To improve customer relations and to maintain business develop long-lasting relationships with customers, drive business growth, and increase customer loyalty, PT HashMicro Solusi Indonesia built the HashMicro CRM Application as a commercial application.

This service application is provided by PT HashMicro Solusi Indonesia and is intended for use as is. This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decides to use our Service.

If you choose to use our Services, you agree to the collection and use of information in accordance with this policy. The Personal Information we collect is used to provide and improve the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are accessible on HashMicro CRM unless otherwise defined in this Privacy Policy.

Interpretation and Definitions Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definition

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
• Application means the software program provided by the Company downloaded by You on any electronic device, named HashMicro CRM Apps.
• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to HashMicro Pte Ltd., Jl. Balikpapan 9A-9C, Cideng Selatan, Jakarta Pusat, Gambir, DKI Jakarta.
• Country refers to: Indonesia
• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Application.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Information Collection and Use

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this privacy policy.

Here we explain any types of data collected on our services:

• Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to: Email address First name and last name Phone number Address, State, Province, ZIP/Postal code, City Usage Data

• Information Collected while Using the Application

While using Our Application, in order to provide features of Our Application, We may collect, with Your prior permission:

• Information regarding your location

We use this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company's servers and/or a Service Provider's server or it may be simply stored on Your device.

You can enable or disable access to this information at any time, through Your Device settings.

• Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.
• To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• For the performance of a contract: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
• To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
• To provide You with news,special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
• To manage Your requests: To attend and manage Your requests to Us. For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
• For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
• With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
• With other users:when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.
• Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

• Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

• Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so

Link to the privacy policy of third-party service providers used by the app

• Google Play Services

Log Data

To create a safe environment and support the confidentiality of user data, as a service provider, we strive to provide preventive measures. Regarding to this issue, we inform you that every time you use our service, if an error occurs in the application, we provide several actions to be taken. Among other things, we will collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device's Internet Protocol (“IP”) address, device name, operating system version, application configuration when using our Service, time and date of use of the Service, service access location and other statistics.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This Service does not use these “cookies” explicitly. However, the app may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

• To facilitate our Service;
• To provide the Service on our behalf;
• To perform Service-related services; or
• To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to their Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure and reliable. You transmit and receive all such information at your own risk and we cannot guarantee its absolute security.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children’s Privacy

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

This policy is effective as of 2022-09-11

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at [email protected].

# Privacy Policy for HashMicro Attendance App

Last Updated: 1 December 2024

## 1. Introduction

Hashmicro ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our attendance application (the "App"). Please read this policy carefully to understand our practices regarding your personal data.

## 2. Data Collection

### 2.1 Facial Data Collection
We collect and process the following facial data:
- Initial facial images during user registration/enrollment
- Facial scans during attendance verification
- Mathematical representations (biometric templates) of facial features
- Timestamps of facial verification attempts
- Success/failure logs of verification attempts

### 2.2 Location Data Collection
We collect:
- GPS coordinates during attendance marking
- Timestamp of location capture
- Device information associated with location data

### 2.3 Device Information
We collect:
- Device model and operating system
- Unique device identifiers
- Camera specifications
- App version information

## 3. Use of Collected Data

### 3.1 Facial Data Usage
Your facial data is used exclusively for:
- Identity verification during attendance marking
- Attendance validation
- System accuracy improvement
- Security audit logs
- Fraud prevention

We DO NOT use facial data for:
- Marketing purposes
- User profiling
- Third-party services
- Any purpose beyond attendance verification

### 3.2 Location Data Usage
Location data is used solely for:
- Verifying attendance location
- Ensuring compliance with workplace attendance policies
- Generating location-based attendance reports

## 4. Data Storage and Security

### 4.1 Storage Location
- All data is stored on secure servers located in Jakarta, Indonesia.
- Facial templates are stored separately from other personal information
- We employ industry-standard encryption for all stored data

### 4.2 Security Measures
We implement the following security measures:
- End-to-end encryption for data transmission
- Regular security audits
- Access control and authentication
- Secure data backup systems
- Regular security updates

### 4.3 Third-Party Access
- We DO NOT share facial data with any third parties
- Technical service providers operate under strict data processing agreements
- All service providers are contractually bound to maintain data confidentiality

## 5. Data Retention

### 5.1 Retention Period
- Active employees: Data retained throughout employment duration
- Terminated employees: Data deleted within 30 days of termination
- Failed verification attempts: Deleted within 24 hours

### 5.2 Data Deletion
- Automatic deletion systems for expired data
- Manual deletion available upon request
- Verification process for completed deletions

## 6. User Rights

You have the right to:
- Access your stored facial and location data
- Request data deletion
- Request information about your stored facial data
- Receive a copy of your stored data
- Submit complaints about data handling
- Update or correct your data

## 7. User Consent

### 7.1 Initial Consent
- Clear consent required before facial data collection
- Separate consent for location tracking
- Option to withdraw consent at any time

### 7.2 Consent Withdrawal
- By using this app, you acknowledge that facial recognition is required for attendance marking
- Withdrawal of consent may affect your ability to use the attendance system
- Data deletion can be requested upon employment termination

## 8. Data Protection for Minors

- The app is not intended for users under 18 years
- No intentional collection of minor's data
- Immediate deletion if minor's data is discovered

## 9. International Data Transfers

- Data transfer compliance with international regulations
- Appropriate safeguards for cross-border transfers
- Transparency about data storage locations

## 10. Security Breach Procedures

- Immediate notification of significant breaches
- Detailed incident investigation and reporting
- Remedial actions and preventive measures
- Cooperation with authorities as required

## 11. Updates to Privacy Policy

- Regular policy reviews and updates
- Notification of significant changes
- User consent for material changes
- Archive of previous versions

## 12. Contact Information

For privacy-related inquiries:
- Email: [email protected]
- Phone: +62 811-1914-6515
- Address: 11th Drive Corner 9th Avenue Unit 707. One Park Drive, BGC, 7th Floors, Taguig 1635, Philippines.
- Data Protection Officer: [email protected]

## 13. Compliance with Regulations

This policy complies with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Local data protection laws
- Industry-specific regulations

## 14. System Requirements

To use the attendance system:
- A compatible mobile device with a functioning camera is required
- Adequate lighting conditions for facial recognition
- Stable internet connection for data transmission
- User must allow camera and location permissions
- Face must be clearly visible and unobstructed during verification

## 15. Grievance Redressal

- Process for handling privacy complaints
- Timeline for complaint resolution
- Escalation procedures
- External dispute resolution options

By using our App, you agree to the terms of this Privacy Policy. For questions or concerns, please contact our Data Protection Officer at [email protected].