Privacy Policy
Last updated: 28 April 2026
La Gelato Academy respects the privacy of every visitor and customer. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with Law of the Republic of Indonesia No. 27 of 2022 on Personal Data Protection (UU PDP).
By accessing and using the website lagelatoacademy.com, you confirm that you have read, understood, and agreed to the terms of this Privacy Policy.
1. Identity of the Data Controller
| Description | Information |
|---|---|
| Data Controller Name | SIE YULYANI RN |
| Business Status | UMKM (Micro, Small and Medium Enterprise) |
| Business Address | Sanggrahan, RT.003/RW.023, Medan, Kelurahan Caturharjo, Kecamatan Sleman, Kabupaten Sleman, Daerah Istimewa Yogyakarta 55515, Indonesia |
| co*****@*************my.com | |
| +62 819 9590 6784 |
For complete official information about the legal entity or for document requests, please contact us by WhatsApp or email using the details above.
2. Personal Data We Collect
We collect your personal data only to the extent necessary to provide our services. The types of data collected include:
2.1. Data you provide directly
- Identity: full name, gender (optional)
- Contact details: WhatsApp number, email address, delivery address (where applicable)
- Professional information (optional): business name, type of business, role (future gelato entrepreneur, gelateria owner, chef, etc.)
- Order history: products and training packages purchased, purchase date, payment amount
- Communications: WhatsApp messages, emails, or contact form messages you send to us
2.2. Data collected automatically
- Technical data: IP address, device type, operating system, browser, browser language
- Usage data: pages visited, visit duration, access time, links clicked
- Cookies and similar technologies: see Section 9 for full details
2.3. Data we do NOT collect
- We do not process payment data directly on this website. All transactions are handled through WhatsApp and separate payment channels. We do not store credit card numbers, bank account numbers, or your financial details on our servers.
- We do not collect sensitive data (health data, biometric data, financial data, religious or political beliefs, sexual orientation), unless you voluntarily provide it in your communication with us.
3. Purposes of Personal Data Collection
We use your personal data for the following purposes:
- Providing products and services: processing complete package orders (products + training included), delivery, and access to training materials
- Communication: answering questions, sending order confirmations, and providing customer support
- Customer account management: storing purchase history and training progress
- Marketing (with consent): sending information about new products, promotions, or educational content if you have given explicit consent
- Service improvement: analyzing website usage to improve content, functionality, and user experience
- Legal compliance: meeting tax, accounting, and Indonesian UMKM regulatory obligations
4. Legal Basis for Data Processing
In accordance with Article 20 of the UU PDP, we process your personal data based on one of the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Fulfilment of complete package orders | Performance of a contract between you and us (Article 20 letter b of the UU PDP) |
| Sending marketing emails/WhatsApp messages | Your explicit consent (Article 20 letter a of the UU PDP), which can be withdrawn at any time |
| Storage of tax and accounting data | Legal obligation (Article 20 letter c of the UU PDP) |
| Website usage analysis (analytics cookies) | Our legitimate interest in improving our services, while respecting your rights (Article 20 letter f of the UU PDP) |
5. Sharing Data with Third Parties
We do not sell your personal data to third parties. We only share your data in the following situations:
5.1. Technical service providers
- Hostinger (website hosting provider) — servers located in Europe/Singapore
- Email service providers — for order confirmations and customer support
- WhatsApp Business (Meta) — for communication and transactions
These service providers are bound by contractual obligations to keep your data confidential and to use it only for the purposes we define.
5.2. Legal authorities
We may share your data with competent authorities if required by Indonesian law (court order, tax audit, criminal investigation).
5.3. Payment-related transactions
The minimum data required (name, amount, order reference) may be shared with banks or payment service providers when you make a transfer after communicating with us via WhatsApp.
6. International Data Transfers
Some of our service providers are located outside Indonesia (hosting servers, email services, communication platforms). In accordance with Article 56 of the UU PDP, international data transfers are carried out with guarantees of a level of protection equivalent to the UU PDP, through:
- Standard contractual clauses with service providers
- Selection of providers subject to international data protection regulations (European GDPR, etc.)
You have the right to request further information about these transfers by contacting us.
7. Data Retention and Security
7.1. Retention period
| Type of Data | Retention Period |
|---|---|
| Customer account data | As long as the account is active + 5 years after deletion |
| Transaction data (invoices, contracts) | 10 years (Indonesian tax obligations) |
| Marketing data (where consent exists) | Until you withdraw your consent |
| Cookies and technical data | Maximum 24 months |
After the retention period ends, your data will be permanently deleted or anonymized.
7.2. Security measures
In accordance with Articles 35-37 of the UU PDP, we apply reasonable technical and organizational measures to protect your data:
- HTTPS/SSL encryption for all website communications
- Restricted access to personal data (authorized personnel only)
- Regular backups to prevent data loss
- Regular security updates for systems and plugins
- Internal training on data protection for our employees
7.3. Data breach notification
If a data breach has a significant impact on your rights, we will notify you and the relevant authorities within a maximum of 3×24 hours (3 days) after becoming aware of the breach, in accordance with Article 46 of the UU PDP.
8. Your Rights as a Data Subject
In accordance with Articles 5-15 of the UU PDP, you have the following rights:
| Right | Description |
|---|---|
| Right of access | Request a copy of the personal data we store about you |
| Right to rectification | Correct inaccurate or incomplete data |
| Right to erasure | Request deletion of your data in certain circumstances (except data that must be retained for legal obligations) |
| Right to portability | Receive your data in a structured format to transfer it to another controller |
| Right to restriction | Restrict data processing in certain circumstances |
| Right to object | Object to data processing for specific purposes, especially marketing |
| Right to withdraw consent | Withdraw consent at any time, without affecting the validity of processing before withdrawal |
| Right not to be subject to automated decisions | Not be subject to decisions made entirely by automated processing without human intervention |
| Right to compensation | Receive compensation for losses caused by a data breach |
How to exercise your rights
To exercise the rights above, send a written request to us through:
- Email: co*****@*************my.com
- WhatsApp: +62 819 9590 6784
We will respond to your request within a maximum of 3×24 working hours and fulfill the request within a maximum of 30 days from receipt, except in complex cases.
You also have the right to file a complaint with the Ministry of Communication and Digital Affairs (Komdigi) or another personal data protection authority if you believe your rights have been violated.
9. Cookies and Tracking Technologies
9.1. What are cookies?
Cookies are small files stored on your device when you visit a website. Cookies help the website remember your preferences and analyze website usage.
9.2. Types of cookies we use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Required for basic website functions (sessions, security) | During the session |
| Preference cookies | Remember language choices (ID/EN/FR) and settings | 12 months |
| Analytics cookies | Analyze website usage anonymously | 24 months |
| Marketing cookies (if allowed) | Display relevant advertising | 24 months |
9.3. Cookie management
You can manage or disable cookies through your browser settings. However, disabling essential cookies may affect website functionality.
10. Children’s Personal Data
Our services are not intended for children under 18 years old. We do not knowingly collect children’s personal data. If you become aware that your child has provided data to us without your consent, please contact us to request deletion of that data.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal regulations, or practices. Any significant change will be notified through:
- A notice on the website homepage
- Email to registered customers (for material changes)
The “Last updated” date at the top of this page indicates when the latest changes were made. We encourage you to review this Privacy Policy regularly.
12. Governing Law and Dispute Resolution
This Privacy Policy is governed by the laws of the Republic of Indonesia, in particular:
- Law No. 27 of 2022 on Personal Data Protection
- Law No. 11 of 2008 on Electronic Information and Transactions (UU ITE), as amended by Law No. 19 of 2016
- Law No. 8 of 1999 on Consumer Protection
Any dispute arising from this Privacy Policy will first be resolved through deliberation. If no agreement is reached, the dispute will be settled through the Sleman District Court, Special Region of Yogyakarta.
13. Contact
For questions, requests, or complaints about this Privacy Policy or the use of your personal data:
- Email: co*****@*************my.com
- WhatsApp: +62 819 9590 6784
- Address: Sanggrahan, RT.003/RW.023, Medan, Kelurahan Caturharjo, Kecamatan Sleman, Kabupaten Sleman, Daerah Istimewa Yogyakarta 55515, Indonesia
We are committed to responding to every question transparently and in a timely manner.
This Privacy Policy is written in Indonesian as the official language. English and French translations are provided for convenience; in case of interpretation differences, the Indonesian version shall prevail.