Add a listing
0
Add a listing
Bahasa Indonesia

YAY! Privacy & Security Policy 

Effective Date: [26th September 2025] 

Company (Data Controller): PT XQUARE EDU NUSANTARA (operating “YAY!”) 

Address: Jl Raya Boulevard Barat #J-15, Mall of Indonesia, Jakarta, Indonesia 

Contact & Data Protection Officer (DPO): Contact Us

Website: https://yay.xquare.net 

 

Article 1 — Definitions 

  1. a) Parties: PT XQUARE EDU NUSANTARA as Data Controller (“YAY!”, “we”, “us”, “our”) and you as the user of this Website.
  2. b) Data Controller: The owner/operator responsible for collecting and processing Personal Data via this Website.
  3. c) You: The user/visitor/customer (“you”, “your”).
  4. d) Goods: Any goods/services (including vouchers) we make available on the Website.
  5. e) Personal Data: Information that directly or indirectly identifies

 

Article 2 — General Information 

This Policy explains how we collect, use, share, secure, and store your Personal Data when you visit our Website or purchase Goods, and what rights you have under UU No. 27/2022 (PDP Law). 

By using the Website, you agree to this Policy. If you do not agree, please stop using the Website. 

 

Article 3 — Contact and Data Protection Officer 

Data Controller: PT XQUARE EDU NUSANTARA 

Address: Jl Raya Boulevard Barat #J-15, Mall of Indonesia, Jakarta, Indonesia 

Contact & DPO: Contact Us

 

Article 4 — Location of Processing & Cross-Border Transfers 

Data is processed and stored in Indonesia (Jakarta data centers). If processing/storage occurs outside Indonesia (e.g., cloud vendors), we apply safeguards required by UU PDP and relevant standards. 

 

Article 5 — Changes to this Policy 

We may modify this Policy. We will post updates here and, where required, request your consent. Unless otherwise stated, changes apply to data collected after the effective date. 

 

Article 6 — Personal Data We Collect 

Depending on your activity, we may collect: 

  • Registered users: name, email, phone/WhatsApp, password, purchase/redemption history, wallet/affiliate activity, communications with us, content you submit (e.g., reviews, photos), and participation in features (comments/forums). 
  • Unregistered users: limited passive data via cookies/logs (IP address, device/browser, session data, approximate location). 
  • Sales & billing: payment details are processed by payment providers; we do not store full card/bank credentials. 
  • Marketing: your opt-ins and communication preferences. 
  • Aggregated/analytics: combined statistics that do not identify you. 
  • Other: any information you voluntarily provide. 

 

Article 7 — Data Collected Automatically (Cookies & Logs) 

  • We use cookies for login/session, preferences, and analytics. Technical cookies are necessary for the site to work. Profiling/marketing cookies are used only with your explicit consent. 
  • Log data may include IP, device/browser, ISP, timestamps, referring/exit pages, and click counts—used in aggregate for performance and security (legitimate interests). 
    You can manage/disable cookies in your browser; some features may not function if disabled. 

 

Article 8 — Legal Bases & Purposes of Processing (UU PDP) 

We process Personal Data only when a legal basis applies: 

  • Consent: newsletters/marketing, certain cookies, optional features. 
  • Contract: account creation/management, voucher purchases/redemptions, wallet/affiliate payouts, support. 
  • Legal obligation: tax/audit/reporting, responding to lawful requests. 
  • Legitimate interests: service improvement, fraud prevention, security and abuse detection, aggregate analytics (with safeguards). 

Purposes include: 

  1. a) Improving your user experience and Website performance.
  2. b) Communicating about your account and transactions.
  3. c) Marketing (with your consent).
  4. d) Processing purchases and fulfilling orders.
  5. e) Customer service and dispute assistance.
  6. f) Security, fraud prevention, and legal compliance.

 

Article 9 — Sharing with Third Parties 

We do not sell or rent Personal Data. We share data only with: 

  • Payment processors (payments/withdrawals). 
  • Cloud/hosting/IT providers (to operate the Website). 
  • Analytics and communication tools (service operation/support). 
  • Authorities/courts/regulators when required by law or to protect rights, property, and safety. 

Vendors act under contract and must protect your data. If we ever need to share Personal Data beyond this, we will notify you and, where applicable, offer opt-out/consent. 

 

Article 10 — Storage, Retention & Security 

  • We use encryption (TLS/HTTPS), firewalls, access control/MFA, least-privilege access, logging/monitoring, secure development practices, and regular backups to protect data. 
  • Retention: we keep Personal Data only as long as needed for the purposes stated. Transaction/accounting records may be retained up to 5 years (or longer if required by law). We delete/anonymize earlier where possible upon valid request, unless retention is legally required or needed to establish/exercise/defend legal claims. 
  • Breach notification: If a personal data breach occurs, we will notify affected users and (where applicable) regulators within 3×24 hours in line with UU PDP, with details and remediation steps. 

 

Article 11 — Disclosure of Personal Data 

We may disclose Personal Data when reasonably necessary to: 

  1. a) Comply with Indonesian laws/regulations or lawful requests.
  2. b) Respond to subpoenas, court orders, investigations.
  3. c) Enforce our terms, or pursue/defend legal claims.
  4. d) Operate, maintain, and secure the Website.
  5. e) Investigate suspected fraud or harmful activity.

 

Article 12 — Public Information 

Content you post publicly (e.g., reviews, photos, comments) can be viewed by others and may be indexed by search engines. Share responsibly. 

 

Article 13 — Marketing Communications & Opt-Out 

  • Service emails (e.g., purchases, redemptions, wallet/withdrawals, security notices) are necessary. 
  • Marketing emails are optional and sent only if you opt in. You may unsubscribe anytime via the link in the email or by contacting Us.

 

Article 14 — Access, Correction, Deletion & Other Rights (UU PDP) 

You have the right to: 

  • Access your data and request a copy. 
  • Correct/Update inaccurate or incomplete data. 
  • Withdraw consent (e.g., for marketing). 
  • Delete your data (“right to be forgotten”) where applicable. 
  • Restrict/Delay processing in certain cases. 
  • Port your data to another provider (where technically feasible). 
  • Object to automated decision-making with significant effects. 

Exercise your rights via Contact Us. We will respond within the timeframe required by law. 

 

Article 15 — Acceptance of Risk 

We implement strong safeguards, but no system is 100% secure. By using the Website, you understand and accept the inherent risks of internet data transmission. 

 

Article 16 — Complaints & Contact 

Questions, requests, or complaints about privacy/security: 

Contact Us

PT XQUARE EDU NUSANTARA, Jl Raya Boulevard Barat #J-15, Mall of Indonesia, Jakarta, Indonesia 

If you are not satisfied with our response, you may contact the Indonesian supervisory authority as provided under UU PDP. 

0

No products in the cart.