Privacy Policy
Last updated: February 21, 2025
1. Introduction
Smiling West Java ("we", "us", or "our") is the official tourism data repository operated by the Dinas Pariwisata dan Kebudayaan Provinsi Jawa Barat (West Java Provincial Tourism and Culture Office). We are committed to protecting the privacy and personal data of all users in accordance with applicable Indonesian laws and regulations.
This Privacy Policy describes how we collect, use, store, and protect your personal data when you access and use our website at smilingwestjava.official.id.
2. Legal Basis
This Privacy Policy is established in compliance with the following Indonesian regulations:
- •Undang-Undang No. 27 Tahun 2022 — tentang Perlindungan Data Pribadi (Personal Data Protection Law / UU PDP)
- •Undang-Undang No. 11 Tahun 2008 — tentang Informasi dan Transaksi Elektronik (ITE Law), as amended by UU No. 1 Tahun 2024
- •Peraturan Pemerintah No. 71 Tahun 2019 — tentang Penyelenggaraan Sistem dan Transaksi Elektronik (PP PSTE)
- •Permenkominfo No. 20 Tahun 2016 — tentang Perlindungan Data Pribadi dalam Sistem Elektronik
3. Data We Collect
We may collect the following types of personal data:
Account Information
- • Full name
- • Email address
- • Organization / institution
- • Selected role / profile type
Technical Information
- • IP address
- • Browser type and version
- • Device information
- • Access timestamps
Google SSO Data
- • Google profile name
- • Google email address
- • Profile photo URL
Usage Data
- • Pages visited
- • Features accessed
- • Session duration
4. Purpose of Data Collection
In accordance with Article 16 of UU PDP, personal data is processed for the following legitimate purposes:
- •Identity verification and account authentication
- •Providing access to the Smiling West Java dashboard and tourism data
- •Tourism statistics analysis for West Java Province
- •Improving website performance and user experience
- •Compliance with legal and regulatory obligations
5. Data Retention
As required by Article 25 of UU PDP, we retain your personal data only for as long as necessary to fulfill the purposes described in this policy. Account data will be retained for the duration of your active account and deleted upon request, subject to legal retention obligations.
6. Your Rights
Under UU PDP (Chapter IV), you have the following rights regarding your personal data:
Right to Information
Know how your data is collected, processed, and stored
Right to Access
Request a copy of your personal data
Right to Correction
Request corrections to inaccurate data
Right to Deletion
Request deletion of your personal data
Right to Withdraw Consent
Withdraw your consent at any time
Right to Object
Object to the processing of your personal data
Right to Data Portability
Receive your data in a structured format
7. Data Security
We implement appropriate technical and organizational security measures to protect your personal data, including:
- •SSL/TLS encryption for all data transmissions
- •Secure password hashing and storage via Supabase Auth
- •Access controls and authentication mechanisms
- •Regular security audits and vulnerability assessments
8. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose |
|---|---|
| Supabase | Authentication and database |
| Google OAuth | Single Sign-On authentication |
| Vercel | Website hosting and deployment |
| Cloudinary | Image optimization and delivery |
9. Contact Us
For questions, concerns, or requests related to your personal data, please contact our Data Protection Officer:
Dinas Pariwisata dan Kebudayaan Provinsi Jawa Barat
Jl. L.L.R.E. Martadinata No. 209, Bandung, Jawa Barat 40114
Email: disparbud@jabarprov.go.id