This Privacy Policy explains how PT Beklen Royal Lestari (“Provider”, “we”, “us”, or “our”) collects, uses, stores, processes, discloses, and protects personal data in connection with the Services. By accessing or using the Services, Customer acknowledges that personal data may be processed as described in this Privacy Policy.
1.1 This Privacy Policy applies to personal data processed through the Services, including website access, account registration, dashboard use, desktop agent use, billing, onboarding, support, and related communications.
For purposes of this Privacy Policy:
“Customer” means any individual or legal entity subscribing to, purchasing, accessing, or using the Services.
“Customer Data” means any data, mailbox-related operational data, account data, support data, configuration data, technical data, personal data, and other information submitted by, for, or on behalf of Customer, or processed in connection with the Services.
“Personal Data” means personal data, personal information, or equivalent term under applicable law.
“Services” means SIP Shield website access, dashboard, desktop agent, onboarding, support, maintenance, updates, and related services made available by Provider.
The controller of Personal Data for purposes of the Services is:
PT Beklen Royal Lestari
Jalan Raya Tapos No. 57 RT. 001 RW. 011, Depok, Indonesia 16457
Email: help@sipshield.id
Depending on Customer’s use of the Services, Provider may process:
a. identity and account data, including name, email address, username, verification records, and account status;
b. contact data, including phone number, company details, correspondence details, mailing address, or billing contact information;
c. subscription and transaction data, including selected plan, invoice details, payment status, and transaction references;
d. technical and device data, including IP address, browser type, operating system, application version, device identifiers, and error logs;
e. mailbox-related operational data, including mailbox identifiers, configuration data, sender data, email metadata, message header information, classification outcomes, and quarantine status; and
f. support and communications data, including support requests, diagnostic information, onboarding records, and troubleshooting correspondence.
Provider may process Personal Data for purposes including:
a. registering and managing accounts;
b. verifying Customer identity and mailbox ownership or authorization;
c. providing, maintaining, securing, and improving the Services;
d. analyzing suspicious email patterns, spam indicators, and phishing-related characteristics;
e. operating quarantine, filtering, and inbox hygiene functions;
f. processing subscriptions, billing, and invoicing;
g. providing onboarding, support, and technical assistance;
h. communicating service notices, administrative updates, and security alerts;
i. enforcing contractual terms and protecting the integrity of the Services;
j. complying with legal obligations, lawful requests, court orders, regulatory requirements, or law-enforcement requests; and
k. establishing, exercising, or defending legal claims.
Provider processes Personal Data only where permitted by applicable law, including where:
a. processing is necessary for performance of a contract;
b. processing is necessary for compliance with a legal obligation;
c. processing is based on valid consent, where consent is required;
d. processing is necessary to protect vital interests, where applicable; and/or
e. processing is necessary for Provider’s legitimate and lawful interests, provided those interests do not override applicable rights.
7.1 SIP Shield is designed to use a local desktop component in connection with mailbox handling.
7.2 Where technically implemented in that manner, mailbox credentials may remain on Customer’s own desktop device rather than being stored on Provider’s VPS.
7.3 Limited operational, configuration, diagnostic, support, or compliance-related data may nevertheless be transmitted to or processed by Provider where necessary for service delivery, maintenance, security, or legal compliance.
Provider may disclose Personal Data to:
a. employees, officers, and authorized personnel on a need-to-know basis;
b. Affiliates or related companies, where lawful and operationally necessary;
c. hosting providers, software vendors, infrastructure providers, support providers, payment processors, analytics providers, and other service providers supporting the Services;
d. auditors, accountants, legal advisers, insurers, and professional consultants;
e. competent governmental, supervisory, judicial, or law-enforcement authorities where required by law or lawful request; and
f. parties involved in merger, acquisition, financing, restructuring, or transfer of all or part of Provider’s business, subject to appropriate safeguards.
Provider does not sell Personal Data as a commercial data broker.
9.1 The Services may rely on infrastructure, software tools, support systems, or vendors that process data in Indonesia and/or other jurisdictions.
9.2 Where Personal Data is transferred outside the Republic of Indonesia, Provider shall use reasonable efforts to implement legally required safeguards to the extent applicable.
10.1 Depending on the specific use case and customer relationship, Provider may act as an independent controller with respect to certain account administration, billing, fraud prevention, service security, and legal compliance data.
10.2 Provider may also process certain Customer-related data on behalf of Customer in connection with delivery of the Services.
10.3 The allocation of those roles may be further clarified in a separate customer contract or data processing agreement where appropriate.
11.1 Provider retains Personal Data only for as long as reasonably necessary for the purposes for which it was collected and processed, including contractual performance, business continuity, security, support, audit, tax, accounting, dispute handling, and legal or regulatory compliance.
11.2 When Personal Data is no longer required, Provider will delete, anonymize, or securely dispose of it in accordance with applicable law and retention practices.
12.1 Provider implements reasonable administrative, technical, and organizational safeguards to protect Personal Data against unauthorized access, disclosure, alteration, destruction, loss, misuse, or unlawful processing.
12.2 Such safeguards may include access controls, authentication safeguards, limited internal access, logging, monitoring, and secure transmission practices.
12.3 If Provider becomes aware of a confirmed security incident materially affecting Personal Data processed in connection with the Services, Provider shall use commercially reasonable efforts to notify affected Customer without undue delay, subject to legal, security, and investigatory limitations.
Subject to applicable law, Customer or relevant data subjects may have rights to:
a. obtain information regarding the processing of Personal Data;
b. access and request a copy of Personal Data;
c. request correction, completion, or updating of inaccurate or incomplete data;
d. withdraw consent, where processing is based on consent;
e. request deletion or destruction of Personal Data where permitted by law;
f. request restriction of certain processing activities;
g. object to certain processing where permitted by law; and
h. submit a complaint or seek legal remedy in accordance with applicable law.
Provider may require identity verification before acting on any request.
14.1 The website may use cookies, session tokens, and similar technologies to support site operation, login management, performance analysis, service security, and user experience.
14.2 Where required by applicable law, Provider will seek consent for non-essential cookies or similar technologies.
The Services may contain links to third-party websites, payment providers, software integrations, or messaging channels. Provider is not responsible for the privacy, security, or content practices of such third parties.
The Services are not intended for children or for persons who are not legally competent to enter into binding agreements under applicable law. Provider does not knowingly collect Personal Data from children without lawful basis and any necessary authorization.
17.1 This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Indonesia.
17.2 Any dispute, controversy, or claim arising out of or in connection with this Privacy Policy shall first be attempted to be resolved amicably through good-faith consultation.
17.3 If unresolved within thirty (30) calendar days from written notice of dispute, the dispute shall be finally resolved by arbitration administered by BANI Arbitration Center in accordance with the BANI rules in force at the time the notice of arbitration is submitted.
17.4 The seat of arbitration shall be Jakarta, Indonesia.
17.5 The language of arbitration shall be English.
17.6 The arbitral tribunal shall consist of one (1) arbitrator, unless otherwise required by the applicable rules or the nature of the dispute.
17.7 The award shall be final and binding.
17.8 Nothing in this Section prevents either party from seeking interim or conservatory relief from a competent court.
Provider may amend or update this Privacy Policy from time to time. Updated versions become effective upon publication or notice, unless otherwise stated.
PT Beklen Royal Lestari
Jalan Raya Tapos No. 57 RT. 001 RW. 011, Depok, Indonesia 16457
Email: help@sipshield.id
WhatsApp: +62 811-8049-911