1. Summary

This privacy policy explains:

  • How we collect, use, and share your personal data when you visit our website or use our services.
  • The legal basis and purposes for processing your personal data.
  • How we protect and store your personal data.
  • How long we retain your personal data and how we dispose of it.
  • What are your rights as a data subject and how you can exercise them.
  • How you can contact us or the relevant authorities if you have any questions or complaints about our privacy practices.
  1. Introduction

Welcome to Ali Budiardjo, Nugroho, Reksodiputro Counsellors at Law (“ABNR Law”). We are an independent Indonesian law firm offering expertise in legal services in various fields and industries, based Indonesian laws and regulations. When engaging with our services, we may require processing your personal data from time to time. In this case, we understand the importance of protecting your personal data and your rights as a data subject. Thus, we respect your privacy and are committed to protecting your personal data. This privacy policy explain how we process and safeguard your personal data as the data controller when you visit our website www.abnrlaw.com or use our services.

  1. What data do we collect?

We may collect and process the following types of personal data from you:

  • Identity data: such as name, date of birth, age, occupation and position, passport number, national ID number, taxpayer identification number, or other identification documents.
  • Contact data: such as information on the workplace, email address, phone number, and address.
  • Corporate data: such as personal data on the members of the board of directors, board of commissioners, or shareholders of a company, employees, customers, partners, vendors, suppliers, agents, representatives, or other individuals known by you.
  • Financial data: such as bank account details, financial report, tax report, tax identification number and tax registration information, or other payment information.
  • Transaction data: such as details of the services we rendered for you, your payment information, and fees you have paid to us.
  • Technical data: such as your IP address, browser type, device type, operating system, and other information about your use of our website.
  • Usage data: such as your preferences, feedback, survey responses, and other information about how you interact with our website and services.
  • Marketing data: such as your preferences for receiving marketing communications from us or our third-party partners, or opt-out choice.
  • Other data: including any information relevant to the legal services we provide you, or any information required by law or regulation.
  1. How do we collect your data?

We may collect your personal data in different ways, such as:

  • Directly from you: when you fill out a form, make an inquiry, request a quote, sign a contract, or provide us with any other information or documents through our website, email, phone, or other means.
  • From third parties: we may receive your personal data from third parties, such as our clients, service providers, business partners, affiliates, publicly available sources, government institutions, or other sources that are authorized to share your data with us.
  1. How do we store your data?

When doing business as usual, our processing of your personal data would be based on contractual necessity, particularly to fulfil our contractual obligations of providing legal services requested by our client. However, there might be circumstances where we would be processing your personal data based on our legal obligations, legitimate interest, consent, or other lawful basis available under the laws and regulations. The legal grounds for processing your personal data depend on the context and purpose of the data processing.

In general, we process your personal data on the following grounds:

  • Contractual necessity: when we need to process your personal data to fulfil a contract with you or our client, or to take steps at your or our client's request before entering a contract.
  • Legal obligation: when we need to process your personal data to comply with a legal or regulatory obligation that applies to us.
  • Legitimate interest: when we or a third party have a legitimate interest in processing your personal data, and this interest is not overridden by your interests or fundamental rights and freedoms. For example, we may have a legitimate interest in processing your personal data for business development, marketing, security, or administrative purposes.
  • Consent: when you have given us your clear, specific, and explicit consent to process your personal data for a specific purpose. You have the right to withdraw your consent at any time by contacting us.
  • Other lawful basis: when we need to process your personal data for other lawful reasons, such as to protect your vital interests or those of another person, or for the performance of a task carried out in the public interest.

In this case, we may use your personal data for various purposes, such as:

Purpose

Details

Lawful Basis

To provide our services

We use your personal data to deliver the legal services and advice that you have requested or contracted with us, to communicate with you, to process your payments, to issue invoices and receipts, and to fulfill our contractual obligations

Contractual necessity, to fulfil our contractual obligations of providing legal services requested by you.

To market our services

We use your personal data to send you newsletters, event updates, promotions, or other information that may be of interest to you, based on your preferences and consent. You can opt out of receiving marketing communications from us at any time by following the instructions in the messages or contacting us. We may also use your personal data as a reference for the purpose of enrollment in legal services databases, directories, and awards, unless you expressly opt-out from being included as a reference.

Legitimate interest or consent, as applicable.

To comply with legal and regulatory requirements

We use your personal data to comply with any applicable laws, regulations, court orders, subpoenas, or other legal obligations that may affect our business or services.

Legal obligation

To protect our rights and interests

We use your personal data to defend, assert, or enforce our legal rights and interests, or to prevent, detect, or investigate any fraud, crime, breach of contract, or violation of our policies or terms of service.

Legitimate Interest

To process job applicants and vendors

When you are applying for a position in or register as a vendor for our firm, we use your personal data which is necessary for us to complete the r process in accordance with our policy and comply with our legal obligations.

Legitimate interest, contractual necessity, legal obligation, or consent, as applicable.

  1. How do we store and secure your data?

We store your personal data on secure servers that are in Indonesia and Singapore and are operated by us and our service provider. We use appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption, access control, firewalls, security audits, and data breach response protocols. We also adhere to the industry-acknowledged information security management standard based on SNI/ISO 27001:2022. However, no method of transmission or storage is completely secure, and we cannot guarantee the absolute security of your personal data.

We retain your personal data for as long as necessary to fulfill the purposes for which we collected it, or as required by law or regulation. When your personal data is no longer needed, we will delete it or anonymize it in a secure manner, in accordance with our retention policy.

  1. What are your data protection rights?

You have certain rights regarding your personal data, subject to applicable laws and regulations. These rights may include:

  • The right to access: you have the right to request a copy of the personal data that we hold about you.
  • The right to rectification and update: you have the right to request that we correct or update any inaccurate, obsolete, or incomplete personal data that we hold about you.
  • The right to erasure and destruction: you have the right to request that we delete or destroy your personal data from our systems, unless we have a valid reason to keep it.
  • The right to restrict processing: you have the right to request that we limit the way we use your personal data.
  • The right to data portability: you have the right to request that we provide you or transfer your personal data to another organization or to you, in a structured, commonly used, and machine-readable format, when it is technically possible and relevant.
  • The right to withdraw consent: you have the right to withdraw your consent to our use of your personal data at any time, if the processing is solely based on consent and you have given us your consent previously.
  • The right to complain: you have the right to lodge a complaint to us if you discover that we have violated your data protection rights.

If you wish to exercise any of your data protection rights, please contact us using the contact details below. We will respond to your request within a reasonable time and in accordance with the applicable laws and regulations.

  1. How your personal data shared?

We may share your personal data to a third-party in the following cases:

  • Sharing with government authorities, as might be required to provide services requested from us or upon our receipt of a valid order from the authority;
  • Sharing with vendors or services providers, as might be required to provide services requested from us or for the operation of our business;
  • Financial institutions, as might be required to process payment related to our services;
  • Legal services directories, as might be required for our enrollment with legal services directories’ programs or events.

Note that, we are, to the extent possible and required under the laws and regulations, implementing strict requirements toward any third-party who will receive your personal data.

  1. How we do use cookies?

Cookies are small text files that are stored on your browser or device when you visit our website. They help us to remember your preferences when accessing our website to enhance your browsing experience and ensure our website works properly. Whilst the deployment of cookies may include the collection of information that might be considered as personal data, we do not use cookies, or any information collected from cookies to identify you as an individual.

  1. How do we update our privacy policy?

We reserve the right to amend this privacy policy at our sole discretion, without prior notice to you. We will notify you of any changes by posting the new privacy policy here and indicating the date it was last modified. Please review this privacy policy periodically to anticipate any updates. By continuing using our website and/or services, you acknowledge that you have read, understand, and accept the updated privacy policy. 

  1. How do you contact us?

If you have any questions, comments, requests to exercise your rights as a data subject, or concerns about our privacy policy or our data protection practices, please contact us at:

Email: info@abnrlaw.com
Phone: +62 21 250 5125
Address: Graha CIMB Niaga, 24th Floor, Jl. Jenderal Sudirman Kav. 58, Jakarta 12190, Indonesia

Updated: 1 July 2025