Privacy Policy

1. Introduction & Data Controller

Pubmedia ("we," "our," or "us") is committed to protecting your privacy and ensuring your personal data is handled safely and responsibly. This Privacy Policy explains how we collect, use, and safeguard your personal and institutional information when you register for our DOI services via https://doi.pubmedia.co.id. For the purposes of the General Data Protection Regulation (GDPR) and applicable local laws, PT Pubmedia Digital Sains acts as the Data Controller.

2. Information We Collect

To provide official DOI registration and management services, we collect the following categories of data:

• Account & Contact Information: Name, email address, and phone number of the person in charge (PIC).
• Institutional Data: Organization name, address, website, and journal details required for Crossref metadata deposits.
• Transaction & Financial Data: Payment records, invoices, and billing details. We process payments through secure third-party gateways and do not store your full bank account or credit card numbers.

3. Legal Basis & How We Use Your Data

Under GDPR, we process your data based on the following legal grounds:

• Performance of a Contract: To process your DOI registration, setup, activation, and provide technical support.
• Legal Obligation: To comply with applicable tax, accounting, and financial reporting laws in Indonesia.
• Legitimate Interests: To verify institutional identity for Crossref compliance, ensure network security, and send administrative notifications (e.g., renewal reminders).
• Consent: To send promotional materials or newsletters, if you have explicitly opted in (which you may withdraw at any time).

4. Information Sharing & International Transfers

We do not sell or rent your personal data. We only share necessary information with trusted third parties under strict confidentiality agreements:

• Crossref: As the primary sponsor, your institutional metadata is shared with Crossref for DOI minting purposes. As Crossref operates globally, your data may be transferred outside your country or the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers.
• Payment Processors: Necessary data to facilitate secure transactions.
• Legal Authorities: If required to comply with a legal obligation under Indonesian law (UU ITE) or international regulations.

5. Data Retention

We retain your personal data only for as long as your account is active or as needed to provide you with our services. If you close your account or request data deletion, we will delete or anonymize your data, unless a longer retention period is required or permitted by law (e.g., for accounting, dispute resolution, or legal compliance).

6. Data Security

We implement robust technical and organizational measures to protect your information against unauthorized access, accidental loss, alteration, or destruction. This includes the use of SSL/TLS encryption for data transmission, strict access controls, and regular security audits.

7. Your Data Protection Rights

In accordance with GDPR, you have the following rights regarding your personal data:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Request correction of any inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, under certain conditions.
• Right to Restrict Processing: Request limits on how we use your data.
• Right to Data Portability: Request that we transfer the data we have collected to another organization, or directly to you.
• Right to Object: Object to our processing of your personal data, particularly for direct marketing purposes.

To exercise any of these rights, please contact us using the details in Section 9. We will respond to your request within one month.

8. Updates to This Policy

We reserve the right to update this Privacy Policy periodically to reflect changes in legal requirements or our operational practices. Significant changes will be communicated via email or a prominent notice on our website.

9. Contact Us & Complaints

If you have any questions regarding this Privacy Policy, wish to exercise your data rights, or have a complaint about our data practices, please contact our Data Protection Officer (DPO) at:

• Email: [email protected]
• Address: Jl. Sidorejo, Gg. Nakula No. C12 Ngestiharjo, Kasihan, Bantul, D.I Yogyakarta, Indonesia 55182

If you feel that we have not addressed your concerns adequately, you have the right to lodge a complaint with the relevant Data Protection Authority or supervisory authority in your jurisdiction.