Legal · Document 02
Privacy Policy.
EffectiveApril 2026
Version1.0
ScopeGlobal
// TL;DR
We collect the minimum needed to sell you a course: name, email, country, payment details. We don’t sell your data, run ad networks, or share with third parties beyond our payment processor. We keep records for seven years because Indonesian tax law requires it. You can request a copy or deletion of your data at any time.
01Who controls your data
The data controller for technoir.id is PT Technoir Omega Pratama, a company incorporated in the Republic of Indonesia, operating the DERIV//DESK brand. In this Policy, “we,” “us,” and “our” refer to this entity.
ControllerPT Technoir Omega Pratama
Trading asDERIV//DESK
Websitetechnoir.id
02What we collect
We collect only the data we need to sell you a course, deliver it, and comply with Indonesian tax and accounting law.
Identity & contact
Full name, email address, country of residence
You, at checkout
Transaction data
Course purchased, price paid, invoice number, payment status
Paper.id & our server
Payment data
Card or bank details; processed entirely by Paper.id — we never see or store this
Paper.id only
Technical data
IP address, browser type, access timestamps (logged for security)
Web server logs
Communication
Content of emails you send us at support
You, when you email us
We do not collect sensitive personal data such as health information, biometric data, political views, religious beliefs, sexual orientation, or racial/ethnic origin. We do not ask for a government ID unless legally required for tax compliance.
03Why we collect it (legal basis)
For customers in the European Union, European Economic Area, or United Kingdom — where the General Data Protection Regulation (GDPR) or UK GDPR applies — our lawful bases for processing your personal data are:
- Performance of a contract (Art. 6(1)(b) GDPR): to deliver the course you purchased.
- Legal obligation (Art. 6(1)(c) GDPR): to keep financial records for tax and audit as required by Indonesian Tax Law (UU KUP) and related regulations (typically 7-year retention).
- Legitimate interests (Art. 6(1)(f) GDPR): to secure our website, prevent fraud, and investigate misuse of Course Materials. We have assessed that these interests do not override your fundamental rights and freedoms.
- Consent (Art. 6(1)(a) GDPR): where you explicitly opt in to something optional, such as joining our waitlist.
For customers in Indonesia, processing is governed by UU No. 27/2022 on Personal Data Protection (UU PDP). Our lawful bases under UU PDP align with the categories above.
04Who we share it with
We share data only with service providers strictly necessary to run the business. We do not sell your data. We do not participate in advertising networks. We do not share your data for marketing purposes.
Our current processors are:
- Paper.id (Indonesia) — payment processing. Receives your name, email, country, and invoice amount. Handles all card and bank data directly. Their privacy policy is available at paper.id/privacy.
- GoDaddy.com LLC (United States) — web hosting. Holds our server logs, which contain IP addresses and request timestamps. Their privacy policy is available at godaddy.com/legal.
- Google Fonts (when you load our site) — delivers typography. May process your IP address under Google’s standard terms.
We may disclose your data to law enforcement, regulators, or courts if required by a valid legal process or to protect our rights, safety, or property.
05International transfers
Our servers are hosted in the United States (GoDaddy). Our payment processor Paper.id is based in Indonesia. If you are in the EU/EEA or UK, your data is transferred outside the EEA/UK. Where such transfers occur, we rely on one or more of the following safeguards:
- Standard Contractual Clauses approved by the European Commission.
- Adequate safeguards provided by the receiving jurisdiction’s data protection framework, where applicable.
- Your explicit consent at the time of purchase.
06How long we keep it
Data
Retention period
Reason
Transaction records
7 years after purchase
Indonesian tax law (UU KUP Pasal 11)
Name & email
7 years or until deletion request (whichever is later)
Course access support
Server logs (IP, timestamps)
90 days
Security & fraud detection
Waitlist entries
Until the next cohort opens, or you unsubscribe
Notification of re-opening
Support correspondence
3 years
Dispute resolution
07Your rights
Regardless of where you live, you have the following rights with respect to the personal data we hold about you:
- Access: request a copy of the data we hold.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your data, subject to our legal retention obligations (notably the 7-year tax record).
- Restriction: limit how we process your data while a question is resolved.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where we rely on consent (e.g. the waitlist), withdraw it at any time.
- Complain: lodge a complaint with your local data protection authority. In Indonesia, this is the Ministry of Communication and Informatics (Kominfo).
To exercise any of these rights, email [email protected]. We will respond within 30 days.
08Cookies and tracking
technoir.id uses no tracking cookies, no analytics beacons, no advertising pixels, and no third-party trackers. The site functions without cookies entirely.
The only data sent to third parties when you visit our site is a single request to Google Fonts to load typography. This is a technical necessity and does not involve tracking.
09Security
We implement industry-standard security measures to protect your data:
- Transport encryption: all traffic to technoir.id is encrypted via HTTPS (TLS 1.2+).
- Payment isolation: card details never touch our servers; they are handled directly by Paper.id.
- Access control: administrative access is restricted and logged.
- Credential protection: API keys and secrets are stored in server-side configuration files that are not accessible via the public web.
No system is perfectly secure. In the event of a data breach affecting your personal data, we will notify affected customers and the relevant data protection authority within 72 hours of becoming aware, in line with GDPR and UU PDP requirements.
10Children
DERIV//DESK is intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, contact us immediately and we will delete it.
11Updates
We may update this Policy from time to time. Material changes will be reflected in the version number and effective date at the top, and — for existing customers — communicated by email. Continued use of technoir.id after an update constitutes acceptance of the revised Policy.
12Contact