We, PT BNI Life Insurance (“Company”/“We”), are the controller of your personal data. In this capacity, we are responsible for the collection, use, processing, and protection of the personal data you provide to us. This privacy notice is intended to provide a clear understanding of how we manage your personal data in accordance with the applicable laws and regulations in Indonesia, including but not limited to the Personal Data Protection Law. If, , in the future, we act as a Personal Data Processor, we shall process personal data in accordance with the instructions of the Personal Data Controller and comply with all provisions set forth under the applicable laws and the policies of the Company. We remain responsible for all personal data processing activities.

Personal data subjects include prospective existing customers, partners, job applicants or employees, prospective agents or agents, and/or other data subjects whose data is processed by the Company.

This privacy notice becomes effective once you have provided your consent through the methods specified within this privacy notice.

Section A – Personal Data the Company Collects

In carrying out its activities, the Company,"whether electronically or non-electronically, will collect, store, process, use, and/or transfer personal data of general and/or specific (in accordance with the relevant purposes of use). Personal data subjects include prospective or current customers, business partners, job applicants or employees, prospective agents or agents, and/or other personal data subjects whose data is processed by the Company.

We reserve the right to collect and process general and/or specific personal data, including but not limited to:

• Details of your Personal Data and contact information, including: full name, place and date of birth, gender, residential and office address, type of identification (e.g., ID card, passport), identification number, phone numbers (home, office, and mobile), and email address.
• Occupation and position, name of the employing institution, annual gross income, source of premium payment funds, sum insured, and insurance premiums.
• Details of your financial condition, such as salary, savings information, expenses, and other additional income.
• Information regarding the type(s) of property
• Details of each beneficiary, including those related to the products and/or services we provide or that you use as well as associated payment methods.
• Tax information (if relevant to the product or service).
• Information regarding each claim, whether paid or unpaid.
• Records or allegations of legal violations such as debts, fraud, theft, and other alleged cases.
• Health history and/or financial information, educational background, personal photos, genetic and biometric data, and sexual orientation.
• Marital status, family, lifestyle information including the number of dependents you have or if you are a widow or widower.
• Details about family members, including biological mother's name and children (if relevant).
• Communication history with us, stored through the customer complaint service phone number.
• Information about children and persons with disabilities. For children under 18, we will request parental or guardian consent before processing the child’s personal data. For persons with disabilities, we will provide special communication to obtain consent from them and/or their guardian.
• Data collected from institutions and third parties.
• Contractual records: details of agreements or contracts previously signed with the Company, which may include consent regarding personal data processing.
• Geolocation data if the customer uses a mobile application capable of tracking location.
• Payment details (information related to bank accounts, credit cards, or other payment methods in transactions with the Company.
• Digital footprint (information related to the customer’s online activities, including history of using the Company’s applications or websites, IP address, and cookies used for analytics and marketing purposes).
• Data obtained from Credit Reference Agencies (e.g., Bank Indonesia), including public credit history (such as defaults), joint credit history, financial status, and credit history.
• Criminal record information, including alleged violations
• Other personal information as permitted by, or required to comply with, applicable laws, regulations, or authorities—whether local or foreign, in Indonesia or other countries—as may be amended from time to time (“Applicable Law”).

Section B – Where does personal data come from

We obtain your personal data from various sources, including:

• Directly from you, your family members, employer, partners, or beneficiaries of products and services;
• Information generated when you use our products or services;
• Brokers or other intermediaries (e.g., agency partners, distributors, business partners) who collaborate with us to provide or offer products/services, or from other partners with your consent;
• Group Companies, if you have previously applied for, currently hold, or have held a product or service with them;
• Third parties such as insurance companies, reinsurance companies, agency partners, vendors, financial institutions, medical professionals, courts, or public records;
• When you provide your contact information at events such as job fairs, surveys, investor conferences, roadshows, or when you update your contact form on our website;
• Cookies, location services, and IP address data collected when you access our website, mobile applications, or fill in any contact forms on our digital platforms;
• Other sources, such as other lenders, publicly available directories and information (e.g., phone books, social media, internet, news articles), debt recovery and/or tracing agencies, crime prevention organizations, the police, and other law enforcement agencies.

Section B.1 – Cookie Policy

Cookies used by this website collect anonymous, customizable data such as IP address, login credentials, and the operating system in use. These cookies do not store personal information such as your name, address, or any other data that could be used by third parties to contact you via phone, email, or any other form of communication. However, if you choose to block cookies in your browser settings, it affect your overall experience using our site or services. For example, it may encounter difficulties completing transactions on the BNI Life website or experience delays when retrieving additional information.

Section C – How the Company Uses Your Personal Information and the Reasons

BNI Life (the company) will not collect any personally identifiable information unless you choose to purchase our insurance products, register as a member, or voluntarily provide information for job application purposes.

The collection of personal data is conducted based on the nature of the activity and the services offered, in full compliance with applicable personal data protection laws. This includes, but is not limited to, the following purposes:

Section C.1 – Why We Share Personal Data and With Whom

We share your personal information as necessary with relevant financial/health business partners and third-party service providers. This includes, but is not limited to: internal parties/entities within the BNI Groupany insurance intermediaries with whom the Company has an agency or broker agreement, Insurance industry associations and federations that exist from time to time agents, contractors, or third-party service providers offering administrative, telecommunication, computing, payment, or other services, telecommunication, computing, payment, or other service providers offering insurance and/or related reinsurance business, any debt collection agency or institution, any company engaged in insurance and/or related reinsurance business, any insurance claim investigators, other service providers offering insurance and/or related reinsurance business, healthcare providers, any credit reference agencies, and authorities.

If required in accordance with applicable laws and regulations, the Company may need to share your personal data with government institutions. Any transfer of your personal data will always be carried out securely and in compliance with the applicable provisions. We implement various technical and administrative safeguards to ensure that the personal data you provide to us remains safe and protected from unauthorized access, disclosure, or processing.

When transferring your personal data abroad (International Data Transfers), the Company will apply appropriate safeguards and comply with the applicable laws and regulations.

Section C.2 – Personal Data Storage

We need to retain your personal data as a data subject for a specific period in accordance with the company’s internal data retention policies and applicable laws and regulations. Exceptions to the deletion or destruction of personal data may apply for purposes such as future legal proof, tax obligations, audit and accounting requirements, ongoing or potential legal disputes or claims, fulfillment of contractual obligations between the company and the data subject, enforcement of company rights such as intellectual property or other rights, data processing for research or statistical purposes provided the data is anonymized or protected, reporting to government agencies or relevant regulatory bodies, and ensuring the security and integrity of the company's information technology systems.

Section D – Automated Personalization of Your Profile

We, along with internal parties/entities within the BNI Group, may, when necessary, use your personal data to make automated decisions that affect you or to conduct other forms of profiling (e.g., marketing profiling).

Section E – Your Rights

Data subjects have the right to request the following from the company:

• To access and obtain a copy of their personal data and information on how PT BNI Life Insurance uses it;
• To withdraw consent at any time without affecting the lawfulness of processing conducted prior to the withdrawal. Such withdrawal may be submitted in accordance with the procedures established by PT BNI Life Insurance;
• To complete, update, and/or correct the personal data provided to PT BNI Life Insurance to ensure its accuracy and completeness;
• To obtain further information regarding the processing of personal data, including the purpose, use, legal basis, and details of third parties who receive the personal data, if relevant;
• To request the termination of processing, deletion, and/or destruction of personal data, in accordance with applicable regulations;
• To object to decisions made solely based on automated processing, including profiling, which produce legal effects or similarly significant impacts;
• To request the suspension or restriction of the processing of their personal data, proportionally and in accordance with the processing purposes;
• To transmit their personal data to another organization in an electronically readable format;
• To file a legal claim and obtain compensation for proven violations of their personal data processing committed by Us, in accordance with applicable laws and regulations.

Section F – Representing Others

If you intend to provide us with another individual’s personal data, please ensure that you have obtained the appropriate consent and authority to act on their behalf. This includes their consent for us to process their personal data—including any sensitive personal data—and to receive data protection-related notifications on their behalf.

Section G – Marketing

The Company may use your personal data for marketing purposes, with the aim of offering insurance products or services tailored to your needs. Such marketing may be conducted through communication channels you have consented to, including:

• Letter;
• Email;
• Text Messages;
• Phone;
• Other digital or electronic communication media.

Section H – How to Contact Us

To make consultations, complaints, or exercise your rights as outlined in this Privacy Notice, you can contact us at:

The Company will take all practical measures to ensure the security of your personal data and to prevent unauthorized or accidental access, deletion, or use.

Section I – Privacy Notice Updates

We may update this Privacy Notice from time to time on our website. We encourage you to review the Privacy Notice page periodically to stay informed about any changes.