Privacy Policy

Your privacy and security are of the utmost importance to us. This policy describes how we collect and use information about you when you use our services, including our e-commerce platform, wholesale services, and website.

1. Who are we?

We are Primasari Eterna, a food distributor, wholesaler, and e-commerce company specializing in imported snacks, chocolates, and beverages. When collecting information about our customers or visitors to our website, we are, under INDONESIAN (“ID”) data protection laws, considered a “data controller.” This means that we are responsible for deciding how we hold and use your personal data.

2. How do we collect your data?

We collect information about you when you:

  • Place an order on our e-commerce website.
  • Register for a wholesale or retail account.
  • Fill in a contact form or inquiry form on our website.
  • Sign up for our newsletter or marketing communications.
  • Send us an email or contact our customer support team.

We also collect information by automated means. When you visit our website, view one of our advertisements on a third-party website, or read our marketing newsletters, we automatically collect information about you via cookies, web beacons, and other similar technologies. These are small files associated with information that your browser or our servers will save and return as part of your use of the website and services. This is for purposes such as saving your login session, remembering your shopping cart, tracking your browsing history, and for audience measurement purposes. For more information on our use of cookies, please read our cookies notice.

3. What data do we collect?

We collect two types of information about you: personal data and non-personal data.

Personal data. This is information that lets us know who you are. This includes the information you provide us when registering to use our services (e.g., your name, company name, email address, postal address, shipping address, contact information, and payment details). Your login credentials are also considered personal data. This category also includes information tied to your identity that you provide us through other means, such as emails to our support team, and your purchase history.

The data you submit should not include any sensitive personal data, such as government identifiers (e.g., social security, driving license, or taxpayer identification numbers), complete credit card or complete personal bank card numbers (beyond what is necessary for a secure transaction via our payment gateway), or medical records.

Non-personal data. This is information that doesn’t let us determine your identity. This generally comes from your use of the services after registering on our website. Non-personal data includes information that could personally identify you in its original form, but that we have modified (for instance, by aggregation) to be anonymous.

4. How do we use your data?

We use the information we collect about you to provide our services. As part of that purpose, we use your data to:

  • Fulfill and ship your orders, and manage returns and exchanges.
  • Process payments and manage your account.
  • Provide our services and facilitate performance, including verifications.
  • Provide you with order status updates, shipping information, and real-time logs of your purchases.
  • Respond to any requests you may submit for support, sales information, or similar communications.
  • Communicate with you about our services (e.g., through newsletters, marketing emails, announcements, or special offers).
  • Personalize your shopping experience and provide product recommendations based on your purchase history and browsing behavior.
  • Investigate, prevent, and manage fraud and breaches of our Terms of Service.
  • Enable third parties, such as logistics and payment providers, to provide services to us.
  • Personalize, assess, and improve our services, content, and materials.
  • Comply with applicable laws to which we are subject.

We may use your non-personal data to enhance our services, for instance, through web analytics or troubleshooting. We may also use aggregated or depersonalized information to promote our services, such as by citing usage statistics.

5. What are our purposes and legal basis for collecting your personal data?

We collect your personal data because we need it to perform a contract we have with you (e.g., to fulfill an order you placed) or because you have taken steps to enter into a contract with us (for instance, when you fill in a contact form to request information about our wholesale services or when you sign up for an account). Otherwise, we collect personal data based on your consent for that specific purpose, and in limited cases, under legitimate interests (for example, to enable us to foster and develop our customer relationships and to perform credit checks or for verification of data and payment details).

6. With whom do we share personal data?

Except for the limited circumstances we describe here, we do not share your personal data with third parties. When we need to provide your personal data to third parties, we will only share it to the extent necessary to provide you with our services, and we ensure that we have data protection requirements in place with these third parties.

We may also share your personal data as required or permitted by law and to provide our services through third-party providers as described below.

  • Hosting Services: We host our website and operate our platform using third-party providers, such as Google Cloud Platform and AWS.
  • Payment Providers: We use third-party services like Stripe to process subscription payments. We provide them with the personal data required to charge your credit card and maintain any payment mandate information as required by law.
  • Logistics and Shipping Partners: We share your name, shipping address, and contact information with our logistics and courier partners to ensure your orders are delivered.
  • Website Functionalities and Optimization: We may use third-party services to enhance the function of the website and the services, and for product development and optimization.
  • Customer Engagement: We use third-party service providers and platforms for customer engagement, customer chat, product feedback, and customer support ticketing.

While we provide these third parties with no more information than what is necessary to enable them to provide services to us, any information that you provide these service providers independently is subject to their respective privacy policies and practices.

We will never sell, share, or rent your contact information to third parties, nor will we use them for any purpose other than those set forth in this policy.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities or regulatory bodies, including to meet law enforcement requirements, in the case of a court order, a summons to appear in court, or any other similar requisition from a government or the judiciary, or to establish or defend a legal application.

Additionally, we will provide information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock.

7. For how long do we retain your personal data?

We keep your personal data for as long as is necessary to provide our services to you (unless otherwise required by law).

If you would like us to stop all described uses of your personal data, you may delete your account at any time from your account settings. This will delete your personal data from our records (within a maximum of ninety (90) days), and we will make no further use of it. We may, however, retain copies of your personal data in backups for legal retention purposes and/or for our own legitimate business purposes.

8. What are your rights in connection with personal data?

In accordance with Data Protection laws, you have the right to:

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no legitimate reason for us to continue processing it.
  • Withdraw your consent and opt-out from our communications. We will honor your opt-out within 14 days. Please note that you cannot unsubscribe from service-related messages if you remain a customer.
  • Object to the processing of your personal data, for example, if we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to processing on this basis.
  • Request the restriction of the processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data (right to data portability).

If you want to exercise any of the above rights, please email us at [your company privacy email address].

9. Security

The security and integrity of your personal information are very important to us. We follow industry-accepted standards to protect the personal information submitted to us, both during transmission and once it is received. We ensure the appropriate electronic, physical, and managerial procedures are in place to safeguard and preserve all the data handled. Our infrastructure is located in top-tier data centers. These locations adhere to strict physical and procedural controls, which are frequently audited. Our applications are routinely scanned for vulnerabilities, and an independent penetration test is conducted annually. Our employees undergo background checks (when allowed) and sign non-disclosure agreements.

Remember, though, that some parts of our services may be public, and email, by its nature, is not a reliably private means of communication. If you voluntarily provide personal data in a public area of the website, unrelated parties online will be able to view and collect it. If you don’t want to make this information publicly available, you should not post it.

10. Changes

The information provided in this policy may be modified to address new issues or changes. If we make significant changes, we may notify you by other means (for instance, by email or with a banner on the website) before the change becomes effective. Any changes we make will take effect 30 days after the update date noted above. If you object to the changes, you may choose to close out your account with us before the new effective date to delete your account and related information from our records.