Kebijakan Privasi – fonesia.com

kebijakan & Privasi

Privacy Policy

This Privacy Policy (“Policy”) describes how Fonesia.com (“we,” “us,” “our,” “Fonesia.com”) collects, uses, stores, discloses, transfers, and protects your personal data and information when you access and use our website, platform, services, applications, subdomains, systems, and any associated tools (collectively, the “Platform”).

Your access to and use of the Platform signifies your acknowledgment and consent to the terms described herein. If you do not agree to this Policy in its entirety, you must cease all access to the Platform.

1. Data Collection and Categorization

We collect various types of data from users, including but not limited to:

Personally Identifiable Information (PII): such as your name, address, telephone number, email, national ID number, taxpayer information, geolocation, and biometric data (if applicable).
Transactional Data: payment records, QRIS codes, purchase history, escrow reference IDs, timestamps, shipping activity, refund requests, and related metadata.
Device and Access Data: browser type, IP address, operating system, screen resolution, device ID, and behavioral tracking analytics.
Communication Records: interactions with customer service, dispute resolutions, support tickets, chat history, and audio call recordings (if applicable).
Third-Party Integration Data: where applicable, information received from authorized APIs, third-party plugins, or platforms you connect with.

2. Purpose of Processing

The collection and processing of your data serve multiple lawful purposes, including:

Facilitating secure, regulated, and traceable transactions between transacting parties.
Verifying identities under KYC (Know Your Customer) protocols, AML (Anti-Money Laundering) regulations, and financial supervision frameworks governed by OJK and BI (Bank Indonesia).
Complying with national and international legal requirements related to cross-border payments, escrow holdings, and dispute arbitration.
Optimizing Platform functionality, performing behavioral segmentation, A/B testing, and service personalization.
Enabling status notifications (e.g., pending payment, under review, claim opened, etc.) to users.
Preventing fraud, abuse, or system manipulation through automated and manual monitoring.

3. Legal Basis for Processing

We rely on various legal bases depending on the nature of the data and context of collection:

Contractual Obligation: to perform our agreement with you.
Legal Compliance: to adhere to applicable laws and regulations.
Legitimate Interest: to improve the platform and protect users.
Consent: in cases where explicit authorization is required.

4. Data Retention and Storage

Your data will be retained as long as necessary to fulfill the purposes described or as required by law, whichever is longer.

Personal data is stored in encrypted format
Sensitive data may be pseudonymized or anonymized
Data backups follow multi-region retention protocols

5. Geographic Scope and International Transfers

Your data may be processed or stored outside your country. Transfers follow Standard Contractual Clauses (SCCs), intercompany agreements, or equivalent safeguards.

6. Data Subject Rights

Depending on your jurisdiction, you may have rights to:

Access
Correct
Delete
Port
Restrict or object to processing

Verification may be required. Some requests may be denied if they conflict with legal obligations.

7. Disclosure to Third Parties

We do not sell or rent your data. We may share data with:

Payment partners (e.g., QRIS, banks, e-wallets)
Logistics providers
Government or regulators upon lawful request
Affiliates and service providers operating under contracts and confidentiality terms

8. Use of Cookies and Tracking Technologies

We utilize:

Session & Persistent Cookies
Web Beacons and Tracking Pixels
LocalStorage / SessionStorage

You may disable cookies via browser settings, which may impact functionality.

9. Security Measures

We apply multiple safeguards:

TLS/SSL encryption
AES-256 for sensitive storage
Two-Factor Authentication (2FA)
Role-based access controls
Periodic security audits

Despite best efforts, residual risk remains.

10. QRIS-Specific Considerations

If using QRIS:

QRIS codes reflect seller location (e.g., “FONESIA JAKARTA”)
Governed by BI and OJK
Transaction logs handled by certified partners
Data shared with financial institutions

11. Children’s Privacy

Fonesia.com is not intended for users under 18. If you are a guardian and suspect data was submitted by a child, please notify us immediately.

12. Automated Decision-Making

We may use automation to detect fraud or compliance risks. These systems are reviewed to ensure fairness and legality.

13. Platform Usage Monitoring

We monitor usage for:

Service improvement
Abuse prevention
Performance optimization
Legal compliance

Includes session recording and profiling.

14. Behavioral Advertising

Third-party services (e.g., Google Ads, Meta Pixel) may be used. Opt-out is available via their settings.

15. Consent Withdrawal

Where processing is based on consent, you may withdraw at any time. Prior processing remains lawful. Some features may become unavailable after withdrawal.