We, PT BNI Life Insurance ("Company"/"We") are the controller of your personal data. In this capacity, we are responsible for the collection, use, processing, and protection of the personal data you provide to us. This Privacy Policy is designed to provide a clear understanding of how we manage your personal data in accordance with applicable laws and regulations in Indonesia, including but not limited to the Personal Data Protection Act. If in the future We act as a Personal Data Processor, then in accordance with applicable law, We are obligated to process personal data according to the instructions of the Personal Data Controller and comply with all provisions regulated by the Law and the Company, and We are responsible for all personal data processing activities.

Personal data subjects include prospective customers or customers, partners, job applicants or employees, prospective agents or agents, and/or other personal data subjects whose data is processed by the Company.

This Privacy Policy becomes effective from the time you provide consent to this Privacy Notice through the means mentioned in this Privacy Policy.

Section A - Personal Data Collected by the Company

In carrying out its activities, the Company, both electronically and non-electronically, will carry out activities of collecting, storing, processing, using, and/or transferring personal data of personal data subjects that are general and/or specific/sensitive (according to relevant usage purposes). Personal data subjects include prospective customers or customers, business partners, job applicants or employees, prospective agents or agents, and/or other personal data subjects whose data is processed by the Company.

• Personal and contact details, such as title, full name, contact details and contact details history, address and email;
• Personal Data information details and contacts which include: full name, place and date of birth, gender, home and office address, Type of Identity (ID card, Passport, etc.), Identity Number, telephone number (Home, Office, and Mobile), email, Marital Status, Mother's Maiden Name, and Nationality;
• Occupation & position, name of company where you work, annual gross income, source of premium payment funds, sum insured and insurance premium;
• Residence status, information and/or employment history, health history and/or financial information, educational history, personal photos, genetics, biometrics, and sexual orientation;
• Marital status, family, lifestyle including the number of dependents you have or if you are a widow or widower;
• Details of family member information, including mother's and children's names (if relevant);
• Information about your current job, including status, position, and institution where you work (if relevant);
• Details of your financial condition, such as salary, savings information, expenses, and other additional income;
• Information related to your medical records;
• Information on the type of property you own;
• Details of any beneficiaries, such as and from products and/or services we have, also including those you use, and related payment methods;
• Information from any claims that have been paid or not paid;
• Information on records or suspected violations of law, such as: debt, fraud, theft, and other suspected cases;
• History of your communications with us stored on customer complaint service telephone numbers;
• Information about children and persons with disabilities. For children under 18 years old, we will request consent from parents or guardians before processing the child's personal data. For persons with disabilities, we conduct special communications to obtain consent from the person concerned and/or their guardian;
• Tax information (if relevant to the product or service);
• Information on data collected from institutions and third parties;
• Geolocation if customers use mobile applications that can track location;
• Payment details (detailed information related to bank accounts, credit cards, or other payment methods used by customers in transactions with the Company);
• Digital footprint (information related to customers' online activities, including history of Company application or website usage, IP addresses, and cookies used for analytical and marketing purposes);
• Records of agreements or contracts: Details of agreements or contracts ever signed with the Company, which may include agreements related to personal data processing;
• Information we obtain from Credit Reference Providers (Bank Indonesia), including public credit history (e.g., defaults) and joint credit history, financial situation, and financial history;
• Criminal record information, including suspected violations;
• Other personal information permitted by or required to comply with applicable local or foreign laws, rules, regulations, or other authorities either in Indonesia or in other countries, as may be amended from time to time ("Applicable Laws").

Section B - Sources of Personal Data

The Company obtains your personal data from several sources, including:

• Directly from you, family members, the company where you work, partners, or beneficiaries of products and services;
• Information about you generated when you use our products and services;
• From brokers or other intermediaries (e.g., Business Partner Agency, distributors, business partners) who work with us to provide products or services or offers to you or from other partners after obtaining your consent;
• Group Companies if you already have a product, have applied for a product or service or have had it before;
• Third parties such as insurance companies, reinsurance companies, Agency Business Partners, vendors, financial institutions, medical personnel or medical consultations, courts or public records;
• From you when filling out contact information at job fair activities, surveys, investor conferences, roadshows or when you update our contact forms on our website;
• Cookies, location services, IP addresses when you visit our website or mobile application or when you fill out our contact form on our website or application or electronic system;
• From other sources such as other lending institutions, directories and publicly available information (e.g., telephone directories, social media, internet, news articles), debt recovery and/or search agents, other organizations to assist in crime prevention and detection, police and law enforcement agencies.

B.1 - Cookie Policy

Cookies used by this website collect anonymous customized data, such as IP addresses, login information, and operating systems used. Therefore, no personal information such as names, addresses, or other data that could be used by third parties to contact you via telephone, email, or other forms of communication is stored in cookies. However, if you choose to block the use of cookies through settings on your browser, please note that this may affect your experience in using our website or online services. For example, you may experience difficulties in conducting transactions on the BNI Life website or need more time to access additional data.

Section C - How the Company Uses Your Personal Information and Why

BNI Life (the Company) will not collect any information that identifies your personal identity until you decide to purchase our insurance products, register as a member, and/or provide information for job application purposes.

The collection of personal data by the Company is carried out according to the type of activities and service products offered, while still complying with applicable personal data protection laws, including, but not limited to the following purposes:

Section C.1 - Why We Share Personal Data and With Whom

We share your personal information as needed, to financial/health business partners, as well as third-party service providers. This includes, but is not limited to: affiliated companies (including parent company relationships and/or other affiliations) of the Company, any insurance intermediaries who have agency agreements or brokers with the Company, existing insurance industry associations and federations from time to time, agents, contractors or third-party service providers who provide administrative, telecommunications, computer, payment or other services to the company in connection with the company's business operations, any debt collection agency or institution, any company conducting insurance and/or related reinsurance business, any insurance claim investigators, other service providers providing insurance and/or related reinsurance business, healthcare providers, any credit reference agencies, and authorities.

If required in accordance with applicable laws and regulations, the Company may need to share your personal data with government agencies. Any transfer of your personal data will always be done securely in accordance with applicable provisions. We implement various technical and administrative security measures to ensure that the personal data you provide to us remains secure and protected from unauthorized access, disclosure, or processing.

As long as we transfer your personal data abroad (International data Transfer), the Company will use appropriate safeguards and comply with the provisions of applicable laws and regulations.

Section C.2 - Storage of Personal Data

We need to store your personal data as a personal data subject for a certain period in accordance with the company's internal data retention provisions and applicable laws and regulations. There are also exceptions to the deletion or destruction of personal data that may apply in the case of future proof requirements, tax obligations, audit and accounting needs, settlement of disputes or legal claims that are ongoing or potential, fulfillment of contractual obligations or agreements between the company and the data subject, enforcement of company rights, such as intellectual property rights or other rights, data processing for research or statistical purposes, provided that the data is anonymized or protected, reporting needs to relevant government agencies or regulatory bodies, security and integrity of the company's information technology systems.

Section D - Automatic Personalization of Your Profile

The Company does not use your personal data to make automated decisions or profiles that could significantly impact you, except with your consent or if required by law. If in the future we plan to use your personal data in the automated decision-making process, we will notify you and request your consent first.

Section E - Your Sensitive Personal Data

For certain products or services, we need to process personal data that is sensitive in nature, such as health information, genetic data, biometrics, and sexual orientation. If necessary, we will request explicit consent from you before processing such data. Further information regarding this will be conveyed to you when data collection takes place.

Section F - Your Rights

Data subjects have the right to request the following from the Company:

• You can request a copy of your personal data;
• You can file a complaint regarding your personal data to the data protection authority or regulator managed by us;
• You can request corrections for inaccurate information or to complete personal data;
• You can withdraw consent for processing personal data managed and/or stored by Us;
• You can request the deletion of your personal data, if such data is no longer needed by the company, or if there is no other legal basis supporting its processing, except for applicable restrictions.

Section G - Representing Others

If you want to provide someone else's personal data to us, please ensure that you have obtained permission and authority from that person to act on their behalf. This also includes consent for us to process their personal data, including sensitive data, and notification regarding information protection on their behalf. If you feel uncertain or unsure about your right to provide someone else's information, please do not hesitate to contact us via the email listed below before sending such information.

Section H - Remarketing

The Company may use your personal data for remarketing purposes, with the intention of offering insurance products or services that suit your needs. This remarketing can be done through various communication channels that you approve, such as:

• Mail;
• Email;
• SMS;
• Telephone;
• Other digital or electronic communication media.

Section I - How to Contact Us

To conduct consultations, complaints and exercise your rights set out in this Privacy Policy, you can contact us at:

The Company will take all practical steps to ensure the security of personal data and to avoid unauthorized or unintentional access, deletion, or other use.

Section J - Privacy Policy Updates

We may update the Privacy Policy periodically on our website. We recommend that you check our Privacy Policy page regularly to be aware of updated privacy policies.