PRIVACY POLICY
Vanaya Strategic
Website: www.vanaya.co.id
Email: vera@vanaya.co.id
Last updated: 07/01/2026
1. Legal Compliance & Data Controller
This Privacy Policy explains how PT Vanaya Cendekia International, operating under the brand Vanaya Strategic, collects, processes, stores, and protects personal data.
Vanaya Strategic acts as a Personal Data Controller and fully complies with:
Law No. 27 of 2022 on Personal Data Protection (Indonesia)
Relevant implementing regulations
Applicable electronic system regulations under Indonesian law
2. Lawful Basis for Data Processing
Personal data is processed based on one or more lawful bases, including:
Explicit consent of the data subject
Performance of a contract or participation in a program
Compliance with legal obligations
Legitimate interests related to professional service delivery
3. Types of Personal Data Collected
Vanaya Strategic may collect:
Identification and contact information
Professional and organizational data
Program participation and administrative records
4. Purpose Limitation
Personal data is collected and used strictly for:
Program administration and delivery
Professional and academic communication
Certification, reporting, and compliance requirements
Internal service quality improvement
5. Data Security, Retention & Breach Handling
Vanaya Strategic implements reasonable technical and organizational measures to protect personal data from unauthorized access, disclosure, or misuse.
While no system can be guaranteed fully secure, Vanaya Strategic will act in accordance with applicable legal obligations in the event of a data breach or security incident.
Personal data is retained only for as long as legally and operationally required.
6. Data Subject Rights
In accordance with Law No. 27 of 2022, data subjects have the right to:
Access their personal data
Request correction or updates
Request deletion or destruction
Withdraw consent where applicable
Requests may be submitted to:
vera@vanaya.co.id
7. Data Disclosure & Transfer
Personal data shall not be sold or traded. Data may be disclosed only:
To authorized internal personnel
To official partners strictly for program delivery
Where required by law or regulatory authorities
All disclosures are conducted in compliance with Indonesian data protection regulations.