privacy policy

PRIVACY POLICY

PT BANK PEMBANGUNAN DAERAH JAWA TIMUR TBK

Effective Date: April 1, 2026

1. Introduction

PT Bank Pembangunan Daerah Jawa Timur Tbk ("Bank Jatim") is committed to protecting the privacy and security of your personal data.

This Privacy Policy describes how we collect, use, store, process, and protect your personal data in connection with your use of our digital banking services, including but not limited to the Bank Jatim Mobile application, website, and all digital services provided by Bank Jatim (the "Services").

By accessing and/or using our Services, you acknowledge that you have read, understood, and agreed to all the terms set forth in this Privacy Policy.

If you do not agree to the terms of this Privacy Policy, please refrain from using our Services.

This Privacy Policy is prepared in accordance with the applicable laws and regulations of the Republic of Indonesia, including but not limited to Law Number 27 of 2022 concerning Personal Data Protection ("PDP Law"), the Financial Services Authority Regulations ("POJK"), and the applicable Bank Indonesia Regulations ("PBI").

2. Personal Data We Collect

In the course of providing our Services, Bank Jatim may collect and process the following categories of personal data:

2.1. Identity Data

Including but not limited to:

  • Full name as stated on identity documents
  • National Identity Number (NIK)
  • Taxpayer Identification Number (NPWP)
  • Place and date of birth
  • Gender
  • Nationality
  • Mother's maiden name
  • Biometric data (fingerprint, facial recognition)
  • Signature
  • Identity card photographs and/or selfie images

2.2. Contact Data

Including but not limited to:

  • Residential address and/or correspondence address
  • Email address
  • Mobile phone number and/or landline number
  • Phonebook data on your device, with your consent

2.3. Financial and Transaction Data

Including but not limited to:

  • Account number and account type
  • Transaction history and details (transfers, payments, purchases)
  • Transaction recipient information
  • Transaction amounts
  • Source of funds and transaction purposes
  • Debit and/or credit card information
  • Billing information and payment history

2.4. Technical Data

Including but not limited to:

  • Internet Protocol (IP) address
  • Device type and version
  • Operating system and version
  • Unique device identifier
  • Browser type and version
  • Application usage data (activity logs, session duration)
  • Diagnostic data and crash reports
  • Time zone and language settings

2.5. Location Data

With your consent, we may collect real-time geographic location data through Global Positioning System (GPS), Wi-Fi networks, or cellular towers on your device.

Location data is used for transaction verification, fraud prevention, and the provision of location-based services.

2.6. Aggregated Data

We may collect, use, and share statistical and/or aggregated data that cannot be directly or indirectly identified to a specific individual.

Aggregated data does not constitute personal data as defined under the applicable laws and regulations.

3. Methods of Personal Data Collection

Bank Jatim collects your personal data through various methods, including:

3.1. Direct Provision by You

  • Account registration and account opening
  • Completion of product and/or service application forms
  • Customer Due Diligence (CDD) processes
  • Communication with customer service (call center, email, social media)
  • Participation in surveys, promotions, or loyalty programs
  • Submission of complaints, suggestions, or feedback

3.2. Automatic Collection

When you use our Services, our systems automatically collect technical data, location data, and application usage data through cookies, pixel tags, software development kits (SDKs), and similar tracking technologies.

3.3. Third Parties

We may obtain your personal data from legitimate third parties, including but not limited to government agencies, credit information bureaus (OJK's SLIK), business partners, and third-party service providers, in accordance with the applicable laws and regulations.

4. Purposes of Personal Data Use

Bank Jatim uses your personal data for the following purposes:

  1. To process account registration, account opening, and identity verification.
  2. To conduct Know Your Customer (KYC) and Customer Due Diligence (CDD) processes in accordance with applicable regulations.
  3. To process, execute, and manage financial transactions as instructed by you.
  4. To provide, operate, maintain, and improve the quality of our Services.
  5. To send notifications regarding transactions, service updates, and account security information.
  6. To detect, prevent, and address fraud, money laundering, terrorism financing, and other illegal activities.
  7. To fulfill reporting obligations to the competent authorities, including Bank Indonesia, the Financial Services Authority (OJK), and the Financial Transaction Reports and Analysis Center (PPATK).
  8. To manage loyalty programs, rewards, promotions, and special offers.
  9. To deliver marketing communications and relevant product and/or service offers, with your consent.
  10. To conduct data analysis and research for product and service development.
  11. To handle your inquiries, complaints, and requests through customer service.
  12. To comply with other applicable legal, regulatory, and compliance obligations.

5. Disclosure of Personal Data to Third Parties

Bank Jatim may disclose your personal data to third parties in the following circumstances:

  • Third-party service providers that assist in the provision of Services, including information technology service providers, payment service providers, and cloud computing providers, subject to adequate confidentiality agreements.
  • Government authorities and/or regulatory bodies (Bank Indonesia, OJK, PPATK, Directorate General of Taxes) in accordance with the applicable laws and regulations.
  • Business partners and/or affiliates for the provision of integrated products and services, with your consent.
  • Credit information bureaus and/or credit rating agencies as required by applicable regulations.
  • Professional advisors, including auditors, legal counsel, and public accountants, in the course of their professional duties.
  • Third parties in connection with mergers, acquisitions, restructuring, or other corporate transactions, while maintaining the confidentiality of your personal data.

Bank Jatim ensures that any disclosure of personal data to third parties is conducted pursuant to written agreements containing personal data protection obligations equivalent to those set forth in this Privacy Policy.

6. Storage and Security of Personal Data

6.1. Retention Period

Your personal data will be retained for as long as necessary to fulfill the purposes of collection as described in this Privacy Policy, or for as long as required to comply with applicable legal and regulatory obligations, including but not limited to the obligation to retain financial transaction records under the applicable laws and regulations.

6.2. Security Measures

Bank Jatim implements adequate technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, including but not limited to:

  • Data encryption during storage and transmission
  • Firewall and intrusion detection/prevention systems (IDS/IPS)
  • Implementation of multi-factor authentication
  • Data access restrictions based on need-to-know and least privilege principles
  • Regular security audits and penetration testing
  • Information security awareness training for all employees

While we have made every reasonable effort to protect your personal data, no method of data transmission over the internet or electronic storage method can be guaranteed to be absolutely secure.

Therefore, we cannot guarantee the absolute security of your personal data.

7. Your Rights as a Personal Data Subject

In accordance with Law Number 27 of 2022 concerning Personal Data Protection, you have the following rights:

  1. The right to obtain information regarding the clarity of identity, legal basis, purposes of request and use of personal data, and accountability of the party requesting the personal data.
  2. The right to complete, update, and/or rectify errors and/or inaccuracies in your personal data.
  3. The right to access and obtain a copy of your personal data that we process.
  4. The right to terminate processing, delete, and/or destroy your personal data, insofar as it does not conflict with the applicable laws and regulations.
  5. The right to withdraw consent for the processing of personal data previously given.
  6. The right to object to decision-making based solely on automated processing.
  7. The right to delay or restrict the processing of personal data proportionally.
  8. The right to sue and receive compensation for violations of personal data processing.

To exercise the above rights, you may contact us through the communication channels specified in Section 10 of this Privacy Policy.

8. Cookies and Tracking Technologies

Our Services use cookies and similar tracking technologies to enhance user experience, analyze usage patterns, and provide relevant content.

You may manage your cookie preferences through your browser or device settings.

Please note that disabling certain cookies may affect the functionality of the Services.

Our Services may utilize the following third-party services:

  • Google Play Services
  • Google Analytics
  • Firebase Analytics
  • Other third-party services necessary for the provision of Services

9. Children's Privacy Protection

Our Services are not intended for use by children under the age of 17 (seventeen) years without the consent of a parent or legal guardian.

Bank Jatim does not knowingly collect personal data from children under the age of 17. If we become aware that personal data of a child under the age of 17 has been collected without the consent of a parent or legal guardian, we will promptly take steps to delete such data.

10. Contact Information

If you have any questions, complaints, or requests regarding this Privacy Policy or the processing of your personal data, please contact us through:

PT Bank Pembangunan Daerah Jawa Timur Tbk

Address: Jl. Basuki Rahmat No. 98-104, Surabaya 60271, East Java, Indonesia

Telephone: +62 31 5310090

Call Center: 14049

Email:

Website: http://www.bankjatim.co.id

11. Changes to This Privacy Policy

Bank Jatim reserves the right to amend, update, or revise this Privacy Policy from time to time.

Any changes will be notified to you through our Services and/or other available communication channels.

Your continued use of the Services following notification of changes shall be deemed as your acceptance of the updated Privacy Policy.

This Privacy Policy was last updated on April 1, 2026.