Privacy Policy

1. INTRODUCTION

This Privacy Policy describes how Tirtha Bali (“we”, “our”, “us”) collects, uses, stores, transfers, disseminates, discloses, corrects and updates, deletes or destructs, and protects personal data obtained through our website https://tirtha.com and related digital services.

We are committed to safeguarding the privacy of our clients, guests, and visitors. This Policy also explains the rights of individuals whose personal data we process and how those rights can be exercised.

By using our website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Notice is prepared in accordance with Law No. 27 of 2022 on Personal Data Protection, Law No. 11 of 2008 on Electronic Information and Transaction Law, their amendments, implementing and related regulations (“PDP Regulations”).

2. IDENTITY OF PERSONAL DATA CONTROLLER

Controller (Indonesia): PT. Tirtha Bridal, which is a limited liability company established under the laws of the Republic of Indonesia, having its address at Jl. Uluwatu, Br. Dinas Karang Boma Desa Pecatu 80364, Bali, Indonesia. Tirtha Bali is engaged in the business of providing wedding and event services.

3. INFORMATION WE COLLECT

We may collect the following types of personal data through forms on our website and through cookies and analytics tools, including but not limited to:

• Contact Information: full name, email address, mobile phone number, and country of residence.
• Wedding and Event Details: information related to your event preferences, which may identify you, such as desired date, estimated number of guests, type of event, ceremony preferences, budget range, referral source, and any additional details or special requests you choose to share.
• Technical and Usage Information: IP address, browser type, device information, operating system, pages visited, session data, language preferences, and site settings collected automatically through cookies and analytics tools.
• Analytics and Advertising Data: anonymized user IDs, session details, conversion data, and advertising interactions collected through services such as Google Analytics, Google Ads, DoubleClick, and UXSniff.
• Any other information of a personal nature that will be regarded as personal data under the PDP Regulations.

We do not collect or store any payment information through our website.

You are responsible for ensuring that all personal data that you provide to us is true, accurate, and complete. You are responsible for informing us of any changes or updates to such personal data.

4. HOW WE COLLECT DATA

We collect personal data in the following ways:

• Directly from you: when you submit information through forms on our website or when you contact us directly via email, phone, or other communication channels provided on the site.
• Automatically: when you browse or interact with our website, certain technical and usage data are collected through cookies, analytics tools, and similar technologies.

5. PURPOSE OF PROCESSING

We process personal data for the following purposes:

• To respond to inquiries: including providing information about our venues, services, wedding packages, and events.
• To manage and follow up on requests: such as scheduling consultations, arranging visits, or sending details about wedding fairs.
• To personalize communication: by tailoring responses and recommendations based on your preferences, wedding details, and requirements.
• To improve our website and services: by analyzing usage data and understanding how visitors interact with our site.
• To conduct marketing and advertising activities: including measuring campaign effectiveness and delivering relevant promotional content, where permitted.
• To comply with legal obligations and to protect the rights, property, and security of our company, our clients and website visitors, and other parties.

Where personal data is used for a new purpose and where required under the PDP Regulations, we shall inform you accordingly and obtain your consent.

6. LEGAL BASIS FOR PROCESSING

In accordance with the PDP Regulations, personal data is processed based on one or more of the following legal grounds:

• Consent: where you have provided clear consent for us to process your personal data.
• Contractual necessity: to perform a contract or take steps prior to entering a contract with you.
• Legal obligation: to comply with applicable laws or regulations.
• Legitimate interest: where processing is necessary for our operational or business purposes, provided such interests do not override your rights and freedoms.

The legal basis applied depends on the type of personal data and the purpose of processing:

• Contact Information (name, email, phone number, country of residence):
  Processed on the basis of contractual necessity (to respond to inquiries, provide services, or prepare for entering into a contract) and consent (for sending marketing communications).
• Wedding and Event Details (event date, guest numbers, preferences, budget, special requests):
  Processed on the basis of contractual necessity (to plan and deliver event services) and consent (for personalization beyond what is strictly necessary).
• Technical and Usage Information (IP address, device, browser type, session data, site settings):
  Processed on the basis of legitimate interest (to ensure website security, performance, and functionality) and consent (for analytics and tracking cookies).
• Analytics and Advertising Data (session details, conversion data, advertising interactions):
  Processed on the basis of explicit consent (through the cookie consent mechanism, please see our Cookie Policy).
• Compliance Data (where disclosure is required to regulators or law enforcement):
  Processed on the basis of legal obligation (to comply with applicable laws and regulations).

7. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to operate our website, analyze performance, and enhance your browsing experience.

For details on the types of cookies we use, and how to manage your preferences, please refer to our Cookie Policy.

8. DISCLOSURE OF PERSONAL DATA

We may share personal data with the following parties, only to the extent necessary to achieve the purposes described in this Privacy Policy:

• Service providers who support our operations, such as website hosting, analytics, and IT support.
• Business partners and vendors involved in wedding and event arrangements, where relevant to your inquiry or booking.
• Marketing partners who assist us in managing advertising campaigns, measuring performance, and delivering relevant promotional content.
• Government authorities or regulators, when required to comply with legal obligations.
• Other third parties with your explicit consent, where applicable.

All third parties are required to maintain confidentiality and implement appropriate data protection measures, and for this purpose, we will (where appropriate and permissible) enter into contracts with these third parties to protect your personal data in a manner that is consistent with the PDP Regulations and/or ensure that they only process your personal data in accordance with our instructions.

9. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred or stored outside Indonesia, we will ensure that appropriate safeguards are in place to protect the information, including contractual obligations or obtaining explicit consent from the data subject. We will ensure that the transferee commits to providing a level of protection for your personal data that is at least equivalent to that required under the PDP Regulations.

10. DATA PROCESSING, RETENTION, AND DESTRUCTION

Your personal data will be processed for as long as necessary to provide our services, comply with legal obligations, or until you exercise your rights to deletion or withdrawal of consent. Beyond this period, data will be retained and securely destroyed as described in this section.

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by the PDP Regulations, i.e., for the minimum period of five (5) years, unless a specific regulation stipulates otherwise. We may retain your data for a longer period as long as it is necessary for the fulfillment of purposes for which your personal data was collected, to the extent permitted under the applicable laws and regulations.

Personal data is stored securely on our servers. Access is limited based on job responsibilities through access controls and regular audits.

Once data is no longer needed, or based on your request, it will be securely deleted or anonymized no later than five (5) years after the retention period ends, unless extended by applicable laws and regulations. The procedures and methods for the destruction of your personal data shall follow the provisions under the PDP Regulations.

11. DATA SECURITY

We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, loss, misuse, or alteration. These include secure servers, encrypted communication channels, and restricted access controls.

However, no data transmission over the internet is completely secure, and we cannot guarantee absolute protection of information transmitted to our website.

12. YOUR RIGHTS

You have the right under the applicable law, including to:

• Access and obtain a copy of your personal data.
• End processing, request correction or deletion, or destruction of personal data or inaccurate or unnecessary data.
• Withdraw consent to processing, where applicable. You may withdraw your consent at any time by contacting us at the details below. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.
• Object to or restrict certain forms of processing.
• Lodge a complaint with the competent authority under the PDP Regulations.
• Obtain information regarding identity clarity, basis of legal interest, purpose of requesting and using personal data, and accountability of parties that request personal data.
• Complete and/or update your personal data in accordance with the purpose of the personal data processing. 
• Object to a decision-making action that is based solely on automated processing, including profiling, which has legal consequences or has a significant impact on your personal data.
• Delay or limit the personal data processing proportionally to the purpose of personal data processing.

Requests may be submitted to us via the contact details provided below. We may require that you submit certain forms or provide certain information to process your request.

13. CHILDREN'S PRIVACY

Our services are intended for individuals aged 18 and above. We do not knowingly collect personal data from minors. If we learn that personal data from a child has been collected without proper consent, we will delete such data promptly.

14. UPDATES TO THIS POLICY

Subject to the PDP Regulations, you agree that we have the right to unilaterally change or amend this Privacy Policy from time to time without notice to you, in compliance with applicable laws or as we update our data usage and handling processes. The updated version will be posted on this page with a revised “Last updated” date. The updated Privacy Policy will supersede earlier versions and will apply to personal data provided to us previously.

15. PROCESSING PERIOD

Your personal data will be processed for as long as necessary to provide our services, plus reasonable additional periods for security, dispute resolution, and compliance.

16. CONTACT US

If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact us at:

Email: website.support@tirtha.com
Phone: (0361) 8471151
Address: Jl. Raya Uluwatu Banjar Dinas Karang, Boma, Pecatu, South Kuta, Badung Regency, Bali 80364