Ditra Law Partnership (“Ditra“) is committed to safeguarding the confidentiality, integrity and security of personal data. This Privacy Policy outlines how Ditra collects, processes, uses, stores, and discloses personal data in connection with any interaction with Ditra, including the use of Ditra’s services, platforms, communications and other engagements. All data handling activities are conducted in compliance with applicable data protection laws and regulations in Indonesia.

By accessing Ditra services, communicating with Ditra, or submitting any personal data, all users, clients and external parties acknowledge and consent to the practices described in this Privacy Policy. Individuals who do not agree with the terms outlined herein are advised not to submit personal data to Ditra. For any questions or concerns regarding this Privacy Policy, contact Ditra at info@ditralaw.com.

Scope of Privacy Policy

This Privacy Policy governs all instances where Ditra collects, receives, uses or processes personal data from clients, counterparties, service providers, website visitors and other external parties. Situations covered include, but are not limited to:

1. Submission of personal data to Ditra, whether solicited or unsolicited.
2. Engagement of Ditra for legal, consultancy or professional services.
3. Involvement in legal matters where Ditra acts on behalf of a client and the data subject is a party to or otherwise connected with the matter.
4. Participation in transactions, cases or regulatory proceedings involving Ditra clients.
5. Completion of any application, registration or subscription forms issued by Ditra.
6. Attendance at Ditra-hosted or sponsored seminars, workshops or events.
7. Access or interaction with Ditra’s websites, online tools or digital communication platforms.
8. Receipt of Ditra newsletters, bulletins or marketing communications.
9. Conduct of publicly available data searches or verification activities as part of Ditra’s risk management, due diligence or business development processes.

Collected Data

Ditra collect various categories of personal data that identify you, which may include your name, contact information such as phone number and email address, financial information, and other similar details. In addition, Ditra may automatically gather certain non-personal data, including your IP address, browser type, operating system and other technical information. This data is used to improve your experience on Ditra website and for analytical and statistical purposes (collectively referred to as “Personal Data”).

Ditra collect Personal Data through multiple channels, including:

1. Direct submission by the data subject, either physically, electronically or through verbal communication.
2. Collection during the course of providing legal, advisory or consultancy services.
3. Use of Ditra’s websites, digital platforms and electronic communication tools.
4. Participation in Ditra’s training programs, webinars or professional forums.
5. Open-source and publicly available information, including government databases and registries.
6. Third-party service providers, business partners and professional contacts in accordance with lawful data sharing arrangements.

Use of Information

Personal data collected by Ditra may be used for the following purposes:

1. To deliver legal, consultancy and professional services to clients.
2. To manage, administer and develop client relationships and engagements.
3. To fulfill contractual, legal and regulatory obligations, including anti-money laundering and sanctions screening requirements.
4. To conduct client onboarding, background checks and conflict of interest assessments.
5. To communicate with clients, counterparties, authorities and other relevant parties.
6. To ensure the functionality, security and integrity of Ditra’s digital infrastructure.
7. To analyze service usage patterns for operational improvements and user experience optimization.
8. To maintain internal records, audit trails and risk management documentation.
9. To comply with applicable laws, regulations, professional standards and internal policies.
10. To establish, exercise or defend legal claims or rights.
11. To conduct research, data analytics and service development initiatives.
12. Where legally permitted, to deliver marketing and promotional communications consistent with applicable consent requirements.

Data Subject Rights

Subject to applicable laws and limitations, data subjects may exercise the following rights in relation to their personal data held by Ditra:

1. Right to access personal data and obtain information regarding its processing.
2. Right to request rectification of inaccurate or incomplete personal data.
3. Right to request deletion of personal data, subject to overriding legal or regulatory obligations.
4. Right to request restriction of processing in specified circumstances.
5. Right to data portability, where applicable, by obtaining personal data in a structured, machine-readable format.
6. Right to object to certain types of processing, including direct marketing.
7. Right to withdraw consent at any time where processing is based on consent.

Requests to exercise any of the above rights should be submitted in writing to info@ditralaw.com. Ditra reserves the right to verify the identity of the requester and to apply statutory exemptions where permitted.

Disclosure and Transfer of Personal Data

Ditra may disclose or transfer personal data to the following categories of recipients, strictly on a need-to-know basis and in compliance with applicable law:

1. Third-party service providers engaged for operational, administrative or professional support, subject to binding confidentiality obligations.
2. Courts, tribunals, law enforcement agencies, regulatory authorities and other government bodies, where required by law or legal process.
3. Co-counsel, expert witnesses, consultants and other professionals engaged for specific legal matters, subject to appropriate confidentiality undertakings.
4. Counterparties and their advisors in legal proceedings, as necessary to advance client interests or comply with procedural rules.
5. Any other party, where the data subject’s explicit consent has been obtained or where such disclosure is permitted or required under applicable law.

Where cross-border data transfers are involved, Ditra will implement adequate safeguards in accordance with Indonesian data protection laws and international best practices.

Retention and Data Storage

Ditra retains personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations or in accordance with Ditra’s internal data retention policies. When personal data is no longer required, Ditra will take appropriate steps to securely delete, anonymize or otherwise render such data inaccessible and unusable.

Periodic reviews of stored personal data are conducted to ensure continued compliance with retention schedules, legal obligations and risk management policies. In situations where immediate deletion is not feasible, appropriate technical and organizational measures will be implemented to restrict further processing.

Security

Ditra implements robust administrative, technical and physical safeguards to protect personal data against unauthorized access, loss, misuse, alteration or disclosure. Security measures include, but are not limited to, encryption, access controls, intrusion detection, secure storage and regular vulnerability assessments.

Ditra’s data protection protocols are periodically reviewed and enhanced to align with industry standards and evolving threats. All personnel handling personal data are subject to confidentiality obligations and receive regular data protection training.

Third-Party Links

Ditra’s websites, newsletters and other digital materials may contain links to external websites or online platforms not operated or controlled by Ditra. This Privacy Policy does not govern the privacy practices of such third parties. Ditra accepts no responsibility or liability for the content, security or data handling practices of external sites.

Users are strongly advised to carefully review the privacy notices of any third-party websites before submitting personal data.

Updates to this Privacy Notice

Ditra reserves the right to amend, modify or update this Privacy Policy at its sole discretion to reflect changes in legal requirements, regulatory guidance or Ditra’s data processing practices. The most current version will always be posted on Ditra’s official website, with the effective date clearly indicated.

Data subjects are encouraged to review this Privacy Policy periodically to remain informed of any updates. Continued interaction with Ditra, including the use of services or submission of personal data, following any updates will constitute acknowledgment and acceptance of the revised terms.