Last Updated: February 18, 2026

1. Introduction

This Privacy Policy (the "Policy") outlines the practices of BloomsWork ("the Company," "we," "us," or "our") regarding the collection, use, and disclosure of personal information provided by users ("Users," "you," or "your") through the website bloomswork.com and associated services, including Coworking Space access, Virtual Office solutions, and Legal Entity Formation services.

By accessing our services, you acknowledge that you have read and understood the terms of this Policy and agree to the processing of your personal data in accordance with these terms.

2. Categories of Data Collected

We collect and process various categories of personal data to fulfill our contractual and legal obligations:

• Identity Data: Legal name, National Identification Number (NIK), Taxpayer Identification Number (NPWP), and corporate designations.
  
• Contact Information: Professional email addresses, telephone numbers, and physical business/residential addresses.
  
• Technical and Access Data: IP addresses, browser types, and digital logs generated by the Smart QR Door Access system at our Headquarters and partner locations.
  
• Financial Data: Billing details, transaction history, and payment verification information.
  
• Corporate Documentation: For users of our Legality Services, we process Articles of Association, NIB (Business Identification Numbers), and other statutory documents required for PT, CV, or Individual entity registration.

3. Purposes of Data Processing

Personal data is processed strictly for the following purposes:

1. Service Provision: To facilitate the booking of meeting rooms (Kamboja and Melati) and the administration of Virtual Office mail-handling services.
   
2. Identity Verification: To ensure compliance with "Know Your Customer" (KYC) regulations during the formation of legal entities.
   
3. Security Management: To monitor and secure physical premises through encrypted access control systems.
   
4. Communications: To transmit official service updates, billing notifications, and mandatory legal disclosures.
   
5. Regulatory Compliance: To satisfy statutory requirements imposed by Indonesian governmental authorities, including the Ministry of Law and Human Rights and the Ministry of Investment (BKPM).

4. Data Sharing and Third-Party Disclosure

The Company does not sell, lease, or trade personal data to third parties for marketing purposes. Disclosure of data is limited to:

• Authorized Service Providers: Third-party vendors assisting in payment processing, IT infrastructure, and security management.
  
• Governmental Authorities: Disclosure as required by law for the registration of legal entities through the OSS (Online Single Submission) and AHU (General Legal Administration) portals.
  
• Partner Locations: Data necessary for operational access to coworking facilities managed by our authorized partners.

5. Data Security and Retention

We implement rigorous technical and organizational measures to safeguard personal data against unauthorized access, alteration, or destruction.

• Security: Data is encrypted during transit and stored on secure servers with restricted access.
  
• Retention: Personal data is retained only for the duration necessary to fulfill the purposes outlined in Section 3, or as required by applicable tax, corporate, and data protection laws.

6. Rights of the Data Subject

In accordance with the Indonesian Personal Data Protection Act (UU PDP), you are entitled to the following rights:

• The Right to Information: To receive clarity on how your data is being utilized.
  
• The Right to Access and Correction: To request a copy of your personal data or the rectification of inaccuracies.
  
• The Right to Erasure: To request the deletion of data, subject to legal and contractual retention requirements.
  
• The Right to Withdraw Consent: To revoke permission for data processing at any time, which may result in the termination of certain services.

7. Contact Information

For inquiries, formal requests, or grievances regarding your personal data, please contact our Data Protection Officer (DPO) at:

BloomsWork Headquarters Jl. Baranangsiang III Blok B No. 17, RT 3 RW 8, Tegallega, Bogor Tengah, Kota Bogor, Jawa Barat, Indonesia

Email: halo@bloomswork.com

Official Correspondence: Attn: Data Privacy Department