INDIVIDUAL CUSTOMER PRIVACY POLICY
PT BANK MANDIRI (PERSERO) Tbk

Effective From 28 June 2024

Welcome to our Privacy Policy. We want to provide you with clarity and certainty about how we collect, use, and protect your personal information By reading this privacy policy, we hope you feel calm and confident that your privacy is our main priority.

In this Privacy Policy, we state that PT Bank Mandiri (Persero) Tbk (hereinafter referred to as "Bank Mandiri") as Personal Data Controller, will strive to provide security and protection for your convenience in transactions.

We prioritize the security of your Personal Data. With full responsibility, this Privacy Policy explains in detail the definition, types, legality, and purposes of Personal Data processing. In addition, we explain Personal Data control and transfer, duration of processing, and procedure for change in the privacy policy. We take all these steps while referring to Law Number 27 of 2022 concerning Personal Data Protection and its amendments, which is better known as "PDP Law," as well as the applicable and relevant laws and regulations, for you to feel comfortable and confident in providing your Personal Data to us.

For more clarity, the types, bases for processing, and purposes of your Personal Data processing may differ depending on the products and/or services you use.

 

A. Definition of Personal Data

Personal Data are data concerning an individual that are identified or may be identified individually or combined with other information both directly or indirectly via electronic or non-electronic systems.

Personal Data processed include Personal Data that you have provided and will provide to Bank Mandiri.

 

B. Types of Personal Data

Bank Mandiri realizes that it is important for you to know what categories and types of your Personal Data that may be processed. The types of data include:

• Personal profile identification data, namely full name, National Identity Number for ID Card of Indonesian Citizen and Foreign Citizen, Tax Identification Number (TIN), immigration documents, sex, citizenship, place and date of birth, mother’s maiden name, alias/nickname, religion, voice recording, picture recording, photo, form of signature (wet and/or electronic), and/or biometric data;
• Correspondence data, namely address according to ID Card, domicile address and status, electronic mail (email) address, telephone/mobile phone number, and emergency contact including name, relationship with you, address, telephone/mobile phone number, and email;
• Education and employment data, namely education level, occupation, business field, title, division, year of start of work/business, name of company/institution of workplace, address of workplace, employment status, as well as names, titles, and telephone numbers of co-workers;
• Family data, namely marital status, name of spouse, number of children, and number of dependents;
• Financial data, namely account number, source of income, amount of monthly/annual income, amount of monthly/annual expenditure, transaction data, credit/financing data, asset-related data, collateral-related data, and taxation data as well as service data from other financial services that you receive (i.e. insurance and custodian);
• Digital activity data, namely geolocation, IP address, your activity on Bank Mandiri application, and interaction between Bank Mandiri application and other applications on your electronic device; and/or
• Data related to personal preferences, namely communication preferences, hobbies, and interests.

Personal Data processed may be received by Bank Mandiri directly from you or through a third party.
 

C. Legality of Personal Data Processing

Bases for Processing
Personal Data Processing is carried out as long as Bank Mandiri has fulfilled one or several bases for processing as follows:

• Bank Mandiri has explicitly and validly obtained consent from you;
• Bank Mandiri exercises its rights and obligations under an agreement with you;
• Bank Mandiri needs to exercise the authority or fulfill the obligations under the laws and regulations/authorized institution directives;
• Bank Mandiri needs to fulfill your vital interests;
• Bank Mandiri needs to carry out the tasks for public interests and/or public services;
• Bank Mandiri needs to fulfill other valid interests, by taking into account the balance between the interest of Bank Mandiri and your rights.

Purposes of Your Personal Data Processing
Your Personal Data Processing is carried out by Bank Mandiri for the following purposes:

• Managing products and/or services of Bank Mandiri, including profiling and scoring, to improve services for you and risk management of Bank Mandiri.
• Providing promos or programs of Bank Mandiri that may collaborate with other parties for products and/or services that you already have.
• Marketing and/or offering products and/or services of Bank Mandiri and/or other companies within Mandiri Group and/or third parties collaborating with Bank Mandiri, for products and/or services that you have yet to acquire.
• Fulfilling laws and regulations and directives from regulators, law enforcement officials, as well as other authorized institutions.

 

D. Personal Data Control and Transfer

In processing your Personal Data, Bank Mandiri may involve a third party as joint controllers and/or processors of your Personal Data both within and/or outside Indonesia. In such case, Bank Mandiri will protect your Personal Data in accordance with the laws and regulations.

If Bank Mandiri transfers your Personal Data outside Indonesia, Bank Mandiri will reasonably ensure that the transfer destination country has a level of Personal Data protection that is equivalent to (or higher than) that of Personal Data protection in Indonesia.

In the event that the destination country of Personal Data transfer does not have an equivalent (or higher) level of protection, Bank Mandiri may proceed with your Personal Data transfer as long as it complies with the laws and regulations.

 

E. Your Rights as Personal Data Subject

Certainly, Bank Mandiri realizes that Personal Data is the most important asset for you. Therefore, we will inform you about the rights you have as a Personal Data Subject as follows:

• Right to Information and Access

  You have the right to obtain information concerning the identity of a party requesting your Personal Data, the purpose of request, as well as access to a copy of your Personal Data. Bank Mandiri will provide access to the information through the official channels of Bank Mandiri, such as Bank Mandiri branches or other channels, in accordance with the laws and regulations and the policies of Bank Mandiri.

  You understand that in the event that you request for a copy concerning your Personal Data information and/or details of your Personal Data processing, Bank Mandiri may charge you.

• Right to Data Correction

  You have the right to complete, update, and/or correct any incorrect or inaccurate Personal Data.

• Right to Obtain, Use and/or Deliver Personal Data to Other Parties

  You have the right to obtain, utilize, or provide your existing Personal Data with Bank Mandiri to a third party, as long as the communication system used by Bank Mandiri and the concerned Third Party is secure.

• Right to Terminate Processing, Delete and/or Destroy Personal Data

  You have the right to terminate the processing, delete and/or destroy your Personal Data. You agree to give Bank Mandiri time to process the termination of processing, deletion and/or destruction of your Personal Data as long as Bank Mandiri requires. To exercise the right to terminate the processing, deletion and/or destruction of the Personal Data, you may contact Bank Mandiri through the communication channels set out in point H of this Privacy Policy.

  Please understand that termination of processing, deletion and/or destruction of Personal Data may affect the ability of Bank Mandiri to provide products and services to you as well as contractual relationship that has been established between Bank Mandiri and you or between Bank Mandiri and other third parties, which may result in cessation of any service you receive and/or termination of one or some of your agreements with Bank Mandiri and/or violation of one or some of your obligations under an agreement with Bank Mandiri.

  In connection with those matters, termination of processing, deletion and/or destruction of Personal Data result in you providing the rights to Bank Mandiri to block your savings account, and/or declare that your debts and/or obligations to Bank Mandiri are due and collectible. All losses arising from the exercise of your rights to terminate the processing, deletion and/or destruction of Personal Data are your responsibility.

  The obligations of Bank Mandiri to delete and destroy your Personal Data is excluded for the purpose of:

  • National defense and security;
  • Law enforcement process;
  • Public interest in the context of state administration; or
  • Supervision over the financial services, monetary, payment system and financial system stability sector exercised in the context of state administration.
• Right to Withdraw Consent

  You have the right to withdraw the consent for Personal Data processing you have given to Bank Mandiri, and you agree to give Bank Mandiri additional time to process the termination of your Personal Data processing as long as Bank Mandiri requires. To exercise the right to withdraw consent, you may contact Bank Mandiri through the communication channels set out in point H of this Privacy Policy.

  You need to understand that withdrawal of consent may affect the ability of Bank Mandiri to provide products and services to you as well as manage the contractual relationship that has been established between Bank Mandiri and you or between Bank Mandiri and other third parties, which may result in cessation of any service you receive and/or termination of one or some of your agreements with Bank Mandiri and/or violation of one or some of your obligations under an agreement with Bank Mandiri.

  In connection with those matters, withdrawal of consent for Personal Data processing results in you providing the rights to Bank Mandiri to block your savings account, and/or declare that your debts and/or obligations to Bank Mandiri are due and collectible. All losses arising from the exercise of your right to withdraw the consent for Personal Data processing are your responsibility.

• Right to Object to Results of Automated Processing

  You have the right to object to the results of your automated Personal Data processing that give rise to legal consequences or have a significant impact on you, including profiling and/or credit scoring.

• Right to Suspend or Restrict Processing

  You have the right to suspend or restrict your Personal Data processing in proportion to the purposes of your Personal Data processing. To exercise this right, you may contact Bank Mandiri through the communication channels set out in point H of this Privacy Policy. You need to understand that such request for suspension of or restriction on processing may affect the ability of Bank Mandiri to provide products and services to you, as well as contractual relationship that has been established between Bank Mandiri and you or between Bank Mandiri and other third parties, which may result in cessation of any service you receive and/or termination of one or some of your agreements with Bank Mandiri and/or a violation of one or some of your obligations under an agreement with Bank Mandiri.

  In connection with those matters, suspension of or restriction on Personal Data processing results in you providing the rights to Bank Mandiri to block your savings account, and/or declare that your debts and/or obligations to Bank Mandiri are due and collectible. All losses arising from the exercise of your right to suspend or restrict Personal Data processing are your responsibility.

• Other rights in accordance with laws and regulations
  You have the right to apply for other rights regarding Personal Data processing as long as it is regulated in the applicable laws and regulations.

 

F. Duration of Personal Data Processing

Bank Mandiri will process Personal Data from the moment Bank Mandiri obtains the basis for processing. Bank Mandiri will continue the processing as long as you remain using products and/or services of Bank Mandiri or in accordance with the provisions of applicable laws and regulations. Bank Mandiri may store your Personal Data after you terminate your use of products and/or services of Bank Mandiri for the required duration by referring to the laws and regulations.

 

G. Changes in Privacy Policy

We are always committed to maintaining the security and privacy of your information. Therefore, we may update this Privacy Policy in accordance with developments in our practices in Personal Data processing as well as in accordance with the applicable laws and regulations. You may access the latest version of this Privacy Policy on our website at https://bankmandiri.co.id/en/kebijakan-privasi

In the event of changes in this Privacy Policy, we will provide information through the official communication channels of Bank Mandiri. Bank Mandiri is committed to ensuring that you feel secure and always informed regarding the protection of your privacy.

Moreover, in the event that any part of this Privacy Policy becomes unenforceable, this will not affect the validity and enforceability of the remaining provisions. Thank you for your trust in Bank Mandiri.

 

H. Contact Bank Mandiri

Bank Mandiri is ready to help and answer all questions you may have regarding this Privacy Policy.

Please contact our customer service team via Mandiri Call 14000, WhatsApp number of Bank Mandiri 081-184-14000, send questions via email to mandiricare@bankmandiri.co.id, or you may also visit the nearest branch office of Bank Mandiri.