Legal

Privacy Policy

Last updated: June 12, 2026

1. Introduction

PT Grafas Global Copartner ("Grafasco", "we", "us", or "our") respects your privacy and is committed to protecting the personal data of clients, institutional partners, and visitors to our website. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website, use the Copartner Orchestration Portal (COP), or otherwise interact with us.

This Policy is prepared with regard to the Indonesian Personal Data Protection Law (Law No. 27 of 2022 on Personal Data Protection, "UU PDP") and other applicable laws and regulations of the Republic of Indonesia.

2. Information We Collect

When you interact with our website, in particular the Institutional Access form, we may collect the following categories of personal data:

  • Identity information: full name and corporate title.
  • Corporate information: the name of your enterprise or institution and your country of origin.
  • Contact information: your corporate email address.
  • Inquiry information: the primary challenge or area of interest you select, and any additional information you choose to provide.
  • Technical information: standard log data such as IP address, browser type, device information, and pages visited, collected automatically through normal web server operation.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To respond to your inquiries and requests for institutional access, portal demonstrations, or risk assessment audits;
  • To communicate with you regarding our investment guardian and trust infrastructure services;
  • To assess the suitability of a potential business relationship and to conduct any necessary due diligence;
  • To maintain, secure, and improve our website and the COP Portal;
  • To comply with applicable legal, regulatory, and reporting obligations in Indonesia.

4. Legal Basis for Processing

We process your personal data on the basis of your explicit consent given at the time of submission of the Institutional Access form, the necessity of processing for the performance of a prospective or existing agreement, and our legitimate interest in operating and protecting our business, in each case consistent with the requirements of the UU PDP.

5. Sharing and Disclosure of Information

We do not sell or rent your personal data to third parties. We may share your information with:

  • Our execution node partners (Spatial Node, Digital Node, and Human Node) strictly to the extent necessary to evaluate or fulfil your request;
  • Professional advisors, auditors, and service providers who assist us in operating our business, subject to confidentiality obligations;
  • Government authorities or regulators, where required by applicable Indonesian law or a valid legal process.

6. Data Security

We implement reasonable technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Submissions made through the Institutional Access form are transmitted directly to our advisory desk and are not published or made publicly accessible.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to comply with legal, accounting, or reporting requirements, after which it is securely deleted or anonymized.

8. Your Rights

Subject to applicable law, including the UU PDP, you have the right to:

  • Request access to the personal data we hold about you;
  • Request correction of inaccurate or incomplete personal data;
  • Request deletion of your personal data, subject to our legal and legitimate business retention requirements;
  • Withdraw any consent previously given, without affecting the lawfulness of processing carried out prior to withdrawal;
  • Object to certain processing of your personal data.

To exercise any of these rights, please contact us using the details in Section 11 below.

9. Cookies and Tracking

Our website may use essential cookies and similar technologies necessary for the website to function correctly. We do not currently use cookies for advertising or cross-site tracking purposes.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The "Last updated" date at the top of this page indicates when this Policy was last revised. We encourage you to review this Policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Direct Advisory Desk at:

PT Grafas Global Copartner
Email: business@grafascopartner.com