The main controller of your data for the purposes of our services is PT. Ria Nusantara Sejati, a company located at Boulevard summarecon serpong Jl. Gading serpong boulevard BVA 1 Kel. Curug sangereng kec. Kelapa Dua Kab. Tangerang – Banten Ko45. PT. Ria Nusantara Sejati is companies that provide services to you in accordance with our Terms & Conditions, (hereinafter collectively referred to as “togo”, “we”, “us” or “our” in this privacy statement). These companies are also considered data controllers for the local services they offer.

We care about your privacy and are committed to protecting your personal data. This privacy statement will tell you how we handle your personal data, your privacy rights and how the law protects you. Please read this privacy statement carefully before using our Services.

Introduction:

You are a user, and/or visitor who accesses and/or uses our Platform, whether you are registered and have or do not have an account

Personal Data is data about you that is identified or can be identified individually or combined with other information, either directly or indirectly, through electronic or non-electronic systems.

Business Data is data relating to identity which includes business name, contact, email address, telephone number, business category, business address, photo of business location, and business profits.

Features are any existing service products that will be available on the togo Platform

Know Your Customer (hereinafter referred to as KYC) is a principle of getting to know the user for the identity verification process connected to a Third Party in carrying out the verification and validation process related to Account data that will be registered on the Platform.

Know Your Business (hereinafter referred to as KYB) is a principle of knowing business, where rules or regulations require the Company to continuously review the activities and verification of agencies that collaborate with us by connecting with Third Parties.

Services means any products, services, content, features, technology or functionality, and all related websites, applications and services offered to you by us.

Platform means the website, mobile application, mobile site or other online thing we own through which we offer our Services.

Third Parties are parties who collaborate to support the implementation of the services we provide to you, namely:

PT Indonesia Digital Identity (hereinafter referred to as “VIDA”) is a partner or third party that carries out KYC, recognized by the Ministry of Communication and Informatics (Kominfo) for the issuance and management of certified Electronic Certificates and Electronic Signatures that are legally binding for Individuals and Institutions, which validated against the relevant identity issuer’s database, in this case the KTP database maintained by the Directorate General and Civil Registration (Dukcapil)

Parties who partner with us in the field of service and package delivery, between sellers & buyers, are:

PT Paket Anak Bangsa (Gosend);

PT Adi Sarana Armada Tbk ( Anteraja);

PT Jala Niaga Elok (JNE);

PT Sicepat Express Indonesia (Sicepat); And

PT Paxel Superior Algorita (Paxel)

What data do we collect about you?

Data is provided through direct interaction

Registration and other account information

When you register to use our Services, we may collect the following information about you:

if you register using your Google account: first name, last name and email address;

if you register using your Facebook account: we collect your first name and last name as they appear on your Facebook account and Facebook ID. If you have given permission to Facebook via their in-app privacy options (which appear just before you register on our Platform), we may collect your gender, age or email depending on the permission granted by you; And

if you register using your mobile number: mobile number.

Depending on the choices you make during the process of logging into our Services or during the process of engaging with our Services, you may choose to provide the following additional personal data:

Your name;

Email address;

Phone number;

Your credit card details if you wish to purchase our paid services as defined in our Terms & Conditions.

Communication via chat features on our Platform When you use our chat features to communicate with other users, we collect information that you choose to provide to other users through these features.

Data we collect automatically when you use our Services

When you interact with our Platform or use our Services, we automatically (Directly) and Indirectly collect the following information about you:

Device Information

We collect device-specific information such as operating system version, unique identifiers. For example, the name of the mobile network you use. We associate a device identifier with your togo account.

Location information

Depending on your device’s permissions, if you post something/items on our Platform, we automatically collect and process information about your actual location. We use a variety of technologies to determine location, including IP addresses, GPS, Wi-Fi access points, and cell towers. Your location data allows you to see user items near you and assists you in posting items within your location. If we need your location data, we will first display a pop-up that will ask you to choose whether or not to allow us to access your location data. If you do not allow us to have access to your location data, you can still use our Services but with limited functionality. If you allow us to access your location data, you can always change it afterwards by going to the settings on our website or our platform app and disabling permissions related to location sharing. To find out more about the purposes for which your location data is used and how it is processed, please refer to Section 4.2 (ii) of this Privacy Statement.

Client and Log data

Technical details, including your device’s Internet Protogol (IP) address, time zone and operating system. We will also store your login information (registration date, last password change date, last successful login date), your browser type and version.

Clickstream Data

We collect information about your activities on our Platform which includes the site from which you access our Platform, the date and time stamp of each visit, the searches you have performed, the listings or advertisements you have clicked on, your interactions with such advertisements or listings, the duration of visits you and the order in which you visit the content on our Platform.

Cookies and Similar Technologies

We use cookies to manage our users’ sessions, to save your preferred language choices and to send you relevant advertising. “Cookies” are small text files that a web server transfers to your device’s hard drive. Cookies may be used to collect the date and time of your visit, your browsing history, your preferences, and your user name. You can set your browser to refuse all or some Cookies, or to alert you when websites set or access Cookies. If you disable or reject Cookies, please note that some parts of our Services / Platform may become inaccessible or not function properly. For more information about the Cookies we use, please see our Policy on Cookies and Similar Technologies.

Register and/or register by creating an account on the platform in the form of data

personal identity such as name, address, email address, telephone number, place and date of birth, information on identity card (KTP, SIM, Passport/NPWP/KITAS), photo of yourself, video of yourself, account username and password, account information and financial information that you provide when making a transaction, business and/or enterprise information, biometric data.

Cookies and related technologies such as public information contain personal data and

or online news published on social media.

When you access, visit our platform, the data we collect will

used for statistical purposes in terms of evaluating the performance of our platform. So you hereby declare and guarantee that the Personal Data that you have entered into the platform and/or features is true and accurate. You are responsible for the personal data that has been submitted to us, including releasing us from all demands, criminal and civil suits

We reserve the right from time to time to request and carry out verification and/or updates

and/or updating your personal data where this is done without coercion, and in a conscious state. However, if you have not verified and/or updated and/or updated your data, then we will not allow you to access optimal features temporarily/permanently.

Data from third parties or data available from public sources.

We receive personal data about you from various third parties and public sources as mentioned below:

Certain technical and usage information from analytics providers such as Google, Facebook, and Optimizely;

Cookies information from advertising networks such as Criteo and Props.

Do we Collect Data From Children?

Our Services are not directed to children under 17 and we do not knowingly collect data from anyone under 17. If we become aware that a person under 17 years of age has provided us with their personal data, we will delete it immediately.

Why do we Process your Personal Information?

We will only use your personal data when the law allows us to. Generally, we will use your personal data in the following situations:

Where we need to perform a contract that we will enter into or have entered into with you.

Where necessary for our legitimate interests to improve our Services and to provide you with a safe and secure Platform.

Where we must comply with legal or regulatory obligations.

Under certain circumstances, we may also process your personal data based on your consent. If we do this, we will tell you the purposes and categories of personal data that will be processed when we ask for your consent.

We have explained below a description of how we use your personal data, [and the legal basis on which we do so. We have also identified what our legitimate interests are in the right place].

To provide access and provide Services through our Platform

If you log in using your mobile number or email ID, we use your first and last name, mobile number and/or e-mail address to identify you as a user and provide access to our Platform.

If you log in using your Facebook account, we use your first and last name from your Facebook profile and Facebook email address to identify you as a user on our Platform and provide you with access to our Platform.

The above log-information data is also used by us to deliver our Services to you in accordance with our Terms & Conditions.

We use your e-mail address and mobile phone number (via SMS) to make suggestions and recommendations to you about our Services that may be of interest to you.

We process the above information for the proper performance of our agreement with you and on the basis of our legitimate interest in carrying out marketing activities to offer Services that may be of interest to you.

To improve your experience on the Platform

We use clickstream data to:

offer customized content, such as providing you with more relevant search results when using our Services.

to determine how much time you spend on our Platform and in what ways you navigate through our Platform to understand your interests and to improve our Services based on this data. For example, we may give you suggestions about content you can visit based on the content you click on.

to monitor and report the effectiveness of campaign delivery to our business partners and for internal business analysis.

We use your location data for the following purposes:

to collect anonymous and aggregate information about the characteristics and behavior of togo users, including for the purposes of business analysis, segmentation and anonymous profile development.

to improve the performance of our Services and personalize the content we direct to you. For example – with the help of location data we display a list of advertisements that are around you to improve your purchasing experience. For this purpose, Google Maps services are integrated into our Platform. Google Maps is provided by us and Google acts as an independent controller. This means that Google and we are responsible for the processing of your location data in the context of Google Maps. However, we will not process your location data for any purposes other than those described in this Privacy Statement. However, Google may process such location data for their own purposes as described in Google’s Privacy Policy which can be reviewed here. Use of Google Maps through our Platform is subject to the Google Maps Terms of Service.

to measure and monitor your interactions with third party banner ads that we place on our Platform

With the help of your login information which includes your email id and phone number, we map the different devices (like desktop, mobile, tablet) used by you to access our Platform. This allows us to associate your activity on our Platform across devices and helps us provide a good experience no matter what device you use. We process the above information based on our legitimate interests to improve your experience on our Platform and for the adequate performance of our contract with you.

To provide you with a secure Platform:

We use your mobile phone number, log data and unique device identifiers to manage and protect our Platform (including troubleshooting, data analysis, testing, fraud prevention, system maintenance, support, reporting and data hosting).

We analyze your communications made through our chat feature for fraud prevention and to increase security by blocking spam or abusive and unkind messages that may have been sent to you by other users.

We process the above information for the adequate performance of our contract with you, to improve our services and on the basis of our legitimate interests to prevent fraud.

How will we notify you about changes to our privacy statement?

We may change, update, post, this privacy statement from time to time. When We change the policy in a material way we will notify you, among other things, by updating the “effective date” at the top of this page.

We have a policy of providing notices, whether legal or for marketing or other business-related purposes, to you via:

email notifications;

written notice or hard copy, or;

through publication on our Services, as determined by us in our sole discretion.

We reserve the right to determine the form and method of providing notice to you, as far as permitted by applicable laws and regulations.

With regard to notifications in the event of security failures, you hereby agree that we may send you notifications electronically. We will send the notification by registered/marked email or via other electronic means, which method will ensure that you have received the notification.

Your rights

In certain circumstances, you have rights under data protection laws relating to your personal data.

If you wish to exercise any of the rights set out below, please go to your account settings / privacy or contact us using the Contact Form / privacy email id: legal@ransnusa.com

The right to request access to your personal data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

The right to request correction of any data we hold about you. This allows you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of any new data you provide to us.

The right to request restriction of processing of your personal data. This allows you to ask us to suspend processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) if our use of the data is unauthorized; (c) where you need us to hold the data even if we no longer require it when you need it to establish, exercise or defend a legal claim; or (d) you object to our use of your data, but we need to verify whether we have overridden legitimate grounds for using it.

The right to request deletion of your personal data. This allows you to ask us to delete or delete personal data where there is no compelling reason for us to continue processing it. You also have the right to ask us to delete or transfer your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we have been asked to delete your personal data to comply with local laws. Please note that for certain purposes we may be legally obliged to retain your data. Please see part I.

The right to object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground because you feel it impacts your fundamental rights and freedoms. You also have the right to object to us processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have imposed legitimate grounds for processing your information that override your rights and freedoms.

The right to request the transfer of your personal data to you or to a third party. We will provide you, or a third party you choose, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

The right to withdraw your consent to the processing of your personal data at any time. This does not affect the legality of any processing we have carried out based on previously provided consent.

No fees are usually required: You do not have to pay a fee to access your personal data (or exercise any other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Deadline to respond: We try to respond to all valid requests within one month. Sometimes we take more than a month if your request is very complex or you have made several requests. In this case, we will notify you and inform you of developments in this matter.

Communication and marketing

We will communicate with you via email, SMS or application notifications in connection with our Services / Platform to confirm your registration, to notify you if your ad listing has become live / expired and for other transactional messages in connection with our Services. Because it is important for us to provide you with such transactional messages, you may not be able to opt out of them.

However, you can ask us to stop sending you marketing communications at any time by clicking the opt-out link in emails or SMS sent to you or by changing the communications settings in your account. If there are problems changing these settings, contact us via the Connection Form.

You may receive marketing communications from us if you:

has requested such information from us;

use our Platform or Services;

provide us with your details when you enter a competition; or

registered for the promotion.

Who do we share your data with?

Company affiliates – we may share your data with other togo group companies located within and outside the EEA and assist us in providing business operations services such as product improvements, customer support and fraud detection mechanisms. Any sharing of personal data within the togo group of companies located outside the European Economic Area (“EEA”) will always be subject to protection as described in section H or to a data transfer agreement that clearly defines the obligations of the parties and ensures appropriate technical and regulatory measures. organizational steps to protect your data.

Third Party Service Providers: We use third party service providers to help us provide certain aspects of our Services, for example, cloud storage facilities such as Amazon Web Services and Microsoft Azure and other Third Parties listed in the Introduction to this Privacy Policy. Service providers may be located within or outside the “EEA” and other third parties

We conduct checks on our third-party service providers and require them to respect the security of your personal data and treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions.

Advertising and analytics providers: To improve our Services, we will sometimes share your information with analytics providers who can help us to analyze how people use our Platform/Services. For the most part, we provide your information to them in non-identifiable form to monitor and report on the effectiveness of campaign delivery to our business partners and for internal business analysis. This information will typically include a Cookie ID, IP address (short), referring URL as well as browser and device information. To control and manage settings for advertising, you can access settings via the link in the footer of our website. For more information about our advertisers and analytics providers, please see our Policy on Cookies and Similar Technologies.

Law enforcement authorities, regulators and others: We may disclose your personal data to law enforcement authorities, regulators, governments or other relevant public bodies and third parties to comply with any legal or regulatory requirements.

We may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If changes occur to our business, then the new owners may use your personal data in the same ways as set out in this privacy statement.

Publicly available information: When you post items for sale using our Services, you can choose to make certain personal information visible to other togo users. This may include your first name, last name, your email address, your location and your contact number. Please note, any information you provide to other users may always be shared with them with others, so please exercise discretion in this regard.

We also reserve the right to disclose information about you that we believe, in good faith, is appropriate or necessary to:

take precautions against liability;

protect us or others from fraudulent, wrongful or unlawful use or activities;

identify and defend against third party claims or allegations;

protect the security or integrity of the Services and any facilities or equipment used to make the Services available; or

protect our property or other legal rights (including, but not limited to, the enforcement of our agreements), or the rights, property, or safety of others.

International Transfers

Whenever we transfer your personal data from the EEA, we ensure the same level of protection is provided to it by ensuring at least one of the following safeguards is in place:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further information, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Where we use certain service providers, we may use certain contracts approved by the European Commission which give personal data the same protection as that in Europe. For further information, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Where we use service providers based in the United States, we may transfer data to them if they are part of the Privacy Shield which requires them to provide the same protection to personal data shared between Europe and the United States. For further information, see European Commission: Adequacy of the protection of personal data in non-EU countries.

You can receive a copy of the relevant and implemented protections by contacting us via the Connection Form.

Where do we store your data and for how long?

The data we collect about you will be stored and processed within and outside the EEA on secure servers to provide the best possible user experience. For example – to build a fast website or mobile app.

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.

If there is no activity on your account for a period longer than 24 months, we will delete your account including all personal data stored in your account meaning that you will no longer be able to access and use it.

If you have questions regarding your data retention period, please contact us at legal@ransnusa.com

Technical and Organizational Measures & Security Processing

All information we receive about you is stored on secure servers and we have implemented appropriate and necessary technical and organizational measures to protect your personal data. togo continuously evaluates the security of its network and the adequacy of its internal information security programs designed to (a) help secure your data from accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable risks to the security of togo’s network, and (c) minimize security risks, including through risk assessments and routine testing. Additionally, we ensure that all payment data is encrypted using SSL technology.

Please note, despite the measures we employ to protect your data, data transfer over the Internet or other open networks is never completely secure and there is a risk that your personal data may be accessed by unauthorized third parties.

Limitation of Liability

We are not responsible for the exchange and/or provision of your Personal Data that you do yourself, including those that you do through the Platform. You are responsible for security by carrying out appropriate safeguards in safeguarding your Personal Data such as limiting access, creating a strong password, protecting your password and/or one time password (OTP).

We are only responsible for the protection and security of your Personal Data which is limited to the data stored in the system developed and managed by us, and we can at any time carry out and take the necessary steps to safeguard and protect your Personal Data. By continuing to access the Platform and use our Features or Services, you release us from claims, losses, demands and lawsuits that may occur and arise due to elements of negligence committed by yourself, which you must take care of.

Links to Third Party Websites

Our Platform may contain links to third-party websites or applications. If you click on one of these links, please note that each will have its own privacy policy. We do not control these websites/apps and are not responsible for their policies. When you leave our Platform, we encourage you to read the privacy notice of each website you visit.

Contact

For any additional information or to exercise your rights, please contact our Privacy Office at The Boulevard summarecon serpong Jl. Gading serpong boulevard BVA 1 Kel. Curug sangereng kec. Kelapa Dua Kab. Tangerang – Banten Ko, or via the Help Section on our Platform . You may also alternatively contact the Data controller for your local service at legal@ransnusa.com.