Mayapada Skorcard - Privacy Policy

This Privacy Policy is effective as of May 16, 2025; and Last updated on May 16, 2025.

PT Skorcard Teknologi Indonesia (hereinafter referred to as "Skorcard," "Company," "We") is a company that provides users ("Users," "You") with easy and secure access to credit card facilities, as well as the ability to manage transactions and credit card administration through the Skorcard Platform ("Services").

This Privacy Policy represents our commitment to ensuring the security of every data collection, processing, and disclosure while guaranteeing and supervising the processing of your personal data in relation to the provision of our Services.

This Privacy Policy aims to provide information about your rights when accessing and/or using the Skorcard Platform based on applicable laws and regulations, including Law No. 27 of 2022 concerning Personal Data Protection ("PDP Law"). Additionally, this Privacy Policy regulates the terms of data usage related to the provision of our Services, as specified in the Terms of Use.

Unless otherwise stated, all capitalized terms not defined in this Privacy Policy have the same meanings as set forth in the Terms of Use.

ROLE OF SKORCARD

We, Skorcard, a company based in South Jakarta, act as the controller of your personal data regarding the account creation process on the Skorcard Platform and as the processor of personal data related to the issuance and creation of credit cards by banking institutions in cooperation with Skorcard.

COLLECTION OF PERSONAL DATA

The personal data we obtain from you may include, but is not limited to, the following:

I. PERSONAL DATA YOU PROVIDE TO US

To enable the Skorcard Platform to provide Services to Users, we may collect and process the following personal data during registration and your interactions with the Skorcard Platform:

Basic User Data:
Includes but is not limited to name, place and date of birth, ID card address and/or domicile address, gender, marital status, religion, occupation (including company name, workplace address, and office phone number), salary amount, National Identity Number (NIK), Taxpayer Identification Number (NPWP), mother’s maiden name, emergency contact name, emergency contact number, biometrics, ID card photo, and nationality.

User Contact Information:
Includes but is not limited to address, phone/mobile number, and email address.

Contact List:
Skorcard collects your contact list, including names and phone numbers, to allow you to provide emergency contact details.

Financial Data:
Includes but is not limited to income data, card information, credit history, and other financial details listed in credit reports.

Transaction Data:
Includes purchases or orders made, interests, preferences, feedback, and survey responses related to your use of the services, details on collections and/or deliveries, and the type of service received at the time.

Payment Data:
Includes payment or transfer details made by Users on the Skorcard Platform, such as payment usage details, recipient details (including their account information), payment methods used, payment amounts, billing details, and invoice details.

Third-Party Information:
We may collect personal data from third parties (including agents, vendors, partners, institutions, and government agencies that provide services to us, collect personal data on our behalf, or cooperate with us) to support our product and Service provision.

Camera Access:
Used for User identification and verification processes.

Microphone Access:
Used for User verification within our system.

Email Access:
We may require you to link your email account that you have used to register or apply on the Google Play Store or Apple App Store to your Skorcard account. specifically for Service provision and monitoring for User benefit.

Advertising ID Collection

We collect and use Advertising Identifiers (Ad IDs) such as the Google Advertising ID (GAID) on Android devices and the Apple Identifier for Advertisers (IDFA) on iOS devices. These identifiers are used for:
- Delivering personalized advertisements and marketing content.
- Measuring ad performance, effectiveness, and user engagement.
- Preventing fraudulent activities and ensuring security.
- Analyzing and improving our services through attribution tracking.

II. AUTOMATICALLY COLLECTED DATA WHEN USING OUR SERVICES

When you access the Skorcard Platform or use our Services, we may automatically collect the following information about you:

Your device’s Internet Protocol (IP) address, log information, error messages, computer or mobile device operating system, browser type, mobile protocol type, device characteristics, device brand, unique device identifier, and/or mobile equipment identifier, List of applications installed on the mobile device;
Your usage of the Skorcard Platform, such as pages viewed, features used, and location information;
Cookies, pixel tags, and similar technologies that create and maintain unique identifiers.

DATA ABOUT UNDERAGE USERS

Our Services are not intended for Users under the age of 21. We do not collect, use, disclose, or process in any manner and for any purpose any personal data from Users under the age of 21.

USE OF PERSONAL DATA FOR PERSONS WITH DISABILITIES

Specifically, we will process the personal data of Users with disabilities through communication methods tailored to the needs of persons with disabilities, as regulated under Law Number 8 of 2016 concerning Persons with Disabilities.

In processing such data, persons with disabilities may act on their own behalf or be represented by a legal guardian.

If you have a disability and require assistance in exercising your rights as a data subject, please contact us at wecare@skorcard.app. The process may take up to 30 (thirty) business days from the date of your request submission.

DATA RETENTION

You hereby agree that for as long as you remain a registered User of the Skorcard Platform, we may retain your data in accordance with this Privacy Policy. We will store your personal data for as long as it is necessary to fulfill the purposes of collection and use of the Services, unless required or permitted otherwise by applicable laws and regulations. Your personal data will be retained for a minimum of five (5) years after you cease to be a User and/or from the date your account has been inactive for a period of two (2) years.

As for financial and billing information related to you, in accordance with laws and regulations governing corporate documents, such information will be retained for at least ten (10) years from the time you are no longer a User on the Skorcard Platform.

We will delete your personal data should you decide to exercise your rights as a Data Subject (as referred to under applicable personal data protection laws), in accordance with this Privacy Policy. The deletion of your personal data will take a minimum of thirty (30) business days from the date of your request submission.

HOW WE COLLECT YOUR PERSONAL DATA

Your personal data may be collected and stored, either directly or indirectly, under the following circumstances:

When you access the Skorcard Platform;

When you disclose personal data to us;

When any authorized person related to you or acting on your behalf (including but not limited to your spouse or family members) discloses personal data to us; or

When relevant third parties disclose personal data to us (including but not limited to partners collaborating with us in relation to the provision of Services and government agencies that have authority under applicable laws and regulations).

With respect to point (c) above, where information about you is not provided directly by yourself, the person acting on your behalf or holding your power of attorney is required to obtain your prior consent and inform you of the disclosure of your personal data, in accordance with this Privacy Policy.

USE OF YOUR PERSONAL DATA

I. WHY WE COLLECT YOUR PERSONAL DATA

We will use and process the personal data you provide to us, as well as the data we obtain from time to time, for the following purposes:

Facilitating Account Creation and Credit Card Application to Partner Banks
To provide the Services, starting from the account creation process on the Skorcard Platform to assisting you in applying for a credit card with our Partner Banks through the Skorcard Platform. This also includes the fulfillment of our obligations to you or as required under applicable laws and regulations.

User Verification and Electronic Know Your Customer (e-KYC) Process
To process your request to use our Services for account creation on the Skorcard Platform and credit card issuance application, we will conduct a verification process including e-KYC. This may include, but is not limited to, checking your personal information, identity documents, credit information, building a risk model, preventing/investigating/reporting fraud or illegal activities, and conducting identity verification before we provide the Services or register you as a User. Furthermore, we will perform e-KYC by verifying your real-time selfie and matching your data through the Population and Civil Registry Office (Dukcapil).

Third-Party Integration
To share the necessary personal data with our Partner Banks, third parties, collection agencies, or authorized and relevant service providers in relation to the processing of personal data as described in this Privacy Policy, including facilitating application processes, providing transaction histories, or managing your financial obligations under strict confidentiality or cooperation agreements.

Eligibility Assessment by Partner Banks Issuing Credit Cards
As part of the credit card issuance process, our Partner Banks will assess your eligibility to receive a credit card, which may include financial eligibility assessments. Skorcard will assist in managing your credit history, including but not limited to providing information to our Partner Banks, so they can carry out their activities. We may also use your personal data to independently assess creditworthiness solely for our internal purposes, such as risk evaluation and improving our service delivery.

Providing Transaction Information and History
To provide information and a history of transactions made using credit cards issued through the Skorcard Platform, helping you analyze your spending patterns and habits.

Collection
We may cooperate with relevant third parties to contact you or the emergency contacts you have registered on the Skorcard Platform, including sharing your data with such parties to the extent permitted by applicable laws and regulations for the purpose of billing.

Service Improvement and Additional Service Provision
To enhance our services and user experience by:
- improving existing Services and developing new ones;
- communicating with you about our current or upcoming Services, including but not limited to terms and conditions, promotions, activities, and advertisements; and
- performing administrative functions, business operations, and ensuring compliance on the Skorcard Platform, including risk management, testing, and auditing.
Regulatory Compliance
To serve as a reliable reference for fulfilling legal obligations to which we are subject, as required by applicable laws and regulations, including those related to personal data protection.

II. USE OF YOUR PERSONAL DATA

The collection and use of your personal data will be carried out in accordance with our Terms of Use.

III. PROTECTING YOUR PERSONAL DATA

For your security, we implement safeguards to protect you from unauthorized access. These measures include internal reviews of our data collection, storage, and processing practices, as well as appropriate encryption and physical security measures to guard against unauthorized access to the systems where we store personal data. All information collected through the Skorcard Platform is securely stored in controlled data centers. Access to servers is restricted, password-protected, and includes necessary encryption, with access strictly limited.

In the event we appoint another party as a personal data processor to process your personal data, and such appointed processor acts beyond the instructions and purposes set by us, any consequences arising from such processing of personal data will be the sole responsibility of the appointed personal data processor, in accordance with the applicable laws and regulations related to Personal Data Protection.

DISCLOSURE OF PERSONAL DATA

To fulfill our obligations to you or to comply with applicable laws and regulations, your personal data may be disclosed and/or disseminated to third parties solely for the purposes specified in this Privacy Policy. These third parties include, but are not limited to, our affiliates (parent or subsidiary companies) and partners who cooperate with us in providing the Services, as well as government agencies authorized under applicable laws and regulations.

Subject to your explicit consent, we may use information generated through your use of the Services—excluding information collected from other sources such as email—for marketing purposes. This consent is entirely voluntary, and you may opt out of receiving marketing materials from us at any time by following the unsubscribe instructions included in every email you may receive. Additionally, if you wish to remove your contact information from all of our lists and newsletters, please click the unsubscribe button in the email sender or send a request to: wecare@skorcard.app.

Furthermore, to enhance your experience using the Skorcard Platform and to optimize user access traffic, we will also track your behavior using analytics tools. These analytics tools will be provided by third-party service providers appointed by us, and we reserve the right to add, discontinue, or change the current providers to other third-party analytics service providers. The information we collect for this purpose will be anonymized and will not be identifiable to you.

I. DISCLOSURE OF USER PERSONAL DATA TO THIRD PARTIES

For the purposes of our business activities and subject to applicable laws, you agree that your data, in an anonymous and non-identifiable form, may be disclosed and/or shared with our affiliates, group companies, and third parties such as external auditors, advisors, data survey/analytics service providers, and investors in accordance with this Privacy Policy.

In addition to the purposes mentioned above, with your consent, your personal data may be disclosed and/or shared for the following purposes:

As required by applicable laws and regulations:
As necessary to prevent an emergency or protect others from harm; and
For the public interest.

If we disclose and/or share your personal data with any third party, we will inform the third party of its confidential nature and their obligation to limit the use of the personal data to only those involved for the permitted purposes as necessary, and to handle the personal data in accordance with this Privacy Policy and applicable data protection laws.

We may disclose your personal data in connection with any merger, division, acquisition, consolidation, or dissolution ("Corporate Action") that we undertake with any parties involved in such Corporate Action. For the avoidance of doubt, if there is a change in our business, any personal data of Users that has been received, processed, and stored by us, as well as any future data you provide, will be transferred to the new owner, who may use your personal data in the same manner as set forth in this Privacy Policy.

In the event of a Corporate Action, we will notify you before and after the Corporate Action is carried out, via the Skorcard Platform and/or by sending you an email.

II. DATA TRANSFER TO FOREIGN COUNTRIES

By using the Skorcard Platform and agreeing to our Privacy Policy and Terms of Use, you acknowledge and consent that, in providing our Services, we may transfer, copy, and/or allow access to your personal data and/or Credit Information to or by parties outside the territory of the Republic of Indonesia, in compliance with applicable regulations.

We will ensure that such data transfers are conducted with adequate security measures, in accordance with the applicable laws and regulations.

YOUR RIGHTS AS A DATA SUBJECT

Subject to applicable data protection laws and regulations, by using our Services, your personal data protection rights will include the following processes:

Right to Access
This is the right of Users to access and obtain a copy of their personal data, subject to the data retention provisions outlined in this Privacy Policy. We will grant you access to your data within a maximum of 3 x 24 hours after receiving your request.

Right to Rectification
This is the right of Users to complete, update, and/or correct any errors and/or inaccuracies in their personal data. We will make the necessary corrections within a maximum of 3 x 24 hours after receiving the request.

Right to Erasure
This is the right of Users to terminate processing, delete, and/or destroy their personal data.

Right to Withdraw Consent
This is the right of Users to withdraw their consent for the processing of their personal data previously granted to us. If the User withdraws consent, we will stop processing their personal data within a maximum of 3 x 24 hours from the date we receive the withdrawal request.

Right to Restriction
This is the right of Users to delay or restrict the processing of their personal data, in a proportional manner, in accordance with the purposes outlined in this Privacy Policy.

Right to Data Portability
This is the right of Users to obtain and/or use their personal data in a structured and/or commonly used format that can be read by an electronic system.

Right to File a Complaint
This is the right of Users to submit complaints to the Regulatory Authority regarding the way personal data is processed, particularly in cases of personal data protection failure by us.

Right to Object
This is the right of Users to object to decision-making processes that are solely based on automated processing, which may result in legal consequences or significant impacts on them.

If you wish to exercise any of your data subject rights, please contact us at wecare@skorcard.app. The processing of your request, aside from the ones specified above, may take up to 30 (thirty) working days from the date of your request submission.

I. DENIAL OF YOUR RIGHTS AND EXEMPTION FROM COMPANY OBLIGATIONS

Subject to the provisions of the Personal Data Protection Law (UU PDP), we may be exempted from our obligations as a data controller to fulfill our duties as outlined in this Privacy Policy and/or applicable laws and regulations if the request is made for any of the following purposes:

National defense and security interests;
Law enforcement processes;
Public interest in state administration; and
Supervision of financial services, monetary policy, payment systems, and financial system stability, carried out as part of state administration.

We may refuse to grant your request to exercise your data subject rights in cases where:

National defense and security interests apply;
Law enforcement processes require it;
Public interest in state administration is involved;
Financial services supervision, monetary policy, payment systems, and financial system stability require the retention of such data; or
Statistical and scientific research purposes necessitate continued data processing.

COOKIE POLICY

Skorcard uses cookies to enhance user experience.

Users can choose to modify cookie settings through the Skorcard User Platform, including the option to reject cookies (this choice may affect the optimal availability of our services when using the Skorcard Platform);

We use the Google Analytics Demographics and Interest feature. The data we obtain from this feature—such as age, gender, user interests, and other identifying information—will be used to improve the features, facilities, and/or content on the Skorcard Platform;

We may use third-party features to enhance our Services and content, including evaluation, customization, and targeted advertisements based on user interests or browsing history. You can modify cookie settings within the Platform, though disabling cookies may affect service availability.

ADDITIONAL NOTES

I. EXTERNAL LINKS

The Skorcard Platform may contain links to other websites where we cannot guarantee your privacy and security. The inclusion of such links does not ensure that other websites will provide the same level of personal data protection as stated in this Privacy Policy. Therefore, you are fully responsible for your decision to access such websites.

II. NOTIFICATION OF PERSONAL DATA BREACH

If a personal data protection failure occurs within Skorcard’s capacity as a data controller, Skorcard will provide written notification to you via your registered account and/or email address on the Skorcard Platform within a maximum of 3 x 24 hours from the occurrence of the personal data breach.

Skorcard has established and enforces policies, procedures, and/or guidelines for the prevention and handling of personal data protection failures in accordance with Data Security Procedures.

III. CHANGES TO THE PRIVACY POLICY

We may modify or update this Privacy Policy at any time to comply with applicable regulations by sending notifications through the Skorcard application when changes occur. We also encourage you to periodically check the “Last Updated Date” of this Privacy Policy.

IV. LANGUAGE

This Privacy Policy is written in Bahasa Indonesia and English. If there is any inconsistency or difference in interpretation between the Bahasa Indonesia version and the English version, you agree that the Bahasa Indonesia version shall prevail, and the English version shall be automatically adjusted to align with the relevant parts of the Bahasa Indonesia version.

V. GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy and its implementation are governed by and interpreted in accordance with Indonesian law.

The parties agree that in the event of any dispute, conflict, or controversy, the dispute resolution method set forth in the "Dispute Resolution" clause of the applicable Terms of Use shall apply.

CONTACT US

If you have questions, comments, or suggestions regarding this Privacy Policy, please send your inquiries via wecare@skorcard.app. The process may take up to 30 (thirty) business days from the date of your request submission.