Last Updated: January 28, 2025
Effective Date: January 28, 2025
Policy Version: 1.0
1. Introduction
Welcome to Bali Nomad Living. We are committed to protecting your privacy and ensuring transparency
about how we collect, use, and protect your personal data. This Privacy Policy explains our practices
in accordance with the General Data Protection Regulation (GDPR), Indonesian Personal Data Protection
Law, and other applicable privacy regulations.
By using our website, services, or contacting us, you acknowledge that you have read and understood
this Privacy Policy and consent to the processing of your personal data as described herein.
2. Data Controller Information
3. What Data We Collect
We collect different types of personal data depending on how you interact with our services:
3.1 Information You Provide Directly
| Data Type |
Examples |
Collection Method |
Purpose |
| Contact Information |
Name, email address, phone number |
Contact forms, consultation bookings |
Communication, service delivery |
| Project Information |
Model interest, location, budget, timeline |
Consultation forms, project inquiries |
Project planning, quotations |
| Communication Data |
Messages, call recordings, chat logs |
WhatsApp, email, phone calls |
Customer support, record keeping |
| Financial Information |
Payment details, financing preferences |
Payment processing, financing applications |
Transaction processing, credit assessment |
3.2 Information Collected Automatically
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent, click patterns, referral sources
- Location Data: General geographic location (country/city level)
- Cookie Data: Preferences, session information, analytics data
3.3 Information from Third Parties
- Calendly: Appointment scheduling data, meeting preferences
- EmailJS: Email delivery status, engagement metrics
- Google Maps: Location data for showroom visits
- Social Media: Public profile information if you interact with our social accounts
4. How We Use Your Data
We process your personal data for the following purposes:
4.1 Primary Business Purposes
- Service Delivery: Providing modular home design, construction, and installation services
- Customer Communication: Responding to inquiries, providing updates, technical support
- Project Management: Planning, scheduling, and executing your modular home project
- Financial Processing: Processing payments, managing financing arrangements
4.2 Marketing and Communication
- Direct Marketing: Sending information about our services, new models, special offers
- Newsletter: Providing updates about sustainable living, company news
- Event Invitations: Inviting you to showroom visits, webinars, industry events
4.3 Website and Service Improvement
- Analytics: Understanding website usage, improving user experience
- Performance Monitoring: Ensuring website functionality and security
- A/B Testing: Testing different website versions to improve conversion rates
4.4 Legal and Compliance
- Legal Obligations: Complying with Indonesian and international laws
- Contract Performance: Fulfilling our contractual obligations
- Dispute Resolution: Resolving customer complaints or legal disputes
5. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
Legal Bases for Data Processing:
- Consent (Article 6(1)(a)): Marketing communications, cookies, newsletter subscriptions
- Contract Performance (Article 6(1)(b)): Service delivery, project management, payment processing
- Legitimate Interest (Article 6(1)(f)): Website analytics, security, business development
- Legal Obligation (Article 6(1)(c)): Tax records, anti-money laundering compliance
- Vital Interest (Article 6(1)(d)): Emergency situations, health and safety
6. Data Sharing and Disclosure
We may share your personal data with the following categories of recipients:
6.1 Service Providers
- EmailJS: Email delivery and communication services
- Calendly: Appointment scheduling and calendar management
- Google Services: Analytics, Maps, Cloud Storage
- Netlify: Website hosting and content delivery
- ImageKit: Image optimization and delivery
6.2 Business Partners
- Local Contractors: Site preparation, utility connections, local services
- Shipping Companies: International delivery and logistics
- Financial Institutions: Payment processing, financing arrangements
- Legal Advisors: Property law, international trade compliance
6.3 Legal Requirements
- Government Authorities: Tax authorities, customs, regulatory bodies
- Law Enforcement: When required by law or court order
- Legal Proceedings: In case of disputes or legal claims
Data Protection Measures:
All third parties are contractually bound to protect your data and use it only for specified purposes.
We conduct due diligence on all service providers to ensure adequate data protection standards.
7. Data Storage and Security
7.1 Security Measures
- Encryption: All data transmitted using SSL/TLS encryption
- Access Controls: Role-based access with multi-factor authentication
- Regular Backups: Automated backups with encryption at rest
- Security Monitoring: 24/7 monitoring for suspicious activities
- Staff Training: Regular privacy and security training for all employees
7.2 Data Storage Locations
- Primary Storage: Secure cloud servers in the European Union
- Backup Storage: Encrypted backups in multiple geographic locations
- Local Storage: Minimal data stored locally in Indonesia for operational purposes
7.3 Data Breach Response
In the unlikely event of a data breach, we will:
- Notify relevant supervisory authorities within 72 hours
- Inform affected individuals without undue delay
- Take immediate steps to contain and remedy the breach
- Conduct a thorough investigation and implement preventive measures
8. Cookies and Tracking
Our website uses cookies and similar technologies to enhance your browsing experience:
8.1 Cookie Categories
| Category |
Purpose |
Consent Required |
Retention Period |
| Strictly Necessary |
Essential website functionality, security |
No (legitimate interest) |
Session/1 year |
| Analytics |
Website usage statistics, performance monitoring |
Yes |
2 years |
| Marketing |
Personalized advertising, campaign tracking |
Yes |
1 year |
| Preferences |
Language settings, display preferences |
Yes |
1 year |
8.2 Managing Cookies
You can control cookies through:
- Cookie Banner: Manage preferences when you first visit our site
- Cookie Settings: Update preferences anytime via the footer link
- Browser Settings: Configure cookie preferences in your browser
- Opt-out Tools: Use industry opt-out tools for advertising cookies
9. Your Rights Under GDPR
As a data subject, you have the following rights regarding your personal data:
Right of Access (Article 15)
Request a copy of the personal data we hold about you, including information about processing purposes and recipients.
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Article 17)
Request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.
Right to Restrict Processing (Article 18)
Request limitation of processing your personal data in specific situations, such as when you contest its accuracy.
Right to Data Portability (Article 20)
Request transfer of your personal data to another service provider in a structured, machine-readable format.
Right to Object (Article 21)
Object to processing of your personal data for direct marketing or other purposes based on legitimate interest.
9.1 Exercising Your Rights
To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within one month, or inform you if we need additional time (up to three months for complex requests).
9.2 Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with:
- EU Residents: Your local data protection authority
- Indonesian Residents: Ministry of Communication and Information Technology
- Other Jurisdictions: Your local privacy regulator
10. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy:
| Data Type |
Retention Period |
Legal Basis |
| Contact inquiries (no project) |
2 years |
Legitimate interest |
| Customer project data |
7 years after project completion |
Legal obligation, warranty claims |
| Financial records |
10 years |
Legal obligation (tax law) |
| Marketing communications |
Until consent withdrawn |
Consent |
| Website analytics |
26 months |
Legitimate interest |
| Cookie consent records |
1 year after consent withdrawal |
Legal obligation |
10.1 Automated Deletion
We have implemented automated systems to delete personal data when retention periods expire, ensuring compliance with data minimization principles.
11. International Data Transfers
As an international business, we may transfer your personal data outside your country of residence:
11.1 Transfer Safeguards
- Adequacy Decisions: Transfers to countries with adequate data protection (EU, UK, etc.)
- Standard Contractual Clauses: EU-approved contracts for transfers to other countries
- Binding Corporate Rules: Internal policies ensuring consistent data protection
- Certification Schemes: Transfers to certified organizations with adequate protection
11.2 Specific Transfer Scenarios
- EU to Indonesia: Standard Contractual Clauses with additional safeguards
- Cloud Storage: Data stored in EU with encrypted backups globally
- Service Providers: All international providers bound by data protection agreements
12. Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16.
If You Are a Parent or Guardian:
If you believe your child has provided personal data to us, please contact us immediately. We will take steps to remove such information and terminate any accounts created by children under 16.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
13.1 Notification of Changes
- Material Changes: We will notify you by email or prominent website notice
- Minor Changes: Updated policy will be posted with a new "Last Updated" date
- Consent Required: For changes requiring new consent, we will seek your explicit agreement
13.2 Version History
Previous versions of this policy are available upon request for transparency and compliance purposes.