Sisternet - Kebijakan Privasi Sisternet

Kebijakan Privasi Sisternet

PT XL Axiata Tbk. (“XL Axiata”) is a part of Axiata Group Berhad (hereinafter shall be referred to as “XL Axiata”, “us” or “we” or “our”). Respecting and protecting your privacy is an integral part of our business and we do not view this as an obligation, but rather as a commitment to maintain your confidence and trust. Our Privacy Position can be summarized by our below guiding Privacy and Data Protection principles:

TRANSPARENT: We are TRANSPARENT about what, why and how we collect and protect YOUR PERSONAL DATA so that YOU can make informed decisions.
RIGHTS: We respect YOUR RIGHTS as individuals, so YOU are in control of YOUR PERSONAL DATA.
USE: We USE YOUR PERSONAL DATA for specific and stated purposes and keep it for as long as required only.
SECURITY: We have established robust CYBER SECURITY PRACTICES in line with leading industry standards to protect YOUR PERSONAL DATA that YOU have shared with us.
TRANSFER: We take due care when TRANSFERRING YOUR PERSONAL DATA to third parties such as vendors, contractors, business partners and government authorities.

This Notice applies to personal data that we collect, generate or use when you subscribe to any of our products and services, use our applications online services, software-tools, other services and functionality we provide or visit any of our websites (collectively referred to as “Our Services”) unless a separate or supplementary, privacy policy is offered. We advise you to read this Notice alongside Terms and Conditions of our products/ services as they may contain product/service specific information on how we process your personal data.

This Privacy Notice applies to:
  • All the services offered by XL Axiata
  • Existing, past as well as potential customers

How XL Axiata collects your personal data

XL Axiata collects and uses your personal information with your knowledge and consent and typically when you:
  • Use XL Axiata’s wide range of products and services that are offered or for which you may choose to opt-in
  • Make customer enquiries, register for information or other services
  • Respond to communications from us (such as SMS, emails, questionnaires or surveys)
  • Interact with XL Axiata’s websites, such as submitting an application form, completing survey form, use online services. (If your browser has Internet cookies enabled, it can facilitate XL Axiata’s tracking of personal preferences, pages visited etc.)
  • Participate on XL Axiata’s social media pages, such as Facebook, Instagram, Twitter, LinkedIn and many others
  • Participate in XL Axiata’s promotional events, incentive or loyalty programs
  • Provide information through XL Axiata’s customer call centers, dealers and sales channels or any other affiliates or business dealings with XL Axiata by which you have consented to provide your personal information.
What personal data XL Axiata collects from you

The types of personal information that XL Axiata may collect include, but are not limited to:
  • Contact information (such as name, address, email address and telephone number)
  • Identification information (such as National ID (Kartu Tanda Penduduk (KTP)) passport identification number, tax registration number (Nomor Pokok Wajib Pajak (NPWP)) or social security number (nomor Badan Penyelenggara Jaminan Sosial (BPJS)), driver’s license (Surat Izin Mengemudi (SIM)), date of birth)
  • Demographic information (such as age range, marital status, gender)
  • Photographs, such as those that you may submit for contests or prize-winning competitions
  • Product specific information (such as preference, closed user groups (CUGs), friends and family who you chose to include in your service plan, credit limit)
  • Banking information (such as direct debit and related bill payment banking transactions)
  • Service account information (such as call usage, account balances, transaction history, credit information, billing, loyalty points)
  • Type and version of operating system, hardware version, device settings, software types, battery and signal strength, screen resolution, device ID (International Mobile Equipment Identity), manufacturer and model, language, and Internet browser type and version. The name and version of any Our Services (such as the app) you are using is also collected
  • Geographic location information, such as location inferred from your IP address or GPS, Base Station, Bluetooth or Wi-Fi Signal, satellite, telecommunications tower and information about how you engage with and use Our Services, for example where you have chosen to activate location-enabled services on the device with which you access these services
  • Some Our Services may allow you to use biometric information for identification or authentication or to take advantage of specific features. Biometric data may include your fingerprint, voice, audio, video or similar unique physical characteristics
  • We collect information from and about a wide variety of technologies where Our Services are used. The kind of information collected depends on the technology, the use, and the device and personal settings. Examples of these technologies might include computers, phones and tablets, but also interactive wearables, connected technologies in the home or other vehicles.

How XL Axiata uses your personal data

Your personal data may be collected, used or otherwise processed by us for, amongst others, the following purposes:
  • To our service or products:
    1. To provide you with our products, services and offers which may be of interest to you
    2. To notify you about benefits and changes to the features of our products and services
    3. To provide you with our latest offers, campaigns and promotions (where you subscribe to such updates)
    4. To understand how you interact with Our Services and provide you with the best experiences
    5. To provide you with the up to date security, versions, features, options and controls associated with your systems or devices.

  • To Communicate
    1. To send you service messages about our subscription or account registration
    2. To use your information for participation in our customer surveys or meetings
    3. Enable us to send you information by e-mail, telecommunication means (telephone calls or text messages) or social media about products and services offered by selected third parties that we think may interest you.

  • Business Operation
    1. To process payments, responds to customer service request
    2. To research and studies which may voluntary share personal information in order to participate
    3. For business operations perform accounting, auditing, billing, reconciliation and collection activities, including crime or fraud monitoring and prevention, protecting our legal rights, and performing contractual obligations.

  • For Functionality, Development & Improvement
    1. To provide network connectivity, measure usage levels of Our Services, diagnose server problems and provide security feature
    2. To testing, modifying, improving or developing new products, services and technologies and to identify trends.
    3. We may also use this information for security purposes.

  • For Advertising & Marketing
    1. We may use your device’s physical location, combined with information about what advertisements you viewed and other information we collect, to enable us to provide personalized content and to study the effectiveness of advertising and marketing campaigns.
    2. You may choose whether to allow or deny uses or sharing of your device’s location by changing your device settings, but if you choose to deny such uses or sharing, we may not be able to provide you with certain personalized Our Services and content.

Automated Decision-Making

In some instances, our use of your personal information may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.

Automated decisions mean that a decision concerning you is made automatically based on a computer determination (using software algorithms), without our human review which has legal or other significant effect. We use automated analysis to make predictions such as your level of interest products or services, or automated decision making to prevent theft, fraud or other crime. Our artificial intelligence solutions may lead to automated processing of data in a variety of fields. In the event that our automated decision making would have a legal effect or significantly affect you, we will implement measures to safeguard your rights, freedoms and interests, including performing privacy impact assessments to identify suitable measures to protect your rights, or obtain your explicit consent as required by applicable laws.

Legal Basis for Our use

Our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it.

We need the personal information to perform a contract with you, where we have a legal obligation to do so or where the processing is in our legitimate interests (such as processing for administrative purposes, direct marketing, product development or improvement, preventing fraud or criminal acts and in support of information security) and not overridden by your data protection interests or fundamental rights and freedoms.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the time of collection. We will also tell you whether the requirement for that information is mandatory and explain any consequences to you if you do not provide the information.

Similarly, if we collect and use your personal information based on our legitimate interests (or from any third party), we will take reasonable steps to provide clear notice and describe our legitimate interests.

XL Axiata is the Data Controller of all personal information collected, except where a supplemental privacy notice says otherwise. The contact details for XL Axiata are set out in the “Contact Us” section.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information for any specific processing activity, please contact us using the contact details provided under the “Contact Us” Section below.

Information about Children

If you are under the age of 18, you are required to obtain the consent of your parents or legal guardian before using our network, products and/or services.


Your personal data that has been collected and retained as long as required to meet the purposes mentioned above. We may store your personal data to provide the services you have requested, or for other essential purposes, such as complying with our legal obligations, resolving disputes, and enforcing our policies. The retention period for storage of personal data is based on the requirements of applicable laws. However, in the absence of any relevant laws, personal data will be stored where it is required for business purposes.

This personal data may be stored in:
  • Hard copy, or
  • Electronic format

We may keep your data in data centers or warehouses that are managed either by us or by service providers on our behalf. All our facilities, systems and products have been equipped with required security controls to ensure protection of personal data.

Retention periods can vary significantly based on the type of information and how it is used and our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When personal information is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.

Third Party Sites & Services

This Privacy Notice does not address, and we are not responsible for, the policies and practices of third parties or other organizations that are not operating on XL Axiata’s behalf, including policies and practices related to privacy and security, data collection, processing, use, storage, and disclosure. This includes:
  1. any third party operating any site or service to which Our Services linked – the inclusion of a link on Our Services does not imply endorsement of the linked site or service by us or by our affiliates; or
  2. any app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer (such as Facebook, Apple, Google, Microsoft, LinkedIn, etc.) - including any personal information you disclose to other organizations through or in connection with Our Services or our corporate Social Media Pages.


We endeavor to process your information in a safe environment by preventing any unauthorized or unlawful processing of personal data or accidental loss or destruction of, or damage to such information. We have implemented various physical, technical and administrative security measures to protect your personal data and our network from unauthorized access. These measures include:
  • Encryption of data in transit or at rest
  • Strict adherence to privacy and security practices
  • Periodic data audits and review to upgrade our practices
  • Restriction of access to such data to personnel who have a need to know such data.

We require our suppliers and vendors to apply similar protections when they access or use personal information that we share with them. Users of Our Services must also do their part in protecting the data, systems, networks, and service they are utilizing. No technology, data transmission or system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that your password to any of our account has been compromised), please immediately notify us by contacting us using the instructions in the “Contact Us” section below.

How XL Axiata share information

We work through our affiliates to provide some of Our Services. We also work with authorized suppliers and business partners. When we share your personal information with these companies, we put in place appropriate measures to limit the use of your information only for legal and authorized purposes that are consistent with this Privacy Notice, as well as appropriate confidentiality and security measures. For example, we rely on affiliates and partners, such as our resellers, to complete a purchase transaction or provide Our Services, such as support, that you have requested.

We also share information with third parties for advertising and marketing; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of Our Services; and to protect our legal rights.
  • With Affiliates and Companies related with Us (Sister Companies or Subsidiaries)
    For aligning our business strategy purposes, we also share personal information to our Affiliates and Companies related with Us (Sister Companies or Subsidiaries).
  • With Suppliers
    Our authorized vendors and suppliers may require personal information to provide services we have contracted for, including but not limited to, product delivery, website hosting, data analysis, IT services, auditing, payment processing or customer service. We use a wide variety of software and tools at XL and we process personal information using these tools as a regular course of business. Our contracts with suppliers and vendors include provisions to protect your information and limit its use. We also share non-personally identifiable information, such as anonymized or aggregated information, with suppliers for purposes such as analysis, identifying trends in the areas of our products and to help research and develop new Our Services.
  • With Partners
    We occasionally have relationships with third parties that are not suppliers or vendors but are working with us to offer certain opportunities such as sweepstakes, contests, and similar promotions, to enable joint products or research studies, or to facilitate services like message boards, blogs or other shared platforms. In these cases, additional terms or privacy notices may be provided. For third parties or uses not described in this Notice, we share your information only with a lawful basis to do so.
  • For Advertising & Marketing
    We share your information with our third-party company partners to prepare and deliver advertising and marketing content, to provide content services and to enable them to provide you with more personalized ads and to study the effectiveness of our campaigns.
    We use third-party companies to communicate regarding goods and services that may be of interest to you, in accordance with your preferences. You may receive this content by a variety of means such as email, phone or when you access and use the Our Services and other websites. Content may be based on information obtained, for example, through prior purchases or transactions, through your device’s physical location, through information about what advertisements and content you have viewed, or through cookies and similar technologies relating to your access to and use of the Our Services and other websites. You can choose whether to allow or deny uses and/or sharing of your device’s location by changing your device settings, but if you choose to deny such uses or sharing, our partners may not be able to provide you with the applicable personalized Our Services and content.
  • Research & Services Improvement
    We may disclose personal information to collaboration partners to conduct research to improve our technology, or the use of our technology, in various fields of study and to identify new uses or design new products.
  • Regulator & Law Enforcement institution
    If we are obligated or required by the applicable law and regulatory requirement, court order, administrative agency, government, statutory or regulatory bodies or applicable stock exchange, we may disclose your personal information as a compliance with prevailing law, regulation, detection or investigation of crime or fraudulent.

Mergers and Acquisitions

We may disclose personal information as part of a contemplated or actual corporate transaction such as a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Communication Preferences and Choices

XL Axiata takes reasonable steps to keep your personal data accurate, complete and up to date. You still may stop the delivery of promotional e-mail or other XL Axiata communications by contacting us on the below mentioned contact details. These choices do not apply to the receipt of mandatory product or service communications that are considered part of certain XL Axiata products or services, which you may receive periodically, unless you cancel the product or service.

Furthermore, XL Axiata does not require that you provide us with personal information. The decision to provide personal information is voluntary. However, if you do not wish to provide the personal information requested, you may not be able to proceed with the activity or receive the benefit for which the personal information is being requested.

Cross Border Data Transfer

With your consent, we may transfer your personal data across geographical borders to other entities, provided they ensure the same level of protection as us. The transfer of personal data is carried out under our standard contracts with appropriate data protection clauses or data transfer agreements with similar rights and obligations for the parties receiving this information to protect the security and confidentiality of your personal data.

XL Axiata does not sell, trade, transfer or otherwise share your personal information, except in the following instances:
  • With XL Axiata group companies, where necessary and within the limits of applicable law
  • As required by law, such as in conjunction with a subpoena, government inquiry, litigation, dispute resolution or similar legal process
  • With other carriers and operators when routing international calls
  • When we believe in good faith that disclosure is necessary to protect our rights, protect your security, investigate fraud or respond to a law enforcement request
  • With XL Axiata’s service providers, field engineers, contractors who work on our behalf and who do not have an independent right to use the information to which they have access or that we disclose to them
  • With our business partners for XL Axiata’s marketing activities, in such case no specific personally identifiable information is provided, as such information is generally aggregated
  • With third parties for research and development purposes
  • With third parties to operate our business
  • With our subsidiaries and affiliates, such as XL Axiata dealers.

Third parties must in all cases agree to a strict duty to keep all personal information confidential and to use it only for the purpose for which it was obtained.

Exercise Your Rights

We respect your rights and privacy and we manifest our stand by taking steps to ensure that your personal data is accurate and up-to-date. As our obligation under Data Retention Policy which being made pursuant to the prevailing laws and regulations we assure you that:
  • You have the right to know what personal data we have about you
  • You have the right to request a copy of your personal data, subject to our policy in requesting such copy of personal data
  • You have the right to correct your personal data, in case it is incorrect or incomplete
  • You have the right to withdraw your consent from our processing of your personal data, except for basic telecommunication service.

For exercising your rights, you can reach out to us through the details under Contact Us section given below.

Withdrawal of Service

Withdrawal may be carried out in XL’s certain services and subject to our approval. By withdrawing your consent to our service, it will result a loss of all or part of the service that you receive; this means that you are unable to receive or enjoy or optimize our service given to you.

Effects arising from failure to provide Personal Data

You will be able to access our website without providing your personal data. However, where any activity/services on our website/weblink requires us to collect certain personal data about you, failure to provide such information may:
  • Result in us being unable to respond to your requests on our products/services
  • Limit or prevent access to certain features on our website/weblinks
  • Result in us being unable to update you on latest updates regarding any promotions, our services/products or launches
  • Result in your inability to receive invitation to promotional activities organized by us.
Access or Correction of Customer Information

If you would like to correct or update your personal information, or to request access to, you may contact us to make such request by making a written request and send it to us through the way as described in the “Contact Us” section below. If you request a change to of your personal information, please note that we may still need to retain certain information for recordkeeping purposes, and/or to complete any transactions that you began prior to requesting such change (e.g., when you make a purchase or enter a promotion, you may not be able to change the personal information provided until after the completion of such purchase or promotion). Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.

At your request and where the law requires us to do so, we will confirm what personal information we hold about you. You may also have a legal right to obtain a copy of your personal information. You can make such a request by making a written request and send it to us through the way as described in the “Contact Us” section below. We may charge a processing fee for this service where permitted by law and we will require evidence of your identity before fulfilling your request.

By submitting your personal data to us, you acknowledge that:
  • You have read and understood this Privacy Notice and agree to the use of your personal data as set out herein
  • Your personal data may be transferred and processed worldwide, including countries that may not be deemed to provide the same level of data protection as your home country, for the purposes and in the manner specified in this Privacy Notice
  • All your representations are true and correct to the best of your knowledge, and you have not knowingly omitted any related information of adverse nature.
Contact Us

If you have any questions or concerns about this Notice, privacy and information handling practices as well as exercise any of your rights as described in this Notice, you can contact us at

Dispute Resolution

In cases of any suspected/actual violation of your privacy, in relation to your information that we process or store, you can lodge a complaint with the relevant regulatory authority or any other tribunal/court of competent jurisdiction.

Updates to the Privacy Notice

XL Axiata reserves the right to update this Privacy Notice, as and when need arises. This Notice shall prevail over any of its previous versions. We highly recommend that you check back here from time to time to stay informed of any changes.

Version Info

This Notice was last updated on 18th January 2021.

Hubungi Kami

  • XL Axiata Tower
  • Jl. H.R. Rasuna Said X5
  • Kav.11-12, Kuningan Timur
  • Setia Budi, Jakarta Selatan
  • Jakarta 12950