1. Who We Are
The Nagarjuna Institute operates as a non-profit civil society foundation. We manage and control the personal data processed through our official website:
Under Law No. 27 of 2022 on Personal Data Protection (UU PDP), we act as the Personal Data Controller (Pengendali Data Pribadi).
2. Legal Basis for Processing Personal Data
We process personal data only when we have a lawful basis. Specifically, we rely on:
- Your consent
- Contractual necessity
- Legal obligations
- Legitimate organizational interests
For example, when you submit a comment, you provide consent for us to process the information entered. Moreover, you may withdraw your consent at any time.
3. What Personal Data We Collect
We collect limited personal data to operate our website effectively.
a. Identity and Contact Information
- Name
- Email address
- Website (if provided voluntarily)
b. Technical Information
- IP address
- Browser type
- Device data
- Cookies
c. User Content
- Comments
- Uploaded media files
Importantly, we do not intentionally collect sensitive personal data such as health, biometric, financial, or genetic information.
4. Why We Collect Your Data
We collect personal data to:
- Maintain website functionality
- Prevent spam and cyber threats
- Manage user accounts
- Improve website performance
- Comply with legal requirements
In addition, we use aggregated analytics data to understand visitor behavior. However, we do not use this data to personally identify visitors unless security or legal reasons require it.
5. Comments
When you leave a comment, we collect the information shown in the comment form. Additionally, we record your IP address and browser information to detect spam and ensure security.
We may send an anonymized hash of your email address to the Gravatar service to check whether you use it. After we approve your comment, your profile picture becomes publicly visible next to your comment.
6. Media Uploads
If you upload images, please remove embedded location data (EXIF GPS). Otherwise, other visitors may download and extract that information. Therefore, we recommend reviewing image metadata before uploading files.
7. Cookies
We use cookies to enhance your browsing experience.
For instance:
- Comment cookies store your name, email, and website for one year so you do not need to re-enter them.
- A temporary cookie checks whether your browser accepts cookies during login.
- Authentication cookies last for two days.
- Screen preference cookies remain for one year.
- If you select “Remember Me,” your login stays active for up to two weeks.
- When you edit or publish an article, your browser stores a cookie that identifies the post ID. This cookie expires after one day and does not contain personal data.
You can disable cookies through your browser settings. However, doing so may affect certain website features.
8. How We Share Data
We do not sell or rent your personal data. However, we may share limited information with trusted service providers, such as:
- Hosting providers
- IT support services
- Spam detection services
These providers support our operations. Furthermore, we require them to maintain confidentiality and protect your data.
9. International Data Transfers
Sometimes, our service providers operate outside Indonesia. In such cases, we ensure adequate data protection safeguards in accordance with Article 56 of UU PDP. For example, we may rely on contractual protections or obtain your consent when required.
10. How Long We Keep Your Data
We retain personal data only as long as necessary.
- We store comments and metadata to streamline moderation.
- We keep user profile data while accounts remain active.
- We retain certain information longer if the law requires it.
Once retention is no longer necessary, we delete or anonymize the data.
11. Your Rights Under UU PDP
As a data subject, you have several rights. For example, you may:
- Access your personal data
- Request corrections
- Withdraw consent
- Request deletion
- Restrict certain processing activities
- Request data portability
- File a complaint with the competent authority
To exercise these rights, please contact us through our official website.
12. How We Protect Your Data
We implement administrative, technical, and organizational safeguards. For example, we restrict access to authorized personnel and monitor our systems for security threats. Additionally, we regularly evaluate our data protection practices.
13. Data Breach Procedures
If a data breach occurs, we act promptly. First, we investigate the incident. Next, we assess the impact. Then, if required by law, we notify affected individuals within 3 x 24 hours. Finally, we take corrective measures to prevent recurrence.
14. Automated Processing
We do not conduct automated decision-making that produces legal or significant effects. However, we use automated tools for spam filtering and security monitoring.
15. Contact Information
If you have questions about this Privacy Policy or your personal data, please contact us through:
