At Royal Klinik, operated by PT Royal Prima Tbk (PRIM), we are committed to safeguarding the privacy and confidentiality of your personal information, including sensitive health-related data. This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you use our mobile application, Royal Klinik, and its related services. By downloading, accessing, or using the Royal Klinik application, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our application.
The data controller responsible for processing your personal data is:
PT Royal Prima Tbk (PRIM)
Address: Jl. Ayahanda No. 68A, Medan, North Sumatera 20118, Indonesia
Email: it@royalprima.com
Phone: 061-8881-3182
For any data protection inquiries, you may contact our Data Protection team at: it@royalprima.com.
When you use our mobile application, we may collect the following categories of personal data:
We collect personal information that you provide directly, such as your name, date of birth, email address, phone number, gender, and other contact details necessary for registration and service delivery.
As a health-related application, we may collect sensitive health data, including but not limited to medical history, symptoms, diagnoses, treatment records, prescriptions, lab results, and other health-related information you provide or that is generated through the use of our services. This data is classified as special category data under Article 9 of the GDPR and is subject to enhanced protection measures.
This includes your username, password (stored in encrypted form), preferences, and other information necessary for creating and maintaining your account.
We collect payment details such as credit/debit card information, billing address, and other payment-related data when you make in-app purchases or pay for services. Payment data is processed through secure, PCI-DSS compliant third-party payment processors.
We gather technical data about your mobile device, including device type, operating system, app version, unique device identifiers, IP address, and advertising identifiers.
If you enable location services, we may collect your device’s precise or approximate location data to provide location-based features, such as finding nearby clinics or healthcare providers. You may disable location services at any time through your device settings.
We collect information about how you interact with our application, including features accessed, pages viewed, duration of usage, crash reports, and performance data.
We may collect data from your communications with us, including messages sent through the app, customer support interactions, and feedback you provide.
We use the data we collect for the following purposes:
We process your personal data based on the following legal grounds under the GDPR and applicable Indonesian data protection laws (UU PDP No. 27 Tahun 2022):
We process your personal data, including health data, when you have given us explicit, informed consent. This applies to receiving marketing communications, enabling location tracking, and the processing of your health and medical data. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
We process your data when necessary to fulfill our contractual obligations to you, such as providing healthcare services, processing payments, and managing your account.
We may process your data for purposes aligned with our legitimate business interests, such as improving our application, conducting analytics, and ensuring network and information security, provided these interests are not overridden by your rights and freedoms.
We may process your data to comply with legal requirements, including tax reporting, regulatory compliance, and responding to lawful requests from public authorities.
In exceptional circumstances, we may process your data where it is necessary to protect your vital interests or those of another person, such as in medical emergencies.
We may share your personal data with the following categories of recipients:
We do not sell your personal data to third parties. All third-party recipients are bound by contractual obligations to protect your data in accordance with this Privacy Policy and applicable laws.
In some cases, we may transfer your personal data to countries outside the Republic of Indonesia, the European Union (EU), or the European Economic Area (EEA). These transfers may occur when our service providers or partners are located in other countries or when we need to store or process data in global data centers.
We ensure that any such transfer is carried out in compliance with the General Data Protection Regulation (GDPR) and Indonesian data protection laws by relying on one or more of the following safeguards:
We may use tracking technologies to enhance your experience and understand how you interact with the application. These include:
You can manage your tracker preferences through the in-app consent management settings or through your device settings.
Under applicable data protection laws, including the GDPR and UU PDP Indonesia, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at it@royalprima.com. We will respond to your request within 30 days, as required by law.
We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Specific retention periods include:
When data is no longer needed, it will be securely deleted or anonymized so that it can no longer be linked to you.
Our application is not intended for use by children under the age of 16 without parental or guardian consent. We do not knowingly collect personal data from children under 16 without verified parental consent.
If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete such data promptly. If you believe we have inadvertently collected data from a child, please contact us immediately at it@royalprima.com.
Where our services involve the health data of minors, we require explicit consent from a parent or legal guardian before processing such data.
We do not engage in solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning you without your explicit consent or as permitted by law. If we implement any such features in the future, we will update this Privacy Policy and provide you with the right to obtain human intervention, express your point of view, and contest the decision.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:
PT Royal Prima Tbk (PRIM)
Email: it@royalprima.com
Phone: 061-8881-3182
Address: Jl. Ayahanda No. 68A, Medan, North Sumatera 20118, Indonesia
You also have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.