Privacy Policy

1. Introduction

PT Surya Inovasi Prioritas (“SURIOTA”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data obtained through our website suriota.com, our products (including the SURGE platform, SRT-MGATE-1210 Modbus Gateway, ISO-M485, THM-30MD, PM1611-WD, and RS-485 Surge Protector), and any related services.

By accessing our website, using our products, or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

• Contact details: name, email, phone, company, job role — when you submit RFQs, contact forms, or newsletter subscriptions.
• Project information: technical specifications, deployment scope, location, and compliance requirements shared during quotation or consultation.
• Account credentials: if you create an account on the SURGE platform, we collect your username, hashed password, and authentication tokens.
• Payment data: billing address and invoice details. We do not store full credit-card numbers — payments are processed by certified third-party gateways.
• Correspondence: emails, WhatsApp messages, and call logs you exchange with our team.

3.2 Information Collected Automatically

• Device & usage: IP address, browser type, operating system, referring URL, pages visited, time on site, and clickstream data.
• Telemetry from products: for IoT deployments using the SURGE platform, we collect device identifiers, sensor readings, geolocation (when consented), and event logs strictly for the purpose of operating the contracted service.
• Cookies & similar technologies: see Section 7 below.

3.3 Information from Third Parties

We may receive information from publicly available business directories, professional networks (e.g., LinkedIn), and our partners (e.g., distributors, integrators) when you interact with them about SURIOTA products.

4. How We Use Information

We use personal data for the following purposes:

• Responding to inquiries, quotations, and providing customer support.
• Delivering, operating, and improving our products and services (including the SURGE platform).
• Processing transactions, invoicing, and managing service contracts.
• Sending service notifications, security alerts, and administrative messages.
• Marketing communications — only with your opt-in consent for the newsletter. You may unsubscribe at any time.
• Compliance with legal obligations under Indonesian law and applicable foreign jurisdictions.
• Fraud prevention, security monitoring, and protecting our rights.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases under GDPR Article 6 are:

• Contract performance — to fulfil engagement and service agreements.
• Legitimate interests — to operate our business, secure our services, and develop our products.
• Consent — for marketing and optional cookies. You may withdraw consent at any time.
• Legal obligation — to comply with tax, accounting, and regulatory requirements.

6. Sharing & Disclosure

We do not sell personal data. We may share information with:

• Service providers processing data on our behalf (cloud hosting, email delivery, analytics, payment) under written data-processing agreements.
• Project partners — integrators, certified installers, or auditors involved in delivering your project, only as necessary.
• Authorities — if required by law, court order, or to protect rights, property, or safety.
• Successor entities in the event of merger, acquisition, or asset transfer, with continuity of this Policy’s protections.

7. Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Strictly necessary cookies — site functionality, login state, and security. Cannot be disabled.
• Analytics cookies — to understand traffic and improve content (e.g., Google Analytics). You may opt out via your browser settings.
• Marketing cookies — only set with your explicit consent (where applicable).

Most browsers allow you to refuse or delete cookies. Disabling strictly-necessary cookies may impact site functionality.

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:

• Lead & inquiry data: up to 24 months from last interaction.
• Customer / project records: for the duration of the engagement plus 10 years (Indonesian commercial-records requirement).
• Financial / tax records: minimum 10 years (Indonesian Taxation Law).
• Marketing subscribers: until you unsubscribe.
• IoT telemetry: as defined in the service-specific data-processing agreement.

9. Security

We implement technical and organisational measures including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, audit logging, regular security assessments, and staff training. While we strive to safeguard your data, no method of transmission or storage is 100% secure; we will notify you and the relevant authority within 72 hours of becoming aware of a personal-data breach that materially affects your rights.

10. International Data Transfers

Some of our service providers may process data outside Indonesia. When transferring personal data internationally, we ensure adequate protection through Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful safeguards under UU PDP and GDPR.

11. Your Rights

Under UU PDP No.27/2022 (Indonesia) and GDPR (EU), you have the right to:

• Access — obtain confirmation of and a copy of your data we hold.
• Rectification — correct inaccurate or incomplete data.
• Erasure / Right to be Forgotten — request deletion where legally permissible.
• Restriction — limit processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests, including profiling for marketing.
• Withdraw consent — at any time, without affecting prior lawful processing.
• Lodge a complaint with Indonesia’s Personal Data Protection Agency or your EU supervisory authority.

To exercise these rights, contact admin@suriota.com. We will respond within 30 calendar days.

12. Children’s Privacy

Our services are intended for businesses and adult professionals. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has provided us with personal data, please contact us so we can delete it.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page, with the “Last updated” date revised. Material changes will be communicated by email or prominent notice on our website at least 14 days before they take effect.

14. Contact Us

For questions about this Privacy Policy or to exercise your data-protection rights, please contact:

↑ Back to top