Privacy Policy
Phinisi Broker (a Juara Holding Group subsidiary) respects client privacy. This policy describes how we collect, use, and protect information when you engage our services or use this website.
Information We Collect
Inquiry form submissions: name, email, phone, vessel context, message content. Engagement intake: additional client profile information including selling/buying intent, timeline, geographic preference, vessel specification preferences. Brokerage engagement: identity verification documents (passport, proof of address) for KYC compliance, financial capacity documentation, signed engagement agreements. Website analytics: standard web traffic data.
How We Use Information
To respond to inquiries and provide brokerage services. To match sellers with qualified buyers. To facilitate transactions including PMA setup, vessel registration, and closing. To comply with Indonesian and international anti-money-laundering regulations. To improve our services through aggregated analytics.
What We Do Not Do
We do not sell your personal data. We do not share client identity or transaction details with third parties without your specific consent. We do not include client-identifying information in any marketing materials.
Data Retention
Inquiry data: 24 months from last contact. Engagement intake data: 7 years post-engagement closure. KYC documentation: 7 years. Website analytics: 14 months.
Your Rights
Request access, correction, deletion (subject to regulatory retention), withdrawal of consent. Contact bd@juaraholding.com for any privacy request.
Compliance
Compliant with Indonesian Personal Data Protection Law (Law No. 27 of 2022). GDPR-aware in handling EEA resident data through Frankfurt office.
How long do you retain my personal data?
Inquiry data: 24 months from last contact. Engagement intake data: 7 years post-engagement closure (regulatory requirement under Indonesian commercial law and international anti-money-laundering frameworks). KYC documentation: 7 years. Website analytics: 14 months (Google Analytics standard retention). After retention windows, data is permanently deleted via secure erasure with audit trail.
Can I request deletion of my personal data?
Yes. You have the right to request data deletion subject to regulatory retention requirements. Active engagement data cannot be deleted during the engagement period (legal contractual basis applies). Post-engagement data subject to 7-year regulatory retention; after that period data can be deleted on request. Inquiry-only data (without subsequent engagement) can be deleted on request at any time. Email bd@juaraholding.com to initiate deletion request.
Do you share data with third parties?
We share data with third parties only in three specific circumstances: (1) authorised brokerage transaction parties (buyers, sellers, escrow agents, surveyors, lawyers — only the minimum data needed for transaction execution); (2) regulatory and tax authorities when legally required (Indonesian tax authority, anti-money-laundering reporting); (3) processors providing technical infrastructure (web hosting, email service, cloud storage — bound by data-processing agreements). We do not share data for marketing or advertising purposes ever.
How do you protect data internationally transferred to our Frankfurt office?
European-resident data transferred to our Frankfurt office is processed under GDPR-compliant frameworks. Indonesian-resident data is processed under Indonesian Personal Data Protection Law (Law No. 27 of 2022). Data transferred between offices uses encrypted channels with audit logging. Both offices follow access-control protocols restricting personal data access to authorised personnel only.
What cookies does this website use?
Essential cookies for site functionality (session management, language preference, cookie consent state). Analytics cookies (Google Analytics for traffic measurement; can be opt-out via cookie banner or browser settings). No advertising cookies. No third-party tracking cookies. Cookie banner provides granular control over non-essential cookie consent.
How do you handle data breaches?
We maintain incident response procedures for any potential personal-data breach. Detected breaches trigger: (1) immediate containment, (2) impact assessment within 24 hours, (3) regulatory notification within 72 hours per applicable law (Indonesian PDP and GDPR for European data), (4) affected individual notification when high risk to rights or freedoms. Breach response is documented and audit-trailed.
Who do I contact for privacy questions?
Email bd@juaraholding.com for any privacy-related question. Subject line “Privacy Inquiry” routes to our privacy compliance team. Response within 5 business days for standard inquiries, 24 hours for breach-related concerns. For European-resident inquiries we have additional escalation through our Frankfurt office data protection contact.