Naga Cybersecurity

PRIVACY NOTICE

This is notice for what data we collect, use, and share, and our responsibility towards it

Who are we and what we do

Naga Cybersecurity is the next stage in the development of Cybersecurity Consulting and Protection Management. We have a foundation based on over 30 years of securing Enterprise Worldwide. We help your organization understand what is new and how it impacts what is old or new in your business. We specialize in handling change across the trinity of Security: People, Technology, and Policy & Procedures.

Data we collect and how we get it

  • Information you provide to us
    Information you provide for us to subscribe to our services, may consisting Personal Data, as follows :
    • Contact details include name, email address, office address (for company), chat/email history, and phone number.
    • System details, such as OS type, number of systems, or server build information
    • Payment information, such as bank name, bank account number, bank account name
    • Class attendance details, such as attendee name, number of attendees, attendee position

We may also collect some other information from or about you, such as your interest, the product or program you purchased, demographic information, photographs, signature (on contract), or other data you provide.

  • Information collected for products and services

We may collect information about your interactions with the Products and Services as well as the devices on which the Products and Services are installed. In some cases, we automatically collect information about other devices connected to the same network as the device on which the Products and Services are installed.

    • Information about products and services you use
    • Information collected through our products and services, such as web analysis, internet protocol (IP) addresses, cookie identifiers, mobile carrier, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC addresses, Advertiser IDs, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, language preferences, battery level, on/off status, geolocation information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Products and Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Products and Services, and other actions taken through the use of the Products and Services such as preferences
    • When you use our Products and Services to protect your mobile device, we may collect geolocation data of the device on which the product is installed; and
    • Details about your internet, app, or network usage (including URLs or domain names of websites you visit, information about the applications installed on your device, or traffic data); performance information, crash logs, and other aggregate or statistical information.

To provide you with our Products and Services, including malware and spam detection, we may need to scan data from your files such as emails, attachments, email addresses, metadata, URLs, and traffic data. Please be assured that this data is only scanned by our tools for malware content and not read for contextual information nor is it stored.

We do not limit the ways in which we might use or share non-personal data because such non-personal information does not identify you.

  • Information from third parties
    We may receive information about you from other sources and combine it with the information we collect directly. Examples include updated delivery or payment information used to correct our records, purchase or redemption information, and customer support and enrollment information. Additionally, we may use third-party sources as part of our Know Your Customer (KYC) process and to better understand your needs and issues related to our solutions. This is to ensure we provide you with the most relevant and effective support and services. Rest assured, this information is used solely in relation to your interest in our solutions and for communication purposes. Any future data received from third parties about you will be obtained only with your prior consent.
  • Location information

Certain Products and Services may request permission to access your location. Where you grant this permission, we will collect information about your location using GPS, wireless, or Bluetooth technology. You can control access to precise location information through your mobile device settings. We also may look up your IP address to determine your general location.

How we use the information

  • For operational 

NCS operational:

When you install or use one of our Products and Services, it will run in the background of your device or environment to help predict threats and better protect you, your devices, and your information. For example, we may use the information to:

    • Analyze data sent to/from your device(s) to isolate and identify threats, vulnerabilities, viruses, suspicious activity, spam, and attacks, and communicate with you about potential threats;
    • Participate in threat intelligence networks, conduct research, and adapt Products and Services to help respond to new threats;
    • Encrypt data, lockdown a device, or backup or recover data;Check for Product and Service updates and create performance reports on our Products and Services, to ensure they are performing properly; and
    • Look for misuse of your data when you use our data loss prevention monitoring products.

NCS-NCA operational:

When you register for one of our Services, we will need some data from you to help us understand you better so that we can prepare, analyze or plan the best possible step for you. For example, we may use the information to :

    • Prepare classes, evaluate the competency or understanding of the participants, plan the best possible style of training/class or issue certificates.
    • Conduct health check or SMA and prepare a plan for compliance
    • To do our job as Virtual CISO, Cyber Security Consultancy, Cyber Resilience Program, or Data Protection Program

 

  • For business
    • Authenticate your identity and prevent fraud with your biometric data;
    • Analyze your behavior (in our website) to measure, customize, and improve our Site and Products and Services, including developing new security technologies, databases, products, and services;
    • Notify you of Supplier Products and Services that we think may be of interest to you;
    • Perform transactions, accounting, auditing, license management, billing, reconciliation, and payments, and collection activities;
    • Provide customer support, troubleshoot issues, manage subscriptions, and respond to requests, questions, and comments;
    • Promote and administer special events, programs, surveys, contests, sweepstakes, and other offers and promotions;
    • Conduct market, trend and consumer research and analyses;
    • Administer posting on our blogs, forums, and other public communications;
    • Prevent, detect, identify, investigate, and respond to potential or actual claims, liabilities, prohibited behavior, and criminal activity;
    • Comply with and enforce legal rights, requirements, agreements, and policies; and
    • With your consent.

Who we share information with

  • Third parties

We work with third parties to provide our products and services. These third parties may collect data about you from the data you provide to us or from your interactions with our products or sites. They use this information to help us in providing you with our products and services. Such as, providing protection, web or application analysis, measuring effectiveness of ads or our sites, system and network analysis to check compliance, providing cyber information, providing classes, and many more. See our Cookie Notice/Cookie Setting to learn more about how we and our advertising partners use tracking technologies like cookies and the choices available to you. You can opt out of having your information shared with third parties for those parties’ direct marketing purposes by sending email to our support containing a request to opt out.

  • Other uses

We may use Personal Data for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Data or with your consent.

Generally, we disclose the information we collect to provide the Products and Services, to communicate with you, to advertise or promote our Products and Services, to facilitate changes to or transfers of our business, as required by law, or with your consent.

We may share Personal Information in the following ways:

  • With current and future members of our family of companies for the purposes described in this Notice;
  • With service providers who perform services for us;
  • If we believe disclosure is necessary and appropriate to prevent physical, financial, or other harm, injury, or loss, including to protect against fraud or credit risk;
  • To legal, governmental, or judicial authorities as instructed or required by those authorities and applicable laws, or in relation to a legal activity, such as in response to a subpoena or investigation of suspected illicit or illegal activities, or where we believe in good faith that users may be engaged in illicit or illegal activities, or where we are bound by contract or law to enable a customer or business partner to comply with applicable laws;
  • In connection with, or during negotiations for, an acquisition, merger, asset sale, or other similar business transfer that involves all or substantially all our assets or functions where Personal Data is transferred or shared as part of the business assets (provided that such party agrees to use or disclose such Personal Data consistent with this Notice or gains your consent for other uses or disclosures);
  • With your consent or at your direction, such as when you choose to share information or publicly post content and reviews (for example, social media posts);
  • With persons of your choosing and at your discretion, should the product you are subscribed to allow that functionality; and
  • With third parties we may also share de-identified or aggregated data that does not identify you.

The existence or not of a data transfer to a country outside Indonesia

We transfer data outside the territory of Indonesia for the purpose of providing products and services. However, we ensure that these transfers are carried out with these manner :

  • The country where the domicile of the Personal Data Controller and/or Personal Data Processor who receives the transfer of Personal Data has a level of Personal Data Protection Equivalent or higher than that stipulated in the law.
  • If the above conditions are not met, we ensure that there is adequate and binding Personal Data Protection.
  • If the 2 conditions above are not met, we will ask for the consent of the Personal Data Subject.

How we protect your information

We collect as minimal data as possible with only collected data used for our operational and business needs. As for protection required by PDPL, we use DLP (Data Loss Prevention) and do access control over the data we store. We only use trusted platforms to exchange information, and install endpoint security to prevent unauthorized access to our systems. Encryption is also used to make sure the data can only be read by the intended receiver, we also use a secured data channel.

Your rights

  • Personal Data Subject Rights by PDPL

In accordance with PDPL, you may have the right to: (i) request confirmation of whether we are processing your Personal Data; (ii) obtain access to or a copy of your Personal Data; (iii) receive a portable copy of your Personal Data, or ask us to send that information to another organization (the “right of data portability”); (iv) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Data; (v) restrict or withdraw consent of our processing of your Personal Data; (vi) object to our processing of your Personal Data; and (vii) request erasure of Personal Data about held you by us, subject to certain exceptions prescribed by law.

 

If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we may take steps to verify your identity before fulfilling your request. For some requests and where permitted by law, an administrative fee may be charged. We will advise you of any applicable fee prior to performing your request.

How long we retain information

We will keep your Personal Data for the minimum period necessary and some data will be kept according to the applicable law in Indonesia. Other than that, we will erase your personal data when :

  • We don’t have any need in processing it anymore
  • If it past the retention period (depends on the information and the applicable law)
  • When you ask for erasure, or retract your permission for processing

Personal Data Act Applied

Indonesia PDPL

Who is responsible for data protection

The data controller in this Notice is PT. DNA. If you find any issue, feel free to contact our privacy or legal representative through the following contacts :
Email : contactus@nagacybersecurity.com
Signal : +62 811-2651-615