Processing... Please Wait
PT Garuda Indonesia (Persero) Tbk (hereinafter referred to as “We,” “Us,” “Our,” or the “Company”) respects the privacy rights of its vendors, suppliers, business partners, and consultants (hereinafter referred to collectively as “Vendors”). This Privacy Policy explains the details of the information We collect from Vendors through the Garuda Indonesia e-Procurement website, as well as how that information is used, processed, stored, and protected. We encourage Vendors to read this Privacy Policy carefully.
This policy is established to provide clarity and assurance to Vendors that all processes involving the collection, use, storage, access, exchange, and protection of data are carried out in accordance with information security principles, including confidentiality, integrity, and availability, and complies with applicable laws and regulations.
We are committed to safeguarding the privacy of our Vendors and ensuring the protection of their Personal Data. Accordingly, we are committed to providing security and trust through the implementation of information security controls, system access management, activity monitoring, and technical as well as administrative safeguards to ensure the security of Personal Data and Vendors company data stored or processed within the Garuda Indonesia e-Procurement website.
SCOPE OF WORK
This Privacy Policy covers the following matters:
1. All Vendors, both those currently engaged in active business relationships and prospective Vendors that are still undergoing procurement, selection, or evaluation processes.
2. All business processes involving the Personal Data of Vendors or the Vendors company data , including but not limited to procurement activities, Vendors evaluation and selection, contractual processes, work execution, payment processing, performance monitoring, audits, and the management of business relationships.
3. All information systems, whether manual or electronic, used in the management of Personal Data. Manual systems include physical documents, paper forms, archives, and other non-digital storage media containing Personal Data. Electronic systems include applications, databases, e-Procurement systems, email, software, and other information technology infrastructure used to collect, store, process, transmit, and delete Personal Data.
CATEGORIES OF PERSONAL DATA COLLECTED
Garuda Indonesia may collect the Vendor's Personal Data as follows:
A. Legal Documents
Legal documents are documents required from prospective Vendors participating in procurement processes organized by the Company. Such legal documents include, but are not limited to:
1. Company Experience List
2. Deed Establishment of the Company, including:
2.1. Deed number; 2.2. Shareholder information (name, national identity number, place and date of birth); 2.3. Composition of the Board of Directors and Board of Commissioners (name, national identity number, place and date of birth).
3. Deed of Amendment to the Articles of Association, including:
3.1. Share ownership composition of shareholders; 3.2. Shareholder information (name, national identity number, place and date of birth); 3.3. Composition of the Board of Directors and Board of Commissioners (name, national identity number, place and date of birth).
4. Company Registration.
5. Power of Attorney from the Vendor’s Board of Directors to the Vendor’s authorized officer, including supporting data (name, national identity number, place and date of birth).
6. Taxpayer Identification Number
7. Business License
8. Business Entity Certificate
9. Financial Statements, including:
9.1. Profit and Loss Statement;
9.2. Balance Sheet for a specific period;
9.3. Total Assets;
9.4. Total Liabilities;
9.5. Total Equity.
10. Other relevant documents.
B. Administrative Documents
Administrative Documents are documents used to complement the legal documentation required from prospective Vendors participating in procurement processes organized by Company. The Administrative Documents include, but are not limited to, the following:
1. Personal Information Management: Signed consent for the management and processing of Personal Information in procurement activities.
2. Domestic Component Level (TKDN): Information on the percentage of domestic content utilization.
3. Conflict of Interest (COI) Declaration Letter.
4. Company Declaration Letter.
5. Employee Curriculum Vitae (CV), including:
5.1. Profile photograph 5.2. Educational background 5.3. Professional qualifications
INFORMATION COLLECTION
Garuda Indonesia may collect Vendors Personal Data when Vendors access or interact with our website or application. We may collect information such as IP address, browser type, operating system, referring website, web browsing behavior, device ID (for mobile applications only), and application usage.
PURPOSE OF USING YOUR INFORMATION
The collection of Personal Data and Vendor company data may be carried out, stored, used, processed, and shared by us and/or other institutions legally authorized to request such data, for one or more of the following purposes:
1. To comply with legal requirements, audits, and applicable laws and regulations, both within and outside the territory of Indonesia, as applicable to Company;
2. For the purposes of goods and/or services procurement processes, including the selection, evaluation, and management of Company Vendors;
3. For the execution of contracts, cooperation agreements, and other business relationships;
4. For administrative purposes, verification, invoicing, payment processing, and other financial transactions;
5. For the provision, exchange, and/or disclosure of data to subsidiaries, affiliated companies, or entities within the Garuda Indonesia Group, to the extent necessary to support operational activities, procurement processes, administrative functions, and the implementation of business cooperation in accordance with applicable regulations.
LEGAL BASIS FOR THE COLLECTION OF PERSONAL DATA
1. We will collect the Vendor's personal information (i) where we have the Vendor's consent to do so, (ii) where we need the information to perform a contract with the Vendor, or (iii) where processing is necessary for our legitimate interests and such interests are not overridden by the Vendor's rights. In certain circumstances, we may also have a legal obligation to collect the Vendor's personal information.
2. Where we collect and use the Vendor's personal information in connection with our legitimate interests (or those of any third party), we will explain to the Vendor, at the relevant time, what those legitimate interests are.
DISCLOSURE OF YOUR INFORMATION
We may disclose the Vendor's personal information to third parties for the following purposes:
1. Requests from Authorities
In the event of any process or action suspected of leading to unlawful conduct or non-compliance with applicable laws and regulations, we may disclose or share the Vendor’s information where we are required to do so to comply with any legal obligation, or when requested by a competent authority, or to enforce or apply our policies and other agreements, or to protect the rights, property, or safety of our users or others. This includes the exchange of information with other companies and organizations in relation to criminal violations.
2. To Support Our Services
We engage third parties to assist in providing our services, such as IT support providers. Such third parties are required to adequately protect the Vendor’s personal data and may only process such data in accordance with Company instructions.
3. Garuda Indonesia Group Procurement Centralization
The provision, exchange, and/or transfer of data to subsidiaries, affiliated companies, or entities within the Garuda Indonesia Group, to the extent necessary to support Vendors sourcing activities, procurement processes, and the implementation of cooperation arrangements in accordance with applicable regulations.
DATA RETENTION AND SECURITY
1. We retain the personal data we collect from Vendors where we have an ongoing legitimate business need to do so (ex. to perform verification in order to comply with applicable legal, tax, or accounting requirements), or for as long as necessary to fulfill the purposes described in this Privacy Policy.
2. Garuda Indonesia will take appropriate technical and organizational measures to protect Vendor’s personal data from loss, misuse, or unlawful processing by implementing appropriate technical measures and organizational policies.
VENDOR’S RIGHTS
Vendors have certain rights under applicable laws and regulations, including the right to obtain information regarding the processing of Personal Data and company data, the right to update and/or correct such data to ensure its accuracy, the right to access and obtain copies of data under Garuda Indonesia’s possession and control through the e-Procurement system, as well as the right to request the deletion of Personal Data to the extent permitted by applicable laws and regulations. To the extent such rights are available to Vendors under applicable laws and regulations, Vendors may exercise these rights by contacting the administrator of Garuda Indonesia’s e-Procurement system through the official communication channels provided.
Garuda Indonesia reserves the right to reject a Vendors request for access to, modification of, and/or deletion of part or all Personal Data and company data under its possession and/or control, based on the results of its verification process, where such rejection is permitted or required under applicable Personal Data Protection laws and regulations, company procurement policies, contractual obligations, audit requirements, dispute resolution processes, or any other applicable legal provisions.
PRIVACY POLICY UPDATE
We are committed to protecting the security and confidentiality of our Vendor’s information. Accordingly, this Privacy Policy may be updated from time to time to reflect changes in our Personal Data processing practices and applicable laws and regulations. If we update this Privacy Policy, we will take appropriate measures to notify Vendors, considering the significance of the changes made. Any updates or amendments will be published on our website.
CONTACT US
If the Vendor has any complaints, comments, or questions regarding this Privacy Policy, or wishes to access and/or correct its Personal Data, the Vendor may contact us via email at dataprotectionofficer@garuda-indonesia.com or contact us at the address below by clearly stating the subject line “PRIVACY POLICY” to:
PT Garuda Indonesia (Persero) Tbk Management Office Garuda City, Soekarno-Hatta International Airport Tangerang 15111, Indonesia P.O. Box 1004 TNG BUSH
ePROCUREMENT TERMS & CONDITIONS PT GARUDA INDONESIA (PERSERO) Tbk.
Each Vendor of PT Garuda Indonesia (Persero) Tbk ("Garuda") eProcurement application users declares to accept all terms as stated below.
I. GENERAL TERMS
1. Garuda eProcurement System is an application software used to facilitate Vendor and Garuda in order to conduct procurement process through internet media, including online Vendor registration. 2. All Vendors must obey Garuda eProcurement terms as stated in this terms as well as other policies issued by Garuda. 3. Transactions through eProcurement can be conducted only by Vendors who have registered and activated.
II. MEMBERSHIP REQUIREMENTS OF EPROCUREMENT GARUDA
1. Legitimate company is preffered and the company should have the capability and resources required in accordance with their business field. 2. To have an account in Garuda eProcurement system, the Vendor candidate should conduct the online registration. Submitted data should be correctly and accurately. Vendor should register the company business field in accordance to their capabilities and experiences. 3. Vendors can conduct transactions through the Garuda eProcurement System after receive their membership activation confirmation from the Garuda eProcurement system. 4. Vendors should update their data periodically. 5. Account in Garuda eProcurement System will automatically deactivated in case: • Vendor declared resignation as Garuda’s Vendor by sending an email to Business Support & General Affairs Unit and received a confirmation email for their resignation. • Against the Garuda Vendor Policy. • Vendors are blacklisted.
Garuda will review all vendor account periodically and reserves the right to de-activate the vendor account by considering vendor participations and performances.
6. Violation in Garuda eProcurement system are prohibited in accordance with applicable laws and business ethic in Indonesia. 7. Vendor should obey all applicable laws in Indonesia related to, but not limited to, the use of networks connected to services and transmission of technical data, both within Indonesia and outside of the territory of Indonesia through this system. 8. Vendors agree that any action to penetrate the system to conduct data manipulation are prohibited and categorized as violations. 9. If vendor is unable to comply with this terms and conditions, Garuda reserves the right to terminate the existing agreement (if any) or take any other necessary actions.
III. VENDOR RESPONSIBILITY
1. Vendor is responsible to maintain the confidentiality of their password, transactions and other activities related to their account, and also committed to not misuse their account. 2. Vendor agrees to inform Business Support & General Affairs Unit immediately if there is any account misuse or any security issues on their account.
IV. POLICY CHANGES
Garuda may revise, insert, or delete this terms and conditions at any time, with or without prior notice. Each Vendor is accept, commit and agree to any and all terms and conditions as set out in the revised terms and conditions.