Teman Sehat – Privacy Policy

Last updated: July 23, 2020

Achiko AG, a company incorporated with limited liability in Switzerland with business identification number (UID) CHE299698976, having its registered office at Lavaterstrasse 66, 8002 Zurich, Switzerland.

This Privacy Policy applies to Achiko AG and its affiliates (including its subsidiaries and controlled entities) and other related bodies corporate, including without limitation PTPI Indonesia, Kryptonite Korea and Achiko Switzerland AG (together, Achiko, we, us, our) in relation to our operations. It explains how we handle personal information and comply with the requirements of applicable privacy laws and other related laws regulating the handling of personal information (Privacy Laws).

This Privacy Policy also serves as notification to and an agreement with individuals of the matters required to be notified and agree on collection of their personal information.

We recognise the importance of your privacy, and that you have a right to control how your personal information is collected and used.

  1. Collection of Personal Information
    1. We collect personal information from individual users of Achiko’s “Teman Sehat” platform applications, being:
      (a)the Person App (used by individual users to receive and manage their COVID-19 test results and check-in to places and venues that they visit by sharing their COVID-19 testing status);
      (b)the Place App (used by individual users working for places and venues to “check-in” individual users of the Person App who visit those places or venues, based on their COVID-19 testing status);
      (c)the Tester App (used by individual users working for hospitals and medical professionals to upload COVID-19 test results and related health information about individual users of the Person App); and
      (d)the Chief App (used by Indonesian Government approved representatives to access information about an individual user of the Person App’s COVID-19 status and their history of checking-in to venues and places).
      (collectively, Apps), as well as any Achiko website or service associated with these Apps including the AchikoID service (Achiko websites). We also collect personal information from third parties in the circumstances described in section 1.4 below. In this section 1, we explain the kinds of persona information which we usually collect and hold as well as how we collect and hold this information.
    2. The kinds of personal information Achiko will collect and hold about you may include:
      (a)contact details which may include your name, address, email and phone details;
      (b)age or date of birth information;
      (c)personal information that you include in any content that you enter or upload onto the Apps such as your name, personal identification number (NIK) as printed in identity card (or commonly known as ‘KTP’), location data, a photograph or other information about you;
      (d)your AchikoID;
      (e)other sensitive information or special categories of personal data (as defined under relevant Privacy Laws) that you choose to provide to us, but only where you voluntarily choose to disclose it to us via the Achiko websites and the Apps;
      (f)information regarding your use of the Achiko websites and the Apps, including IP addresses, standard web log information including online usage, and any other information or online analytics regarding the use of the Achiko websites and the Apps, unless you object to such processing pursuant to rights that exist under Privacy Laws;
      (g)information on your dealings with Achiko, including details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries; and
      (h)any additional information relating to you that you provide to us when you contact us in connection with your use of the Achiko websites and the Apps;
      (i) in the case of users of the Person App, may also include:
      (i) your geo-location information when you use the check-in function to check in at a place or venue as well as details of the date and time of your visit; and
      (ii) information about your health, including COVID-19 test results, that appears on medical documentation that you provide to us or that you consent for us to obtain (including directly from your health care provider as set out in section 1.4 below), or where otherwise permitted by law; and
      (j)in the case of doctors, nurses and other medical professionals who conduct COVID-19 tests on users of the Person App, their name and the fact that they have conducted such tests; and
      (k)in the case of staff who check-in users of the Person App at a place or venue, their name and the fact that they have carried out that check.
    3. In some cases, we are required to collect personal information in order to comply with the prevailing laws and regulations.
    4. We usually collect personal information about you either directly from you, someone acting on your behalf, or from third parties (which have obtained your consent to disclose your personal information), through:
      (a) your use of Achiko websites and the Apps, including:
      (i) when you register for an account or create a profile as:
      (A) an individual end user on the Person App;
      (B) a venue staff member or personnel user of the Place App;
      (C) a hospital or other medical professional user of the Tdester App; and/or
      (D) an Indonesian government representative who has been approved by Achiko and/or the Indonesian government to be a user of the Chief App; and/or
      (ii) through our use of website analytics;
      (b) use of the “Teman Sehat” platform by other users, including:
      (i) a staff member at a hospital, medical professional or other testing facility where a user of the Person App was tested for COVID-19 (Testing Provider) may submit:
      (A) testing results and other health information about the user of the Person App; and
      (B) information about the medical professional who conducted the test, via the Tester App; and/ or
      (ii) staff at venues that a user of the Person App visited may submit:
      (A) information about that visit to their premises via the Place App when the user of the Person App scans the QR code on their Person App on entry to the venue; and
      (B) information about the staff member who conducted the QR code check-in, on the Place App;
      (c)information that you communicate to us including through correspondence, chats, services or websites, email, telephone, SMS, third party apps and any other forms of communication sent or given to us electronically or in hard copy;
      (d)interaction with our services, content and advertising;
      (e)orders for products or services;
      (f)third party service providers;
      (g)provision of customer service and support; and
      (h)entries into competitions or trade promotions via the Person App and the Place App conducted by us, on our behalf or through other users within the “Teman Sehat” platform.
    5. If you do not provide us with the information we request, we may not be able to fulfill the applicable purpose of collection, such as to supply products or services to you. This may include (but is not limited to) access restrictions in certain venues and places that use the “Teman Sehat” platform, and an inability to access some benefits available (eg in the form of vouchers) on the Person App and the Place App.
    6. Where reasonable and practicable, we will collect personal information directly from you. If we collect information about you from someone else (for example from someone who supplies goods or services to us), we will ensure you are aware that we have collected personal information about you and the circumstances of the collection and provide any additional disclosure required under applicable Privacy Laws.
    7. All users of the Person App acknowledge and agree that:
      (a)by click ‘agree’ to this Privacy Policy and using the Person App to obtain results of a COVID-19 test, you consent to those results and related health information being collected, used and disclosed by Achiko in the manner set out in this Privacy Policy (including without limitation disclosure to venues and places that you visit when you use the Place App to check-in at those venues, and disclosure to the Indonesian Government and their approved Government representatives via the Chief App); and
      (b)by click ‘agree’ to this Privacy Policy and using the Person App to check-in at a place or venue, you consent to your COVID-19 testing status being disclosed to the place or venue and details of your visit being collected, used and disclosed by Achiko in the manner set out in this Privacy Policy (including without limitation disclosure to the Indonesian Government and their approved Government representatives via the Chief App).
    8. Users of the Tester App must not submit information to the Tester App about any individual who carried out a COVID-19 test on a user of the Person App unless they have first provided that individual with a copy of this Privacy Policy.
    9. Users of the Place App must not submit information to the Place App about any individual who carried out a check-in on a user of the Person App unless they have first provided that individual with a copy of this Privacy Policy.
  2. Use and Disclosure of Personal Information
    1. We will only use and disclose your personal information in accordance with Privacy Laws and in accordance with this Privacy Policy.
    2. Our main purposes for collecting, holding, using and disclosing personal information are the following (as applicable to you):
      (a)to supply products or services to end users of our websites and the Apps;
      (b)to assist Indonesian government authorities with COVID-19 contact tracing efforts;
      (c)to assist places and venues to choose to “check-in” users of the Person App to their premises;
      (d)to manage your account with us, including to help users of the Person App to obtain COVID-19 test result(s) from their health care provider;
      (e) to manage and ensure the interconnectivity within the “Teman Sehat” platform, including the ability for:
      (i)a Testing Provider to submit testing results and other health information about users of the Person App by using the Tester App;
      (ii)venues to confirm the identity and COVID-19 test result status of users of the Person App when such individuals check into a certain location or venue using the Person App; and/or
      (iii)Indonesian government representatives to check the COVID-19 test result status of users of the Person App, and their movements between different venues, using the Chief App;
      (f)to provide you with products and services that you have requested;
      (g)to respond to enquiries from you;
      (h)to assess and process warranty claims;
      (i)to enforce agreements between you and Achiko;
      (j)to undertake research and analyse statistical information created using your personal information (including health data) to measure and improve performance of the “Teman Sehat” platform;
      (k)to communicate updates or orders with you; and
      (l)to comply with legislative and our policy requirements.
    3. We will only use or disclose personal information for a purpose other than for which it was collected or a related purpose if you have consented to such different use or disclosure or to the extent that such use or disclosure is permitted by applicable law.
    4. In carrying out our business, it may be necessary to share information about you with and between our affiliates (including its subsidiaries and controlled entities) and related bodies corporate and also between organisations that provide services to us (eg, our alliance partners). We would not otherwise routinely disclose personal information to an organisation other than as set out in this Privacy Policy unless:
      (a)required or permitted by law;
      (b)we believe it is necessary to provide you with a product or service which you have requested;
      (c)it is necessary to protect the rights, property or personal safety of any of our customers, any member of the public or our interests;
      (d)the assets and operations of our business are transferred to another party as a going concern; or
      (e)you have provided your consent.
  3. Service Providers
    1. Like most large organisations, we use a range of service providers to help us maximise the quality and efficiency of our services and our business operations. This means that individuals and organisations outside of Achiko such as cloud and web hosting service providers, software as a service providers, providers of IT support services, providers of analytics and marketing support services and online payment system providers, will sometimes have access to or be disclosed personal information held by us and may only use it on behalf of us to facilitate our services, provide services on our behalf, perform service-related services or assist us in analysing how our service is used. We require our service providers to adhere to strict privacy guidelines which require the service providers not to keep this information, nor to use it or disclose it for any unauthorised purposes.
  4. Disclosure of Personal Information Outside The Jurisdiction of Collection
    1. We may disclose personal information outside of the jurisdiction from which it was collected. In the conduct of our business, we transfer to, hold or access personal information from various countries including Indonesia. The privacy laws of those countries may not provide the same level of protection as the privacy laws of the country from which the personal information was collected. However, this does not change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure.
  5. Direct Marketing
    1. We do not send marketing materials via email to current or prospective customers for the purposes of the Apps. However, we may send you promotional material about venues or other business partners that may be of interest to you via the Person App itself.
    2. If you are receiving information from us and do not wish to receive this information any longer, please contact Achiko directly at info@temansehat.co
  6. Our Website and Person App Privacy Practices
    1. We sometimes use cookie and similar tracking technology on Achiko websites and the Apps to provide information and services to site visitors and improve your experience on our websites and the Apps. Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and are a necessary part of facilitating online transactions, and include standard internet log information and visitor behaviour information. Most web browsers are set to accept cookies. Cookies are useful to keep you signed in, remember your preferences, estimate our number of members and determine overall traffic patterns through our sites.
    2. If you do not wish to receive any cookies you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on the Achiko websites and/ or the Apps.
    3. Google and other third parties collect data about traffic to this site. Google Analytics uses cookies to monitor traffic to, and use of, the Websites. Google uses this information on our behalf to evaluate your Websites usage, to compile reports on the Websites activities, and to provide additional services connected with the Websites. We will not identify you to Google, and will not merge personal and non-personal information collected through this service. You can prevent the use of Google Analytics cookies by adjusting the settings on your browser software, however, you may not be able to fully use all of the functions of the Websites if you do so. If you would like to prevent Google’s collection of data generated by your use of the Websites (including your IP address), please download and install a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=enhttps://tools.google.com/dlpage/gaoptout?hl=en Alternatively, you can find out how Google Analytics uses data when you use our Websites, at https://policies.google.com/technologies.
  7. Links to Other Websites and Other Third Party Collections
    1. Our websites and Apps may contain links to third party websites or references to third party applications. These linked sites and applications are not under our control and we are not responsible for the content of those sites nor are those sites or applications subject to our Privacy Policy. Before disclosing your personal information on any other website or applications we recommend that you examine the terms and conditions and Privacy Policy of the relevant site. Achiko is not responsible for any practices on third party websites or applications that might breach your privacy.
  8. Accessing and Correcting The Information We Keep About You
    1. You may have a right to:
      (a)Access. You may have the right to request a copy of the personal information we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable administration fee.
      (b)Rectification/correction. You may have the right to have incomplete or inaccurate personal information that we process about you corrected.
      (c)Deletion. You may have a right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such information in order to comply with a legal obligation or to establish, exercise or defend legal claims. If you wish to have your personal information deleted, please contact us at our email address below and we will take all reasonable steps to delete it unless we need to keep it for legal reasons. You should note that you may update certain content and account details directly within the Achiko websites and the Apps.
      (d)Confidential. You may specify if any collected personal information is to be treated as confidential.
    2. You may make any of these requests in relation to your personal information by sending the request to us at info@temansehat.co
  9. Storage and Security of Your Personal Information
    1. We will endeavour to implement appropriate technical and organisational measures to keep secure any information which we hold about you, and to keep this information accurate, up to date and complete, and to ensure a level of security appropriate to any risks which may be associated with the processing activities outlined in this Privacy Policy.
    2. Your information is stored on secure servers that are protected in controlled facilities. These are third party data storage services, including cloud service providers.
    3. Where it is required by the law or relevant government institution, we will only store your personal information in controlled facilities within your jurisdiction.
    4. We take all reasonable physical, administrative, and technological precautions to store and transmit data securely. For example, personal data is encrypted and held with reputable data storage providers. Other measures include:
      (a)computer firewall protection; and
      (b)computer maintenance to prevent unauthorised access.
    5. In addition to technological measures, Achiko also places access controls on its employees and other partners. Our employees are subject to contractual confidentiality obligations that are consistent with this Privacy Policy. Despite these measures, Achiko cannot guarantee that the information described in this Privacy Policy will be completely secure.
  10. Retention of Personal Information
    1. We will retain and process your personal data only for as long as is necessary for the purposes for which the information is collected. In addition, we will retain and use your personal data to the extent necessary to comply with our legal obligations and exercise our legal rights (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
    2. When we no longer need to use your personal information or retain it pursuant to legal obligations in order to exercise our legal rights, we will remove it from our systems and records or take steps to anonymise it so that you can no longer be identified from it in accordance with relevant Privacy Laws.
  11. Contacting Us
    1. If you have any concerns or complaints about how we handle your personal information, or if you have any questions about this policy, please contact us at info@temansehat.co or at the address below:
      Wisma Barito Pacific
      Tower A, 1 st Floor
      Jl. Let. Jend. S. Parman Kav. 62-63, Jakarta Pusat 11410, Indonesia
    2. In most cases we will ask that you put your request in writing to us. We will investigate your complaint and will use reasonable endeavours to respond to you in writing within 30 days of receiving the written complaint. If we fail to respond to your complaint or if you are dissatisfied with the response that you receive from us, you should be aware that you might also have the right to make a complaint to the applicable privacy authorities.
  12. Future Changes
    1. We operate in a dynamic business environment. Over time, aspects of our business may change as we respond to changing market conditions. This may require our policies to be reviewed and revised. We reserve the right to change this Privacy Policy at any time and notify you by posting an updated version of the policy on the Achiko websites and Apps for your agreement. If at any point we decide to use personal information in a manner materially different from that stated at the time it was collected we will notify users by email or via a prominent notice on our website for your agreement.
  13. Language
    1. This Privacy Policy is made in both the English language and the Indonesian language. Both texts are equally original. In case of any inconsistency or different interpretation between the English text and the Indonesian text, the relevant Indonesian text shall be deemed to be automatically amended to conform with and to make it consistent with the relevant English text.

By click ‘agree’ below, I hereby acknowledge that I have read this Privacy Policy, understand its content, and consent to the intended use of my personal information by Achiko through the manner as elaborated in this Privacy Policy. In addition, I confirm that all personal information that I have provided or will provide to Achiko is true and accurate.