PRIVACY POLICY
ZI.CARE PRIVACY NOTICE
Last updated on: September 27, 2024
Welcome to the Zi.Care Platform!
Please read this Privacy Notice carefully to ensure that you understand the terms regarding the Processing of Your Personal Data conducted by Zi.Care.
A. Introduction
We have prepared this privacy notice (formerly known as the Privacy Policy) (hereinafter referred to as the “Privacy Notice”) to inform and explain to you how we, PT Jejaring Tiga Artha, a company established in Indonesia with its principal office at Office 8 Building, 11th Floor Unit D, Jl. Senopati No.8, RT.8/RW.3, Senayan, Jakarta 12190, Indonesia, together with our wholly-owned subsidiaries and affiliates (collectively referred to as “Zi.Care”, “We”, “Us”, or “Our”), obtain, collect, store, control, use, process, analyze, amend, update, display, disclose, transfer, reveal, and protect your Personal Data (collectively referred to as “Processing of Personal Data” or “Processing Personal Data”).
This Privacy Notice explains how we manage the Personal Data you provide to Us through the Zi.Care mobile application, website, and/or other platforms managed by Us (collectively referred to as the "Platform"), whether requested directly or during your use of the Platform.
This Privacy Notice applies to all users, healthcare service provider partners (such as general practitioners, specialists, psychologists, and midwives) (“Healthcare Providers”), agents, vendors, suppliers, Our partners (such as pharmacies, laboratories, insurance companies, and hospitals), as well as contractors (collectively referred to as “You”), except as governed by a separate privacy notice.
This Privacy Notice forms an integral part of the Zi.Care Terms and Conditions of Use (“Terms of Use”). We encourage you to read this Privacy Notice in conjunction with the terms and conditions of our products or services, as those documents may contain specific information regarding how We Process Your Personal Data. By using the Platform and any features or services that We operate (“Services”), you agree to the Terms of Use and this Privacy Notice. Therefore, it is important that you read and fully understand this Privacy Notice before registering, accessing, or using Our Platform (including related Services).
This Privacy Notice carries the same meaning as the Privacy Policy referred to in the Terms of Use and any Services on Our Platform.
Acknowledgment and Consent
1. By clicking the button or taking any action indicating consent under this Privacy Notice (whether electronically or non-electronically), you expressly declare that you have read, understood, and accepted all the terms in this Privacy Notice. You also explicitly give your clear consent to Us to Process your Personal Data in accordance with the provisions set forth in this Privacy Notice.
2. We require your Personal Data, among other reasons, to process transactions on the Platform. Therefore, you declare that the Personal Data provided to Us during account registration or data updates is accurate and up-to-date. You are obligated to update and notify Us of any changes to such Personal Data. By this, you release Us from any claims, lawsuits, compensation, and/or demands arising from transaction processing failures on the Platform or Service usage due to inaccurate Personal Data you have provided to Us. You also guarantee that all data provided, whether in writing or any other form for using the Platform, is your own and not the personal data of third parties obtained without lawful authorization. As such, you take full responsibility for any consequences arising from the provision and validity of such data.
3. You may voluntarily request to input or claim the Personal Data of third parties, such as parents, children, friends, and others, in accordance with certain features on the Platform. We reserve the right to validate such Personal Data and request additional information related to your request. By entering or claiming third-party Personal Data, you declare that the third party has granted you consent to (i) incorporate their Personal Data as part of your Personal Data and (ii) allow Us to process their Personal Data. Any consequences arising from the combination of such Personal Data will be your responsibility in accordance with this Privacy Notice and applicable laws. We are released from any claims related to the unauthorized use of third-party Personal Data. Furthermore, We reserve the right to request proof of consent from the third party at any time.
4. We will safeguard Personal Data in accordance with the provisions of this Privacy Notice. We are not responsible for any Personal Data disclosed and disseminated by you, whether intentionally or unintentionally. Therefore, you are deemed to have waived your right to the confidentiality of the Personal Data disclosed through such actions.
5. If you are below the established age threshold (under 18 years old), classified as a minor, unmarried, or under guardianship in accordance with applicable laws, you are required to review this Privacy Notice together with your parent or legal guardian. Ensure that your parent or legal guardian understands and agrees to the terms in this Privacy Notice before you use Our Platform and Services. By disclosing Personal Data to Us, you declare and warrant that your parent or legal guardian has provided consent for the processing of your Personal Data in accordance with applicable laws. Your parent or legal guardian also agrees to be bound by this Privacy Notice and will be responsible for all your actions taken within Our Platform.
B. Personal Data
“Personal Data” refers to any information, data, and/or details in any form that can be used to identify you. This includes information you provide to Us, whether directly or indirectly, through the Platform or related to your personal information, over time.
Personal Data includes, but is not limited to, information such as your full name, identification numbers (including passport numbers, national identity documents, or other government-issued IDs), nationality, address, date of birth, gender, mobile phone number, and IP address. Additionally, Personal Data also encompasses location information, device data (including IMEI numbers), bank account and credit card details, email addresses, images/photos, and biometric data (including fingerprint and facial recognition). It also includes marital status, personal health information (including health conditions, treatments, allergies, vaccinations, immunizations, medical procedures, medical history, prescriptions, reports, recommendations, and other health records), insurance information, financial information, and other data classified as Personal Data under applicable laws.
For legal clarity, the term "Applicable Laws" includes all binding legal instruments, including but not limited to:
a. Laws;
b. Government regulations;
c. Regional regulations;
d. Presidential decrees;
e. Ministerial instructions;
f. Organizational bylaws;
g. Industry Codes of Ethics;
h. Licenses and official permits;
i. Final and binding court decisions; and
j. Policies and regulations from authorizedregulatory bodies.
This scope applies comprehensively and dynamically, following legal developments during the validity of this Privacy Notice.
Furthermore, the definition of Personal Data is not limited to explicitly private information. Any form of data, including but not limited to user profiles, unique identifiers, or other information that can be linked or combined with Personal Data, is legally classified and treated as Personal Data.
Note that Personal Data does not include any personal information available in the public domain.
C. Legal Basis for Processing Personal Data
In accordance with applicable laws and regulations, Zi.Care processes your Personal Data based on the following:
1. To fulfill contractual or pre-contractual obligations where you are or will become a party, and to respond to your requests for Services, we are authorized to process your Personal Data. This includes, but is not limited to, medical history, symptoms experienced, and other relevant information disclosed during video teleconsultations with Healthcare Providers, with the purpose of facilitating health consultations, ensuring the accuracy of medical advice, delivering products or services you obtain through the Platform, and processing payments and insurance claims related to the Services you use, all in accordance with applicable legal provisions.
2. Zi.Care is authorized to process Personal Data to serve legitimate and measured business interests, such as ensuring the security of information technology infrastructure, optimizing the quality of healthcare services through usage analysis, and conducting direct marketing of products and services deemed relevant to your needs. These actions are carried out proportionally, without infringing upon your fundamental rights as a data subject, and are applied only to the extent necessary to achieve legitimate purposes. Zi.Care is committed to balancing its business interests with your rights and freedoms, ensuring transparency through the maintenance of processing records that you may access upon request, and respecting your right to object to such processing as outlined in the 'Your Rights' section of this Privacy Notice.
3. Zi.Care is obliged to process Personal Data to comply with binding legal obligations, including but not limited to the management of medical records, reporting to relevant authorities, and the implementation of strict data security protocols. Such processing is conducted in accordance with applicable laws, including compliance with tax obligations, social security, or lawful court orders, as well as fulfilling the obligation to report suspicious transactions in accordance with anti-money laundering regulations. This ensures Zi.Care’s compliance with applicable legal and ethical standards in the healthcare industry and related financial transactions.
4. Zi.Care is authorized to process Personal Data in the context of health and epidemiological research, including but not limited to contributions to clinical studies, monitoring and preventing disease outbreaks, and addressing public health emergencies. The goal is to generate crucial information that can serve as a basis for public health policy decisions and disease prevention initiatives. Such processing is carried out with due regard for proportionality, confidentiality, and strict data protection measures, and is subject to oversight by relevant health authorities.
5. Zi.Care may process Personal Data based on explicit consent voluntarily provided by you in situations where other legal bases do not apply. This consent can be withdrawn at any time, such as in the case of receiving marketing communications or health promotion notifications through the Platform. You will be provided with comprehensive information on how to modify your consent and your rights as outlined in the 'Your Rights' section of this Privacy Notice. Additionally, the withdrawal of consent will not affect the legality of processing carried out prior to the withdrawal based on that consent.
D. Personal Data We Collect
The Personal Data collected when you use the Platform, receive, or provide Services includes:
1. Personal Data collected from you as a user of the Platform is as follows:
a. Personal Data You Provide to Us Voluntarily and Independently, including but not limited to Personal Data submitted when you:
i. Zi.Care is authorized to process Personal Data for the purpose of creating or updating user accounts, which includes but is not limited to identity information such as full name, National Identification Number (NIK), passport number or other official identification, date of birth, email address, mobile phone number, domicile address, facial images, and other relevant supporting data, provided that such processing is conducted in accordance with the principles of data minimization, proportionality, and strict security, and is subject to applicable laws regarding personal data protection;
ii. Uploading your personal data related to the provision of Services on the Platform, including but not limited to ID card photos, gender, known health conditions, treatments, allergies, vaccinations, medical history, health targets, health journal entries, prescriptions, reports, medical records, and/or other personal data you upload as a user on the Platform from time to time. This also includes insurance-related information you link to your account on our Platform, as well as information about family members, friends, beneficiaries, beneficial owners, proxies, persons under guardianship, trustees, guarantors, other surety providers, and/or other individuals you provide;
iii. Contacting or communicating with Zi.Care, including but not limited to through the help page on our Platform or interacting with Zi.Care's customer service;
iv. Submitting any forms, including but not limited to application forms or other forms related to our Services, either online or in physical form;
v. Providing information by completing surveys or questionnaires sent by Zi.Care or parties acting on behalf of Zi.Care;
vi. Interacting with Us through various communication channels, including but not limited to letters, face-to-face meetings, social media platforms, and email;
vii. Entering payment data when you make transactions through the Platform, including but not limited to internet banking and/or mobile banking information;
viii. Using features that require access to your device; and/or
ix. Other data provided in connection with the use of the Platform.
b. Personal Data Recorded While You Use the Platform, including but not limited to:
i. Actual or estimated location data, including but not limited to IP address, Wi-Fi location, geo-location, GPS coordinates, and other information provided by your device. You have the option to enable or disable location recognition services when using the Platform.
ii. Activity data, including but not limited to registration, login, Platform usage, payment activities (where Zi.Care may store details of the online payment method you use on the Platform and transaction history), and other relevant activities.
iii. Teleconsultation service data, including chat, video calls, and audio calls (including microphone access permissions) when you consult with a Healthcare Provider via the Platform. The teleconsultation feature on our Platform allows you to upload and/or download images and conduct real-time audio and/or video calls over the Internet with a Healthcare Provider regarding your medical condition. Please note that permissions for audio and video are only active when you are in a live teleconsultation chat room and NOT when our Platform is running in the background on your device. By using our Platform, you acknowledge and agree that text chat history may be collected, stored, used, and/or disclosed by us in accordance with this Privacy Notice. Data related to video and audio call features will only be used to connect you with a Healthcare Provider during real-time teleconsultation sessions on our Platform. We do not collect, record, use, or store audio data when you are not in a live teleconsultation session on our Platform or for further use.
iv. Platform usage or configuration data, including your interactions with the Platform, saved preferences, and selected settings. This data is obtained through technologies such as cookies, pixel tags, and similar technologies that create and maintain unique identifiers.
v. Device data, including the type of device used to access the Platform, such as hardware model, operating system and version, software, file names and versions, language preferences, unique device identifiers, advertising identifiers, serial numbers, device motion information, mobile network information, and other relevant data based on browser or application access requests on your device.
vi. Log data, including logs received by servers related to Personal Data, such as device IP address, date and time of access, application features or pages visited, application processes, system activities, browser type used, and third-party sites or services accessed before interacting with the Platform. We may also use software tools to measure and collect session information when you visit Zi.Care's website, including page response times, download errors, duration of visits to certain pages, page interaction information, and navigation methods. Additionally, we may collect technical information to assist in identifying your device to prevent fraud and for diagnostic purposes.
vii. Data obtained from the use of your device’s camera, provided that permission has been granted at the start of using the Platform, and such access is only applicable to certain features or services on the Platform that require camera use to optimize the functionality of each Service.
viii. Data you select from your device’s contacts to be processed in certain services on our Platform, such as when sharing contact details of the recipient for a medication order.
ix. The Platform requires your consent to access your camera, gallery, documents, network, Bluetooth, GPS location, microphone/audio, contact information, as well as internal or external device storage to upload and download documents relevant to filling in health information and using our services, and affirms that only the data you choose will be accessed by the platform.
2. Personal Data Collected from You as a Healthcare Provider on the Platform is as follows:
a. Personal Data voluntarily provided to Zi.Care for account creation, including but not limited to full name, place and date of birth, email address, phone number, address, registration number and photo of the Doctor's Registration Certificate (STR), Doctor's Practice License (SIP), Tax Identification Number (NPWP), bank account details, and your profile picture as a Healthcare Provider. This information is necessary to enable you to use the services on the Platform, such as teleconsultation, especially for those of you who work as general practitioners, specialists, midwives, or psychologists.
b. Personal Data submitted during the creation of agreements, provision of documents, or other information related to your interactions with us or when using our Services is essential for facilitating and enhancing your experience in utilizing the services we offer.
c. Personal Data provided during interactions with us, including through phone calls (which may be recorded), letters, face-to-face meetings, social media platforms, and email, is crucial for enabling effective communication and improving our services to you.
d. Personal Data recorded while you use the Platform as outlined above.
Note: By using the Platform, you, as a Healthcare Provider, warrant that the information you provide is accurate and correct. You acknowledge and agree that we have the right to directly verify the information regarding your personal data that you have submitted through the Platform. If the information you provide is found to be incorrect, we shall not be liable for any consequences that may arise in connection with the provision and use of such incorrect information.
3. Operational Data: Zi.Care utilizes cookies, server logs, and similar technologies to enhance the functionality and user experience on the Platform, as well as for monitoring and marketing purposes both within and outside the Platform. These technologies are useful for storing user preferences, maintaining sessions, facilitating automatic authentication for frequently used services according to your settings, and enabling similar functions. You have the option to disable cookies through your browser settings while using the Platform; however, this may result in limited access or functionality on the Platform. Additionally, our third-party partners may also automatically receive and store non-personal information or anonymous data regarding your online activities.
4. Personal Data obtained from other sources, including but not limited to:
a. Partners collaborating with us in the development and provision of services on the Platform, in accordance with agreements between the data controller and data processor, include but are not limited to: Healthcare Providers, payment service partners, insurance service partners, delivery service partners, telecommunications companies, and other partners involved in providing relevant services.
b. Third parties you use as a user to create or access your Zi.Care account, including but not limited to social media services, as well as websites or applications that use the Zi.Care API or are utilized by Zi.Care, are part of the interaction and integration processes that enable broader functionality and accessibility in using the Platform.
c. Marketing service providers; and/or
d. Publicly available sources. Zi.Care may combine and/or process Personal Data obtained from these sources with other Personal Data owned by us.
In the event that there is additional Personal Data that Zi.Care will collect from you, Zi.Care will request additional consent from you while ensuring the protection of your Personal Data.
E. Use of Personal Data We Collect
1. We may use the Personal Data collected for the following purposes, as well as for other purposes permitted by applicable laws and regulations:
a. If you are a user, we may use your Personal Data for the following:
i. The Personal Data you provide, such as during the online queue booking process, will be used by Zi.Care to identify, register, manage, verify, deactivate, and organize your account and transactions on the Platform, including registration and bookings in the relevant clinics.
ii. Zi.Care uses your Personal Data to facilitate or enable necessary verifications, including the Know Your Customer (KYC) process, before the service provider offers services or before your registration as a user, at our discretion.
iii. Your Personal Data is used to inform you about transactions or activities occurring within the Platform or other systems connected to our Platform.
iv. Your Personal Data is used to provide the creation of prescriptions and/or medications as per your request in relation to our services on the Platform.
v. To communicate with you and send you information regarding your use of the Platform. For instance, to provide information about the status of your order or to process and respond to your inquiries or to contact you so we can address your questions and/or requests.
vi. To process your requests for rights as a Personal Data subject concerning the services, including but not limited to access, correction, updates, and/or deletion/destroying of Personal Data, as well as to contact you regarding those requests.
vii. To diagnose and resolve issues in accessing the services (troubleshooting).
viii. To notify you about updates to the Platform or changes to the services provided.
ix. To maintain, develop, test, enhance, and personalize products and services on the Platform to meet your needs and preferences as a user.
x. To monitor and analyze your activities, behaviors, and demographics as a user, including habits and use of various services available on the Platform.
xi. To process and respond to questions, requests, comments, and/or feedback received from you.
xii. To offer or provide services from our affiliates or partners.
xiii. To send you marketing communications, advertisements, vouchers, surveys, and information directly, focused or personalized, as well as information about special offers or promotions.
xiv. To provide information/send e-mails, WhatsApp messages, and/or SMS containing periodic promotions to you if there are offers and/or promotions on new products, special offers, or other information deemed necessary by us.
xv. For other purposes, as long as those purposes are not prohibited by applicable laws and regulations. To avoid any doubt, we will inform you about those other purposes when requesting your consent, unless otherwise specified by applicable laws and regulations.
b. If you are a service provider (including Healthcare Providers), we may use your Personal Data for the following purposes:
i. To identify you and register you as a service provider and to administer, manage, or verify your account on the Platform.
ii. To facilitate or enable any verifications that our policy deems entirely necessary before we can register you as a service provider on the Platform, including for KYC purposes.
iii. To enable you to provide services to users.
iv. To process, facilitate, and complete payments to you related to the services you have provided.
v. To communicate with you and send you information related to your service provision.
vi. To provide you with notifications and updates on the Platform or changes in how services are provided.
vii. To give you reports related to the services you have provided.
viii. To process and respond to suggestions from users regarding the services you have provided.
ix. To maintain, develop, test, enhance, and personalize the Platform to meet your needs and preferences as a service provider.
x. To monitor and analyze user activity, behavior, and demographics, including habits and responsiveness of service providers for various services available on the Platform.
xi. To offer or provide services from our affiliates or partners.
xii. To send you marketing communications, advertisements, vouchers, promotions, surveys, and special offers or promotions directly or targeted.
xiii. For other purposes, as long as those purposes are not prohibited by applicable laws and regulations. To avoid any doubt, we will inform you about those other purposes when requesting your consent, unless otherwise specified by applicable laws and regulations.
c. Whether you are a user, service provider, or a party providing Personal Data to us, we may also use your Personal Data more generally for the following purposes (although in certain cases we will act reasonably and not use your Personal Data more than what is necessary for those purposes):
i. To carry out business processes and functions related to our operations.
ii. To monitor the use of the Platform and manage, support, and improve the efficiency of performance, development, user experience, and functionalities of the Platform.
iii. zTo provide assistance regarding and to resolve technical difficulties or operational issues with the Platform or Services.
iv. To generate statistical information and analytical data for testing, research, analysis, product development, commercial partnerships, and collaborations.
v. To prevent, detect, and investigate any prohibited, harmful, illegal, unlawful, and/or fraudulent activities, including compliance with applicable laws, responding to legal requests, and protecting our rights.
vi. For the enforcement of legal actions we take or that are taken against us and/or our affiliates, especially in cases where we undertake corporate actions such as mergers, consolidations, acquisitions, asset sales, restructurings, separations, and/or financing.
vii. To process your requests regarding access, correction, updates, and/or deletion/destruction of your Personal Data in our systems, as well as to contact you regarding those requests according to the provisions of this Privacy Notice.
viii. To enable us to comply with all obligations under applicable laws and regulations, including but not limited to responding to requests, investigations, or regulatory directives, complying with filing, reporting, and licensing requirements mandated by applicable regulations, and conducting audits, due diligence, and investigations.
ix. To resolve disputes and collect outstanding payments.
x. For other purposes, as long as those purposes are not prohibited by applicable laws and regulations. To avoid any doubt, we will inform you about those other purposes when requesting your consent, unless otherwise specified by applicable laws and regulations.
2. Your Personal Data submitted through the Platform or during the use of the Services, which is not intended for public access, will only be shared with you and the Healthcare Provider you choose for consultation through our Platform. This data will be used by the Healthcare Provider to deliver the Services you request. They will have access to update information by adding review notes, health targets, monitoring feedback, or comments as part of the requested services. Healthcare Providers also have the right to terminate services to customers at any time according to their policies, and after such termination, they will no longer have access to your Personal Data.
3. You have the right to share your Personal Data with others at your own risk. Zi.Care is not responsible for the actions of third parties who receive and use the information you disclose, and their compliance with this Privacy Notice is not guaranteed by Zi.Care.
4. We may use your Personal Data without requiring your consent, based on legitimate interests or other legal grounds recognized by applicable laws, for purposes such as: (i) complying with applicable laws and regulations; (ii) investigating potential fraud or illegal activities; or (iii) protecting our brand, reputation, or ownership. Additionally, the use of your Personal Data may be necessary when we are required, advised, recommended, expected, or requested to do so by our legal advisors or local or foreign legal advisors, regulators, government, or other authorities.
5. We may use your Personal Data to send you information, which may include but is not limited to important messages regarding the Services or marketing and non-marketing materials related to specific Services or products that we believe may be of interest to you. This communication may be conducted through various methods, such as email or Short Message Service (SMS) to your phone number. By using the Platform, you agree to receive such messages. If you choose not to receive marketing communications from us in the future, you may follow the unsubscribe instructions available in the communications we send, or you can contact us through the channels available in the "Contact Us" section of our Privacy Notice.
A. Disclosure of Your Personal Data That We Collect
1. We may disclose, provide access to, or share your Personal Data with our affiliates and/or third parties for the specified purposes and for other purposes permitted by applicable laws and regulations:
a. If you are a user, to enable service providers to perform or deliver Services;
b. If you are a service provider, to enable users to request or receive Services from you;
c. If necessary or permitted by applicable laws and regulations, including but not limited to responding to regulatory inquiries, investigations, or guidelines, or complying with the requirements or provisions for filing and reporting set forth by law, we may disclose, provide access to, or share your Personal Data for the purposes specified in those regulations;
d. If instructed, requested, required, or permitted by the relevant governmental authorities, we may disclose, provide access to, or share your Personal Data in accordance with the purposes specified in governmental policies, regulations, or applicable laws. This includes, but is not limited to, situations where disclosure is necessary for medical reviews;
e. For the purposes of internal investigations into criminal activities or violations of regulations or policies within Zi.Care and our affiliated companies;
f. If there are legal proceedings in any form between you and us, or between you and another party, in connection with or related to the Services on the Platform, for the purposes of such legal proceedings;
g. To detect and protect against fraud or any technical or security vulnerabilities, in which case we may transfer and disclose your Personal Data to relevant third parties;
h. In connection with any verification processes that we and/or third parties require before service providers deliver Services to you or before we register you as a user, including but not limited to Know Your Customer (KYC) processes;
i. In emergency situations concerning your safety (whether you are a user or a service provider) for the purposes of addressing such emergencies. This includes protecting the safety of Zi.Care and its affiliates, your safety, or the safety of others, or for the legitimate interests of any party in the context of national security, law enforcement, litigation, criminal investigations, or to prevent outbreaks, and/or emergencies as defined by the Government;
j. In situations related to your health or public interest (whether you are a user or a service provider), we may share your Personal Data with the relevant governmental authorities and/or other institutions designated by the relevant government or collaborating with us for contact tracing purposes, supporting governmental initiatives, policies, or programs, public health, and other purposes as reasonably needed;
k. In connection with mergers, sales of company assets, consolidation or restructuring, financing, or acquisition of all or part of our business by or to another company, for the purposes of such transactions (even if the transaction does not proceed). In this regard, it should be noted that as Zi.Care continues to develop its business, we may sell or purchase assets, subsidiaries, or business units. In such transactions, your Personal Data is typically one of the business assets transferred but remains subject to the promises made in the previously existing Privacy Notice (unless you agree otherwise). If another entity acquires us, our business, or substantially all or part of our assets, or assets related to the Platform, your Personal Data will be disclosed to that entity as part of the due diligence process and will be transferred to that entity as one of the transferred assets. Furthermore, if there is a bankruptcy or reorganization proceeding conducted by or against us, all such Personal Data will be considered our assets and, therefore, may be sold or transferred to third parties;
l. In connection with insurance claim processes, we will share your Personal Data for the purpose of processing insurance claims with insurance companies that collaborate or partner with us;
m. To third parties (including agents, vendors, suppliers, contractors, partners, and other parties that provide services to us or you, perform tasks on our behalf, or parties with whom we have commercial collaborations), for or in connection with purposes in which such third parties are involved, to make disclosures to relevant third parties that are technically necessary to process your transactions in relation to the Services or our collaboration with those third parties (as applicable), which may include allowing those third parties to introduce or offer products or services to you, authenticate you, or connect you with the Platform and/or conduct other activities including sales, marketing, research, analysis, and product development. In relation to this disclosure, we will make best efforts to protect your Personal Data, including but not limited to doing so in an anonymized manner (by removing your personal identification) and implementing this after the signing of confidentiality agreements, and we do not permit them to use or disclose your Personal Data except in connection with their provision of services;
n. In the event we share Personal Data with our affiliates/group members, which include branches and subsidiaries, as well as the parent company and its subsidiaries, we will do so with the intent of assisting us in providing Services on the Platform, for support in the provision of the Platform by them, to operate/conduct our business or activities, and/or for the purposes of processing Personal Data on our behalf. For example, an affiliate of Zi.Care in another country may process your Personal Data on behalf of Zi.Care. All of our affiliates are committed to processing the Personal Data they receive from us in a manner consistent with this Privacy Notice and applicable laws and regulations;
o. We may share your Personal Data with advertisers and advertising networks that require your Personal Data to select and offer relevant advertisements to you and/or other users. We may use the Personal Data we collect to fulfill advertiser requests by displaying their advertisements to the target audience. Advertisements on our Platform serve as links to advertisers’ websites, and thus any data they collect based on your clicks on those links will be collected and used by the relevant advertisers in accordance with their privacy policies, and therefore those third parties will be responsible for their own compliance with applicable privacy laws;
p. To carry out activities as described in Section E (Use of Personal Data).
2. By using the Platform, you are deemed to have agreed to allow certain third parties to use your Personal Data to provide you with information regarding goods and services that you require. Such third parties include, but are not limited to:
a. Insurance Companies that will require proof of services you have provided and/or medical reports you have prepared, or if they require authorization for Services or referrals.
b. Third-Party Service Providers (including but not limited to x-ray services or laboratory testing services) based on your referrals.
c. Our Business Partners, such as pharmacy partners, billing services, or those engaged in administrative services for us. We have cooperation agreements with each business partner, and service providers are required to protect the confidentiality and security of the information transmitted to them.
d. Research and Marketing Companies related to promotions conducted by us.
e. Information Technology (IT) Service Providers, including services related to infrastructure, cloud computing, software, and the development of “Big Data” and “Machine Learning” analyses, including services for “Data Cleansing,” “Data Insight,” “Credit Scoring,” and others.
f. Payment Processing Service Providers, including payment gateway providers, fund transfer services, e-wallets, and other payment system service providers related to transactions conducted on the Platform.
3. When Personal Data does not need to be linked to you, we will make reasonable efforts to remove the association of such Personal Data with you as an individual before disclosing or sharing that information.
4. We will not sell or rent your Personal Data.
5. In addition to what is provided in this Privacy Notice, we may disclose and share your Personal Data if we inform you and have obtained your consent for such disclosure or sharing.
A. International Data Transfer
Your Personal Data that we collect may be stored, transferred, or processed outside of Indonesia by our personnel or by third-party service providers, vendors, suppliers, partners, contractors, or affiliates of Zi.Care. We are committed to complying with applicable regulations and to using our best efforts to ensure that such parties provide a level of protection for Personal Data that is equivalent to or higher than that imposed in Indonesia, or have obtained your consent.
H. Cookies
1. Cookies are small files that automatically store your preferences and configurations on your device when visiting a site, and are not used to access other data on your device beyond what you have consented to share.
2. Although your computer device will automatically receive cookies, you have the option to modify your browser settings to reject cookies, which may hinder the optimal performance of Zi.Care's services when you access the platform.
3. We use Google Analytics features to collect data such as your age, gender, interests, and other information that may identify you, which we will use to develop features, facilities, and content on the Platform. If you do not wish for your Personal Data to be tracked by Google Analytics, you can install the Google Analytics Opt-Out Add-On in your browser.
4. Zi.Care may use third-party features to enhance our services and content, including ratings, adjustments, and presentation of offers based on your interests or visit history on our Platform. If you do not wish to receive personalized offers, you can set your preferences through your browser settings.
I. Storage of Personal Data
1. To the extent permitted by applicable laws and regulations, we will retain all Personal Data you provide in accordance with the original purpose of collection: (i) as long as you remain a user of our Platform, and (ii) from the date you cease using our Platform and/or since your request for the deletion of your account and Personal Data.
2. Zi.Care will delete and/or anonymize your Personal Data under our control when (i) such Personal Data is no longer necessary to fulfill the purpose of collection, and (ii) retention is no longer necessary for compliance with applicable laws and regulations.
3. Please note that it is possible that some of your Personal Data may still be retained by third parties, including government institutions in certain ways. In the event that we share your Personal Data with authorized government institutions and/or other agencies designated by the relevant government or in cooperation with us, you agree and acknowledge that the retention of your Personal Data by the relevant agencies will follow their respective data retention and/or processing policies.
4. Data communicated between you as a user and our partners (such as Healthcare Providers, pharmacy partners, laboratories, insurance partners, hospitals, and/or delivery partners) conducted outside of our Platform (e.g., through phone calls, SMS, mobile messaging, or other communication methods, as well as the collection of your Personal Data by our partners) may also be stored in various ways. We do not permit the processing of Personal Data between you as a user of the Platform and our partners occurring outside of our Platform because such activities are beyond our control, and therefore we cannot be held liable for such matters. To the extent permitted by applicable laws and regulations, you release us from any and all claims, losses, liabilities, costs, damages, and expenses (including but not limited to legal fees and full indemnity expenses) arising directly or indirectly from any Personal Data processing activities conducted outside of our Platform.
J. Your Rights as a Data Subject
1. As stipulated in applicable laws and regulations, you as a Data Subject have the following rights concerning your Personal Data:
a. Right to be Contacted: You have the right to receive clear, transparent, and easily understandable information regarding how we use your Personal Data and your rights. Therefore, we provide this information in this Privacy Notice.
b. Right to Rectification: You have the right to complete, rectify, or update your Personal Data at any time. We understand the importance of this, so you can access and change your Personal Data, particularly regarding your Zi.Care account profile (e.g., email address, phone number, and date of birth) directly through the Platform. If you encounter difficulties and need our assistance in exercising your rights, please contact us.
c. Right to Access: You have the right to request information about the Processing of your Personal Data, gain access, and obtain copies of such Personal Data.
d. Right to Deletion: We generally retain your Personal Data for as long as necessary to perform the agreement between you and us and/or to comply with our legal obligations. Therefore, under certain circumstances, you have the right to request that we delete your Personal Data. If you wish to delete the Personal Data we hold about you, please notify us, and we will take reasonable steps to respond to your request in accordance with legal requirements. If the Personal Data we collect is no longer necessary for any purpose and we are not legally required to retain it, we will do what we can to permanently delete, destroy, or anonymize it, considering the provisions in this Privacy Notice and applicable laws and regulations.
e. Right to Restrict Processing: Under certain circumstances, you may request the restriction or object to the Processing of your Personal Data.
f. Right to Withdraw Consent: If you have provided consent for anything we do with your Personal Data (i.e., if we use consent as the legal basis for Processing your Personal Data), you have the right to withdraw that consent at any time (though doing so does not affect the lawfulness of any Processing we conducted with your consent prior to that point). You can withdraw your consent to process your Personal Data at any time by contacting us using the contact details provided in this Privacy Notice. You may also withdraw your consent for us to send you specific communications through the "opt-out" facility, the "unsubscribe" option available in messages we send, or using options available on each communication medium we use to contact you. You understand, acknowledge, and accept the consequences that not sharing your Personal Data with us or revoking your consent may affect our ability to take necessary actions for the purposes outlined in this Privacy Notice or limit your use of the Platform. Withdrawal of your consent may also result in the termination of services, deletion of your account, and/or termination of your contractual relationship with us, with all arising rights and obligations being fully fulfilled. After receiving your withdrawal of consent, we may inform you of the potential consequences of such withdrawal so that you can decide whether you still wish to withdraw your consent.
g. Right to Data Portability: You may request to receive or transfer your Personal Data to another organization in a format that is structured and/or commonly used or readable by electronic systems, where your Personal Data is processed based on your consent or as part of the performance of a contract.
h. Right to Lodge a Complaint with the Relevant Authority: If you believe that your data privacy rights have been violated or you have suffered harm due to the unlawful processing of your Personal Data, you have the right to lodge a complaint directly with the relevant data privacy authority in accordance with applicable laws and regulations.
i. Rights Related to Automated Decision-Making: Zi.Care does not adopt automated decision-making technology that has legal or significant effects on you. However, if the situation changes in the future, you still have the right to request human intervention in any decision-making process, to express your views and be heard in the decision-making process, to request explanations regarding the logic behind automated decisions and their impacts, and to challenge decisions based on automated processing and request a review of such decisions.
2. You have the right to access, correct, or obtain copies of your Personal Data under the control of Zi.Care by contacting us through the chat feature with our customer service team within the Zi.Care application. Please note that all requests will undergo a thorough screening and verification process and will only be processed by Zi.Care once you have provided adequate proof of identity to access, correct, or request copies of such data. Zi.Care reserves the right to deny requests to access or correct part or all of your Personal Data if permitted or required under applicable laws and regulations, including situations where the Personal Data may contain references to other individuals or where the request for access or correction is deemed irrelevant, frivolous, or burdensome. To the extent permitted by applicable laws and regulations, Zi.Care reserves the right to impose a reasonable administrative fee on you to handle your requests for accessing, correcting, or requesting copies of your Personal Data, and if so, we will inform you of such fees before processing your request. Zi.Care will respond to your requests regarding access, correction, or requests for copies of your Personal Data in accordance with the time limits specified by applicable laws and regulations.
3. If you wish to exercise any other rights as a data subject in accordance with applicable laws and regulations, you may contact us through the chat feature with our customer service team within the Zi.Care application.
4. Please note that if you request the deletion or destruction of your Personal Data, we may still process your Personal Data as necessary for our legitimate business interests, such as detecting and preventing fraud and enhancing security. For example, if we suspend an account due to fraud or security reasons, we may retain certain information from that account to prevent that member from creating a new account on the Platform in the future. We may also continue to process your Personal Data as necessary to comply with our legal obligations. For instance, we may retain some of your information for tax, legal reporting, and audit obligations.
K. Security of Your Personal Data
1. The confidentiality of your Personal Data is a top priority for Zi.Care. We will implement reasonable and appropriate security measures, both technical and operational, to protect and safeguard your Personal Data from unauthorized access, collection, use, or disclosure, through appropriate physical, electronic, and managerial security procedures. To ensure optimal protection, you are required to periodically update our Platform to maintain the security of your Personal Data.
2. Although Zi.Care has made optimal efforts to secure and protect your Personal Data, it should be understood that data transmission over the Internet is never completely free of risk. In the event of a data protection failure involving your Personal Data, to the extent required by applicable laws and regulations, we will notify you through our official communication channels, either directly or indirectly, to provide adequate information regarding the incident and take necessary steps to prevent further misuse of your Personal Data.
3. The security of your Zi.Care account largely depends on your efforts to maintain the confidentiality of your password and other access information. You are fully responsible for the confidentiality and security of your account, including your phone number, email, password, and one-time password (OTP), as well as the security of the device you use. If you neglect to maintain that confidentiality or security, you release Zi.Care from any losses or claims arising therefrom. Zi.Care is also not responsible for the misuse of access to the Platform caused by the loss or transfer of control over your device to unauthorized parties.
4. We make verification efforts concerning you and your Personal Data to ensure optimal data accuracy, completeness, and consistency. By agreeing to this Privacy Notice, you release us from any claims related to data accuracy, completeness, and/or consistency, without diminishing our obligation to continue efforts for correction in accordance with our responsibilities.
5. The obligation to maintain the confidentiality of Personal Data does not apply or is no longer applicable to Personal Data that:
a. was publicly known at the time of disclosure, or became publicly known thereafter through means other than our actions or negligence;
b. has been explicitly authorized for disclosure by you; and/or
c. is required to be disclosed under the provisions of applicable laws and regulations, court orders, or orders from government agencies with jurisdiction.
L. Links to Third-Party Platforms
1. Please note that when you use the Platform, Zi.Care may include links or hyperlinks to third-party platforms, websites, or applications, including the content contained therein ("Third-Party Platforms") provided for your convenience. Zi.Care has no control over and is not responsible for such Third-Party Platforms; thus, your use of Third-Party Platforms is entirely at your own risk.
2. This Privacy Notice is solely directed at and enforced regarding the Services through the Platform.
3. Zi.Care strongly recommends that you always review and thoroughly understand the personal data management policies applicable on Third-Party Platforms before you submit your personal data.
M. Governing Law
This Privacy Notice is prepared and governed by the laws applicable in the Republic of Indonesia, and you are required to comply with and be fully subject to all applicable laws and regulations in the territory of the Republic of Indonesia.
N. Updates to the Privacy Notice
This Privacy Notice may be amended and/or updated at any time to ensure its compliance with business developments or changes in applicable laws. We will keep previous versions of this Privacy Notice on file for your reference. Zi.Care reserves the right to notify you of any such changes and/or updates in accordance with applicable laws. However, you are advised to periodically review this Privacy Notice page to stay informed of the latest information.
You agree to be fully responsible for the obligation to periodically check this Privacy Notice page to know the latest information regarding the Processing of Personal Data that we undertake. By continuing to access or use the Platform, communicate with us, or purchase Services after changes to this Privacy Notice, you are deemed to have accepted the applicable Privacy Notice along with all its changes.
O. Contact Us
If you have questions, comments, complaints, or claims regarding this Privacy Notice or wish to exercise your rights as a data subject concerning your Personal Data on the Platform, please send an email to us at info@zicare.id. We will treat your complaint confidentially and will contact you within a reasonable time after receiving your complaint to discuss it and detail the available resolution options.
I HAVE READ AND UNDERSTAND ALL THE PROVISIONS OF THIS PRIVACY NOTICE AND ITS CONSEQUENCES. HEREBY, I ACCEPT ALL RIGHTS, OBLIGATIONS, AND TERMS SET FORTH IN THIS PRIVACY NOTICE. THIS STATEMENT IS CONSIDERED AS MY CONSENT AS THE OWNER AND/OR GUARDIAN OF THE PERSONAL DATA.