Privacy Policy

PT Mitra Brand Digital (Digitalbrandpartner)
Last Updated: January 5, 2026

Table of Contents

  1. 1. Introduction
  2. 2. Data Controller Information
  3. 3. Legal Basis for Processing
  4. 4. Personal Data We Collect
  5. 5. How We Use Your Personal Data
  6. 6. Data Sharing and Disclosure
  7. 7. International Data Transfers
  8. 8. Data Retention
  9. 9. Your Rights
  10. 10. Security Measures
  11. 11. Data Breach Notification
  12. 12. Cookies and Tracking Technologies
  13. 13. Children’s Privacy
  14. 14. Third-Party Links
  15. 15. Changes to This Privacy Policy
  16. 16. Legal Compliance
  17. 17. Government & Law Enforcement Data Requests
  18. 18. Data Minimization Commitment
  19. 19. Contact Us

1. Introduction

PT Mitra Brand Digital (“Company,” “we,” “us,” or “our”) operates the Digitalbrandpartner platform, a WhatsApp Business Platform integration service.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data in accordance with:

  • Indonesia’s Personal Data Protection Law (UU No. 27 Tahun 2022 – “PDP Law”); and
  • The European Union’s General Data Protection Regulation (“GDPR”), where applicable.

This Privacy Policy applies to:

  • Business Users: Employees and representatives of organizations using our platform
  • Messaging End Users: Individuals communicating with businesses through our platform
  • Website Visitors: Individuals who visit our website

We aim to handle personal data responsibly, securely, and transparently. By using our services, you acknowledge that you have reviewed this Privacy Policy.

2. Data Controller Information

The data controller responsible for your personal data is:

PT Mitra Brand Digital
Jl Europe 3 No. 28, Petir, Cipondoh
Tangerang 15147, Indonesia

Email: privacy@digitalbrandpartner.com
Phone: +628111807240

We process personal data on the following lawful grounds, as permitted by applicable data protection laws:

  • Consent – where you have provided consent for specific processing activities.
  • Contractual Necessity – where processing is required to perform our obligations under an agreement with you or your organization.
  • Legal Obligations – where processing is required for us to comply with laws and regulations.
  • Legitimate Interests – where processing is necessary for our legitimate business interests (such as improving services and maintaining security), provided these interests do not override your rights.

4. Personal Data We Collect

4.1 Account & Authentication Data

  • Full name and email address
  • Role and organizational affiliation
  • Login timestamps, IP addresses, and device/browser information
  • Two-factor authentication data (if enabled)

4.2 WhatsApp Messaging Data

In connection with the WhatsApp Business Platform, we may process:

  • Phone numbers of messaging participants
  • Message content, such as text and attachments
  • Message delivery status and timestamps
  • Template message usage data

4.3 Technical & Operational Data

  • System logs and performance metrics
  • Administrative action audit logs
  • API usage statistics
  • Error and diagnostic data

5. How We Use Your Personal Data

  • Service Delivery: Operating and improving our platform and features
  • Authentication & Access Control: Verifying identity and providing secure login
  • Platform Optimization: Improving performance and user experience
  • Security & Abuse Prevention: Detecting and responding to misuse or security issues
  • Regulatory & Contractual Compliance: Meeting legal obligations
  • Customer Support: Responding to enquiries

6. Data Sharing and Disclosure

We may share personal data under appropriate safeguards.

6.1 WhatsApp / Meta

As part of our WhatsApp Business Platform integration, certain data is shared with WhatsApp/Meta in accordance with their terms and privacy policies.

6.2 Service Providers

We engage trusted third-party service providers to support platform operation, security, and delivery, including:

  • Cloud hosting infrastructure
  • Content delivery and edge computing services
  • Security and monitoring services

These providers process personal data only under our instructions and applicable law.

6.3 Legal and Regulatory Recipients

We may disclose personal data where we believe in good faith that we are required or permitted to do so under applicable law, regulation, legal process, court order, or a lawful request from a public authority. We seek to review such requests and minimise any disclosure where reasonably possible.

We do not sell personal data.

7. International Data Transfers

Personal data may be processed in other countries where our service providers or partners operate. Where this occurs, we aim to ensure that such transfers are carried out in accordance with applicable data protection requirements and that appropriate measures are taken to protect the data.

8. Data Retention

We generally retain personal data for as long as we reasonably consider necessary for the purposes described in this Privacy Policy or as required by law.

  • Message Logs: Up to 365 days (configurable)
  • Account Data: For the active account period plus 90 days
  • Security Logs: Up to 365 days
  • Financial Records: Retained as required by law

9. Your Rights

You may have rights such as access, correction, deletion, objection, restriction, portability, and consent withdrawal, subject to law.

9.1 How to Exercise Your Rights

Email us at privacy@digitalbrandpartner.com.

9.2 Complaint Rights

You may contact Kominfo or relevant supervisory authorities.

10. Security Measures

We seek to implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, or misuse, taking into account our size, resources, and the nature of our services.

10.1 Technical Measures

  • Encryption of data in transit and at rest where appropriate
  • Access controls and authentication
  • Security monitoring
  • Regular software maintenance and updates

10.2 Organizational Measures

  • Role-based access
  • Confidentiality obligations
  • Staff privacy awareness guidance
  • Periodic internal policy reviews

11. Data Breach Notification

If a personal data breach occurs that may pose a risk to individuals, we will assess the incident and notify affected parties and authorities where required by applicable law.

12. Cookies and Tracking Technologies

We may use cookies for functionality and analytics where legally permitted.

13. Children’s Privacy

Our platform is not intended for individuals under 18.

We are not responsible for third-party privacy practices.

15. Changes to This Privacy Policy

We may update this policy and will update the “Last Updated” date accordingly.

This policy is designed to align with PDP-Law and GDPR where applicable.

17. Government & Law Enforcement Data Requests

We may disclose personal data to public authorities or law enforcement where we believe in good faith that we are required or permitted to do so under applicable law. We seek to review such requests and to limit disclosure to what we consider reasonably necessary.

18. Data Minimization Commitment

We aim to collect, use, retain, and disclose only the personal data that we reasonably consider necessary for lawful and clearly defined purposes.

19. Contact Us

PT Mitra Brand Digital
Email: privacy@digitalbrandpartner.com
Phone: +628111807240