Privacy Policy of Buletin.co

Effective Date: 6 March 2025

Buletin.co is committed to protecting the privacy of its users and ensuring transparency in data processing. This Privacy Policy explains how we collect, use, process, and safeguard personal data in accordance with Indonesian Law No. 27 of 2022 on Personal Data Protection (UU PDP), as well as international standards such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).

1. Information We Collect

a. Information Provided by Users

  • Name, email address, and account details when signing up or subscribing to newsletters.
  • Content created or shared via Buletin.co, including comments, articles, and responses.
  • Payment information if users subscribe to premium services.

b. Information Collected Automatically

  • Technical data such as IP address, device type, operating system, and browser details.
  • Activity logs, including pages visited, access times, and feature interactions.
  • Cookies and similar tracking technologies to enhance user experience.

c. Information from Third Parties

We may receive user data from third-party service providers, including payment processors, API integrations, and social media platforms linked to Buletin.co.

2. How We Use Information

We process user data to:

  • Provide, maintain, and improve Buletin.co services.
  • Send newsletters, updates, and other relevant communications.
  • Analyze service usage and develop new features.
  • Personalize content based on user preferences.
  • Prevent suspicious activity, misuse, or policy violations.

3. Responsibilities of Buletin.co

a. Data Protection

Buletin.co implements technical and organizational measures to protect personal data against unauthorized access, disclosure, modification, or destruction.

b. Data Processing

We process personal data strictly for the purposes outlined in this Privacy Policy and act as a data processor on behalf of our users, adhering to the principles of lawfulness, fairness, and transparency.

c. Purpose Limitation & Data Minimization

Buletin.co only processes personal data for the specific purposes for which it was collected and ensures that data collection is limited to what is strictly necessary.

d. Data Retention

We retain personal data only as long as necessary for the intended purposes or as required by law. When data is no longer needed, we ensure its deletion or anonymization.

e. Data Access & Control

Buletin.co provides users with the ability to access, modify, and control their subscribers' personal data, subject to applicable legal requirements.

f. Data Transfers

If Buletin.co transfers personal data outside Indonesia, we ensure compliance with data protection laws by:

  • Verifying that the recipient country has an adequate data protection level.
  • Implementing safeguards like Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).
  • Obtaining explicit consent for data transfers to countries without adequate protection.

g. Technical & Organizational Security Measures

We implement a range of security measures to protect personal data, including:

  • Encryption: Encrypting personal data in transit and at rest using industry-standard encryption.
  • Access Controls: Restricting access to personal data to authorized personnel only.
  • Vulnerability Management: Regular security assessments to mitigate risks.
  • Employee Training: Educating staff on data protection best practices.

h. Data Breach Notification

In the event of a data breach, Buletin.co will:

  • Investigate the incident immediately.
  • Notify the Indonesian Data Protection Authority (DPA) and affected users within 72 hours, as required by Article 46 of UU PDP.
  • Provide details of the breach, affected data, potential risks, and mitigation actions.

i. Transparency

Buletin.co maintains transparency in data processing and ensures this Privacy Policy is publicly available.

4. Responsibilities of Users (Content Creators & Publishers)

Users act as data controllers and must:

  • Ensure a lawful basis for processing subscribers' personal data.
  • Obtain explicit, informed consent before importing subscriber data.
  • Inform subscribers that their data will be processed by Buletin.co.
  • Maintain data accuracy and ensure up-to-date information.
  • Implement security measures to protect personal data.
  • Facilitate subscriber rights, including access, rectification, and erasure.
  • Minimize data collection, avoiding unnecessary or excessive data.
  • Ensure imported email addresses are valid and obtained with explicit consent.

Users are required to verify subscriber email addresses before importing them. Invalid or risky email addresses may be removed by Buletin.co's internal email verification system to maintain platform integrity.

5. Subscriber Rights

Subscribers (whose data is collected by users) are entitled to:

  • Right to Information: Be informed about how their data is processed.
  • Right to Modify Preferences: Update their personal data preferences.
  • Right to Rectification: Correct inaccurate personal data.
  • Right to Erasure: Request data deletion when no longer needed.
  • Right to Object: Oppose data processing for marketing or other purposes.
  • Right to Withdraw Consent: Opt-out of data processing at any time, with processing halted within 3x24 hours.
  • Right to Data Portability: Receive personal data in a structured, machine-readable format.
  • Right to Lodge a Complaint: Report violations to the Indonesian Data Protection Authority (DPA).

6. Disclaimer

Buletin.co acts as a data processor on behalf of users. We are not responsible for actions taken by users regarding subscriber data collection, processing, or sharing. Users bear full responsibility for complying with Indonesian Data Protection Law.

7. Liability

Buletin.co will make commercially reasonable efforts to comply with this Privacy Policy and data protection laws. However, Buletin.co is not liable for damages arising from:

  • Users' violation of this Privacy Policy or applicable laws.
  • Unauthorized access to data beyond Buletin.co's control.
  • Force majeure events (e.g., war, terrorism, natural disasters).

8. Governing Law

This Privacy Policy is governed by Indonesian law. Any disputes arising from this Privacy Policy shall be resolved in Indonesian courts.

9. Updates to this Privacy Policy

Buletin.co may update this Privacy Policy periodically to reflect changes in regulations, business practices, or user feedback. If significant changes are made, users and subscribers will be notified via email or in-platform notifications.

The latest version of this Privacy Policy will always be available on Buletin.co's website.

This draft incorporates the responsibilities of Buletin.co, users, and subscribers, ensuring compliance with Indonesian law, GDPR, and CCPA.