Privacy Policy
Quick Navigation
Introduction
Choose section you want to read!
Quick Navigations
Introduction
Legal Basis for Data Processing
Data We Collect
Purposes of Data Processing
Data Storage and Retention
Data Security
Data Breach Notification
Sharing Data with Other Parties
Cross-Border Data Transfers
Cookies
User Rights over Personal Data
Data of Underage Users
Records of Processing Activities
Changes to the Privacy Policy
Contact Us
Introduction
Golrox.com ("Golrox" or "We") respects and protects the privacy of its users. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Platform.
This Privacy Policy is drafted under and subject to applicable personal data protection regulations.
This Privacy Policy constitutes an inseparable part of the Golrox Terms and Conditions. By using the Platform, you acknowledge that you have read, understood, and agreed to this policy.
Legal Basis for Data Processing
We process your personal data based on one or more of the following legal bases:
1.
Consent: You provide explicit consent when registering and agreeing to this Privacy Policy
2.
Performance of Contract: Processing is necessary to fulfill your orders and provide the services you request
3.
Legal Obligation: Processing is necessary to comply with applicable legal obligations, including retention of transaction data
4.
Legitimate Interest: Processing is necessary to maintain Platform security, prevent fraud, and improve our services
Data We Collect
Data You Provide
When registering or transacting, you provide information such as:
1.
Email address
2.
WhatsApp number
3.
Destination username
4.
Other information required to process orders
Automatic Technical Data
Our systems automatically record basic information when you access the Platform, including:
1.
IP address
2.
Device type and operating system
3.
Browser type and version
4.
Pages visited and access times
5.
General location data (based on IP)
Payment Data
We receive payment status confirmations from third-party payment service providers to process your orders. Golrox does not directly store credit/debit card data or bank account information.
Purposes of Data Processing
We use your data for the following purposes:
1.
Processing your orders according to the product category purchased
2.
Verifying identity for transaction security
3.
Providing assistance through customer service
4.
Sending order status updates and service information
5.
Improving the user experience on the Golrox marketplace
6.
Detecting and preventing fraud, abuse, and illegal activities
7.
Fulfilling applicable legal and regulatory obligations
8.
Preparing aggregated analyses and statistics (which do not identify individuals) for service development
Data Storage and Retention
Your personal data is stored on servers that meet adequate data protection standards.
Our data retention periods are as follows:
1.
Financial transaction data: at least 10 (ten) years from the date of the transaction, in accordance with applicable provisions
2.
Active account data: for the duration of the active account plus 1 (one) year after deactivation
3.
Technical data and logs: 90 (ninety) days from the date of recording
4.
Other non-financial data: at least 5 (five) years, in accordance with applicable provisions
After the retention period ends, data will be deleted or anonymized so that it can no longer identify individuals.
Data Security
We implement reasonable technical and organizational security measures to protect your data, including:
1.
Data encryption during transmission (SSL/TLS)
2.
Role-based access control
3.
Periodic security reviews
4.
Data security training for teams handling personal data
We continuously strive to improve security measures in line with technological developments to maintain the protection of your data.
Data Breach Notification
In the event of a security incident that may potentially affect your personal data, we will:
1.
Notify you and the supervisory authority no later than 3 x 24 hours after the incident is discovered
2.
Explain the types of data affected
3.
Provide the incident chronology and the mitigation steps that have been and will be taken
4.
Provide recommended actions you can take to protect yourself
Sharing Data with Other Parties
We do not sell, rent, or trade your personal data. Data is only shared with the following parties on clear grounds:
1.
Payment service providers: to process your transactions. These parties are bound by a Data Processor Agreement that requires them to protect your data to a standard equivalent to ours
2.
Technology service providers: to support Platform operations (hosting, analytics), with the same confidentiality obligations
3.
Authorities: where required by law, court order, or official request from authorized government agencies
4.
Professional advisors: including legal counsel and accountants, who are bound by professional confidentiality obligations
Cross-Border Data Transfers
In the event that your personal data needs to be transferred to another jurisdiction (for example through payment service providers or hosting), we ensure that:
1.
The destination of the transfer has adequate personal data protection standards; or
2.
There are adequate contractual arrangements in place to protect your data
User Rights over Personal Data
In accordance with applicable data protection regulations, you have the following rights over your personal data:
1.
Right of Access: To know and obtain a copy of the personal data we process about you
2.
Right of Rectification: To update or correct your personal data that is inaccurate or incomplete
3.
Right to Erasure: To request deletion of your personal data, subject to legal retention obligations
4.
Right to Object to Processing: To object to the processing of your personal data for certain purposes
5.
Right to Withdraw Consent: To withdraw consent previously given for the processing of your data
6.
Right to Portability: To request that your personal data be transferred to another data controller in a machine-readable format
7.
Right to Object to Automated Decisions: To object to decisions made solely by automated means that significantly affect you
8.
Right to Lodge a Complaint: To lodge a complaint with the personal data protection supervisory authority if you feel your rights have been violated
To exercise the rights above, visit golrox.com/pusat-bantuan. We will process your request within a maximum of 14 (fourteen) business days.
Data of Underage Users
For users under 18 years of age, use of the service is deemed to have obtained consent from a parent or guardian. Parents or guardians are responsible for all activities and data provided by children under their supervision. Parents or guardians may submit requests for access, correction, or deletion of their child's data through our contact channels.
Records of Processing Activities
Golrox maintains records and documentation of all personal data processing activities, including the types of data processed, purposes of processing, recipients of the data, and security measures applied. These records are available for inspection by authorized supervisory authorities.
Changes to the Privacy Policy
This Privacy Policy may be updated from time to time to accommodate changes in services, technology, or regulations. Material changes will be notified to Users via email or Platform notifications at least 14 (fourteen) days before they take effect. The latest version is always available on this page.
Contact Us
For questions, requests, or complaints related to your personal data, visit our help center at golrox.com/pusat-bantuan. We are committed to responding to every request regarding personal data within a maximum of 14 (fourteen) business days.