Last Updated: June 2026
PT Anargya Aset Manajemen ("Anargya," "we," "us," or "our") is deeply committed to protecting the privacy and personal data of all individuals who interact with us — whether you are a prospective investor, an existing client, a website visitor, or a business partner. This Privacy Policy describes how we collect, use, store, share, and protect your personal information. It applies to all data processing activities conducted through our website (anargya-aam.it.com), our investment management services, and any other interactions you may have with Anargya. We do not sell, rent, or trade your personal data to third parties for their marketing purposes. This policy complies with Indonesia's Personal Data Protection Law (UU No. 27 Tahun 2022 tentang Pelindungan Data Pribadi) and incorporates principles from internationally recognized frameworks, including the EU General Data Protection Regulation (GDPR), where applicable to our cross-border operations.
We collect information that you voluntarily provide when you interact with Anargya. This includes: (a) Personal identification data — full name, date of birth, nationality, KTP or passport number, and NPWP (tax identification number); (b) Contact information — email address, telephone number, residential and mailing address; (c) Financial information — bank account details, income range, net worth, source of funds, and investment objectives; (d) Account and transaction data — subscription and redemption records, portfolio holdings, investment preferences, and transaction history; (e) Communications — records of correspondence with our team, including emails, phone calls, meeting notes, and messages sent through our website contact form; and (f) Marketing preferences — your consent status for receiving newsletters, market updates, and promotional materials.
When you visit anargya-aam.it.com, we automatically collect certain technical information, including: (a) Device information — IP address, browser type and version, operating system, screen resolution, and device identifiers; (b) Usage data — pages visited, time spent on each page, links clicked, referring URLs, search terms used to find our site, and navigation patterns; (c) Location data — approximate geographic location derived from your IP address; (d) Cookie data — information stored by cookies and similar technologies as detailed in our Cookie Privacy Policy; and (e) Log and metadata — server logs, error reports, and performance data generated during your visit.
We may receive information about you from trusted third-party sources to support our regulatory obligations and improve our services: (a) Credit reference agencies and financial crime databases — for KYC (Know Your Customer), AML (Anti-Money Laundering), and counter-terrorism financing checks as required by OJK regulations; (b) Financial institutions and payment processors — information related to fund transfers, subscription payments, and redemption proceeds; (c) Government and regulatory bodies — including OJK, the Indonesian Ministry of Finance, and tax authorities, as required for regulatory reporting and compliance; (d) Distribution partners and platforms — including Bareksa and other mutual fund distribution channels through which you may have invested in our funds; and (e) Business partners and service providers — identity verification services, data enrichment providers, and professional advisors.
We use your personal data to provide the investment management and advisory services you have requested. This includes: establishing and administering your investor account; processing subscriptions, redemptions, and transfers; calculating and reporting Net Asset Values (NAV/NAB); managing your investment portfolio according to your instructions and risk profile; communicating material information about your investments, including fund performance, corporate actions, and regulatory updates; processing fee calculations and payments; and providing customer service and responding to your inquiries.
As a licensed Investment Manager supervised by OJK, we are subject to extensive regulatory obligations that require the processing of personal data. This includes: conducting KYC (Know Your Customer) and CDD (Customer Due Diligence) verification; performing AML/CFT (Anti-Money Laundering / Countering the Financing of Terrorism) screening and ongoing monitoring; fulfilling tax reporting obligations to the Indonesian Directorate General of Taxes; submitting regulatory reports and filings to OJK and other competent authorities; responding to lawful requests from law enforcement, regulatory, and judicial bodies; and maintaining statutory records for the periods prescribed by Indonesian law.
We process your contact information to: respond to inquiries submitted through our website, email, or phone; send service-related communications, including account statements, fund reports, and regulatory notices; provide market commentary, investment insights, and educational content (where you have consented); and notify you of changes to our terms, policies, or services.
With your explicit consent, we may use your contact details to send you newsletters, market updates, information about new fund launches, and invitations to investor events. You may withdraw your marketing consent at any time by clicking the "unsubscribe" link in any marketing email, updating your preferences through your account settings, or contacting us directly. Withdrawal of marketing consent does not affect the lawfulness of processing based on consent before its withdrawal.
We share necessary personal data with trusted service providers who support our operations under strict contractual confidentiality obligations. These include: custodian banks (PT Bank KEB Hana Indonesia) for the safekeeping and administration of fund assets; payment processors and correspondent banks for handling investment transactions; auditors and accountants for financial statement preparation and regulatory audit requirements; legal counsel for compliance, dispute resolution, and regulatory matters; IT service providers for website hosting, data storage, email delivery, and cybersecurity; and distribution platforms and intermediaries through which you access our funds.
We may disclose your personal data when required to do so by applicable law, regulation, or legal process. This includes disclosures to: the Otoritas Jasa Keuangan (OJK); the Indonesian Directorate General of Taxes; law enforcement agencies, courts, and tribunals; and any other government or regulatory body with competent jurisdiction. We will challenge any request that we believe to be overly broad, vague, or lacking proper legal authority, and we will notify you of such requests unless prohibited by law.
In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate transaction involving Anargya, your personal data may be transferred as part of that transaction. We will ensure that any successor entity agrees to be bound by the terms of this Privacy Policy or provides you with notice and choices about the handling of your data.
Except as described above, we will not share your personal data with any third party without obtaining your explicit, informed consent. We do not sell, rent, or trade personal data to third parties for their own marketing purposes.
We implement robust technical safeguards to protect your personal data, including: (a) Encryption — all data transmitted between your browser and our servers is encrypted using TLS 1.3, and sensitive data at rest is encrypted using AES-256; (b) Multi-factor authentication (MFA) — access to internal systems containing personal data requires MFA; (c) Network security — firewalls, intrusion detection and prevention systems (IDS/IPS), and regular vulnerability scanning protect our infrastructure; (d) Access controls — role-based access controls (RBAC) ensure that employees only access the minimum data necessary to perform their job functions; (e) Backup and disaster recovery — encrypted daily backups with secure off-site storage and tested recovery procedures; and (f) Continuous monitoring — 24/7 security monitoring, log analysis, and automated alerting for suspicious activities.
Our security program extends beyond technology: (a) Employee training — all staff receive mandatory annual data protection and security awareness training; (b) Background checks — all personnel with access to personal data undergo background screening prior to employment; (c) Confidentiality agreements — all employees and contractors sign binding confidentiality and data protection agreements; (d) Policies and procedures — documented and regularly reviewed information security policies aligned with industry best practices; (e) Internal audits — periodic internal assessments of data handling practices and security controls; and (f) Incident response — a documented incident response plan with defined roles, escalation procedures, and breach notification protocols.
While we take extensive measures to protect your data, security is a shared responsibility. We strongly recommend that you: use strong, unique passwords for any accounts you create; never share your login credentials with others; keep your devices and software updated with the latest security patches; and notify us immediately if you suspect any unauthorized access to your account or personal data.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Our notification will describe the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures we have taken or propose to take to address the breach and mitigate its effects.
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts. The following table provides a summary of the cookie types deployed:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential website functionality, security, and session management | Session to 365 days |
| Performance / Analytics | Measuring website usage and performance to improve user experience | 24 hours to 2 years |
| Functionality | Remembering user preferences for enhanced personalization | Session to 30 days |
| Targeting / Marketing | Delivering relevant content and measuring campaign effectiveness | 30 days to 3 months |
Additional tracking technologies we may use include web beacons (small transparent images embedded in emails or web pages that track whether content has been accessed) and local storage (browser-based storage mechanisms similar to cookies). For comprehensive details on each cookie, including its specific name, provider, exact purpose, and opt-out mechanisms, please refer to our dedicated Cookie Privacy Policy.
Under Indonesia's Personal Data Protection Law (UU PDP) — and where applicable, frameworks such as the GDPR — you have the following rights regarding your personal data:
You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how it is being processed.
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you without undue delay.
You have the right to request the deletion of your personal data where: the data is no longer necessary for the purposes for which it was collected; you withdraw your consent and there is no other legal basis for processing; you object to processing and there are no overriding legitimate grounds; or the data has been unlawfully processed. This right is subject to legal and regulatory retention obligations — particularly those imposed by OJK and tax authorities, which may require us to retain certain data for prescribed periods.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to its processing, pending verification of our response.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller where technically feasible.
You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis, including for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
You have the right not to be subject to decisions based solely on automated processing — including profiling — that produce legal effects concerning you or similarly significantly affect you. PT Anargya Aset Manajemen does not currently engage in fully automated decision-making with legal or significant effects without human intervention.
To exercise any of these rights, please contact us using the details in Section 13 of this policy. We will respond to your request within 30 days. We may need to verify your identity before processing your request and may, in limited circumstances, charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests.
Our services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. Investment products, including mutual funds, generally require subscribers to be of legal age to enter into binding contracts. If we become aware that we have inadvertently collected personal data from a person under 18 without verifiable parental consent, we will take prompt steps to delete that information from our systems. If you believe we may have collected data from a child, please contact us immediately.
Your personal data is primarily stored and processed in Indonesia. However, certain third-party service providers we use — such as cloud hosting providers, analytics platforms (including Google Analytics), and communication tools — may process data in other jurisdictions, including the United States, Singapore, and the European Union. When we transfer personal data internationally, we implement appropriate safeguards to ensure an equivalent level of protection, including: (a) Adequacy decisions — we assess whether the recipient jurisdiction provides an adequate level of data protection; (b) Standard Contractual Clauses (SCCs) — we use EU-approved or equivalent data processing agreements with service providers; (c) Data Processing Agreements (DPAs) — all third-party processors are bound by contracts that specify the scope, duration, nature, and purpose of processing, as well as the types of personal data and categories of data subjects; and (d) Compliance audits — we periodically review our service providers' security and privacy practices.
The countries to which your data may be transferred, and the purposes of such transfers, vary depending on the specific services we engage. We will provide details of any specific international transfers upon request.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. The following table outlines our standard retention periods:
| Information Type | Retention Period | Reason |
|---|---|---|
| Account and subscription records | 10 years after account closure | OJK regulatory requirement for investment manager records |
| Transaction records | 10 years from transaction date | Tax audit requirements and financial regulatory compliance |
| KYC / AML documentation | 5 years after business relationship ends | Anti-money laundering regulations under Indonesian law |
| Credit and risk assessment reports | 7 years from creation | Credit reporting regulations and dispute resolution |
| Marketing consent records | 3 years after consent withdrawal | Evidence of consent in case of disputes |
| Website logs and analytics | 2 years | Operational analysis and security monitoring |
| Customer service correspondence | 5 years after last communication | Dispute resolution and service quality monitoring |
Upon expiry of the applicable retention period, your personal data will be securely deleted, destroyed, or anonymized so that it can no longer be associated with you. Our data disposal methods include secure digital wiping, cryptographic erasure where applicable, and physical destruction of physical media.
Our website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every website you visit. The inclusion of a link on anargya-aam.it.com does not constitute an endorsement of that third party's privacy or security practices.
We may update this Privacy Policy periodically to reflect changes in our data practices, service offerings, or legal obligations. When we make material changes, we will: (1) Post a prominent notice on anargya-aam.it.com at least 30 days before the changes take effect; (2) Update the "Last Updated" date at the top of this page; (3) For registered investors, send an email notification summarizing the key changes and their implications; (4) For material changes that affect the scope or legal basis of processing, request your explicit consent where required by law. We encourage you to review this Privacy Policy regularly.
The most current version of this Privacy Policy will always be available at anargya-aam.it.com/policy.html. We recommend bookmarking this page or checking back periodically.
If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data handling practices, please contact our designated data protection contact point:
PT Anargya Aset Manajemen
Attn: Data Protection Officer
The Manhattan Square Lantai 18 Mid Tower B
Jalan TB Simatupang Kav. 1-S, Cilandak Timur
Pasar Minggu, Jakarta Selatan 12560
Indonesia
Phone: +62 21-29407184
Email: info@anargya-aam.it.com
Website: anargya-aam.it.com
We aim to acknowledge all inquiries within 2 business days and provide a substantive response within 30 days. For complex requests, we may extend this period by up to an additional 60 days, in which case we will inform you of the extension and the reasons for the delay within the initial 30-day period.
If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In Indonesia, the supervisory authority is the ministry responsible for communication and informatics (Kementerian Komunikasi dan Informatika / Kominfo), which oversees the implementation of the Personal Data Protection Law (UU PDP). You may also have the right to seek judicial remedy. For investors in jurisdictions covered by the GDPR, you may lodge a complaint with the data protection authority in your EU member state of residence.
Where we process your personal data based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw marketing consent: (a) Click the unsubscribe link at the bottom of any marketing email we send; (b) Adjust your communication preferences through your investor account settings; (c) Contact our investor relations team by phone or email; or (d) Submit a written request to our office address. We will process your consent withdrawal promptly and confirm once completed.
If you wish to close your account and request deletion of your personal data, please follow these steps: (1) Submit a written request to info@anargya-aam.it.com with the subject line "Account Deletion Request"; (2) We will verify your identity and confirm receipt of your request within 5 business days; (3) Pending transactions and obligations will be settled in accordance with fund prospectus requirements; (4) We will notify you of any legal or regulatory retention obligations that prevent complete deletion and specify which data will be retained and for how long; and (5) Upon resolution of all outstanding matters, we will confirm the closure of your account and the deletion of all personal data not subject to mandatory retention.
PT Anargya Aset Manajemen was founded on principles of transparency, integrity, and alignment with client interests. Our approach to data privacy reflects these same values. We treat your personal data with the same care and diligence that we apply to managing your investments. If you have any feedback, questions, or suggestions about this Privacy Policy, we welcome you to contact us — your trust is the foundation of our business, and we are committed to earning it every day.