Privacy Policy
How PT. Aegis Ultima Teknologi collects, uses, and protects your personal data.
PT. Aegis Ultima Teknologi ("Aegislabs", "we", "us", or "our") operates aegis.co.id and pragmatic.aegis.co.id. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have under the Indonesian Personal Data Protection Law (Undang-Undang No. 27 Tahun 2022 tentang Pelindungan Data Pribadi, "UU PDP") and, where applicable, the EU General Data Protection Regulation ("GDPR").
1. Data controller and privacy contact
The data controller is PT. Aegis Ultima Teknologi, a company incorporated in the Republic of Indonesia with its principal office at Jl. Tubagus Ismail VI No. 27, Bandung 40134, Jawa Barat, Indonesia.
Privacy questions, requests, and complaints should be addressed to our Privacy Officer, c/o corporate@aegis.co.id.
2. Personal data we collect
We only collect personal data that you voluntarily provide, or that is generated automatically when you use our websites.
2.1 Data you provide
- Lead and contact forms — name, business email, company name, job title, country, area of interest, and any message content you enter.
- Career applications — name, email, CV/resume, and cover note.
- Chat widget messages — the content of any message you send to our Bicara-powered chat assistant, together with a short-lived session identifier.
- Meeting requests — calendar availability and any details you share when booking a consultation.
2.2 Data collected automatically
- Server logs — IP address, user-agent, request URL, referrer, and timestamp. Retained for up to 30 days for security and abuse monitoring.
- Analytics — aggregated and anonymized page-view data (page path, country, referrer, device class). We use Plausible or Google Analytics 4 with IP anonymization; no cross-site advertising identifiers are collected.
- Cookies — a single consent cookie and, where enabled, an analytics cookie. See section 7.
3. Purposes and legal basis
| Purpose | Legal basis (UU PDP / GDPR) |
|---|---|
| Respond to your inquiry | Performance of a contract / pre-contractual steps (Art. 20(2)(b) UU PDP / Art. 6(1)(b) GDPR) |
| Deliver contracted services | Performance of a contract |
| Process career applications | Consent (Art. 20(2)(a)) |
| Security monitoring and abuse prevention | Legitimate interest (Art. 20(2)(f)) |
| Product and content analytics | Legitimate interest, with opt-out |
| Comply with tax, audit, and regulatory duties | Legal obligation (Art. 20(2)(c)) |
4. How we share data
We do not sell your personal data. We share it only with the following categories of recipients, under written agreements that require confidentiality and appropriate security:
- Our internal team — account managers, delivery leads, and the hiring team, on a need-to-know basis.
- Service providers — cloud hosting, email delivery (Resend), CRM (Bicara, operated by Manaira Labs), calendar booking, and analytics. These providers act as processors and only handle your data on our instructions.
- Authorities — when required by Indonesian law, a court order, or to protect rights and safety.
5. International transfers
Some of our processors are located outside Indonesia (for example in Singapore or the European Union). Where personal data is transferred outside Indonesia, we rely on the mechanisms permitted under Art. 56 UU PDP — typically a written agreement that provides an adequate level of protection — and, for GDPR transfers, Standard Contractual Clauses.
6. Retention
- Lead and contact form data — 24 months from last contact, unless you ask us to delete it earlier.
- Career applications — 12 months after the role is closed, then deleted, unless you consent to being kept in our talent pool.
- Chat transcripts — 90 days.
- Server logs — 30 days.
- Contracts, invoices, and tax records — retained for the period required by Indonesian tax and corporate law (currently 10 years).
7. Cookies
We set a first-party consent cookie the first time you visit, recording your choice about
analytics. Analytics cookies are only set after you accept. You can withdraw consent at any time
by clearing the aegis-consent cookie in your browser. We do not use third-party
advertising cookies or cross-site trackers.
8. Your rights
Under UU PDP and, where applicable, GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct data that is inaccurate or incomplete.
- Delete your personal data ("right to be forgotten"), subject to our legal retention duties.
- Withdraw consent at any time, where consent is the legal basis.
- Object to processing based on legitimate interest.
- Receive a copy of your data in a portable format.
- Lodge a complaint with the Indonesian data-protection authority once the supervisory body contemplated by UU PDP is established, or, if you are in the EU/EEA, with your local supervisory authority.
To exercise any of these rights, email corporate@aegis.co.id from the address associated with your data.
9. Complaints procedure
If you believe we have processed your personal data in a way that does not comply with UU PDP, send a written complaint to our Privacy Officer at corporate@aegis.co.id. We will:
- Acknowledge your complaint within 3×24 hours of receipt.
- Investigate and provide a substantive response within 30 calendar days.
- Escalate to the supervisory authority designated under UU PDP if you are not satisfied with our response.
10. Security
We apply technical and organizational measures appropriate to the risk, including TLS in transit, encryption at rest for backups, access controls with least privilege, signed NDAs for all staff and contractors, and annual security reviews. No system is perfectly secure; if a personal-data breach occurs, we will notify affected individuals and the relevant authority within 72 hours of becoming aware, as required by Art. 46 UU PDP.
11. Children
Our services are directed at businesses. We do not knowingly collect personal data from children under 18. If you believe we have, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify registered contacts by email.
13. Contact
PT. Aegis Ultima Teknologi
Jl. Tubagus Ismail VI No. 27, Bandung 40134, Indonesia
corporate@aegis.co.id