1. Who We Are
Indonesia Global Talent Service is an international student portal helping prospective students discover universities, study programs, and scholarships in Indonesia. Our registered address and Data Controller contact is available at privacy@studyindonesia.id.
2. What Data We Collect
2.1 Information You Provide
- โขAccount registration: name, email address, password (hashed)
- โขApplication forms: academic history, national ID / passport, documents
- โขCommunications: support tickets, feedback forms
2.2 Information Collected Automatically
- โขDevice information: browser type, operating system, screen resolution
- โขUsage data: pages visited, time spent, clicks (only if analytics consent granted)
- โขIP address: stored in hashed form only (never raw โ see Section 7)
- โขCookies and local storage: see our Cookie Policy
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Create and manage your account | Contract (Art. 6(1)(b)) |
| Process university applications | Contract (Art. 6(1)(b)) |
| Send transactional emails (verification, application updates) | Contract (Art. 6(1)(b)) |
| Analytics and product improvement | Consent (Art. 6(1)(a)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance and fraud prevention | Legal Obligation (Art. 6(1)(c)) |
| Record-keeping for compliance audit | Legitimate Interest (Art. 6(1)(f)) |
4. Your Rights
Under GDPR and UU PDP, you have the following rights:
Right of Access (Art. 15 GDPR)
Download all your personal data from your Privacy Centre.
Right to Rectification (Art. 16)
Update your profile information in account settings.
Right to Erasure (Art. 17)
Request permanent deletion of your account and data.
Right to Restriction (Art. 18)
Contact us at privacy@studyindonesia.id.
Right to Data Portability (Art. 20)
Download your data in JSON format.
Right to Object (Art. 21)
Withdraw consent for analytics/marketing at any time via Cookie Preferences.
To exercise any right, visit your Privacy Centre or email privacy@studyindonesia.id. We respond within 30 days.
5. Data Sharing & Third Parties
We do not sell your personal data. We share data only with:
- โRegistered Universities โ Solely for processing your application (with your explicit consent during application)
- โSendGrid (Twilio) โ Transactional email delivery
- โGoogle Analytics โ Only if you consent to analytics cookies
- โMeta (Facebook) โ Only if you consent to marketing cookies
- โCloudflare โ CDN, DDoS protection, R2 object storage (encrypted)
All third-party processors have signed Data Processing Agreements (DPAs) as required by GDPR Article 28.
6. International Data Transfers
Our infrastructure is primarily hosted in Singapore (AWS ap-southeast-1). For transfers to the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) as per GDPR Article 46(2)(c).
7. Security Measures
- โขPasswords are hashed with bcrypt (cost factor 12)
- โขIP addresses are hashed with SHA-256 + secret salt before storage
- โขAll data in transit encrypted via TLS 1.3
- โขAll data at rest encrypted (AES-256)
- โขAccess control: RBAC with principle of least privilege
- โขApplication logs: PII masked using automated log sanitization
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30-day grace period |
| Application records | Anonymized after account deletion (retained for university audit) |
| Consent records | 5 years (anonymized after account deletion) |
| Session tokens | 7 days from creation |
| Application logs | 90 days |
10. Changes to This Policy
We will notify registered users by email of any material changes at least 30 days before they take effect. The current version and date are shown at the top of this page.
11. Contact & Complaints
For privacy enquiries: privacy@studyindonesia.id
If you are in the EU/EEA and believe we have not handled your data correctly, you have the right to lodge a complaint with your local Data Protection Authority (DPA).
Bahasa Indonesia
Kebijakan Privasi
Indonesia Global Talent Service berkomitmen untuk melindungi data pribadi Anda sesuai dengan GDPR dan Undang-Undang Perlindungan Data Pribadi (UU PDP).
Sebagai subjek data, Anda memiliki hak untuk mengakses, memperbaiki, menghapus, dan membawa data Anda. Kunjungi Pusat Privasi Anda atau hubungi privacy@studyindonesia.id untuk informasi lebih lanjut.