Respecting Your privacy and protecting Your Personal Data has always been a primary commitment of PT Kredivo Finance Indonesia (“Kredivo”). When Processing Your Personal Data, Kredivo always prioritizes the importance of compliance with applicable Data Protection Laws. Therefore, Kredivo has prepared this Privacy Statement to establish the basis and procedures for Processing Your Personal Data, which is used and managed by Us solely to fulfill the Purposes as referred to in this Privacy Statement.

 

Please read this Privacy Statement carefully to ensure that You understand the terms surrounding Our Processing of Your Personal Data.

 

1. What do You need to understand about this Privacy Statement?

To facilitate Your understanding of this Privacy Statement, We have included provisions regarding definitions, scope, prevailing law, amendment, separability, and applicable language.

 

A. Definition

Unless otherwise defined in this Privacy Statement, all capitalized terms used in this Privacy Statement have the following meanings:

1. “Affiliates” mean any companies or other entities that, directly or indirectly, control, are controlled by or are under common control with Kredivo.
2. “Child” or “Children”, depending on the context and the series of words used in a sentence, is a person who is under 18 (eighteen) years of age and is not legally competent or as further defined under applicable laws and regulations, including the Data Protection Laws.
3. “You” means User, Merchant, Partner, prospective User, prospective Merchant, prospective Partner and/or Visitor (as relevant).
4. “Applications” means the Kredivo Application, Kredivo Seller Application, and KrediMitra Application.
5. “Kredivo Application” is a mobile application that We manage to provide Our Services to You as a User.
6. “KrediMitra Application” is a mobile application that We manage for You in the process of registering You as a Partner, and also as a source of information related to Your role as a Partner in providing Our Services to prospective Users and/or the public in general.
7. “Kredivo Seller Application” is a mobile application that We manage to provide Our Services to You as a Merchant.
8. “Bank of Indonesia (Bank Indonesia)” or abbreviated as “BI” is the Central Bank of the Republic of Indonesia, which is a State institution that is independent in carrying out its duties and authorities, free from interference from the Government and/or other parties, except for matters expressly regulated in applicable laws and regulations.
9. “Personal Data” is data about an individual who is identified or can be identified individually or in combination with other information either directly or indirectly through electronic or non-electronic systems.
10. “Data Protection Laws” mean all laws and regulations in force in the territory of the Republic of Indonesia and regulates the protection of Personal Data, including but not limited to; Law Number 27 of 2022 on Personal Data Protection, Law Number 4 of 2023 on Development and Strengthening of the Financial Sector, Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions, OJK Regulation Number 22 of 2023 on Protection of Consumers and the Community in the Financial Services Sector, BI Regulation Number 3 of 2023 on Protection of Bank of Indonesia Consumers, along with all implementing regulations thereof and amendments thereto, as applicable from time to time.
11. “We” or “Kredivo” is PT Kredivo Finance Indonesia, a limited liability company that carries out financing business activities that are licensed and supervised by the OJK.
12. “Services” are financing and credit card business activities, as well as other business activities subject to the provisions of applicable laws and regulations, including related OJK regulations and BI regulations, as available in Our Applications and Sites.
13. “Merchant” is a merchant who has a partnership with Us and uses Our Services on the Kredivo Seller Application and Our Sites.
14. “Partner” is an individual who is Our independent partner who promotes and offers Our Services to prospective Users and/or the public in general.
15. “Financial Services Authority (Otoritas Jasa Keuangan)” or abbreviated as “OJK” is an independent institution free from interference from other parties which has the functions, duties and authorities to regulate, supervise, inspect, and investigate in the financial services sector as regulated in the applicable laws and regulations.
16. “Processing”, “Process”, “Process(es)” or “Processed”, depending on the context and the series of words used in a sentence, is the activity of acquiring and collecting, processing and analyzing, storing, Disclosing, deleting and/or destroying Personal Data.
17. “Users” are parties who use Our Services on the Kredivo Application.
18. “Disclosure”, “Disclosing”, “Disclosed” or “Become Disclosed”, depending on the context and the series of words used in a sentence, is the activity of displaying, announcing, sending, disseminating and/or opening access to Personal Data.
19. “Visitors” are the party who visits Our Sites.
20. “Competent Authorities” are institutions or agencies that have authority based on applicable laws and regulations, including but not limited to; ministries, non-departmental institutions (such as the OJK), courts, and law enforcement officers.
21. “Third Parties” are parties, such as, among others; Competent Authorities, service providers supporting Our business activities, partners,  consultants, contractors, vendors, agents and/or other parties who collaborate with Us.
22. “Sites” are the sites managed by Us to provide Our Services to You, such as, among others; the site www.kredivo.id. 
23. “Purposes” mean Kredivo’s purposes in Processing Your Personal Data as referred to in this Privacy Statement.

B. Scope

This Privacy Statement applies to those of You who use the Services We provide in Our Applications and Sites, namely Users, Merchants, Partners, prospective Users, prospective Merchants, prospective Partners, and Visitors (as relevant).

 

C. Applicable law
This Privacy Statement is subject to and interpreted in accordance with the applicable laws and regulations of the Republic of Indonesia.

 

D. Amendment
We may review and amend this Privacy Statement at Our sole discretion to ensure that the provisions in this Privacy Statement are consistent with Our future developments, and/or if there are changes in laws and regulations and/or orders from the Competent Authorities for Us to modify the provisions in this Privacy Statement.

We will notify You of this notice through the public notification channels We provide on Our Applications and/or Sites or through a personal notification to Your registered email address. To avoid any failure in the delivery of personal notifications to You, please ensure that the email address You provide to Us is accurate and remains active at all times.

Accordingly, You hereby agree and are solely responsible to periodically review all provisions set out in this Privacy Statement.

 

E. Separability
If any provision of this Privacy Statement is declared void or unenforceable by virtue of a statutory regulation, order of a Competent Authorities and/or for any other reason, such circumstances shall not automatically invalidate the remaining provisions of this Privacy Statement.

 

F. Language

This Privacy Statement may be prepared in Bahasa Indonesia and other foreign languages. In the event of any discrepancy in terminology or interpretation between Bahasa Indonesia version and other foreign languages version, the terminology or interpretation of Bahasa Indonesia version shall prevail.

 

2. What Personal Data do We Process?

For the fulfillment of the Purposes referred to in this Privacy Statement, Kredivo is required to collect and Process Your Personal Data. The Personal Data in question are as follows:

 

A. If You are a User or a prospective User:
Full name, mobile phone number, e-mail address, identification card number, educational background status, marital status, employment information (including type of employment, position held, total length of employment, and income), residential and domicile address, location data, IP address, biometric data, age, place and date of birth, gender, personal transaction data, personal photo, personal digital account identification data, and the signature of the Users or prospective Users.

 

B. If You are a Merchant or a prospective Merchant:
Full name, title, telephone number, e-mail address, contact address, personal location address, IP address, signature, and employment information (such as title) of the owner, Director, Commissioner, and authorized representative of the Merchant or prospective Merchant.

 

C. If You are a Partner or a prospective Partner:
Full name, title, telephone number, e-mail address, contact address, personal location address, IP address, signature, and employment information (such as title) of the Partners or prospective Partners.

 

D. If You are a Visitor:
IP address, and personal location data.

 

3. Do We Process Children’s Personal Data?
We do not provide any Services to Children. Parents or legal guardians who discover that their Child has submitted Personal Data to Us without the consent of such parents or legal guardians may contact Us through the channels specified in this Privacy Statement. If We become aware that You are a Child using Our Services, We may, at any time, cease the provision of Our Services to You.

 

4. What is the basis on which We Process Your Personal Data?
We may Process Your Personal Data solely on the basis of the consent that You have provided to Us, including Your consent to this Privacy Statement. You have the right to withdraw Your consent for Us to Process Your Personal Data in accordance with the applicable Data Protection Laws. Please be advised that the withdrawal of Your consent for Us to Process Your Personal Data may result in Our inability to provide the Services to You, as applicable. In the event of such withdrawal of consent, We recommend that You notify the Third Parties collaborating with Us of the withdrawal, so that such Third Parties may cease the Processing of Your Personal Data.

In addition, We may Process Your Personal Data on the basis of the performance of Our contractual obligations to You, compliance with legal obligations, as well as other legitimate interests, all in accordance with the applicable Data Protection Laws.

 

5. Why do We Process Your Personal Data?
Based on the nature of Our relationship with You, Kredivo is required to Process, including to Disclose, Your Personal Data for the fulfillment of the following Purposes:

 

A. If You are a User or a prospective User:

1. The provision, development, updating and enhancement of financing facilities for You, including the Services We provide or Third Party services in collaboration with Us and available through Us;
2. Your documentation and background checks, including conducting identification, verification, due diligence or Know Your Customer (KYC);
3. Conducting evaluations, risk and/or credit assessments, making decisions in relation to your risks profile, credit risk, and/or eligibility to obtain Our Services, as well as creating and maintaining credit and risk models associated with You;
4. Performing the fulfillment of contractual obligations between You and Us, including the enforcement of the terms of use of the Services that We have agreed to provide to You;
5. Monitoring Your use of Our Services and/or services of Third Parties cooperating with Us and made available through Us, as well as conducting investigations into suspicious transactions or transactions indicated to violate the provisions of the agreement between You and Us and/or applicable laws and regulations, and carrying out necessary actions to follow up on such investigations;
6. Managing Your requests relating to the exercise of Your rights over Personal Data that You have submitted to Us in accordance with applicable Data Protection Laws;
7. Communicating with You, including but not limited to providing information regarding updates, additions, delays, replacements, and termination of the Services that We provide or services of Third parties cooperating with Us and made available through Us, if You are a User;
8. Facilitating the handling of inquiries and/or complaints submitted by You to Us, including conducting follow-up communications with other relevant parties in connection with the handling of such inquiries and/or complaints submitted by You to Us, as relevant;
9. Analyzing Your Personal Data for the purposes of scientific statistics, business analysis, testing, research, improvement, and enhancement of Our Services or Our commercial partnership with Third Parties cooperating with Us;
10. Processing for the purposes of market research, development of marketing strategies and marketing campaigns (as relevant), and customization of the content of notifications or messages that We send or materials that We display to You;
11. Personalization of Our Services and/or services of Third Parties cooperating with Us and made available through Us to fulfill Your interests and needs;
12. Managing Our infrastructure and business operations in accordance with Our internal policies and procedures;
13. Implementing security measures for the processing of the Services that We provide to You, which includes preventive, detection, investigation, and/or enforcement measures against violations in the implementation of Our Services;
14. Carrying out legal actions undertaken by Us or against Us and/or Our Affiliates, particularly in the event that We conduct a corporate action or We become the object of a corporate action in the form of consolidation, merger, acquisition, assets sale and purchase, restructuring, separation, and/or financing;
15. Recording Your Personal Data in data centers and disaster recovery centers managed by us and Third Parties, including recording by Competent Authorities, such as through the Financial Services Information System (Sistem Informasi Layanan Keuangan (“SLIK”)) managed by OJK, as well as Third Parties providing supporting services for Our business activities who collaborate with Us;
16. Fulfilling legal obligations, responsibilities, or orders arising from applicable laws and regulations or orders from Competent Authorities, such as obligations of audit and reporting to the OJK;
17. Implementing cooperation with Third Parties with the intention that such Third Parties may support Us in providing Our Services and/or Processing Your Personal Data on Our behalf, including but not limited to; providers of products and services in the field of financing, payment gateways, verification, electronic certification, technology, marketing, consulting, auditing, and/or other fields insofar as not prohibited and not contrary to applicable laws and regulations;
18. The interests of fulfilling cooperation with Third Parties between Us and such Third Parties in providing Our Services to You, provided that the implementation of such cooperation does not conflict with applicable laws and regulations;
19. Processing, including Disclosure, carried out by Our Affiliates for the provision of support or ancillary services provided by Our Affiliates to You through Our Services, including but not limited to the provision of account-linking services. For the avoidance of doubt, You hereby agree that We may Disclose Your Personal Data to Our Affiliates and Our Affiliates may Disclose Your Personal Data to other parties with whom Our Affiliates cooperate (as relevant), particularly for the purpose of forwarding Your requests for support and ancillary services provided by Our Affiliates.

B. If You are a Merchant or a prospective Merchant, and/or Partner or prospective Partner:

1. Provision, development, updating, and enhancement of financing facilities with the Services that We provide between You and Users, including fulfilling Your orders and processing Your payment, as well as managing Your account and Your access to any systems that We have provided to You;
2. Your documentation and background checks, including conducting identification, verification, and due diligence;
3. Performing the fulfillment of contractual obligations between you and Us, including the enforcement of the terms of use of the Services that We have agreed to provide to You;
4. Providing sales services to You, and purchasing products or services from You, including contacting You to manage Our relationship with You, obtaining sales services, and making payments to You for goods, services, and/or other charges, as relevant;
5. Monitoring Your use of Our Services with Users, as well as conducting investigations into suspicious transactions or transactions indicated to violate the provisions of the agreement between You and Us and/or applicable laws and regulations, as well as carrying out necessary actions to follow up on such investigations;
6. Managing Your requests relating to the exercise of Your rights over Personal Data that You have submitted to Us in accordance with applicable Data Protection Laws;
7. Communicating with You, including but not limited to providing information regarding marketing and promotions (as relevant), updates, additions, delays, replacements, and termination of Services that We provide to You;
8. Facilitating the handling of inquiries and/or complaints submitted by You to Us, including conducting follow-up communications with other relevant parties in connection with the handling of such inquiries and/or complaints submitted by You to Us, as relevant;
9. Analyzing Your Personal Data for the purposes of scientific statistics, business analysis, testing, research, improvement, and enhancement of Our Services or Our commercial partnership with You;
10. Processing for the purposes of market research, development of marketing strategies, marketing campaigns, and customization of the content of notifications or messages that We send or materials that We display to You (as relevant);
11. Personalization of Our Services to fulfill Your interests and needs;
12. Managing Our infrastructure and business operations in accordance with Our internal policies and procedures;
13. Implementing security measures for the processing of the Services that We provide to You, which includes preventive, detection, investigation, and/or enforcement measures against violations in the implementation of Our Services;
14. Carrying out legal actions undertaken by Us or against Us and/or Our Affiliates, particularly in the event that We conduct a corporate action or We become the object of a corporate action in the form of consolidation, merger, acquisition, assets sale and purchase, restructuring, separation, and/or financing;
15. Fulfilling legal obligations, responsibilities, or orders arising from applicable laws and regulations or orders from Competent Authorities, such as obligations of audit and reporting to the OJK;
16. Implementing cooperation with Third Parties with the intention that such Third Parties may support Us in providing Our Services and/or Processing Your Personal Data on Our behalf, including but not limited to; providers of products and services in the field of financing, payment gateways, verification, electronic certification, technology, marketing, consulting, auditing, business feasibility assessment, and/or other fields insofar as not prohibited and not contrary to applicable laws and regulations;
17. Processing, including Disclosure, carried out by Our Affiliates for the provision of support or ancillary services provided by Our Affiliates to You through Our Services, including but not limited to the provision of account-linking services. For the avoidance of doubt, You hereby agree that We may Disclose Your Personal Data to Our Affiliates and Our Affiliates may Disclose Your Personal Data to other parties with whom Our Affiliates cooperate (as relevant), particularly for the purpose of forwarding Your requests for support and ancillary services provided by Our Affiliates.

C. If You are Visitors:

1. Enabling You to use and customize Your experience of the Site and/or Our Services;
2. Analyzing Your Personal Data for the purposes of scientific statistics, business analysis, testing, research, improvement, and enhancement of Our Services, as well as the information that We provide to You; and
3. Personalization of notifications that We provide to You to fulfill Your interests and needs.

In addition to the purposes as referred to above, You hereby agree that We may Process Your Personal Data for other purposes insofar as such purposes are not prohibited by applicable laws and regulations. We will notify You of such other purposes when requesting Your consent, unless otherwise stipulated by applicable laws and regulations.

 

6. How do We obtain and collect Your Personal Data?
We obtain and collect Your Personal Data for the fulfillment of the Purposes in the following manner:

A. Direct submission by You to Us, including, through the following means:

1. You create a membership account for Our Services (sign-up);
2. You enter into agreements, access, interact with, or participate in activities or programs organized by Us or jointly with Third Parties cooperating with Us and made available through Us;
3. You update Your Personal Data that You have previously submitted and has been stored by Us as a result of Your use of the Services that We provide or the services of Third Parties cooperating with Us and made available through Us; and
4. You notify or submit Your Personal Data at the time You contact Us through the communication channels that We have;

B. Acquisition and collection carried out automatically from activities performed by You on the Services that We provide or the services of Third Parties cooperating with Us and made available through Us;

 

C. Acquisition and collection from Third Parties that store Your Personal Data; and

 

D. Acquisition and collection through other means and from any sources as available, insofar as not prohibited under applicable laws and regulations.

 

7. To whom do We Disclose Your Personal Data?
Subject to the applicable Data Protection Laws, We may from time to time be required to carry out Disclosure of Your Personal Data solely for the purpose of fulfilling the Purposes as referred to in this Privacy Statement. Disclosure of Your Personal Data may only be carried out by Us to the following parties, as relevant:

1. Our employees who are assigned to Process Your Personal Data;
2. Our Affiliates;
3. Competent Authorities, including OJK;
4. Third Parties providing supporting services for Our business activities; and
5. Other Third Parties that cooperate with Us.

In connection with the Disclosure of Your Personal Data to the interested parties as referred to in this Article, including in relation to Disclosure relationships from Third Parties to other parties, We shall require such Third Parties and other parties to maintain the confidentiality, integrity, security, and availability of Your Personal Data in accordance with the applicable Data Protection Laws. Where such interested parties do not require certain Personal Data to be associated with You, the relevant Personal Data shall be reasonably deleted so that such Personal Data can no longer be associated with You as an individual prior to being Disclosed to such interested parties.

 

8. How do We maintain the security of Your Personal Data?
We will protect and secure Your Personal Data stored in Our storage systems, including by restricting access to the use of Your Personal Data, from Personal Data Processing carried out by unauthorized parties and from Personal Data Processing that is contrary to the applicable Data Protection Laws, accidental loss, destruction, and damage or similar unintended risks, by taking and implementing reasonable legal, organizational, and technical measures.

We will only Process Your Personal Data in accordance with the procedures permitted and required to safeguard Your Personal Data under the applicable Data Protection Laws, including but not limited to the use of security measures, such as encryption and other security technologies, whether provided by Us or by Third Parties providing supporting security services for the Personal Data that We Process.

For the avoidance of doubt, You hereby release Us from any and all liability in any form for all consequences arising from:

1. the security and confidentiality of Personal Data that You store independently or that You submit to Third Parties or other parties;
2. the security and confidentiality of the Disclosure of Personal Data that You or any party other than Us has made to the public, Third Parties, and/or other parties;
3. the security and confidentiality of the Disclosure of Personal Data that occurs not due to Our negligence or fault in protecting Your Personal Data;
4. any negligence committed by You in maintaining the security and confidentiality of Your Personal Data; and
5. the use of any technological means and media that You utilize to Process Your Personal Data outside Our knowledge and control.

 

9. How long will the Personal Data that You submit be retained by Us?
We will continue to retain Your Personal Data for as long as:

1. Your Personal Data is still used for the fulfillment of the Purposes as referred to in this Privacy Statement;
2. the retention of Your Personal Data is permitted or required under applicable laws and regulations, including the applicable Data Protection Laws;
3. You do not request the deletion/destruction of Your Personal Data retained by Us or You do not withdraw Your consent for Us to retain Your Personal Data; and/or
4. Your request for the deletion/destruction of the Personal Data retained by Us has been rejected based on the considerations set forth in this Privacy Statement.

For the avoidance of doubt, We will cease retaining Your Personal Data if:

1. the Processing of such Personal Data is no longer required by Us and/or is no longer in accordance with the Purposes as referred to in this Privacy Statement;
2. the Personal Data retained by Us has exceeded the retention period stipulated under the applicable Data Protection Laws;
3. such Personal Data is no longer permitted by the Competent Authorities to be retained and Processed by Us; and/or
4. Your request for the deletion/destruction of Your Personal Data retained by Us has been accepted and approved by Us, subject to Our legal obligations relating to the retention of such Personal Data under the applicable Data Protection Laws.

If You terminate or uninstall the Application from Your device or Your permission to use the Application is terminated or withdrawn, We may continue to Process Your Personal Data in accordance with the Purposes set forth in this Privacy Statement and Our obligations under the applicable Data Protection Laws, unless otherwise stipulated in this Privacy Statement.

 

10. What do You need to know regarding the use of Third-Party platforms?
In connection with Your use of Our Services, You hereby acknowledge, understand, and agree that:

1. Our Services may contain links to services or platforms of Third Parties that cooperate with Us and are made available through Us;
2. Our Services may be made available on platforms owned by Third Parties that cooperate with Us; and
3. Third-Party platforms are managed and operated independently by such Third Parties in accordance with the procedures set forth in their respective privacy policies/notices and terms of service, and therefore We shall be released from any and all liability for the Processing of Your Personal Data by such Third Parties based on the privacy policies/notices and terms of service applicable to such Third-Party platforms.

 

11. What do You need to know regarding the use of cookies and other similar identifier technologies?
In connection with Your use of Our Services, You agree that We and/or Third Parties cooperating with Us may use cookies and other similar identifier technologies to collect Your Personal Data based on the Purposes referred to in this Privacy Statement. You have the right to restrict the collection of cookies and other similar identifier technologies by:

1. adjusting the settings for cookies and other similar identifier technologies on Your internet browser;
2. deleting Your browsing history; and/or
3. clearing the cache from Your internet browser.

12. What do You need to know regarding the use of Your Personal Data for marketing-related purposes?
In addition to the Processing Purposes as stated in this Privacy Statement, We may also use Your Personal Data for marketing, advertising, and/or offering purposes, including Our referral programs, as well as promotions or offers of Our Services or services of Third Parties that cooperate with Us and are made available through Our platforms. For the avoidance of doubt, the granting of consent for these marketing-related Purposes is optional, and You may choose not to provide consent to the Processing of Your Personal Data for such Purposes.

 

13. What obligations do You have with respect to the Personal Data that You submit to Us?
In connection with Your use of Kredivo’s Services, and in accordance with Your compliance with the applicable Data Protection Laws, You hereby acknowledge, understand, and agree that You are required to undertake the following actions, namely:

1. To protect Your own Personal Data;
2. To respect and protect the Personal Data of others, including by obtaining consent from other individuals in the event that You participate in Our referral programs;
3. To provide Us with complete and accurate Personal Data; and
4. To comply with the applicable Data Protection Laws, and to support and contribute to Kredivo’s efforts to implement the protection of Personal Data in Our Services in accordance with the applicable Data Protection Laws.

 

14. What rights do You have with respect to the Personal Data that You have submitted to Us, and how may You exercise such rights?
As an individual whose Personal Data We Process, You may exercise Your rights under the applicable Data Protection Laws, including but not limited to Your right to carry out updating, deletion, and/or destruction of Your Personal Data.

 

Please note that the rights as referred to in this Article are not absolute rights and may only be applied on a case-by-case basis. There are certain exceptions that We may apply in order to fulfill Your rights under the applicable Data Protection Laws, namely:

1. Your request is not relevant to the Personal Data that We retain, including, among others, where You request Personal Data of another person over which You do not have authority; and/or
2. We are not permitted by authorities and/or applicable laws and regulations to carry out Your request.

 

15. How can You contact Us?
If You have any inquiries, complaints or require further assistance in relation to Our Services and/or the implementation of this Privacy Statement, please contact Us through:

 

Telephone  :   0804-1-5733448

E-mail          :   support@kredivo.com

 

Where any inquiries or complaints relating to the provisions of this Privacy Statement are submitted through the communication channels set out above, You may include dpo@kredivo.com as a recipient in copy (cc), solely for record-keeping and compliance oversight purposes in relation to personal data protection as contemplated under this Privacy Statement, and not as a direct communication channel for any inquiries or complaints outside the scope of this Privacy Statement.

 

Last updated: 19 December 2025

KFI_Privacy Policy.pdf