Privacy Policy

Telah diperbarui: 27/5/2024

Preface

We use this Privacy Notice to disclose the privacy practices for Institut Teknologi Bandung (ITB) in accordance with the relevant regulations, namely Law Number 19 of 2019 on Electronic Information and Transactions, and Law Number 14 of 2008 on Public Information Disclosure. We aim to assist you in understanding what Personal Data we collect, how we use it, and what control you have over it. This Notice applies only to data collected by www.itb.ac.id and all its subdomains. This Notice will specify the following:

  • What Personal Data is collected from the website. How Personal Data is collected, used, shared, stored, and processed. The security procedures are implemented to protect your data. Your rights and choices regarding the use of your data. How you can contact Us in case of issues such as correcting inaccuracies in your data or requesting deletion of your Personal Data.

Please read the following Privacy Notice to understand the processing, protection, and rights of your Personal Data.

About Us

Institut Teknologi Bandung (ITB) an Indonesian Legal Entity State University (PTN-BH) located in Bandung, Indonesia. ITB's mission is to innovate, share, and apply science, technology, art, and humanity and to produce excellent human resources for better Indonesia and the world. To achieve that mission, We collect and use the Personal Data that you provide. For the purpose of this notice, We act as the “Data Controller”. We act as the party that will determine how your Personal Data is used and processed.

We have appointed a Document and Information Management Officer (PPID) to assist with requirements, requests, and complaints regarding this Privacy Notice and the collection and Processing of your Personal Data. For details on how to contact us, see the Contact Information section at the end of this notice.

Collected Data

We collect your personal information when you voluntarily provide it to us, such as when you:

  • Create a user account
  • Register for a course or event
  • Send an email to us
  • Participate in a forum or survey

The personal information we collect may include your name, email address, postal address, phone number, and other demographic information. We may also collect information about your activity on the ITB academic website, such as the pages you visit and the time you spend on each page.

Use of Data

Your Personal Data can be used for the following purposes:

  • Customization of content and user experience
  • Processing your identity when you use the site under the domain www.itb.ac.id 
  • Account setup and administration
  • Conducting polling and survey
  • Internal research and development
  • Administrative and legal obligations
  • Internal audit
  • Recruitment process
  • Fulfillment of obligations outlined in each agreement with users
  • Fulfillment of obligations for education, research, and community service support activities
  • Collecting feedback and opinions about the services we provide
  • Notification to users about service change
  • Responding to your requests and comments

Legal Basis of Processing

We process Personal Data for the following purposes:

  • Purpose of legitimate interests, i.e. processing Personal Data for our interests provided that such interests do not override the interests, rights, and freedoms of the data owner. These interests include processing for research, learning, and business development purposes.
  • Public interest, i.e. processing Personal Data for the interests of the local government. These interests are those relating to censuses and administration that will be reported to the government.
  • Vital interest, which is processing that is carried out because it relates to the need for health to survive. This interest relates to Data Processing for health administration.
  • Contract, i.e. processing that is performed under a contract. The contract in question is such as an employee contract, researcher contract, and so on. The Data Subject must be part of the contract for this processing to take place.
  • Consent, which is processing that is carried out after obtaining permission or Consent to process data for a specific purpose. Thus, documentation and proof of processing are required because it is included in the Consent that has been collected in writing. For Data Processing based on Consent, you have the right to withdraw Consent to processing for a specific purpose, by filling in the objection form on the page https://ppid.itb.ac.id/keberatan.

Specific Data Access

To be able to fully access the site, you can access using an INA account that can be owned by students, staff/lecturers who have NIP, staff/lecturers/researchers who do not have NIP, and guests. To register for an INA account, visit https://dti.itb.ac.id/layanan-akun-ina. Certain data will be collected during this process, including your name and email address. This data is used to contact you, suggest appropriate Information, and improve your user experience.For administrative purposes to the relevant ministries namely the Ministry of Education, Culture, Research and Technology of the Republic of Indonesia, as a registered user or guest, your Personal Data will be provided in the form of name, position, study program, NIM/NIP, and courses taken/studied.

Personal Data may be used without knowledge or Consent in situations when legally required or permitted, or when Personal Data has been anonymized or disguised so that it is no longer associated with the Data Subject. This certifies that We have removed personally identifiable information so that the data We provide cannot be linked back to you as an individual.

Data Security

Securing your data is our priority, both online and offline. We have implemented appropriate safeguards to prevent Personal Data from being lost, misused, accessed, altered, or disclosed by unauthorized parties. We collect your Personal Data when you perform activities on all ITB websites. This data is encrypted and secured during its transmission. Secure web access can be verified by the lock icon in the address bar of your internet browser and by using “https” at the beginning of the web address, where “s” indicates a secure connection.

Employees and third parties are only provided with Personal Data on a need-to-know basis with the minimum amount they need to complete their specific job. All employees are also subject to confidentiality agreements and undergo annual training on the proper handling of sensitive data.

Procedures have been developed and tested to deal with potential data breaches. These procedures are designed to ensure that affected individuals and regulators are notified of the breach and damage is minimized.