Last updated: 29 June 2025
Privacy Policy – AhliWeb.com
PT Ahli Web Internasional ("AhliWeb", "we", "us") is committed to protecting your personal data in accordance with Indonesian Law No. 27/2022 on Personal Data Protection ("PDP Law"), the EU General Data Protection Regulation ("GDPR") where applicable, and Islamic ethical principles.
This Privacy Policy forms one-quarter of our legal framework alongside the Terms of Service (ToS), Acceptable Use Policy (AUP), and Billing Policy (collectively, the "Agreement"). It explains how we collect, use, disclose, and safeguard information when you visit our websites, purchase our services, or collaborate with us.
Quick links
- What Data We Collect
- How We Collect Data
- Purposes & Legal Bases
- Sharing & Third-Party Processors
- International Transfers
- Data Retention
- Cookies & Similar Technologies
- Your Rights
- Children’s Privacy
- Security Measures
- Third-Party Links
- Changes to This Policy
- Contact & Data Protection Officer (DPO)
Syariah Principles
- No Facilitation of Haram Activities – Personal data will never be sold, rented, or shared for purposes that involve riba, maysir, gharar, pornography, alcohol, tobacco, or other haram activities.
- Transparent & Just Processing – Processing is limited to lawful, explicit, and Shariah-compliant purposes stated in Section 3.
- Equitable Contracts – Any third-party processor must agree to these Shariah principles in addition to standard data-protection clauses.
- Conflict Resolution – If a clause in this Policy conflicts with a recognised Shariah ruling, both parties will seek an amicable, Shariah-compliant amendment before pursuing legal remedies.
1. What Data We Collect
| Category | Examples |
|---|---|
| Identity | Name, username, organisation, NPWP, government ID (for .id domain validation) |
| Contact | E-mail, phone, billing address, WhatsApp number |
| Account | Login credentials, authentication tokens, API keys |
| Payment | Virtual-account reference, transaction ID, invoice details (⭑ we do not store full card numbers) |
| Usage & Log | IP address, browser type, access timestamps, resource usage, error logs |
| Marketing Preferences | Newsletter opt-in status, event participation |
| Support Records | Tickets, chat transcripts, call recordings |
| Collaborator Data | NDA, project briefs, shared code/documents |
2. How We Collect Data
- Directly from you – order forms, domain registration, support tickets, reseller onboarding.
- Automatically – server logs, cookies, analytics pixels.
- Third parties – payment gateways (Duitku, Xendit), identity registrars (PANDI for .id), lead-gen partners, public sources.
3. Purposes & Legal Bases
| Purpose | Legal basis (PDP Law / GDPR) |
|---|---|
| Service provision & contract fulfilment | Contractual necessity (Art. 6‑1‑b) |
| Account security & fraud prevention | Legitimate interest / Legal obligation |
| Invoicing, tax & compliance | Legal obligation |
| Customer support & incident response | Contractual necessity / Legitimate interest |
| Service improvement & analytics | Legitimate interest; consent where cookies require it |
| Marketing (newsletters, promos) | Consent (opt-in) |
| Syariah compliance screening | Legitimate interest & legal compliance |
We do not sell or rent personal data.
4. Sharing & Third-Party Processors
We share data only when necessary:
- Infrastructure – Linode, Cloudflare, Biznet, OVH (data centres & CDN)
- Payment – Duitku, Xendit (PCI‑DSS compliant)
- Business Tools – Kommo CRM, Odoo ERP, MailJet (e-mail service)
- Regulators & Law Enforcement – upon valid request under Indonesian law
- Collaborators/Resellers – limited to project or sub-client context under NDA
All processors are bound by Data Processing Agreements (DPAs) and required to implement adequate security measures.
5. International Transfers
Where data is transferred outside Indonesia/EEA (e.g., Cloudflare CDN nodes), we rely on:
- Standard Contractual Clauses (SCC) or ASEAN Model Clauses;
- Adequacy decisions, or
- Your explicit consent where applicable.
6. Data Retention
| Data category | Retention period |
|---|---|
| Account & billing records | 10 years (tax/audit) |
| Support tickets & logs | 24 months |
| Inactive backups | 30 days post-termination |
| Marketing data | Until opt-out or 24 months of inactivity |
We pseudonymise/anonymise data when retention expires.
7. Cookies & Similar Technologies
We use:
- Essential cookies – session ID, CSRF protection.
- Analytics cookies – Matomo self-hosted.
- Marketing pixels – only with prior consent.
You can manage preferences via our cookie banner or browser settings.
8. Your Rights
Subject to local law, you have the right to:
- Access a copy of your data.
- Rectify inaccuracies.
- Erase (right to be forgotten) where lawful.
- Restrict or object to processing.
- Data portability (JSON/CSV export).
- Withdraw consent at any time.
- Lodge a complaint with Kominfo or your supervisory authority.
Submit requests via [email protected] or the self-service portal.
9. Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect data from minors without parental consent.
10. Security Measures
- TLS 1.3 encryption end-to-end.
- WAF & DDoS mitigation via Cloudflare Pro.
- AES-256 encrypted backups.
- Role-based access control (RBAC) & MFA for admins.
- Annual penetration testing & periodic Syariah-compliant audits.
11. Third-Party Links
Our sites may contain links to external pages. We are not responsible for their privacy practices.
12. Changes to This Policy
We may update this Policy periodically. Material changes will be notified via e-mail or dashboard 14 days before taking effect.
13. Contact & Data Protection Officer (DPO)
Data Protection Officer: Muhammad Aidil Fitrah
E-mail: [email protected]
Postal: PT Ahli Web Internasional – Privacy Office
Jl. Sutan Syahrir Gg. Lombok I, RT 003, Madurejo, Arut Selatan, Pangkalan Bun, Kalimantan Tengah 74112, Indonesia
WhatsApp: (+62) 895‑1338‑0400.
© 2025 PT Ahli Web Internasional – All rights reserved.