INFORMASI PEMROSESAN DATA PRIBADI AKSES MASUK LINGKUNGAN/KANTOR/GEDUNG BANK MANDIRI

By entering or requesting access to Bank Mandiri’s office/building/premises, you acknowledge that Bank Mandiri may carry out the following personal data processing activities including:
1.    Requesting your identification card such as Identity Card (KTP), Driver’s License, and/or Passport.
2.    Taking a photograph of your face for facial recognition purposes.
3.    Storing your identification card and/or facial photograph during your presence within the Bank Mandiri office/building/premises or as long as it is necessary for security purposes.
4.    Deleting or destroying copies of the data you have provided once the retention period has expired and such copies are no longer used for the security purposes of the Bank Mandiri office/building/premises.

We only process personal data contained in the identification cards you submit as described in Section I and/or facial photographs (facial recognition) that we capture.

The personal data processing activities described in Section I are conducted solely for the purpose of risk mitigation, visitor identification, and supporting security measures to prevent, protect against, and address any form of disturbance, threat, or loss related to the secured objects in the Bank Mandiri office/building/premises.

We conduct personal data processing strictly in compliance with the following provisions:
1.    Law No. 27 of 2022 on Personal Data Protection:
a. Article 20 paragraph (2) letter f, regarding the processing of personal data based on the legitimate interests while considering the purpose, necessity, and balancing the interests of the Personal Data Controller.
b. Article 39 concerning the prevention of unauthorized access to personal data.
2.    Law No. 7 of 1992 on Banking (as amended most recently by Law No. 6 of 2023 regarding the Establishment of Government Regulation in Lieu of Law on Job Creation into Law), Article 40 paragraph (1), related to the obligation of the Bank to maintain the confidentiality of information regarding depositors and their deposits.
3.    Financial Services Authority Regulation No. 18 of 2016 concerning Implementation of Risk Management for Commercial Banks, including Article 4 requiring banks to implement Risk Management for all risks and Article 11 paragraph (4) requiring banks to perform risk control processes to manage specific risks that could endanger the Bank’s business.

We understand and respect your rights as the Personal Data Subject, including:
1.    Informing you about the processing of personal data related to access to Bank Mandiri’s office/building/premises as outlined in this document.
2.    Requesting your consent in advance for any requests for data such as identification cards and facial recognition photographs.
3.    Not using the data obtained through these activities for purposes other than the security needs described in Section III.
4.    Accommodating the requests for Personal Data Subject rights in accordance with Law No. 27 of 2022 on Personal Data Protection following the applicable procedures.

This information is provided as a form of transparency to you as the Personal Data Subject and to fulfill the requirements of Law No. 27 of 2022 on Personal Data Protection. Should you have any further questions, please contact our Personal Data Protection Officer at the following address:

PT BANK MANDIRI (PERSERO) TBK
DATA PROTECTION & FRAUD RISK GROUP
Menara Mandiri II 28th Floor
Jl. Jend. Sudirman Kav 54-55
Senayan, South Jakarta City
DKI Jakarta, Indonesia
Postal Code 12190
EMAIL: pdp.office@bankmandiri.co.id