Privacy Policy Paylabs

PT Wahana Pembayaran Digital (“Paylabs”) is a digital payment system service provider established in accordance with the laws of the Republic of Indonesia.

During the provision of its services, Paylabs collects data related to businesses and their customers (“Data”). This Privacy Policy explains how Paylabs collects, uses, and discloses such Data.

This Privacy Policy applies to all individuals and entities that interact with Paylabs’ services and systems, including but not limited to:

  • Users of Paylabs’ services (“Users”)
  • End customers who conduct transactions through the Paylabs system (“Customers”)
  • Visitors to the Paylabs.co.id website
  • Parties utilizing Paylabs’ API services or payment systems

The term “You” in this document refers to all categories above, depending on your interaction with Paylabs’ services.

Paylabs respects and protects the personal data of users who utilize its services—whether as merchants, business partners, consumers, or website visitors. This Policy explains how Paylabs processes personal data in accordance with Article 20 of Law No. 27 of 2022 on Personal Data Protection (PDP Law).

1. Purpose and Objective of Data Collection

Paylabs collects information to support the secure, efficient, and lawful operation of its payment services. Data may be collected directly (e.g., account registration or transaction) or indirectly (e.g., via cookies or third-party verification providers).

  • Providing and managing Paylabs services
  • Enhancing system and transaction security
  • Preventing fraud, money laundering, or illegal activities
  • Complying with legal and regulatory obligations

2. Types of Data Collected

A. Personal Data

  • Identity & contact: full name, address, phone number, email
  • Financial & transaction data: bank account, payment card (encrypted/tokenized), transaction history
  • Additional information: date of birth, ID number (ID card/driver’s license/passport/tax ID)
  • Company information: NIB, NPWP, office address, incorporation documents

B. Other Data

Non-personal information (“Other Data”) collected via cookies and similar technologies:

  • Browser and device data (IP, OS, browser type, resolution, language, etc.)
  • Transaction data (amount, method, date)
  • Tracking data such as visited pages and session duration
  • Corporate information (e.g., structure, jurisdiction, services offered)

3. Mechanism of Data Usage

A. Personal Data Usage

  • Service provision & account management
  • Identity verification (e-KYC) and AML/CTF compliance
  • Fraud prevention and detection
  • Customer support and notifications
  • Product development and innovation
  • Marketing communications (with explicit consent)
  • Audit and industry compliance

B. Other Data Usage

Non-personal data is used to analyze trends, optimize performance, improve UI/UX, and enhance cybersecurity.

4. Mechanism of Data Disclosure

  • Affiliates: within Paylabs corporate group
  • Service Providers: payment processors, cloud and security vendors, support services
  • Users & Business Partners: for transaction facilitation and support
  • Authorized Third Parties: with your explicit consent
  • Legal and Security Compliance: for lawful requests or to protect rights and safety
  • Corporate Restructuring: in case of merger or acquisition

5. Data Security

A. Security Systems and Infrastructure

  • Data encryption with industry-standard protocols
  • Restricted access on a need-to-know basis (principle of least privilege)
  • System segmentation to limit unauthorized access risks

B. Additional Measures

  • Real-time system monitoring and threat detection
  • Regular audits and penetration testing
  • Employee training on data protection practices

C. User Responsibilities

No internet transmission is 100% secure. If you suspect a breach, contact Paylabs immediately at tech.support@paylabs.co.id.

D. Incident Response and Breach Notification

Under Article 46 of Law No. 27 of 2022 (PDP Law), Paylabs must notify affected individuals and the PDP Authority within 3 × 24 hours of a confirmed breach.

6. Advertising

Paylabs may partner with third-party advertisers using cookies to deliver relevant ads. You may manage tracking preferences via browser settings.

7. Data Subject Rights

  • Right to information about data processing
  • Right to complete or rectify inaccurate data
  • Right to access personal data records
  • Right to erasure and processing termination
  • Right to withdraw consent
  • Right to object or restrict processing
  • Right to data portability
  • Right to object to automated decision-making
  • Right to file complaints with authorities
  • Right to seek compensation for violations

8. Data Retention Period

Personal data is retained for up to 10 years or as required by law. You may request deletion by written notice to Paylabs. Deleted data cannot be restored and some records may remain for legal obligations such as AML compliance and fraud prevention.

9. Paylabs as a Data Processor

When acting on behalf of Users, Paylabs processes data in accordance with laws and contractual instructions as a data processor.

10. Privacy Policy Updates and Notifications

Paylabs may update this Policy at any time. The latest version will be published on Paylabs.co.id. Continued use of services indicates acceptance of changes.

11. Consent and Acknowledgment

By using Paylabs Services, you acknowledge and agree to this Policy. If you submit another individual’s data, you warrant you have their consent.

12. How to Contact Paylabs

Email: cs@paylabs.co.id
Phone: +6221-30073777