Effective Date: 10.10.2025

Nusantara Toko (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our website, mobile apps, or related services (“Services”).

By using our Services, you consent to the practices described in this Policy.

1. Who We Are

Nusantara Toko is operated by its registered legal entities in Indonesia and the European Union. References to “we”, “our” or “us” mean these entities collectively.

2. Data We Collect

We may collect the following types of data when you interact with our Services:

  • Identity Data: name, username, date of birth

  • Contact Data: address, email, phone number

  • Transaction Data: order details, payments, refunds, shipping information

  • Technical Data: IP address, browser type, device information, cookies

  • Usage Data: interactions with our website, preferences, browsing patterns

  • Marketing Data: communication preferences, newsletter subscriptions

We do not collect sensitive personal data (e.g., religion, health data) unless explicitly required by law.

3. How We Use Your Data

We process your personal data only where lawful. Typical uses include:

  • Contract Performance: to process your orders, payments, and deliveries

  • Legal Compliance: to meet tax, customs, and consumer law obligations

  • Legitimate Interests: to improve Services, prevent fraud, manage logistics

  • Consent: for marketing emails, newsletters, or optional features

4. Sharing Your Data

We may share data with:

  • Service Providers: payment processors, logistics/shipping companies, IT hosting providers

  • Legal Authorities: if required by law or regulatory bodies

  • Business Transfers: in case of merger, acquisition, or restructuring

We never sell your personal data.

5. International Data Transfers

Because we operate from Indonesia and the EU, your data may be transferred internationally.

  • For EU customers: transfers outside the EU comply with GDPR safeguards (e.g., Standard Contractual Clauses).

  • For Indonesian customers: transfers outside Indonesia comply with the PDP Law’s cross-border rules.

6. Data Retention

We keep your data only as long as necessary to:

  • Fulfill orders and services

  • Meet accounting, tax, and legal obligations

  • Handle disputes, warranties, and fraud prevention

Once data is no longer needed, it will be securely deleted or anonymized.

7. Your Rights

EU Customers (GDPR)

You have the right to:

  • Access, correct, or delete your personal data

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

  • File a complaint with your local Data Protection Authority

Indonesia Customers (PDP Law)

You have the right to:

  • Access and obtain a copy of your data

  • Correct inaccurate data

  • Request deletion of your data

  • Withdraw consent to data processing

  • File complaints with the Ministry of Communications and Informatics (Kominfo)

Global Customers

We extend similar rights to all customers, regardless of location.

8. Cookies & Tracking

Our Services use cookies and similar technologies to:

  • Remember preferences

  • Analyze traffic and improve site performance

  • Support secure login and checkout

  • Deliver personalized ads (where consented)

You can manage or disable cookies in your browser settings.

9. Security

We apply industry-standard security measures to protect your personal data, including:

  • Encryption (SSL/TLS) for transactions

  • Access controls and authentication systems

  • Regular monitoring for vulnerabilities

No system is 100% secure, but we take all reasonable steps to minimize risks.

10. Children’s Privacy

Our Services are not intended for individuals under 18 years old. We do not knowingly collect data from minors.

11. Third-Party Services

We may use third-party tools and processors such as:

  • Payment processors (e.g., Stripe, Midtrans, PayPal)

  • Analytics providers (e.g., Google Analytics)

  • Shipping carriers (e.g., DHL, FedEx, JNE, Pos Indonesia)

Each third party processes data under its own privacy policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: compliant@nusantaratoko.com
Indonesia Office Address: Jln. Ida Bagus Mantra 110, Denpasar-Bali, Indonesia
EU Office Address: Sarmenstorf, Aargau, Switzerland

If required, you may also contact a Data Protection Officer (DPO) once appointed.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our business practices. Updates will be posted on this page with a new “10.10.2025”