Legal

PT Celebes Niaga Jaya ("Growthacker," "we," "us," or "our") is committed to protecting the privacy and personal data of every individual and organization that interacts with our services. Growthacker is a digital agency that helps service-based companies build, sell, and scale subscription models through data-driven optimization, growth hacking strategies, digital marketing, business strategy consulting, and end-to-end revenue acceleration services.

This Privacy Policy ("Policy") explains how we collect, use, store, share, and protect your personal data when you visit our website, use our services, communicate with us, or otherwise interact with our business. This Policy applies to all clients, prospective clients, website visitors, and any third parties whose data we may process in the course of delivering our services.

This Policy is governed by the laws of the Republic of Indonesia, including Undang-Undang No. 27 Tahun 2022 concerning Personal Data Protection (Perlindungan Data Pribadi, "PDP Law"), Undang-Undang No. 11 Tahun 2008 as amended by Undang-Undang No. 19 Tahun 2016 concerning Electronic Information and Transactions (Informasi dan Transaksi Elektronik, "ITE Law"), Peraturan Pemerintah No. 71 Tahun 2019 concerning the Implementation of Electronic Systems and Transactions, and other applicable regulations.

The data controller responsible for the processing of your personal data is PT Celebes Niaga Jaya, a limited liability company incorporated under the laws of the Republic of Indonesia. For any inquiries regarding the processing of your personal data, you may contact us at support@growthacker.id.

We collect personal data through various means depending on how you interact with us. The categories of personal data we may collect include:

3.1 Information You Provide: When you fill out a contact form, request a consultation, enter into a Service Agreement, or communicate with us through any channel, you may provide us with your full name, email address, phone number, company name, job title, business website URL, industry information, company size, revenue data, and any other information you choose to share in the course of our engagement.

3.2 Business and Financial Data: In the course of delivering our services, which are billed on a performance-based model where you do not pay until you see results, we may collect or process business performance data, revenue metrics, subscription analytics, customer acquisition data, retention rates, billing information, invoice records, and payment transaction details as necessary to measure agreed-upon performance milestones and to process payments.

3.3 Automatically Collected Data: When you visit our website, we may automatically collect certain technical information, including your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time spent on pages, click patterns, and other usage statistics through cookies and similar tracking technologies as described in our Cookie Policy.

3.4 Third-Party Data: We may receive information about you from third-party sources such as analytics providers, advertising networks, public databases, business directories, and social media platforms, to the extent permitted by applicable law and the terms of those platforms.

In accordance with the PDP Law and other applicable regulations, we process your personal data based on one or more of the following legal grounds:

(a) Your explicit consent, which you provide when submitting forms, agreeing to our terms, or opting in to communications; (b) the performance of a contract, where processing is necessary to fulfill our obligations under a Service Agreement with you or your organization; (c) legitimate interests, where processing is necessary for the purposes of our legitimate business interests, such as improving our services, preventing fraud, and ensuring network security, provided that such interests do not override your fundamental rights and freedoms; (d) legal obligations, where processing is necessary for compliance with applicable laws, regulations, or legal proceedings in the Republic of Indonesia.

We use the personal data we collect for the following purposes:

(a) To deliver and manage our services, including building, selling, and scaling subscription models for your service-based company, and to track the performance metrics that determine our performance-based fees; (b) to communicate with you regarding your account, Service Agreement, project status, deliverables, and any changes to our services or policies; (c) to process invoices and payments in accordance with our performance-based pricing model; (d) to analyze and improve our services, website functionality, and user experience; (e) to send you marketing communications about our services, industry insights, and updates, subject to your preferences and your right to opt out at any time; (f) to comply with legal and regulatory obligations under Indonesian law; (g) to protect our rights, property, and safety, and those of our clients and the public.

We do not sell, rent, or trade your personal data to third parties for their independent marketing purposes. We may share your personal data only in the following circumstances:

6.1 Service Providers: We may share your data with trusted third-party service providers who assist us in delivering our services, including but not limited to cloud hosting providers, analytics platforms, payment processors, CRM systems, and marketing automation tools. These providers are contractually obligated to protect your data and to use it only for the purposes for which it was shared.

6.2 Legal Requirements: We may disclose your personal data if required to do so by Indonesian law, a court order, or a request from a competent government authority, including for the purposes of national security, law enforcement, or regulatory compliance.

6.3 Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

6.4 With Your Consent: We may share your data with third parties when you have given us your explicit consent to do so.

As a digital agency operating in Indonesia, we primarily store and process your data within the territory of the Republic of Indonesia. However, some of our third-party service providers may store or process data in other jurisdictions. In such cases, we ensure that appropriate safeguards are in place to protect your personal data in accordance with the PDP Law and other applicable regulations, including contractual clauses requiring the recipient to maintain adequate data protection standards.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, tax, and reporting requirements under Indonesian law. Specifically:

(a) Client engagement data, including Service Agreements, invoices, and performance records, will be retained for a minimum of five (5) years following the termination of the engagement, in accordance with Indonesian tax and commercial record-keeping obligations; (b) website usage data and analytics will be retained for up to twenty-four (24) months from the date of collection; (c) marketing communication records and consent logs will be retained for the duration of your subscription to our communications and for twelve (12) months thereafter; (d) when personal data is no longer required, it will be securely deleted, anonymized, or de-identified in accordance with our data retention procedures.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, loss, and misuse. These measures include but are not limited to:

(a) Encryption of data in transit using TLS/SSL protocols; (b) encryption of sensitive data at rest; (c) access controls that limit data access to authorized personnel on a need-to-know basis; (d) regular security assessments and vulnerability testing; (e) employee training on data protection and information security best practices; (f) incident response procedures for the timely detection, investigation, and mitigation of data breaches.

While we take all reasonable precautions to protect your data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security but are committed to continuously improving our security practices.

Under the PDP Law and other applicable regulations, you have the following rights with respect to your personal data:

(a) Right of Access: You have the right to request confirmation of whether we process your personal data and to obtain a copy of the personal data we hold about you; (b) Right of Rectification: You have the right to request the correction of inaccurate or incomplete personal data; (c) Right of Erasure: You have the right to request the deletion of your personal data, subject to our legal obligations to retain certain records; (d) Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances; (e) Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller; (f) Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal; (g) Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes.

To exercise any of these rights, please contact us at support@growthacker.id. We will respond to your request within fourteen (14) business days. We may require you to verify your identity before processing your request.

Our services are designed for businesses and are not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without appropriate parental or guardian consent, we will take steps to delete such data promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. The "Last updated" date at the top of this Policy indicates when the most recent revisions were made. If we make material changes that significantly affect how we process your personal data, we will make reasonable efforts to notify you by email or through a prominent notice on our website prior to the changes taking effect.

If you have any questions, concerns, or complaints regarding this Privacy Policy or the processing of your personal data, please contact us:

PT Celebes Niaga Jaya
Email: support@growthacker.id
WhatsApp: +62 821-2950-5610

We are committed to resolving any complaints or concerns about our data processing practices. If you are not satisfied with our response, you have the right to lodge a complaint with the competent data protection authority in Indonesia.