Kebijakan Privasi Nasabah

PRIVACY POLICY ON INDIVIDUAL CUSTOMER
PT BANK MANDIRI (PERSERO) Tbk

Valid from: 5 June 2026

Welcome to our Privacy Policy. We want to provide you with clarity and certainty about how we collect, use, and protect your personal information. By reading this privacy policy, we hope that you feel calm and confident that your privacy is our top priority.

In this Privacy Policy, we state that PT Bank Mandiri (Persero) Tbk (hereinafter referred to as "Bank Mandiri") as the Personal Data Controller, will strive to provide security and protection for your convenience in transactions.

We highly prioritize the security of your Personal Data. With full responsibility, this Privacy Policy explains in detail the definition, type, legality, and purpose of processing Personal Data. In addition, we explain the control and transfer of Personal Data, the processing period, and the procedure for change in the Privacy Policy. We take all these steps with reference to Law Number 27 of 2022 concerning Personal Data Protection and its amendments, better known as the "PDP Law," as well as the applicable and relevant laws and regulations, so that you feel comfortable and confident in providing your Personal Data to us.

To clarify, the type, basis for processing, and purpose of processing your Personal Data may vary depending on the products, facilities, and/or services you use.

 

A. Definition of Personal Data

Personal Data is any data concerning an individual that is identified or can be identified independently or by combining it with other information directly or indirectly through electronic or non-electronic systems. The Personal Data processed includes Personal Data that you have provided and will provide to Bank Mandiri.

 

B. Types of Personal Data

Bank Mandiri realizes that it is important for you to know what categories and types of Personal Data you can process. The types of data include:

  • Personal profile identification data, i.e. full name, National Identity Number (NIK) for Indonesian Citizen (WNI) and Foreign Citizen (WNA) ID Cards, Taxpayer Identification Number (TIN), immigration documents, sex, nationality, place and date of birth, mother's maiden name, alias name/nickname, religion, voice recording, image recording, photograph, signature form (wet and/or electronic), and/or biometric data (including facial data, as well as other biometric data, in accordance with the applicable laws and regulations);
  • Correspondence data, i.e. address according to ID Card, address and domicile status, electronic mail address (email), telephone/mobile phone number, and emergency contact consisting of name, type of relationship with you, address, telephone/mobile phone number, and email;
  • Education and employment data, i.e. education level, type of employment, field of business, position, division, year of commencement of work/business, name of company/agency of workplace, address of workplace, employment status, and name, position, and telephone number of co-workers;
  • Family data, i.e. marital status, name of spouse, number of children, and number of dependents;
  • Financial data, i.e. account number, source of income, total income per month/year, total expenditure per month/year, transactional data, credit/financing data, data related to assets, data related to collateral, and taxation data) and service data from other financial services that you receive (i.e. insurance and custodians);
  • Digital activity data, i.e. geolocation, IP address, your activity in the Bank Mandiri application, and the interaction of the Bank Mandiri application with other applications on your electronic device; and/or
  • Data related to personal preferences, i.e. communication preferences, hobbies, and interests.

The Personal Data processed may be received by Bank Mandiri directly from you or through the third party.

 

C. Legal Basis for Processing

Basis for Processing
Personal Data processing is carried out as long as Bank Mandiri has fulfilled one or more of the following bases for processing:
  • Bank Mandiri has explicitly and legally obtained your consent;
  • Bank Mandiri exercises its rights and obligations under the agreement with you;
  • Bank Mandiri needs to exercise its authority or fulfill its obligations pursuant to the laws and regulations/orders from the authorized agencies;
  • Bank Mandiri needs to fulfill your vital interest;
  • Bank Mandiri needs to perform its duties for public interest and/or public services;
  • Bank Mandiri needs to fulfill other legitimate interests, by observing the balance between Bank Mandiri's interests and your rights.
Purpose of Processing Your Personal Data
The processing of your Personal Data is carried out by Bank Mandiri for the following purposes:
  • Management of Bank Mandiri products, facilities, and/or services, including profiling and scoring, to improve services for you and Bank Mandiri risk management.
  • Provision of Bank Mandiri promotions or programs that can collaborate with other parties for products and/or services that you already have.
  • Marketing and/or offer of products, facilities, and/or services of Bank Mandiri and/or other companies within the Mandiri Group and/or third parties that cooperate with Bank Mandiri, for products and/or services that you do not yet have.
  • Compliance with the laws and regulations and the orders from the regulators, the law enforcement officers, and other authorized agencies.
 

D. Control and Transfer of Personal Data

In processing your Personal Data, Bank Mandiri may involve third parties as joint controllers and/or processors of your Personal Data both within and/or outside Indonesia. In such cases, Bank Mandiri will protect your Personal Data in accordance with the laws and regulations.

Third Parties will only use your Personal Data to the extent necessary for the purposes set out in this Privacy Policy, including to assist the Bank in fulfilling its legal and regulatory compliance obligations (such as customer verification and identification processes).

Third Parties are required to retain your Personal Data in accordance with the agreement between Bank Mandiri and the relevant Third Party for the period necessary to fulfill the purposes set out in this Privacy Policy. Such retention period shall not exceed the retention period applied by Bank Mandiri, unless otherwise required by applicable laws and regulations.

The following categories of Third Parties may receive your Personal Data:

  • Government institutions/authorities;
  • Advisors or auditors;
  • Affiliates of Bank Mandiri;
  • Vendors providing goods and/or services to Bank Mandiri; and
  • Other parties cooperating with Bank Mandiri.
     

If Bank Mandiri transfers your Personal Data outside Indonesia, Bank Mandiri will reasonably ensure that the destination country of the transfer has an equal (or higher) level of Personal Data protection than the Personal Data protection in Indonesia.

In the event that the destination country of the Personal Data transfer does not have an equal (or higher) protection level, Bank Mandiri may continue to transfer your Personal Data as long as it complies with the laws and regulations.

 

E. Your Rights as a Personal Data Subject

Bank Mandiri certainly realizes that Personal Data is the most important asset for you. Therefore, here we inform you of the rights you have as a Personal Data Subject:

  • Right to Information and Access

    You have the right to obtain information regarding the identity of the party requesting your Personal Data, the purpose of the request, and access to a copy of your Personal Data. Bank Mandiri will provide access to this information through official Bank Mandiri means, such as Bank Mandiri branches or other channels, in accordance with the provisions of the laws and regulations and Bank Mandiri’s policies.

    You understand that in the event that you request a copy of your Personal Data information and/or details of the processing of your Personal Data, you may be charged by Bank Mandiri.

  • Right to Data Rectification

    You have the right to complete, update and/or rectify any incorrect or inaccurate Personal Data.

  • Right to Obtain, Use and/or Send Personal Data to Other Parties

    You have the right to obtain, utilize, or provide your Personal Data held by Bank Mandiri to third parties, as long as the communication system used by Bank Mandiri and the concerned Third Party is secure.

  • Right to Terminate the Processing, Delete and/or Destroy Personal Data

    You have the right to terminate the processing, delete and/or destroy your Personal Data. You agree to give Bank Mandiri time to process the termination of processing, deletion and/or destruction of your Personal Data to the extent that Bank Mandiri requires. To exercise the right to terminate the processing, deletion and/or destruction of Personal Data, you can contact Bank Mandiri through the communication means set out in point H of this Privacy Policy.

    To be understood, termination of processing, deletion and/or destruction of Personal Data may affect Bank Mandiri's ability to provide products, facilities, and services to you as well as the contractual relationship that has been made between Bank Mandiri and you or between Bank Mandiri and other third parties, including possibly resulting in the cessation of services you receive and/or termination of one or more of your agreements with Bank Mandiri and/or violation of one or more of your obligations under the agreement with Bank Mandiri.

    In this regard, termination of processing, deletion and/or destruction of Personal Data results in you giving Bank Mandiri the right to block your savings account, and/or declare that your debt and/or obligation to Bank Mandiri is due and collectible. Any losses arising from the implementation of your right to terminate processing, deletion and/or destruction of Personal Data are your responsibility.

    Bank Mandiri's obligation to delete and destroy your Personal Data is excluded for:

    • National defense and security interests;
    • Law enforcement interests;
    • Public interests in the context of state administration; or
    • Interests in supervising the financial services sector, monetary, payment systems, and financial system stability carried out in the context of state administration.
  • Right to Withdraw Consent

    You have the right to withdraw your consent for the processing of Personal Data that you have given to Bank Mandiri, and you agree to give Bank Mandiri additional time to process the termination of the processing of your Personal Data to the extent that Bank Mandiri requires. To exercise the right to withdraw consent, you can contact Bank Mandiri through the communication means set out in point H of this Privacy Policy.

    You need to understand that the withdrawal and rejection of consent may affect Bank Mandiri's ability to provide products, facilities, and services to you and manage the contractual relationship that has been made between Bank Mandiri and you or between Bank Mandiri and other third parties, including possibly resulting in the cessation of services you receive and/or the termination of one or more of your agreements with Bank Mandiri and/or a violation of one or more of your obligations under the agreement with Bank Mandiri.

    In this regard, the rejection and withdrawal of consent for the processing of Personal Data results in you giving Bank Mandiri the right to block your savings account, and/or state that your debt and/or obligations to Bank Mandiri are due and collectible. Any losses arising from the implementation of your right to withdraw consent for the processing of Personal Data are your responsibility.

  • Right to File an Objection Against the Results of Automatic Processing

    You have the right to file an objection against the results of automatic processing of your Personal Data that has legal consequences or has a significant impact on you, including profiling and/or credit scoring.

  • Right to Suspend or Restrict Processing

    You have the right to suspend or restrict the processing of your Personal Data in proportion to the purposes for which your Personal Data is processed. For the exercise of this right, you may contact Bank Mandiri through the communication means set out in point H of this Privacy Policy. You should understand that such request for delay or restriction of processing may affect Bank Mandiri's ability to provide products, services and services to you, as well as the contractual relationship that has been made between Bank Mandiri and you or between Bank Mandiri and other third parties including possibly resulting in the cessation of services you receive and/or the termination of one or more of your agreements with Bank Mandiri and/or the breach of one or more of your obligations under the agreement with Bank Mandiri.

    In this regard, the delay or restriction of the processing of Personal Data results in you giving Bank Mandiri the right to block your savings account, and/or state that your debt and/or obligations to Bank Mandiri are due and collectible. Any losses arising from the implementation of your right to delay or restrict the processing of Personal Data are your responsibility.

  • Other rights under the laws and regulations

    You have the right to submit other rights related to the processing of Personal Data as long as it is regulated in the applicable laws and regulations.

 

F. Period of Personal Data Processing

Bank Mandiri will process Personal Data since Bank Mandiri obtains the basis for processing. Bank Mandiri will continue to process it as long as you still use Bank Mandiri's products, facilities, and/or services or in accordance with the provisions of the applicable laws and regulations. Bank Mandiri may retain your Personal Data for a maximum period of 30 years after you cease using Bank Mandiri's products, services, and/or facilities, or for such longer or shorter period as may be required in accordance with applicable laws and regulations.

 

G. Amendment to the Privacy Policy

We are always committed to maintaining the security and privacy of your information. Therefore, we can update this Privacy Policy in accordance with the development of our practices in processing Personal Data and in accordance with the applicable laws and regulations. You can access the latest version of this Privacy Policy through our website at www.bankmandiri.co.id/kebijakan-privasi.

If there is an amendment to this Privacy Policy, we will provide information through Bank Mandiri's official communication means. Bank Mandiri is committed to ensuring that you feel safe and always informed about the protection of your privacy.

In addition, if any part of this Privacy Policy becomes unusable, it shall not affect the validity and enforceability of the remaining provisions. Thank you for your trust in Bank Mandiri.

 

H. Contact Bank Mandiri

Bank Mandiri is ready to assist and respond to any questions or feedback you may have regarding this Privacy Policy.

Please contact our customer service team via Mandiri Call 14000, the Bank Mandiri WhatsApp number at 081-184-14000, by email at mandiricare@bankmandiri.co.id, by visiting the nearest Bank Mandiri branch or our Personal Data Protection Service at pdp.office@bankmandiri.co.id