Granofil
LEGAL DOCUMENT

Privacy Policy

Effective date: 1 January 2026. This policy applies to the Granofil website at granofil.info and all associated digital correspondence.

1. Data Controller

Granofil is the data controller for personal information collected through this website. The studio is based in Jakarta, Indonesia. Contact address: Jl. Latuharhary No. 23, 10310 Jakarta, Indonesia. Contact email: [email protected]. Telephone: +62 21 8207 1493.

2. Information We Collect

Granofil collects personal information only when you actively provide it. This occurs in the following circumstances:

  • Contact form submissions: name, email address, and the content of your message.
  • Email correspondence: email address and any information contained in the email.
  • Technical data collected automatically: IP address, browser type, operating system, referring URL, pages visited, and session duration. This data is collected via cookies and analytics tools. See the Cookie Policy for details.

Granofil does not collect sensitive personal categories such as identity numbers, financial information, or personal health records through this website.

3. How We Use Your Information

Personal data collected by Granofil is used for the following purposes:

  • To respond to enquiries submitted via the contact form or by email.
  • To fulfil requests for composition documentation or wholesale information.
  • To improve the performance and usability of this website using aggregated, anonymised analytics data.
  • To comply with applicable Indonesian legal requirements for data retention.

Granofil does not use personal data for automated decision-making, profiling, or targeted advertising. Data is not sold to third parties.

4. Legal Basis for Processing

Processing of personal data by Granofil is based on one or more of the following grounds under applicable data protection law:

  • Consent: Where you have provided explicit consent, for example by submitting the contact form or accepting non-essential cookies.
  • Legitimate interests: For operational analytics and website security, where the processing does not override your rights and freedoms.
  • Legal obligation: Where retention of data is required by applicable Indonesian law.

5. Data Sharing and Third Parties

Granofil shares personal data only where necessary for the operation of this website or where required by law. Categories of third parties who may process data on our behalf include:

  • Hosting provider: The web hosting service where this website is hosted stores server logs that may include IP addresses and session data.
  • Analytics provider: Anonymised usage data may be processed by a third-party analytics service. No personally identifying data is shared with analytics services.
  • Email service: Messages sent via the contact form are transmitted through our email infrastructure.

No personal data is transferred to countries outside Indonesia except where the applicable service operates under equivalent data protection standards. No data is sold to marketing companies or brokers.

6. Data Retention

Personal data submitted through the contact form is retained for a period of two years from the date of receipt, after which it is securely deleted. Server and access logs are retained for a maximum of 12 months. Anonymised analytics data may be retained indefinitely in aggregate form.

You may request deletion of your personal data at any time by contacting [email protected].

7. Your Rights

Subject to applicable Indonesian data protection law, you have the following rights in relation to your personal data held by Granofil:

  • Right of access: to request a copy of the personal data held about you.
  • Right of rectification: to request correction of inaccurate data.
  • Right of erasure: to request deletion of your personal data, subject to legal retention obligations.
  • Right to withdraw consent: to withdraw any previously given consent at any time.
  • Right to lodge a complaint: with the relevant data protection authority in Indonesia.

To exercise any of these rights, contact Granofil at [email protected]. Requests will be acknowledged within five working days.

8. Cookies

This website uses cookies. For a full description of the cookies used, their purpose, and how to manage your preferences, please see the Cookie Policy.

9. Security

Granofil implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. This website is served over HTTPS. Contact form submissions are transmitted using encrypted connections. No system can guarantee absolute security; Granofil will notify affected individuals promptly if a data breach occurs that poses a risk to their rights.

10. Changes to This Policy

Granofil may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the policy was last revised. Continued use of this website after a revision constitutes acceptance of the updated policy. For material changes, Granofil will provide a visible notice on the website homepage.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact:

Granofil
Jl. Latuharhary No. 23
10310 Jakarta, Indonesia
[email protected]
+62 21 8207 1493