INFORMATION PRIVACY POLICY AT
PT Multi Utama Consultindo

This policy applies to all employees, consultants, administrative staff, and third parties (including vendors and business partners) who access, process, or store client and company internal data.

1. Personal Data: All data about individuals that are or can be identified directly and indirectly, namely:
   1. General Personal Data
   2. Specific Personal Data
2. Sensitive Data: Financial, tax, health, and other confidential data
3. Data Processing: Any action performed on personal data, including collection, storage, utilization, modification, transfer, and deletion
4. Data Subject: Individuals possessing personal data, including clients, employees, and other relevant parties
5. Data Security Incident: All forms of violation against the data security policy, including unauthorized access, data breaches, and system damage
6. The IT and information security management system teams: Teams responsible for the implementation of technical controls, encryption, system monitoring, and information system compliance audits

1. Confidentiality: Information on data subjects is kept confidential and may only be accessed by authorized parties.
2. Integrity: Data are stored accurately and not modified without permission.
3. Availability: Information must be available when required.
4. Access Minimization: Only relevant authorized individuals may access certain information.

1. MUC Consulting may collect data that are directly provided, including but not limited to:
   1. Complete name
   2. Email address
   3. Telephone number
   4. Company name and position
   5. Personal data sent through a job application and registration for webinars/events
   6. Tax information or business data sent for consulting purposes

2. Data are lawfully collected through a preliminary form, job or internship application, registration for webinars/events, publication downloads, or other interactions on our website and utilized for:
   1. Carrying out employee recruitment processes
   2. Making lists of webinar/event participants
   3. Providing tax, customs, accounting, or law consulting services upon request
   4. Inquiring information or offering service
   5. Sending relevant publication information, news, or regulation updates
   6. Carrying out statistical analyses, service improvements, etc. for internal operational purposes
3. We do not sell, lease, or trade any personal or company data to any third party.

Based on data protection regulations in Indonesia, data subjects have the right to:

1. Access and obtain copies of their personal data
2. Revise inaccurate data
3. Withdraw consent for data processing (if applicable)
4. Remove their personal data according to regulations
5. File an objection to data processing in certain conditions

We store the data securely only for as long as necessary according to the purpose of its collection and prevailing regulations. We apply technical and organizational safeguards to prevent unauthorized access, disclosure, modification, or destruction of any personal data.

1. Personal data will be stored for only as long as necessary for the purposes of its collection or as required by prevailing laws and regulations.
2. For data related to tax and contractual obligations, the retention period will follow prevailing provisions with a period of 10 (ten) years, unless otherwise stipulated by law.
3. Job applicant data that do not proceed to the recruitment stage will be retained for a maximum of 2 (two) years after the selection process concludes, unless the applicant provides consent for a longer period.
4. Data on seminar, webinar, or similar event participants will be retained for a maximum of 2 (two) years after the event takes place, unless in case of an operational need such as sending invitations for future events.
5. Once the retention period ends, the data will be securely deleted or destructed using appropriate methods, both physically and digitally.
6. Requests for data deletion by data subjects will be processed in accordance with internal data deletion procedures and prevailing legal provisions.

1. The top management is responsible for support and supervision of the implementation of this policy.
2. All staff must participate in information security training and maintain the integrity of clients’ data.
3. The IT and information security management system teams are responsible for the implementation of technical controls, encryption, system monitoring, and information system compliance audits.

The website may use cookies to enhance user experience, analyze site traffic, and deliver relevant content. The cookie preferences may be managed through browser settings.

If, in the business carried out, personal data are transferred outside the territory of Indonesia, such as for reporting to headquarters, MUC Consulting will:

1. Request an official written statement regarding the cross-border data transfer.
2. Require data subjects to ensure that the destination country/region provides a level of personal data protection that is equal to or higher than that in Indonesia.
3. Prepare a data transfer agreement, if necessary, to meet legal requirements under separate provisions.
4. Protect the data through technical safeguards (Virtual Private Network/VPN, encryption, firewalls).

Our website may contain links to external sites. We are not responsible for privacy practices of those websites and recommend reviewing their privacy policy separately.

1. Any data violation incident must be reported to the information security management system team within 24 (twenty-four) hours and followed up in accordance with the Incident Management Procedure.
2. Mitigation, reporting, and investigation measures will be carried out in accordance with the Incident Management Procedure.
3. If necessary, the violation report will be submitted to the relevant regulator within the timeframe set by law.

Violations of this policy will be subject to sanctions according to internal provisions and may result in legal action if such violations cause harm to the data subject.

This policy may be reviewed and updated periodically, once a year, or in line with changes in regulations, organizational structure, information systems, or our services. We will communicate any significant changes through this website.

For questions or requests related to this privacy policy, contact us at: