Privacy Policy

Our Privacy Policy was last updated on 21 February 2026.

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and informs You of Your privacy rights under applicable laws, including Law of the Republic of Indonesia No. 27 of 2022 concerning Personal Data Protection (“UU PDP”), and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

“Company” (referred to as either “the Company”, “We”, “Us” or “Our”) refers to PT Medvicer Global Sinergi, operating under the brand name Medvicer.

Under UU PDP, the Company acts as a Personal Data Controller (Pengendali Data Pribadi).

“Country” refers to the Republic of Indonesia.

“Personal Data” means any data about an identified or identifiable individual, either directly or indirectly, through electronic or non-electronic systems, as defined under UU PDP.

Personal Data may include general Personal Data and specific Personal Data as defined under applicable law.

“Specific Personal Data” under UU PDP includes data related to health information, biometric data, genetic data, criminal records, child data, financial data, and other data as regulated by law.

“Service” refers to the Website and any consulting, regulatory, quality, authorized representative, digital academy, outsourcing, or related services provided by the Company.

“You” means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

Legal Basis for Processing Under Indonesian Law (UU PDP)

We process Your Personal Data in accordance with Article 20 of UU PDP on the following lawful bases:

 

  • Explicit consent from You
  • Performance of a contract to which You are a party
  • Fulfillment of legal obligations of the Company
  • Protection of vital interests of the Data Subject
  • Legitimate interests of the Company, provided such interests do not override Your fundamental rights
  • Public interest purposes in accordance with applicable laws

Where required by law, We will obtain Your explicit consent before processing Your Personal Data.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may collect:

  • Full name
  • Email address
  • Telephone number
  • Company name
  • Job title
  • Business address
  • Identification documents (where required for regulatory or authorized representative services)
  • Financial information (where contractually required)
  • Health or regulatory documentation (where relevant to consulting services)
  • Usage Data

Where We process Specific Personal Data under UU PDP, such processing will be conducted in strict compliance with applicable legal requirements and enhanced security safeguards.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

 

  • To provide and maintain Our Service
  • To perform regulatory consulting, quality system implementation, authorized representative and import services
  • To fulfill contractual obligations
  • To comply with regulatory and legal requirements
  • To communicate with You regarding services
  • To respond to inquiries
  • To improve Our Service
  • To ensure security and prevent fraud

We process only Personal Data that is relevant, adequate, and limited to what is necessary for the stated purposes.

Your Rights Under UU PDP

In accordance with UU PDP, You have the following rights as a Data Subject:

 

Right to Information

You have the right to obtain clear information regarding the identity of the Data Controller, the legal basis for processing, the purpose of processing, and accountability measures.

Right of Access

You have the right to obtain access to and receive a copy of Your Personal Data.

Right to Rectification

You have the right to complete, update, and correct inaccuracies in Your Personal Data.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion or destruction of Your Personal Data in accordance with applicable legal provisions.

Right to Restrict Processing

You may request limitation of processing of Your Personal Data under certain conditions.

Right to Withdraw Consent

Where processing is based on consent, You may withdraw Your consent at any time.

Right to Data Portability

You may request transfer of Your Personal Data in a structured, commonly used format where technically feasible.

Right to Object

You have the right to object to certain types of processing based on legitimate interest.

Right to File a Complaint

You have the right to file a complaint with the competent supervisory authority in Indonesia if You believe Your Personal Data has been processed unlawfully.

To exercise these rights, You may contact Us using the contact details provided below.

Retention of Your Personal Data

We retain Personal Data only for as long as necessary to:

  • Fulfill contractual obligations
  • Comply with regulatory and legal requirements
  • Resolve disputes
  • Enforce agreements

After the retention period expires, Personal Data will be securely deleted or destroyed in accordance with Article 43 of UU PDP.

Security of Personal Data

In accordance with Article 35 of UU PDP, We implement appropriate technical and organizational measures to protect Personal Data from:

  • Unauthorized access
  • Unlawful processing
  • Accidental loss
  • Disclosure
  • Alteration or destruction

Security measures include:

  • Access controls
  • Role-based authorization
  • Secure cloud systems
  • Confidentiality obligations for personnel
  • Internal data protection procedures

Personal Data Breach Notification

In the event of a Personal Data breach, We will:

  • Notify affected Data Subjects and
  • Report to the relevant authority

no later than 3 x 24 hours (three times twenty-four hours) after becoming aware of the breach, in accordance with Article 46 of UU PDP, unless otherwise regulated.

Such notification will include:

  • The type of Personal Data affected
  • The time and cause of the breach
  • Remedial actions taken

Cross-Border Data Transfer

Where Personal Data is transferred outside Indonesia, We ensure that:

  • The receiving country has an adequate level of Personal Data protection; or
  • There are binding and enforceable safeguards; or
  • Your explicit consent has been obtained

in accordance with Article 56 of UU PDP.

Confidentiality Commitment

As a regulatory and compliance consulting firm, We operate under strict professional confidentiality standards.

All Personal Data and business documentation entrusted to Us are treated as confidential and accessed strictly on a need-to-know basis.

Employees, consultants, and Service Providers are contractually bound by confidentiality obligations.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements.

Changes become effective when posted on this page.

Contact Us

If You have any questions about this Privacy Policy or wish to exercise Your rights under UU PDP, You may contact Us:

PT Medvicer Global Sinergi
Website: https://www.medvicer.com
Email: contact@medvicer.com