Privacy Policy
How we handle your data. Last updated: 20 April 2026.
Overview
PT. Eksportir Agro Jaya (“Nagari Direct”) respects your privacy. This policy explains what data we collect through this website, why we collect it, how we process it, and what rights you have.
Data We Collect
We collect only what is necessary to process your inquiry.
- Company name, contact person name, email address, and phone number — provided via the contact form.
- Country of origin, product interest, estimated volume, preferred Incoterms, and destination port — provided via the contact form.
- Message content — the free-text body of your inquiry.
Lawful Basis for Processing
We process your personal data on the following legal grounds:
- Consent (GDPR Art. 6(1)(a) / UU PDP Art. 20(2)(a)) — by submitting the inquiry form and checking the consent box, you give explicit consent for us to process your data for the stated purposes.
- Legitimate interest (GDPR Art. 6(1)(f)) — we retain inquiry records for a limited period to support ongoing commercial relationships and operational continuity, where this does not override your fundamental rights.
- Contractual necessity (UU PDP Art. 20(2)(b)) — processing is necessary to take steps at your request prior to entering into an export contract.
You may withdraw your consent at any time by contacting us at contact@nagaridirect.co.id. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Purpose Limitation
Your data is used strictly for the purposes stated below. No secondary use.
- To respond to your export inquiry with pricing, availability, and documentation.
- To route your inquiry to the correct internal desk (commodity, logistics, compliance).
- To maintain a record of the commercial inquiry for our export operations.
We do not use your contact data for marketing, newsletters, or unsolicited communications unless you explicitly opt in to such services separately.
Market Research & Anonymization
Aggregate data only. No individual identification.
We may use anonymized, aggregated inquiry data for internal market research purposes — for example, analyzing demand patterns by commodity, region, or season.
All market research data is stripped of personally identifiable information (PII). Name, email, phone number, and company name are removed before any data enters research analysis. The resulting datasets contain only anonymized commodity, volume, and geographic indicators.
No individual inquiry can be re-identified from our research datasets.
Data Processors
Form submissions are handled by our own backend running on Cloudflare’s global network (Cloudflare, Inc., US-based), which acts as a data processor under our instruction. Outbound email notifications are delivered through a transactional email provider acting as a sub-processor. No data is shared with any other third party.
International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States (via Cloudflare). These transfers are safeguarded as follows:
- EU inquirers — transfers to the US are covered by the EU-US Data Privacy Framework (DPF) adequacy decision, supplemented by Standard Contractual Clauses (SCCs) where applicable, in accordance with GDPR Chapter V.
- Indonesian inquirers — transfers are conducted with your explicit consent under UU PDP Art. 56 and supported by contractual safeguards (SCCs) with each data processor.
- All other jurisdictions — we ensure an adequate level of protection through processor agreements that incorporate GDPR-equivalent data protection obligations.
Cloudflare is certified under the EU-US DPF and maintains SCCs for data processed through its network. You may request a copy of the relevant safeguards by contacting us.
Data Retention
Inquiry data is retained for 24 months from submission for commercial follow-up and compliance record-keeping. After this period, data is deleted or fully anonymized.
Your Rights
Under GDPR (for EU-based inquirers) and Indonesia’s UU PDP (Law No. 27 of 2022):
- Right of access — request a copy of the data we hold about you.
- Right of rectification — correct inaccurate data.
- Right of erasure — request deletion of your data.
- Right to restrict processing — limit how we use your data.
- Right to data portability — receive your data in a structured format.
- Right to object (GDPR Art. 21) — object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
- Right to withdraw consent — withdraw your consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at contact@nagaridirect.co.id with the subject line “Data Rights Request.” We will respond within 30 days (GDPR) or 3×14 days (UU PDP Art. 10).
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:
- EU residents — contact the Data Protection Authority in your EU member state. A directory is available at edpb.europa.eu.
- Indonesian residents — contact the Lembaga Pelaksana Pelindungan Data Pribadi (PDP Supervisory Body) under the Ministry of Communication and Digital Affairs (Komdigi), or the relevant authority designated under UU PDP.
We encourage you to contact us first at contact@nagaridirect.co.id so we can resolve your concern directly.
Data Controller
PT. Eksportir Agro Jaya, Jalan Parupuk IV No 1, Parupuk Tabing, Koto Tangah, Kota Padang, Sumatera Barat, Indonesia. Email: contact@nagaridirect.co.id.
Policy Changes
This policy may be updated to reflect changes in our practices or applicable law. Material changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
Effective date: 20 April 2026
Revision history:
- 20 April 2026 — Added lawful basis, international transfer clause, right to object, right to lodge complaint, and policy versioning. Full GDPR + UU PDP alignment.
- 1 April 2026 — Initial version.