Privacy Policy

Royal Klinik Mobile Application
Effective Date: February 7, 2026

1. Introduction

At Royal Klinik, operated by PT Royal Prima Tbk (PRIM), we are committed to safeguarding the privacy and confidentiality of your personal information, including sensitive health-related data. This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you use our mobile application, Royal Klinik, and its related services. By downloading, accessing, or using the Royal Klinik application, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our application.

2. Data Controller

The data controller responsible for processing your personal data is:

PT Royal Prima Tbk (PRIM)
Address: Jl. Ayahanda No. 68A, Medan, North Sumatera 20118, Indonesia
Email: it@royalprima.com
Phone: 061-8881-3182

For any data protection inquiries, you may contact our Data Protection team at: it@royalprima.com.

3. Data We Collect

When you use our mobile application, we may collect the following categories of personal data:

3.1 Personal Data

We collect personal information that you provide directly, such as your name, date of birth, email address, phone number, gender, and other contact details necessary for registration and service delivery.

3.2 Health and Medical Data

As a health-related application, we may collect sensitive health data, including but not limited to medical history, symptoms, diagnoses, treatment records, prescriptions, lab results, and other health-related information you provide or that is generated through the use of our services. This data is classified as special category data under Article 9 of the GDPR and is subject to enhanced protection measures.

3.3 Account Details

This includes your username, password (stored in encrypted form), preferences, and other information necessary for creating and maintaining your account.

3.4 Payment Information

We collect payment details such as credit/debit card information, billing address, and other payment-related data when you make in-app purchases or pay for services. Payment data is processed through secure, PCI-DSS compliant third-party payment processors.

3.5 Device Information

We gather technical data about your mobile device, including device type, operating system, app version, unique device identifiers, IP address, and advertising identifiers.

3.6 Location Data

If you enable location services, we may collect your device’s precise or approximate location data to provide location-based features, such as finding nearby clinics or healthcare providers. You may disable location services at any time through your device settings.

3.7 Usage Data

We collect information about how you interact with our application, including features accessed, pages viewed, duration of usage, crash reports, and performance data.

3.8 Communication Data

We may collect data from your communications with us, including messages sent through the app, customer support interactions, and feedback you provide.

4. How We Use Your Information

We use the data we collect for the following purposes:

  1. Service Delivery: To provide, operate, and maintain the healthcare services and features available through the application, including facilitating appointments, consultations, and medical record management.
  2. Health Services: To process and manage your health data for the purpose of delivering personalized healthcare services, treatment recommendations, and health monitoring.
  3. Customer Support: To respond to your inquiries, provide technical support, and resolve issues related to your account or application usage.
  4. Payment Processing: To process transactions, verify payment information, and manage billing for in-app purchases or services.
  5. App Improvement: To analyze usage patterns, conduct research, and improve application functionality, user experience, and service quality.
  6. Communication: To send you service-related notifications, updates, appointment reminders, and important information about changes to our services or policies.
  7. Marketing (with Consent): If you opt in, to send promotional messages, offers, and information about new features or services. You may opt out at any time.
  8. Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  9. Safety and Security: To detect, prevent, and address fraud, security breaches, and other harmful or unauthorized activities.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR and applicable Indonesian data protection laws (UU PDP No. 27 Tahun 2022):

5.1 Explicit Consent (Article 6(1)(a) and Article 9(2)(a) GDPR)

We process your personal data, including health data, when you have given us explicit, informed consent. This applies to receiving marketing communications, enabling location tracking, and the processing of your health and medical data. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5.2 Performance of a Contract (Article 6(1)(b) GDPR)

We process your data when necessary to fulfill our contractual obligations to you, such as providing healthcare services, processing payments, and managing your account.

5.3 Legitimate Interests (Article 6(1)(f) GDPR)

We may process your data for purposes aligned with our legitimate business interests, such as improving our application, conducting analytics, and ensuring network and information security, provided these interests are not overridden by your rights and freedoms.

5.4 Legal Obligations (Article 6(1)(c) GDPR)

We may process your data to comply with legal requirements, including tax reporting, regulatory compliance, and responding to lawful requests from public authorities.

5.5 Vital Interests (Article 6(1)(d) GDPR)

In exceptional circumstances, we may process your data where it is necessary to protect your vital interests or those of another person, such as in medical emergencies.

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

We do not sell your personal data to third parties. All third-party recipients are bound by contractual obligations to protect your data in accordance with this Privacy Policy and applicable laws.

7. International Data Transfers

In some cases, we may transfer your personal data to countries outside the Republic of Indonesia, the European Union (EU), or the European Economic Area (EEA). These transfers may occur when our service providers or partners are located in other countries or when we need to store or process data in global data centers.

We ensure that any such transfer is carried out in compliance with the General Data Protection Regulation (GDPR) and Indonesian data protection laws by relying on one or more of the following safeguards:

8. Use of Trackers and Cookies

We may use tracking technologies to enhance your experience and understand how you interact with the application. These include:

You can manage your tracker preferences through the in-app consent management settings or through your device settings.

9. Your Rights

Under applicable data protection laws, including the GDPR and UU PDP Indonesia, you have the following rights regarding your personal data:

  1. Right of Access: You can request a copy of the personal data we hold about you.
  2. Right to Rectification: You can request correction of any inaccurate or incomplete personal data.
  3. Right to Erasure: You can request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
  4. Right to Restriction of Processing: You can request that we limit how we process your data in certain situations.
  5. Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format and transfer it to another controller.
  6. Right to Object: You can object to the processing of your personal data, particularly for direct marketing purposes.
  7. Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing carried out prior to withdrawal.
  8. Right to Lodge a Complaint: You have the right to file a complaint with the relevant supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at it@royalprima.com. We will respond to your request within 30 days, as required by law.

10. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

12. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Specific retention periods include:

When data is no longer needed, it will be securely deleted or anonymized so that it can no longer be linked to you.

13. Children’s Privacy

Our application is not intended for use by children under the age of 16 without parental or guardian consent. We do not knowingly collect personal data from children under 16 without verified parental consent.

If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete such data promptly. If you believe we have inadvertently collected data from a child, please contact us immediately at it@royalprima.com.

Where our services involve the health data of minors, we require explicit consent from a parent or legal guardian before processing such data.

14. Automated Decision-Making

We do not engage in solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning you without your explicit consent or as permitted by law. If we implement any such features in the future, we will update this Privacy Policy and provide you with the right to obtain human intervention, express your point of view, and contest the decision.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:

PT Royal Prima Tbk (PRIM)
Email: it@royalprima.com
Phone: 061-8881-3182
Address: Jl. Ayahanda No. 68A, Medan, North Sumatera 20118, Indonesia

You also have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.