Privacy Policy | Hongsam Ink

Privacy Policy

Last Updated: 22 Januari 2025

1. Introduction

Hongsam Ink Indonesia (“we,” “us,” or “our”), operated by PT Laysander Technology, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website hongsam.ink and use our services.

This Privacy Policy has been prepared in compliance with:

  • UU No. 27 Tahun 2022 tentang Perlindungan Data Pribadi (PDP Law)
  • UU No. 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik (UU ITE)
  • UU No. 8 Tahun 1999 tentang Perlindungan Konsumen
  • International best practices including GDPR (General Data Protection Regulation)

Disclaimer: This Privacy Policy provides general information only and does not constitute legal advice. We recommend consulting with qualified legal counsel for specific compliance needs.

2. Information We Collect

2.1 Information You Provide to Us

Contact Form Data:

  • Full name (Nama Lengkap)
  • WhatsApp phone number
  • Email address
  • Location (city/region)
  • Messages and inquiries

Voluntary Information:

  • Product preferences
  • Business inquiries
  • Feedback and suggestions

2.2 Information Automatically Collected

Technical Data:

  • IP address (for geolocation purposes - Indonesian users only)
  • Browser type and version
  • Operating system
  • Device type and specifications
  • Referring website
  • Pages visited and time spent
  • Date and time of visit

Tracking Technologies:

  • Cookies and similar technologies
  • Google Analytics 4 data
  • Google Tag Manager event data
  • Pixel data (if applicable)

Under the PDP Law and GDPR, we process your personal data based on the following legal grounds:

  1. Consent (Persetujuan): When you voluntarily provide information through our forms and explicitly consent to processing
  2. Contract Performance (Pelaksanaan Kontrak): To process your inquiries and provide product information as requested
  3. Legal Obligation (Kewajiban Hukum): To comply with applicable laws and regulations
  4. Legitimate Interests (Kepentingan Sah): To improve our services, prevent fraud, and ensure website security

4. How We Use Your Information

We use the information we collect for the following purposes:

Lead Management & Follow-up:

  • Respond to your product inquiries via WhatsApp
  • Provide technical support and product recommendations
  • Schedule consultations or demonstrations
  • Track lead progression through our sales pipeline

Analytics & Performance:

  • Analyze website traffic and user behavior
  • Improve website performance and user experience
  • Optimize content and product offerings
  • Measure marketing campaign effectiveness

Communication:

  • Send product updates and industry news (with your opt-in consent)
  • Respond to your questions and requests
  • Provide order status updates (if applicable)
  • Send promotional materials (only with explicit consent)

Compliance & Security:

  • Comply with legal obligations
  • Prevent fraudulent activities
  • Ensure website security and integrity
  • Conduct internal audits and risk assessments

5. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes. Your information may be shared in the following circumstances:

Trusted Third-Party Services:

  • Google LLC: For Google Tag Manager and Google Analytics 4 (processed in accordance with Google’s privacy policy)
  • Cloudflare, Inc.: For website hosting, CDN services, and Workers for form processing
  • n8n (via Railway): For webhook processing and lead management automation
  • WhatsApp Business API (via Meta Platforms, Inc.): For customer communication and follow-up

Data Transfer Location:

  • Primary data storage: Indonesia (local servers)
  • Limited international transfers to EU/US via services with Standard Contractual Clauses (SCCs)
  • All international transfers comply with PDP Law cross-border requirements

Legal Requirements:

  • When required by law or to protect our rights, property, or safety
  • To comply with court orders, subpoenas, or legal processes
  • To protect against fraud, abuse, or security threats
  • With your explicit consent for specific purposes

Service Providers: We only share data with third-party service providers who:

  • Process data on our behalf under strict confidentiality agreements
  • Provide adequate security measures for data protection
  • Are subject to data protection laws and regulations

6. Data Security Measures

We implement appropriate technical and organizational security measures to protect your personal information:

Technical Security:

  • SSL/TLS encryption for all data in transit (HTTPS)
  • Secure password policies and access controls
  • Regular security updates and patches
  • Firewalls and intrusion detection systems
  • Data encryption at rest where applicable

Organizational Security:

  • Employee training on data protection and privacy
  • Restricted access to personal data on a need-to-know basis
  • Regular security audits and vulnerability assessments
  • Incident response and breach notification procedures
  • Data retention and disposal policies

Cloudflare Security:

  • DDoS protection
  • Web Application Firewall (WAF)
  • Bot mitigation
  • SSL/TLS certificate management

Important: No method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Data Subject Rights (Hak Anda atas Data Pribadi)

Under the PDP Law and GDPR, you have the following rights:

7.1 Right to Access (Hak Akses)

You have the right to request access to your personal data that we hold, including:

  • Confirmation of whether we process your data
  • Copy of your personal data
  • Processing purposes and categories of data

7.2 Right to Correction (Hak Koreksi)

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Deletion (Hak Penghapusan)

You have the right to request deletion of your personal data, subject to legal exceptions:

  • Ongoing business relationship
  • Legal obligations requiring retention
  • Establishment, exercise, or defense of legal claims

7.4 Right to Portability (Hak Portabilitas)

You have the right to receive your personal data in a structured, commonly used format and transfer it to another controller.

7.5 Right to Object (Hak Keberatan)

You have the right to object to processing of your personal data based on legitimate interests, unless we demonstrate compelling legitimate grounds for processing.

You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.7 Right to Restrict Processing (Hak Membatasi Pemrosesan)

You have the right to request restriction of processing when:

  • Accuracy of data is contested
  • Processing is unlawful but you oppose deletion
  • We no longer need the data but you require it for legal claims

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days in accordance with PDP Law requirements.

8.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide a better user experience. They enable functionality such as:

  • Remembering your preferences
  • Analyzing website traffic
  • Personalizing content

8.2 Types of Cookies We Use

Essential Cookies (Wajib):

  • Required for basic website functionality
  • Cannot be disabled
  • Include: session cookies, security cookies

Analytical/Performance Cookies:

  • Google Analytics 4 (GA4)
  • Help us understand how visitors use our website
  • Collect anonymous usage statistics

Functional Cookies:

  • Remember your preferences (language, location)
  • Enable enhanced features

Marketing Cookies (Opsional):

  • Track user behavior across websites
  • Enable personalized advertising (only with explicit consent)

We implement Google Consent Mode V2 to comply with privacy regulations:

  • Default State: All non-essential cookies are blocked by default
  • User Consent: Explicit opt-in required for analytical and marketing cookies
  • Granular Controls: Users can manage consent for each cookie category

You can manage your cookie preferences through:

  • Cookie Banner: Accept or reject non-essential cookies
  • Browser Settings: Block or delete cookies (may affect website functionality)
  • Contact Us: Request changes to your cookie preferences
  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Stored for up to 2 years (configurable)
  • Google Analytics: Up to 26 months (user-configurable)

9. Data Retention Policy

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy:

Lead Data:

  • Active leads: Up to 2 years from last activity
  • Inactive leads: Deleted after 1 year of inactivity

Analytics Data:

  • Google Analytics 4: Up to 26 months (default GA4 retention)
  • Aggregated data: Retained indefinitely for business analytics

Transaction Records:

  • Order inquiries: Up to 7 years (tax and legal requirements)
  • Customer communications: Up to 2 years

Cookie Data:

  • Session cookies: Deleted when session ends
  • Persistent cookies: Up to 2 years (user-controlled)

Upon request, we will delete your personal data unless retention is required by law.

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  1. Notify you within 72 hours of becoming aware of the breach (PDP Law requirement)
  2. Provide details including:
    • Nature of the breach
    • Categories of personal data affected
    • Likely consequences
    • Measures taken or proposed to address the breach

Notification Channels:

  • Email to your registered address
  • WhatsApp message (if applicable)
  • Website notification for widespread breaches

11. Children’s Privacy

Age Restriction: Our website and services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

Parental Consent: If we discover that we have inadvertently collected personal information from a child under 18, we will:

  • Immediately delete such information
  • Notify the parent or legal guardian
  • Take measures to prevent future occurrences

Educational Use: If we collect information from minors for educational or legitimate business purposes (with parental consent), we will:

  • Obtain verifiable parental consent
  • Limit data collection to what is necessary
  • Provide additional privacy protections

12. International Data Transfers

Your personal data may be transferred to and processed in countries other than Indonesia. We ensure that adequate safeguards are in place:

Adequacy Decisions:

  • Data transfers to EU countries with adequate data protection decisions
  • Compliance with GDPR cross-border requirements

Standard Contractual Clauses (SCCs):

  • We use SCCs for transfers to non-adequate countries
  • Clauses approved by the European Commission
  • Provide equivalent level of protection to Indonesian data

Binding Corporate Rules (BCRs):

  • For future intra-organizational transfers (if applicable)

Additional Safeguards:

  • Encryption of data in transit and at rest
  • Regular security assessments of third-party processors
  • Right to request information about international transfers

13. Third-Party Websites and Services

Our website may contain links to third-party websites, including:

  • Social media platforms (Facebook, Instagram, TikTok)
  • Printhead manufacturer websites
  • Industry partners and resellers

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • Updates to applicable laws and regulations
  • Changes in our services or technology

Notification of Changes:

  • Prominent notice on our website
  • Email notification to registered users (for significant changes)
  • Updated “Last Updated” date at the top of this policy

Your Continued Use: Your continued use of our website after changes to this Privacy Policy constitutes your acceptance of the updated terms.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Contact:

  • Email: [email protected]
  • Phone: (021) 5316-1450
  • WhatsApp: +62-812-9757-5570
  • Address: 
    PT Laysander Technology
Jl. Pahlawan Seribu, Ruko Golden Boulevard Blok R No. 21
BSD City, Tangerang Selatan, Banten
15321 Indonesia

Complaints and Appeals: If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

  • Komisi Informasi dan Transparansi Publik (KIP)
  • Otoritas Jasa Keuangan (OJK) (for financial data)
  • Lembaga Perlindungan Konsumen (LPK)

This Privacy Policy is effective as of January 22, 2025.

Legal References:

  • UU No. 27 Tahun 2022 tentang Perlindungan Data Pribadi
  • UU No. 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik
  • UU No. 8 Tahun 1999 tentang Perlindungan Konsumen
  • Regulation (EU) 2016/679 (GDPR)