General Provisions
This policy on the processing of personal data is developed in accordance with international best practices and the regulatory requirements of the Republic of Indonesia, specifically referring to the Law No. 20 of 2016 on Personal Data Protection. This policy defines the procedures for personal data processing and the measures taken by PT Bubble Adventures Soul (hereinafter referred to as the “Operator”) to ensure the security of personal data.
The paramount objective of the Operator in its activities is to respect and protect the rights and freedoms of individuals in the processing of their personal data, including the protection of privacy, personal, and family secrets.
This policy applies to all information the Operator can obtain about visitors to its website book.bubblehotelbali.com.
Key Definitions
Automated processing of personal data refers to the processing of personal data using computer technology.
Blocking of personal data refers to the temporary cessation of personal data processing, except where processing is necessary for clarification purposes.
Website refers to the collection of graphic and information materials, as well as computer programs and databases ensuring their availability on the Internet at https://book.bubblehotelbali.com.
Personal data information system refers to a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Anonymization of personal data refers to actions that result in making it impossible to attribute personal data to a specific user or another subject without the use of additional information.
Processing of personal data refers to any action (operation) or set of actions (operations) performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Operator refers to a legal entity, either alone or jointly with others, that processes personal data and determines the purposes and means of personal data processing.
Personal data refers to any information relating directly or indirectly to a specific or identifiable individual (data subject).
Data subject is any individual whose personal data is processed by the operator.
Operator’s Rights and Obligations
The Operator has the right to:
Receive accurate data and/or documents containing personal data from the data subject.
Continue processing personal data without the data subject’s consent if the data subject withdraws consent and if there are legally justified reasons specified under international or Indonesian law.
Independently determine the composition and list of measures necessary and sufficient to ensure compliance with personal data protection laws.
The Operator is obliged to:
Provide information to the data subject regarding the processing of their personal data upon request.
Ensure processing of personal data is carried out in accordance with the applicable laws of the Republic of Indonesia.
Respond to inquiries from data subjects or their legal representatives according to the requirements of personal data protection laws.
Implement appropriate legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other illegal actions.
Rights and Obligations of Data Subjects
Data subjects have the right to:
Access information on the processing of their personal data, except in cases provided by law.
Request updates to their personal data to correct incomplete, outdated, inaccurate, or unlawfully obtained data or data not necessary for the declared purpose of processing.
Withdraw their consent to the processing of personal data at any time, subject to legal provisions to the contrary.
Principles of Data Processing
The processing of personal data is carried out lawfully and fairly.
The processing of personal data is limited to achieving specific, predefined, and lawful purposes. Processing incompatible with the purposes of collecting personal data is not permitted.
The databases containing personal data intended for processing for incompatible purposes shall not be merged.
Conditions for Data Processing
Processing of personal data occurs with the consent of the data subject.
The processing of personal data is necessary for compliance with a legal obligation to which the Operator is subject.
Data Security
The Operator ensures the security of personal data through the implementation of appropriate legal, organizational, and technical measures designed to protect personal data.
Amendments to the Policy
Any changes to the policy will be reflected in this document. The policy is valid indefinitely until it is replaced by a new version.