Privacy Policy

The data controller responsible for your personal data is: PT Eterna Edukasi Nusantara Email: privacy@eternaindonesia.com For any privacy-related inquiries, you may contact our Data Protection Officer at the email address above.

We collect the following categories of personal data: 2.1 Information You Provide: - Account information: name, email address, password (encrypted), phone number - Profile information: avatar/photo, biography, username, social media links - Payment information: billing address, payment method details (processed by third-party payment providers; we do not store full card numbers) - Instructor application data: professional experience, expertise areas, LinkedIn profile, course proposals - Communication data: messages sent through the Platform, support inquiries, feedback 2.2 Information Collected Automatically: - Device information: browser type, operating system, device identifiers - Usage data: pages visited, courses accessed, time spent on Platform, click patterns - Learning data: course progress, quiz scores, completion records, certificate issuance - Engagement data: leaderboard scores, streak activity, review submissions - Log data: IP address, access timestamps, error logs - Cookies and similar technologies (see Section 8) 2.3 Information from Third Parties: - Authentication data from social login providers (if applicable) - Payment confirmation from payment processors - Referral information from users who invited you

Under the PDP Law, we process your personal data based on the following legal grounds: 3.1 Consent: Where you have given explicit consent, such as for marketing communications or optional data collection. 3.2 Contractual Necessity: Processing necessary for the performance of our agreement with you, including account management, course delivery, payment processing, and certificate issuance. 3.3 Legal Obligation: Processing required to comply with Indonesian laws and regulations, including tax reporting, consumer protection requirements, and regulatory requests. 3.4 Legitimate Interest: Processing necessary for our legitimate business interests, such as improving the Platform, preventing fraud, ensuring security, and conducting analytics, provided these interests do not override your fundamental rights.

We use your personal data for the following purposes: 4.1 Service Delivery: - Creating and managing your account - Providing access to courses, events, and Platform features - Processing payments and subscriptions - Issuing and verifying certificates - Delivering personalized learning recommendations 4.2 Communication: - Sending transactional emails (enrollment confirmations, payment receipts, event reminders) - Sending service notifications (account updates, policy changes) - Marketing communications (only with your consent; you may opt out at any time) 4.3 Platform Improvement: - Analyzing usage patterns to improve user experience - Conducting research on learning outcomes - Developing new features and services - Monitoring and maintaining Platform performance 4.4 Safety and Compliance: - Detecting and preventing fraud, abuse, and security incidents - Enforcing our Terms of Service - Complying with legal obligations - Responding to lawful requests from authorities 4.5 Gamification and Community: - Calculating and displaying leaderboard rankings - Tracking achievement milestones and badges - Managing referral programs and commissions - Facilitating community features (reviews, profiles)

We do not sell your personal data. We may share your data in the following circumstances: 5.1 Service Providers: We engage trusted third-party service providers who process data on our behalf, including: - Payment processors (Midtrans) for transaction processing - Cloud hosting providers for data storage and processing - Email service providers for transactional and marketing emails - Analytics providers for Platform usage analysis - Error tracking services (Sentry) for technical issue resolution 5.2 Instructors: Limited student data (name, enrollment status, course progress) may be shared with course Instructors to facilitate teaching. 5.3 Public Information: Information you choose to make public (profile, username, leaderboard ranking, reviews) will be visible to other Users. 5.4 Legal Requirements: We may disclose your data when required by law, regulation, legal process, or governmental request in accordance with applicable Indonesian law. 5.5 Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy protections. 5.6 With Your Consent: We may share your data for any other purpose with your explicit consent.

Your data may be processed and stored in servers located outside of Indonesia. When we transfer personal data internationally, we ensure that: 6.1 The receiving country has an adequate level of personal data protection as determined by applicable regulations; 6.2 Appropriate safeguards are in place, including contractual data protection clauses; 6.3 The transfer complies with the requirements of the PDP Law and Government Regulation No. 71 of 2019 on Electronic Systems and Transactions. By using the Platform, you consent to the transfer of your data to countries where our service providers operate.

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy: 7.1 Account Data: Retained for the duration of your account and for 5 (five) years after account deletion, as required by Indonesian tax and commercial regulations. 7.2 Transaction Data: Retained for 10 (ten) years in accordance with Indonesian tax law requirements. 7.3 Learning Data: Course progress and completion records are retained for the duration of your account. Certificate records are retained indefinitely for verification purposes. 7.4 Usage and Analytics Data: Aggregated and anonymized data may be retained indefinitely. Identifiable usage data is retained for 2 (two) years. 7.5 Communication Data: Support inquiries are retained for 3 (three) years after resolution. When data is no longer needed, it is securely deleted or anonymized in accordance with our data disposal procedures.

We use cookies and similar technologies to enhance your experience on the Platform: 8.1 Essential Cookies: Required for Platform functionality, including authentication, session management, and security. These cannot be disabled. 8.2 Analytics Cookies: Used to understand how Users interact with the Platform, helping us improve performance and user experience. 8.3 Preference Cookies: Remember your settings, such as language preference and theme selection. You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.

Under the PDP Law, you have the following rights regarding your personal data: 9.1 Right of Access: You may request a copy of the personal data we hold about you. 9.2 Right to Rectification: You may request correction of inaccurate or incomplete personal data. 9.3 Right to Deletion: You may request deletion of your personal data, subject to legal retention requirements. 9.4 Right to Restrict Processing: You may request that we limit the processing of your personal data in certain circumstances. 9.5 Right to Data Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format. 9.6 Right to Object: You may object to the processing of your personal data for direct marketing purposes. 9.7 Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing. To exercise any of these rights, please contact us at privacy@eternaindonesia.com. We will respond to your request within 3x24 hours as required by the PDP Law.

We implement appropriate technical and organizational measures to protect your personal data, including: - Encryption of data in transit (TLS/SSL) and at rest - Secure password hashing using industry-standard algorithms - Regular security audits and vulnerability assessments - Access controls limiting employee access to personal data on a need-to-know basis - Incident response procedures for data breach handling - Regular backup and disaster recovery procedures While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to use strong passwords and protect your login credentials.

The Platform is not directed to children under the age of 17. We do not knowingly collect personal data from children under 17 without parental or guardian consent. If we become aware that we have collected personal data from a child under 17 without appropriate consent, we will take steps to delete that data promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at privacy@eternaindonesia.com.

The Platform may contain links to third-party websites and services. We are not responsible for the privacy practices or content of these third parties. We encourage you to read the privacy policies of any third-party services you access through the Platform.

In the event of a personal data breach that may affect your rights and interests, we will: 13.1 Notify you within 3x24 hours of becoming aware of the breach, as required by the PDP Law; 13.2 Provide details about the nature of the breach, the types of data affected, and the measures we are taking to address it; 13.3 Report the breach to the relevant Indonesian authorities as required by law; 13.4 Take immediate steps to mitigate any potential harm and prevent future breaches.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated through the Platform or via email at least 30 (thirty) days before they take effect. We encourage you to review this Policy periodically. Your continued use of the Platform after changes become effective constitutes acceptance of the revised Policy.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at: PT Eterna Edukasi Nusantara Data Protection Officer Email: privacy@eternaindonesia.com Website: https://eternaacademy.com/contact You also have the right to lodge a complaint with the relevant Indonesian data protection authority if you believe your data protection rights have been violated.