1. Introduction

Rizal & Colleagues (“we,” “us,” “our”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over it.

This policy applies to all visitors to our website and all clients who engage our services. By using our website or submitting any form, you acknowledge this policy.

2. Who We Are

Rizal & Colleagues is a landing page copywriting and conversion optimization service based in Indonesia. For questions about this policy or your data, contact us at [your email address].

If you are located in the European Economic Area (EEA), we are the data controller responsible for your personal data.

3. What Data We Collect

3.1 Information you give us directly

• Contact and audit request forms: Your name, email address, website URL, and any information you voluntarily include in your message.
• Checkout and payment: Your name, email address, and billing information. Payment card details are processed directly by our payment processor and are never stored by us.
• Onboarding intake questionnaire: Business information including your offer details, target audience, conversion data, ad spend, and any other information you provide to help us complete your project.

3.2 Information we receive from third parties

We may receive your email address or basic contact details if you are referred to us through a partner or if you engage with our outreach campaigns.

4. How We Use Your Data

We use your data only for the following purposes:

• To deliver our services — processing your order, completing your project, managing revisions, and providing post-launch support.
• To communicate with you — responding to enquiries, sending project updates, and conducting post-project follow-up.
• To send you relevant information — if you opt in, we may send you emails about conversion optimization, landing page strategy, or updates about our services. You can unsubscribe at any time.
• To fulfill legal obligations — retaining transaction records as required by applicable law.
• To improve our services — using anonymized, aggregated feedback to refine our process.

We do not sell your data. We do not use your data for automated decision-making or profiling.

5. Legal Basis for Processing (GDPR)

If you are located in the EEA, we process your data under the following legal bases:

• Contract performance — processing necessary to deliver the services you purchased (Articles 6(1)(b)).
• Legitimate interests — responding to enquiries and conducting outreach to businesses whose pages we believe we can improve (Article 6(1)(f)). You may object to this processing at any time (see Section 9).
• Consent — sending marketing emails where you have opted in (Article 6(1)(a)). You may withdraw consent at any time.
• Legal obligation — retaining financial records as required (Article 6(1)(c)).

6. Third Parties We Share Data With

We share your data only with the following third-party services, and only to the extent necessary to deliver our services:

6.1 Payment processor We use PayPal and Payoneer to process payments. Your payment details are handled directly by them under their own privacy policy. We receive only a transaction confirmation and basic billing details. We never see or store your full card information.

• Payoneer Privacy Policy: pubs.payoneer.com/Legal/v30/PrivacyPolicy.pdf
• PayPal Privacy Policy: paypal.com/us/legalhub/paypal/privacy-full

6.2 Basecamp Once a project begins, all project communication takes place via Basecamp (37signals, LLC). Your name, email address, and project-related information are stored on their platform.

• Basecamp Privacy Policy: basecamp.com/about/policies/privacy

6.3 Email marketing platform We use Jotform to manage our mailing list and send automated emails to audience. Your name and email address are stored on their platform if you opt in to our mailing list.

• Jotform Privacy Policy: jotform.com/privacy/

We do not share your data with any other third parties, advertisers, or data brokers.

7. International Data Transfers

We are based in Indonesia. If you are located in the EEA or UK, your data will be transferred to and processed in Indonesia and potentially in the United States (where some of our third-party tools are hosted).

Where such transfers occur, we rely on appropriate safeguards including Standard Contractual Clauses or the third party’s participation in recognized data transfer frameworks.

8. Data Retention

We retain your data for as long as necessary to fulfill the purposes outlined in this policy:

• Client project data — retained for 3 years after project completion for reference and dispute resolution purposes.
• Financial and transaction records — retained for 5 years to comply with applicable tax and accounting obligations.
• Mailing list data — retained until you unsubscribe or request deletion.
• Enquiry data (non-clients) — retained for 12 months, then deleted.

9. Your Rights

Depending on your location, you may have the following rights over your personal data:

For all users:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your data, subject to legal retention requirements.
• Unsubscribe — opt out of marketing emails at any time using the unsubscribe link in any email or by contacting us directly.

For EEA and UK users (GDPR/UK GDPR):

• Restriction — request that we restrict processing of your data in certain circumstances.
• Portability — request your data in a portable, machine-readable format.
• Objection — object to processing based on legitimate interests, including outreach. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@rizalbintang.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.

If you are in the EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

10. Data Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. These include access controls, encrypted communication, and limiting data access to personnel who need it to deliver your project.

No method of transmission over the internet is completely secure. While we do our best to protect your data, we cannot guarantee absolute security.

11. Children’s Privacy

Our services are intended for businesses and are not directed at individuals under the age of 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. For material changes, we will notify active clients by email. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

13. Contact

For any questions, data requests, or concerns about this policy:

Rizal & Colleagues

hello@rizalbintang.com
Perum Griya Banyuresmi Indah 1 Blok D-10
Kec. Banyuresmi, Kab. Garut
Jawa Barat, Indonesia