIGI related parties ("Losses and Legal Issues").

For clarity, legal certainty and transparency:

PRODIGI is hereby released from all forms of compensation, obligations to respond and cannot be involved, including its employees, subsidiaries, affiliates or representatives, for any claims, demands, requests or statements arising from and/or related to Losses and Legal Issues submitted without including a definite calculation that has been quantified, accurate and can be accounted for for real and direct losses (factual and direct damage) experienced by the User, along with evidence that can be accepted by the court or related judicial institution regarding PRODIGI's errors or negligence based on Articles 1865 and 1866 of the Civil Code, Article 164 of the Het Herziene Indonesisch Reglement and Article 5 paragraph 1 of Law Number 11 of 2008 concerning Information and Electronic Transactions as amended by Law Number 19 of 2016 Amendment to Law Number 11 of 2008 concerning Information and Electronic Transactions and Law Number 1 2024 Second Amendment to Law Number 11 of 2008 concerning Electronic Information and Transactions;

PRODIGI is hereby released from all forms of responsibility for the accuracy and precision (except for Personal Data that has been verified by PRODIGI in accordance with its Standard Operating Procedure (SOP) and Policy Guidelines), validity, legality and completeness of the User's Personal Data and is not required to notify the User or any party regarding this matter unless required by law; and/or;

PRODIGI is not responsible for any violation of the User's law or the rights of any third party due to or related to the acquisition or provision of Personal Data. In the event of a Third Party Appointment for Personal Data Storage, the User hereby releases PRODIGI and PRODIGI's employees, attorneys, representatives, affiliates or related parties in the event of a breach of confidentiality or failure to protect the confidentiality of Personal Data or Losses and Legal Issues involving, caused or carried out by the third party storing the Personal Data concerned from all forms of claims, both material and immaterial, of the User. However, PRODIGI will still make reasonable efforts to notify you of such a confidentiality breach when PRODIGI learns of it from such a third-party.

User's Right to Change, Add or Update Personal Data

To ensure the accuracy and timeliness of the User's Personal Data, the User may submit a written request via e-mail to PRODIGI for the purpose of changing, adding or updating Personal Data that has previously been obtained or submitted to PRODIGI and each such request must be sent to PRODIGI's e-mail at legal@prodiginow.com to be followed up by PRODIGI.

User's Right to Determine the Classification of Confidential and Non-Confidential Personal Data

The User may submit a written notification via e-mail to PRODIGI for the purpose of determining which information, data, or documents are confidential from or related to the Personal Data, to be followed up by PRODIGI by seeking to protect the confidentiality of the part of the Personal Data that is classified as confidential. Written notification as referred to above must be sent to PRODIGI's e-mail at legal@prodiginow.com for PRODIGI to follow up.