PT Bank Kridit Rakyat

This document explains how PT Bank Kridit Rakyat (“the Bank”, “we”) collects, uses, discloses, and protects personal data when you access the official site bankkriditraykat.biz.id or Android applications distributed via Google Play Developer under the developer name “PT BANK KRIDIT RAKYAT”.

The policy complies with Indonesian data protection laws, OJK guidelines, the Google Play Developer Program Policies, Google Family Policy, COPPA (Children’s Online Privacy Protection Act), and Google AdMob Program Policies.

Website: every page under bankkriditraykat.biz.id and its subdomains (secure.bankkriditraykat.biz.id, publikasi.bankkriditraykat.biz.id, etc.).

Android applications: any PT Bank Kridit Rakyat apps published on Google Play under the developer name “PT BANK KRIDIT RAKYAT”.

Third-party services: Google AdMob, Firebase, Google Analytics, fraud management platforms, and KYC providers used for operational needs.

Basic identifiers: name, national ID, account number, phone number, email address, and mailing address.

Financial information: details about savings, lending, deposit products, transactions, and service preferences.

Device data: IP address, device type, OS version, advertising IDs (AAID), app logs, and diagnostics for security purposes.

Location data: approximate location when users grant permission within the Android apps.

Children’s data: we do not intentionally collect information from children under 13. If we discover such data, it is removed per COPPA procedures.

Direct submissions through the website, mobile apps, or official email channels.

Google Play Services, Firebase Crashlytics, and Google Analytics for Firebase for device and performance telemetry.

AdMob advertising partners that provide signals for internal promotional campaigns.

Government/authority services such as Dukcapil and SLIK for mandatory KYC checks.

Verify identity and eligibility for banking products.

Send transaction alerts, product offers, and policy updates.

Serve contextual ads via AdMob without sensitive data.

Maintain platform security, prevent fraud, and satisfy audit requirements.

Fulfil legal obligations, respond to regulator requests, or resolve disputes.

Our Android apps may display ads via Google AdMob. Every ad unit is configured for general audiences and complies with Google Play, COPPA, and the Google Family Policy.

We do not target children under 13. If an app falls under the Families program, only certified ads are used.

Users can opt out of personalized ads through in-app settings or the Android device ad settings screen.

Explicit consent when users submit forms or enable specific features.

Contractual necessity for savings, loan, or treasury agreements.

Legal compliance with OJK, Bank Indonesia, and other applicable regulations.

Legitimate interest to prevent fraud, improve security, and enhance services.

Regulators and authorities: OJK, Bank Indonesia, LPS, and law enforcement upon valid requests.

Technology partners: Google (AdMob, Firebase, Analytics), cloud providers, SMS OTP gateways, and cybersecurity vendors.

Business partners: insurers, finance companies, or service providers bound by NDAs and data-processing contracts.

We never sell personal data. Cross-border transfers follow local regulations and international contractual safeguards.

Data is hosted in Indonesian data centers with replication to secondary facilities certified under ISO 27001.

Retention follows regulatory requirements (minimum 5 years for transactional records). Advertising and analytics data is stored for up to 26 months unless longer retention is mandated.

Once retention periods expire, data is deleted or anonymized using documented procedures.

We use TLS encryption, data-at-rest encryption, multi-factor authentication, 24/7 SIEM monitoring, and scheduled access reviews.

Security teams run penetration tests, configure WAF rules, and monitor intrusion indicators through our internal SOC.

Employees and vendors undergo security training and sign confidentiality agreements.

Access, update, or delete certain personal data.

Opt out of marketing communications or personalized advertising.

Request a copy of the data we hold in a reasonable format.

Submit complaints to OJK or relevant data-protection authorities when necessary.

Requests can be sent to contact@bankkriditraykat.biz.id with the subject line “Data Request”.

Users may manage notification preferences and advertising settings directly in the app or by contacting the release center.

To delete an account created within our mobile apps, email contact@bankkriditraykat.biz.id or submit a request via the in-app help center. We will verify identity and delete in-scope data within 30 days unless retention is legally required.

For Google Play data deletion, follow the instructions listed on the store listing to request removal of app-specific data from PT Bank Kridit Rakyat servers.

Our products are intended for users aged 13 and above. For any youth-focused literacy programs, we only process data after obtaining parental consent.

If we become aware of child data collected without permission, we will delete it immediately and notify the parent/guardian.

Email: contact@bankkriditraykat.biz.id

Phone: +62 274 555 800 (08:00–17:00 GMT+7).

Mailing address: Jl. Imogiri KM.5 55187, Bantul Regency, DI Yogyakarta, Indonesia.

We may revise this privacy policy at any time. Updates will appear on the website and, where applicable, inside the mobile apps.

Material changes—such as new data categories or processing purposes—will trigger renewed consent or provide an opt-out mechanism as required by law.