NYRA is committed to providing you with excellent service for all of our products and services. Because we respect your right to privacy, we have developed this Privacy Statement to inform you about our privacy practices.

This Privacy Statement will inform you of:

• What personal information our site gathers about you
• How we use and with whom we share the personal information we gather
• Your ability to opt-out of future notifications
• What security procedures we have in place to protect your personal information from loss, misuse, or alteration
• How you can correct or update your personal information

Questions regarding this Privacy Statement should be directed to practices@nyra.co.id. Please specify "Privacy Statement" in the subject line of your e-mail.

Privacy is of great concern to most users of the Internet, and is a critical part of an enjoyable and satisfactory user experience. We at NYRA are acutely aware of and sensitive to the privacy concerns of our subscribers and other visitors to our Web site. Whether you are a customer of our various products and services or a visitor to our site, we assure you that we do not collect personal information from you unless you provide it to us. If you are enrolling for a NYRA digital certificate ("NCert"), you may be asked to provide certain personal information. Please note, however, that we are asking for this information for the limited purposes of creating your NCert, providing the services that may be part of your NCert, and authenticating your identity in order to issue you an NCert. You should be assured that we do not provide or sell personal information about our customers or site visitors to vendors that are not involved in the provision of NYRA's public certification and other services.

We strive to provide our visitors and subscribers with the highest level of privacy possible.

There are two ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:

• E-mail Request for Information - We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our products or services. To do so, we may request additional personal information from you, such as your name and telephone number, to help us satisfy your request.


• Enrollment - If you choose to enroll for one of our products or services, we will request certain information from you. Depending on the type of product or service that you request, you may be asked to provide different personal information. For certain products and services, we may require your name, address, telephone number, e-mail address, credit card number, bank account information, IP address, and/or identity card number. Other products and services may require different or supplemental information from you in order to apply. For a detailed listing of the type of personal information requested for our various products, please refer to the enrollment page for the particular product or service.
  Under no circumstances do we collect any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life.

When you visit our site, our computers may automatically collect statistics about your visit. This information does not identify you personally, but rather identifies information about a visit to our site. We may monitor statistics such as how many people visit our site, the user's IP address, which pages people visit, from which domains our visitors come and which browsers people use. We use these statistics about your visit for aggregation purposes only. These statistics are used to help us improve the performance of our Web site.

We only use "cookies" as described in this Section. A "cookie" is a piece of information that our Web site sends to your browser, which then stores this information on your system. If a cookie is used, our Web site will be able to "remember" information about you and your preferences either until you exit your current browser window (if the cookie is temporary) or until you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a Web site as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to "invade" your hard drive and return to the sender personal or other information from your computer.

Our uses of "cookies" are limited to the following specific situations. The first situation is with respect to temporary cookies. There are two instances in which we use temporary cookies. First, if you are accessing our services through one of our online applications our Web server may automatically send your browser a temporary cookie, which is used to help your browser navigate our site. The only information contained in these temporary cookies is a direction value that lets our software determine which page to show when you hit the back button in your browser. This bit of information is erased when you close your current browser window. If you come to our site from one of our business partners, our Web server may also send your browser a temporary cookie that reflects an "origination code" for that business partner. We use this information for statistical and marketing purposes. The information contained in these cookies consists of random data that is used by the server to authenticate the browser requests to the server for that particular session. It does not include any type of personally identifiable information. This bit of information is erased when you close your current browser window.

The second situation in which we may use cookies is with respect to permanent cookies. This type of cookie remains on your system, although you can always delete or disable it through your browser preferences. There are two instances in which we use a permanent cookie. First, when you visit our Web site and request documentation or a response from us. When you are filling out a form you may be given the option of having our Web site deliver a cookie to your local hard drive. You might choose to receive this type of cookie in order to save time in filling out forms and/or revisiting our Web site. We only send this type of cookie to your browser when you have clicked on the box labeled "Please remember my profile information" when submitting information or communicating with us The second instance where we use a permanent cookie is where we track traffic patterns on our site. Analysis of the collected information by our tracking technologies allows us to improve our web site and the user experience. In both instances of a persistent cookie, if you choose not to accept the cookie, you will still be able to use our Web site. Even if you choose to receive this type of cookie, you can always set your browser to notify you when you receive any cookie, giving you the chance to decide whether to accept it in each situation in which one is sent.

We assure you that the personal information we gather from you is used by us only as explained below.

• Sending you responses and updates
  We generally respond to any e-mail questions, requests for product or service information, and other inquiries that we receive. We may also retain this correspondence to improve our products, services, and Web site, and for other disclosed purposes. Frequently we retain contact information so that we can send individuals updates or other important information about our services and products. Occasionally these updates or other important information may be sent out by third parties on our behalf. Please be assured that any third party who contacts you in this capacity has executed a confidentiality agreement with us that contains a provision ensuring the privacy and security of any transferred information and limits the third party's use of the shared information to sending updates or providing services on our behalf. Our subsidiary companies may also send you information about their services and products. In situations where you have supplied your information in connection with a question or request for information about a product or service offered by a NYRA business partner, we may also send the information you have supplied to the NYRA business partners that offer such products or services. Please be assured that these NYRA business partners have agreed to ensure the privacy and security of any transferred information and may only use the shared information to send you information about products or services about which you asked.


• Facilitating the support, renewal, and purchase of our products and services
  We may use the information you submit to contact you to discuss the support, renewal, and purchase of our products and services. We may provide our subsidiary companies with your information so that they may send you information about their services and products. We may also provide the information you have submitted to us to a NYRA subsidiary, business partner, or independent reseller (either within or outside Indonesia) so that the subsidiary, business partner, or independent reseller can contact you and facilitate the support, renewal, and purchase of NYRA products and services. You may receive a communication directly from one of our subsidiaries, business partners, or independent resellers. Please be assured that any subsidiary, business partner, or independent reseller who contacts you for one of these purposes has agreed to use the information we supply only in accordance with a confidentiality agreement. To find out the names and locations of the subsidiaries, business partners, and/or independent resellers to whom we have provided your information, please contact us at the address given at the end of this Privacy Statement.


• Facilitating the provision of certain included products and services (if you are applying for certain types of digital certificates)
  Certain types of digital certificates come with additional third-party services or products that are included with the digital certificate. If you purchase one of these digital certificates, we may forward some or all of the information in your application to third party providers so that they can provide you with the service or product and follow up with you directly regarding their service or product or an upgrade. Please be assured that we have agreements with these third-party service or product providers that prevent them from disclosing the information to other parties.


• Validating your identity (if you are applying for certain types of digital certificates)
  Certain types of digital certificates require that we compare some of the information in your application to information contained in a third-party database or with some other third party source. We do this in order to authenticate your identity and other attributes, and also to prevent identity theft. We have confidentiality agreements in place with these third-party databases restricting the disclosure of your information. In certain limited situations, we have contracts in place permitting the third-party database to disclose the information to its subcontractors or affiliates, but only for authenticating your identity and only in accordance with confidentiality agreements.


• Forming the contents of a digital certificate
  The exact information that appears in our different types of digital certificates is set forth in the relevant enrollment page and this Privacy Statement. Generally this information is limited to e-mail address and name, but certain classes of digital certificates contain additional information. For example, SSL Certificates may contain the organization's Dun and Bradstreet number. Please note that all information that you provide us that forms the content of a digital certificate will be "published." Publication of digital certificates in an accessible location (a repository) is an integral part of enabling the widespread use of digital certificates. Your digital certificate will be published in our repository so that a third party may access, review, and rely upon your digital certificate. You should have no expectation of privacy regarding the content of your digital certificate.


• Processing payments (if you are using our payment service)
  If you use the NYRA Payment Services payment gateway for online transactions, we may provide your personal information to appropriate financial institutions, processors, and third parties under contract with NYRA or our independent resellers for providing a subset of the payment services (for example, credit authorization and fraud screening). For financial institutions and processors, the use of personally identifiable consumer information is governed by federal and state privacy laws. For other third parties under contract with NYRA, the use and distribution of your personal information will be used by such entity for its internal use related to fulfilling the transaction services for NYRA, will be treated as confidential by this entity, and will be transferred between NYRA and this entity only via encrypted means. We may also permit the merchant through which you placed your order to review the personal information you provide. The merchant's use of your personal information should be governed by your agreement with the merchant.


• Disclosure by Law and Protection of NYRA and Others
  If we are required by law to disclose certain information to local, state, federal, national or international government or law enforcement authorities, we will do so. We will also disclose information to third parties as necessary in order to comply with applicable laws and regulations. In addition, NYRA may share information in order to investigate, prevent, or take action regarding illegal activities or suspected fraud, or enforce or apply NYRA's agreements.


• Surveys
  From time-to-time we may request information from customers via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for purposes of monitoring or improving the use of and satisfaction with this Web site, and improving our customer service and product offerings.

From time-to-time, we notify our subscribers of new products, announcements, upgrades and updates. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.

If you receive a marketing communication from our subsidiaries, business partners or independent resellers, you should opt-out with that entity directly. Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our digital certificates or other products or services.

We consider the protection of all personal information we receive from our Web site visitors and subscribers as critical to our corporate mission. Please be assured that we have security measures in place to protect against the loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information.

If you need to update or correct information contained in a digital certificate you will need to revoke your digital certificate and obtain a new one because we digitally sign each subscriber's digital certificate as a part of the digital certificate issuance process. If we were to subsequently modify or remove any information listed in a digital certificate, our digital signature would not verify the digital certificate's new content. Furthermore, if a subscriber (sender) then digitally signed a message with his or her private key, a third party would not be able to properly verify the sender's signature (created using the sender's private key) because the sender's digital certificate would have been altered after the key pair's creation.

If you would like to update or correct any personal information in our records that is not contained in your digital certificate, please contact us via e-mail at cert-support@nyra.co.id or at the address given at the end of this Privacy Statement.

When a third party wants to rely on a digital certificate, it is important for the third party to know its status (for example, whether it is valid, suspended (where available) or revoked). The third party may do this by accessing our repository and querying for the status of the digital certificate. We do not generally delete digital certificates (and their content) from our on-line repository because a third party might not then be able to check its status. You may, however, revoke (deactivate) your digital certificate. A revoked digital certificate will still appear in our repository with an indication that it has been revoked. If you are a digital certificate subscriber and would like to have your digital certificate revoked (deactivated) from our database, please contact us via e-mail at cert-support@nyra.co.id or at the address given at the end of this Privacy Statement.

If a material change is made to this Privacy Statement and/or the way we use our customers' personally identifiable information then we will post prominent notice of the nature of such change on the first page of this Privacy Statement and also on our home page.

Our mailing address is:

PT. NYRA
Attention: PKI Support
Kantor Taman E3.3 Unit C8
Jalan Mega Kuningan Lot 86-87
Jakarta 12950
Indonesia