Privacy Policy

Effective Date: February 10, 2026 Last Updated: February 10, 2026

Who we are

PT Kahf Teknologi Mandiri (“we,” “us,” or “our”) operates the Koala mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

BY USING THE APP, YOU AGREE TO THE COLLECTION AND USE OF INFORMATION IN ACCORDANCE WITH THIS POLICY.

1. INFORMATION WE COLLECT

Personal Information You Provide When you use the Koala App, we collect the following personal information:

Employee Master Data:

  • Employee ID/Number
  • Full name (first name, last name)
  • Date of birth
  • Gender
  • Employment status (active, inactive, terminated)
  • Hire date and termination date (if applicable)
  • Profile photograph

Contact Information:

  • Phone numbers (personal, work, emergency contact)
  • Email addresses (personal, work)
  • Physical addresses (ID address, current address, emergency address)

Professional Information:

  • Job title and position
  • Department and organizational unit
  • Reporting relationships
  • Work location
  • Employment contract details
  • Previous employment history

Financial Information:

  • Salary and compensation data
  • Bank account details (bank name, account number, account holder name)
  • Tax information (NPWP – Indonesian Tax ID, PTKP status)
  • Payslip documents
  • Tax reports (Form 1721-A1)
  • Recurring and additional payment details
  • Deductions and allowances

Government IDs and Legal Documents:

  • National ID (KTP) number
  • Passport number
  • Driver’s license (SIM) number
  • BPJS Ketenagakerjaan (social security) ID
  • Work permit information

Family and Dependent Information:

  • Spouse information (name, birth date, occupation)
  • Children information (name, birth date, gender)
  • Family member relationships
  • Emergency contact details

Educational Background:

  • Educational qualifications and degrees
  • Certifications and training
  • Institution names and graduation dates

Company Assets:

  • Assigned equipment and assets on loan
  • Asset IDs and descriptions

Learning and Development Data:

  • Training materials accessed
  • Quiz and assessment results
  • Performance rankings and scores
  • Onboarding completion status

Authentication Credentials:

  • Username/email for login
  • Encrypted password
  • Session tokens

Self-Service Requests:

  • Data change requests submitted by employees
  • Approval history and comments

1.2 Information Automatically Collected

Device and Usage Information:

  • Device type and operating system
  • App version
  • Login timestamps and session duration
  • Features and screens accessed within the app
  • Error logs and crash reports

Network Information:

  • IP address (not persistently stored)
  • Network connection type

1.3 Information We Do NOT Collect We do not collect:

  • Precise GPS location data
  • Contacts from your device
  • Camera or microphone access (except when you voluntarily upload photos)
  • SMS or call logs
  • Data from other apps on your device

2.HOW WE USE YOUR INFORMATION

We use the collected information for the following purposes:

2.1 Core HR Functions

  • Personnel Administration: Managing employee records, employment lifecycle, and organizational assignments.
  • Payroll Processing: Calculating and distributing salary, generating payslips, and managing tax reports.
  • Organization Management: Maintaining organizational structure, reporting relationships, and position assignments.
  • Performance Management: Tracking employee development, training completion, and assessment results.

2.2 Authentication and Security

  • Authenticating user identity and maintaining secure sessions.
  • Implementing role-based access control.
  • Preventing unauthorized access to sensitive HR data.
  • Enforcing password security policies.

2.3 Communication and Notifications

  • Sending important announcements and company updates.
  • Notifying employees about payslip availability.
  • Alerting about pending data change requests.
  • Facilitating approval workflows.

2.4 Service Improvement

  • Analyzing app usage patterns to improve user experience.
  • Troubleshooting technical issues and bugs.
  • Developing new features based on user needs.

2.5 Legal Compliance

Responding to legal requests and government authorities when legally obligated.

Complying with Indonesian labor laws and tax regulations.

Fulfilling employment contract obligations.

Maintaining accurate records as required by law.

3.LEGAL BASIS FOR PROCESSING

We process your personal information based on:

  • Employment Contract: Processing is necessary to fulfill our employment relationship.
  • Legal Obligation: Required for tax reporting, social security, and labor law compliance.
  • Legitimate Interest: Improving HR operations and maintaining organizational efficiency.
  • Consent: Where explicitly obtained for specific processing activities.

4.DATA SHARING AND DISCLOSURE

4.1 Within Your Organization Your information is shared with:

  • Human Resources Department: Full access to manage employee data.
  • Direct Managers: Access to subordinates’ information as needed for management purposes.
  • Payroll Administrators: Access to financial and compensation data.
  • System Administrators: Technical access for system maintenance.
  • Authorized Colleagues: Limited information visible in organizational charts.

4.2 Third-Party Service Providers We may share information with:

  • Cloud Hosting Providers: For secure data storage and application hosting.
  • Email Service Providers: For sending system notifications.
  • IT Security Services: For protecting against cyber threats.

4.3 Legal and Regulatory Authorities We may disclose information when required by Indonesian law, including tax authorities, labor authorities, and social security administrators (BPJS).

4.4 Business Transfers In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice and ensure continued protection.

4.5 We Do NOT:

Use your data for unrelated commercial purposes.

Sell your personal information to third parties.

Share data with advertisers or marketing companies.

5.DATA SECURITY

We implement industry-standard security measures:

Organizational Safeguards: Role-based access control, mandatory password changes, and regular security audits.

Technical Safeguards: Encryption (bcrypt), JWT Authentication, HTTPS/TLS, and PostgreSQL access controls.

6.DATA RETENTION

We retain your personal information during employment and for a minimum of 5 years after termination (required by Indonesian labor law) or 10 years for tax-related documents.

7.YOUR RIGHTS

Under Indonesian law, you have the right to:

  • Access your data via “My Profile”.
  • Rectify inaccurate data.
  • Object to certain processing activities.
  • Request data portability.
  • Withdraw consent.
  • Complain to the relevant authority.

To exercise these rights, contact: it-support@kahfmandiri.co.id.

8. CHILDREN’S PRIVACY The Koala App is for employees only. We do not knowingly collect information from individuals under 18 years of age.

9. INTERNATIONAL DATA TRANSFERS Your data is primarily stored in Indonesia. International transfers (e.g., cloud hosting) are protected by adequate safeguards.

10. THIRD-PARTY LINKS We are not responsible for the privacy practices of external websites linked within the App.

11. CHANGES TO THIS PRIVACY POLICY Significant changes will be communicated via in-app notifications or email.

12. CONTACT INFORMATION

PT Kahf Teknologi Mandiri Data Protection Officer Email: it-support@kahfmandiri.co.id Address: Menara 165 Lantai 4. Jl TB Simatupang Kav. 1 Cilandak Timur, Pasar Minggu, Jakarta Selatan 12650 Website: https://kahfmandiri.co.id/?page_id=3

13. DATA PROTECTION COMPLIANCE This policy complies with Indonesian Law No. 27 of 2022 (UU PDP), Google Play Developer Policy, and relevant labor/tax laws.

14. CONSENT By using the Koala App, you acknowledge that you have read, understood, and consented to this Privacy Policy.