Privacy Policy
Effective Date: 24 June 2025
1. Introduction
1.1 PT Ordo Nusa Digital ("Salfok", "we", "our", "us") operates the Salfok affiliate-commerce platform available at salfok.com, business.salfok.com, link.salfok.com, sub-domains and associated mobile or web applications (collectively, the "Service").
1.2 We respect your privacy and handle Personal Data in accordance with Indonesian Personal Data Protection Law No. 27/2022 ("UU PDP 2022") and other applicable regulations. The Service is intended only for individuals aged 18 years or older and currently targets the Indonesian market.
1.3 By accessing or using the Service you acknowledge that you have read, understood and agreed to the practices described in this Privacy Policy. If you do not agree, please discontinue use.
2. Definitions
- Personal Data – data about an identified or identifiable individual or legal entity.
- Usage Data – data collected automatically from the Service infrastructure (e.g., device ID, IP address, timestamp).
- Cookies – small text files stored on your device used to recognise repeat visits and attribute affiliate links.
- Data Controller – PT Ordo Nusa Digital, determining purposes and means of processing Personal Data.
- Data Subject – any Buyer, Affiliate, or Brand using the Service.
3. Data Controller Contact
PT Ordo Nusa Digital
NIB 0205250045696
Jl. Batununggal Indah IV No. 67, Kel. Mengger, Kec. Bandung Kidul, Kota Bandung 40267, Indonesia
Email: [email protected]
4. When We Collect Personal Data
We collect data when you:
- create or manage an account;
- browse, click an affiliate link, or complete checkout;
- import catalogues via Shopee API;
- undergo KYB/KYC verification;
- chat with other users or support;
- request payout or withdraw balance;
- interact with marketing consents (cookies, pixels).
5. Types of Data We Collect
| Role | Mandatory Data | Optional / Voluntary Data |
|---|---|---|
| Buyer | Order details, payment token, delivery address, device fingerprint | Name, email, phone |
| Affiliate | Name, email, phone, KTP number & photo, selfie, bank account, device fingerprint | Social-media handles |
| Brand / Seller | Legal company name, NIB, NPWP, PIC KTP & phone, store product data via Shopee API | Store logo, marketing assets |
| All Roles | Telemetry (IP, browser, OS), cookies, Usage Data, chat logs, analytics events | — |
Note: Buyers may complete checkout as a guest; providing email or phone is recommended for order updates but not mandatory.
6. Cookies & Similar Technologies
- Session Cookies – keep you logged-in and maintain cart state.
- Attribution Cookies – remember affiliate referral ID for 7 days (refreshed on every click).
- Preference Cookies – store language or address selections.
- Analytics Pixels (e.g., GTM, Facebook) – executed only after opt-in consent.
You can disable cookies in your browser; essential features (login, checkout) may stop working.
7. Purposes & Legal Basis of Processing
| Purpose | Legal Basis (UU PDP 2022) |
|---|---|
| Account creation, KYB/KYC, order fulfilment, payouts | Contractual necessity |
| Fraud-score, device fingerprinting, self-purchase prevention | Legitimate interest; additional consent for high-risk profiling |
| Marketing emails, push notifications, analytics pixels | Explicit consent |
| Regulatory reporting, tax & bookkeeping | Legal obligation |
8. Data Sharing
We do not sell or rent Personal Data. We share data only with:
- Payment processors & banks to settle transactions and withdrawals.
- Courier APIs (e.g., Lincah) to generate shipping labels and tracking.
- Fraud-detection partners after separate consent.
- Government authorities when legally required.
All third-party processors are bound by written agreements mirroring this Policy.
9. Storage, Location & Transfers
Data is stored on encrypted servers located in Jakarta, Indonesia. Cross-border transfer occurs only when you explicitly request a foreign payout or as required by your use of international payment instruments.
10. Retention Periods
| Data Category | Retention |
|---|---|
| Orders & financial records | 10 years (tax compliance) |
| KYB/KYC documents | 5 years after account closure |
| Telemetry & logs | 12 months |
| Cookies & local storage | Up to 7 days of inactivity |
| Chat transcripts & tickets | 24 months |
Upon expiry we anonymise or securely delete data, including backups.
11. Security Measures
- TLS 1.3 encryption in transit.
- AES-256 encryption at rest.
- Role-based access control and audit logging.
- Regular penetration testing and vulnerability scans.
No method of electronic storage is 100 % secure; we implement commercially reasonable safeguards.
12. Your Rights
Subject to UU PDP 2022, you may:
- Access – obtain a copy of Personal Data we hold.
- Correct – update inaccurate or incomplete data.
- Erase – request deletion where no longer necessary.
- Withdraw consent – opt-out of marketing or analytics processing.
- Object / Restrict – challenge certain processing activities.
Send requests to [email protected]. We will verify identity and respond within 30 calendar days.
13. Children’s Privacy
The Service is not directed to children under 18. We do not knowingly collect data from minors. If you believe a minor has provided Personal Data, contact us for removal.
14. Third-Party Links
Our Service may contain links to external sites (e.g., Shopee product pages). We do not control and are not responsible for their privacy practices. Review their policies before providing data.
15. Changes to This Policy
We may amend this Policy from time to time. Material changes will be notified via email or an in-app banner 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
16. Contact Us
Questions, concerns or data Rights requests:
Email: [email protected]
Subject: Privacy Policy Enquiry
17. Language
This English version is provided for convenience. The official version is in Bahasa Indonesia; in the event of any inconsistency, the Indonesian text prevails.