Personal Data Privacy Statement

Published on June 12, 2023

This Statement sets out how we, RSM in Indonesia (together “RSM Indonesia”), manage personal data. The security of personal data is important to us. This Statement describes how we collect, use, disclose, process and protect personal data.

For the purposes of this Statement, “personal data” includes your personal data and that of your employees or other parties that have provided such information to you.  References to “you” shall mean an individual or organisation, as relevant for the situation.

When you visit our websites or request a service from any entity within RSM Indonesia, your use or continued use of our services shall be deemed as your acceptance and agreement to be bound by the provisions of this Statement.

This Statement supplements but does not supersede nor replace any other consent you may have previously provided to us in respect of your personal data.

For the purposes of personal data privacy security, we are a data intermediary when we process personal data on behalf of and for the purposes of another organisation. At the same time, we also collect use and disclose personal data for purposes that are reasonable and appropriate.

This Statement forms part of the terms and conditions, if any, governing your specific relationship with any entity within RSM Indonesia and should be read in conjunction with such terms of engagement. In the event of any conflict or inconsistency between the provisions of this Statement and the terms of engagement, the terms of engagement shall prevail to the fullest extent permissible by law.



We may collect and use personal data from you for the purpose of managing and administrating client services or for the purpose that are reasonably appropriate including but not limited to the administration of accounts, providing audit, tax and consulting products and services including electronic, product management, client service and support, business development, marketing, goods or services, gifts and entertainment, donations, managing disputes and collecting debts, security including prevention, detection of crime and fraud, auditing compliance, recruitment, networking.

The personal data referred to above can be in the form of: Name (including known aliases); employee reference; job title and level; departments; work location; home and business address including post code; date of birth; place of birth; gender; ID card/passport details; citizenship and/or visas/work permit/immigration record; social security/national insurance number; photograph; professional email address; professional telephone number (including mobile telephone number and fax number); personal email address; personal telephone number (including mobile telephone number); tax ID; utility bill information; tax rates and allowances and other tax related data; donations; government identification number; details of dependants (names, dates of birth, gender); bank account number and bank data; credit card number; salary and compensation data including bonus and benefits (e.g.; travel, health and life insurance); band zone (employee's position as executive, manager or professional); employee tax status; economic, financial and insurance data; data collected pursuant to legal obligations; employee ID number; positions held on corporate boards or in government; employee purchase expense data (including travel and entertainment expenses); investment details and history; expressions of opinion; IP address; cookies data; traffic data; logging data; hobbies; images and sounds (including CCTV footage); which are not available at public domain that are generally known and or accessible to most people.

Before you disclose to us the personal data of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with the terms of this Statement. Failure on your part to do so or to ensure that the personal data for another person is complete, accurate, true and correct may result in us being unable to provide you with the services you have requested or require. By providing us with personal data of another person, you understand that we are not responsible to obtain the consent of that person and that you have already obtain such consent.

You must also inform us on whether the personal data of you and of another person provided to us relates to person with European citizenship.

We are a member of the RSM International network of independent public accounting firms providing audit, tax and consulting services. Personal data may be shared among our subsidiaries, affiliates, network firms and third parties to enable us to provide our services to you and for our business purposes including: office management, operations and administration purposes and for independence and conflict clearance, due diligence and background checks in accordance with legal, regulatory and professional requirements; providing you with information relevant to your business, and to ensure your continuous access to publications, events, news and promotional materials which may be of interest to you; organising events and seminars, recording or taking photographs of participants at events or functions organised, hosted or participated by us; generating reports and performance of analytics for the purposes of developing or improving our products, services, security, service quality and marketing strategies; and to the extent necessary to comply with any laws, regulations, rules, directions and guidelines.

Arrangements are in place to protect the security of any personal data shared.



We will not:

  • disclose your personal data except to those to whom disclosure is necessary to provide our services to you or in the management, operation and administration of our business and who are similarly bound to hold your data in confidence; or
  • disclose your personal data unless required to do so by law or in the good faith belief that such disclosure is reasonably necessary: (i) for our professional advisers such as our lawyers (ii) to comply with legal process such as if required by any court, tribunal, regulator, government department, agency, ministry, statutory board or relevant authority; (iii) to respond to claims that any of personal data provided to us violates the rights of third parties; or (iv) to protect our rights, property, or personal safety and that of our clients or the public.



To safeguard your personal data, all electronic storage, hosting, processing, transmission and backup (for disaster recovery or otherwise) of personal data are secured with appropriate administrative, physical and technical security measures. You acknowledge and consent that we may make use of cloud services within or outside Indonesia (which may be managed by a third party service provider). While we take reasonable efforts to maintain the confidentiality and security of your personal data, we cannot guarantee that any information that is transmitted or stored electronically is completely secure.



We will retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required for legal or business purposes. Any personal data which are no longer needed for legal or business purposes will be destroyed or anonymised according to our document retention policy.



Personal data that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this Statement. We will take reasonable steps to ensure that such personal data transferred receives a standard of protection.

If you use our services while you are outside Indonesia, your personal data may be transferred outside Indonesia in order for us to provide you with those services. Where you have engaged us to carry out any work in any jurisdictions outside Indonesia, the transfer of your personal data to these jurisdictions may be necessary to give effect to your instructions.



Our website uses cookies. By using our website, you consent to our use of cookies which will provide you with a more personalised experience. You can choose to turn off all cookies. If you turn the cookies off, you won't have access to many features that make your site experience more efficient and some of our services will not function properly. Please refer to your browser’s documentation to check if cookies have been enabled on your computer or to request not to receive cookies.

We may also include third party links on our website for your convenience and information. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites and we encourage you to consult the privacy notices of those sites.

Please see our Privacy Policy regarding privacy practices relevant to our website.



We may, upon written request, allow you to view stored personal data subject to legal requirements. We reserve the right to charge a reasonable administrative fee for this service. We will respond to such request within 30 days of receipt of your written request. Kindly inform us in writing if any personal data which we hold about you needs to be corrected or updated.



You may, subject to applicable law, regulations and professional standards, at any time, give us reasonable written notice of your withdrawal of consent to collect, use or disclose the personal information. If you choose to withdraw your consent to any or all or the disclosure of your personal data, please note that we may not be in a position to continue providing our services to you. Withdrawal may also result in the termination of any agreement you may have with us.



If we process personal data on your behalf and for your purposes as a data intermediary, we shall:

  • observe the relevant obligations in the performance of our services;
  • process the personal data we receive from you only to the extent necessary for the purposes specified in the engagement and in accordance with your instructions from time to time given in writing and shall not process the personal data for any other purpose;
  • ensure that access to the personal data is limited to employees who need to access to meet our obligations to you;
  • ·in order to perform the services, share the personal data with our subsidiaries and affiliates, whether in Indonesia or elsewhere. When doing so, we will require them to ensure that the personal data are kept secure and confidential;
  • use reasonable degree of professional care to prevent unauthorised use, dissemination or disclosure of personal data, and shall implement any generally applicable physical, technical and administrative measures to protect the personal data from accidental or unauthorized disclosure, alteration, loss or destruction;
  • notify you promptly in writing if we become aware of any accidental or unauthorized disclosure, alteration, destruction or loss of personal data unless prohibited from doing so by law;
  • take reasonable action within reasonable time, and investigate the security incident, and use our best efforts to mitigate the impact and scope of any security incident, and to carry out such recovery or other action we determine necessary in the circumstance to remedy the security incident; and
  • not hold personal data any longer than required by law for the purpose of performing or having performed the services or for legal or business purposes.


In the same regard, if we process personal data on your behalf and for your purposes, you:

  • will provide us with specific written instructions with regard to the processing of personal data. Oral instructions given by your authorised representatives will be accepted by us in case of emergency only and subject to immediate written confirmation;
  • undertake and warrant that you have lawfully obtained personal data of your employees and have sufficient legal grounds, including all necessary authorizations, consents or permissions to provide us with the personal data, and that the same are accurate and provided in any form, to us in a secured way;
  • will inform us immediately in writing of any change, including any error or omission, with regard to the lawful processing and use of any of the personal data; and
  • will inform us as soon as reasonably possible of any access request, request for correction or blocking or deletion of personal data or any objection made by the employees related to the processing of their personal data.



We will amend this Statement from time to time and the updated versions will be posted on our website so that you are aware of when the Statement was last updated. We encourage all users to periodically review our website for the latest information on our privacy practices. Continued use of our services and website following the posting of changes to this Statement shall constitute your consent to such changes.



If you require more information relating to this Statement or require access to correct or update your personal data or to withdraw your consent, please contact us at:

Data Protection Officer 
RSM Indonesia 
Plaza ASIA Level 10 
Jl. Jend. Sudirman Kav.59 
Jakarta 12190 Indonesia


If your personal data was provided to us by a third party, kindly contact that organisation to make such a request or query on your behalf.