Privacy Statement

Quick links

1. About this Privacy Statement

We treat your privacy very seriously and are committed to protect your personal data no matter where you are located. We collect and process your personal data in accordance with the Law No.27 of 2022 on Personal Data Protection, and other prevailing laws and regulations.

In this Privacy Statement, "we", "us", "our", and “Bank Commonwealth” means PT Bank Commonwealth.

PT Bank Commonwealth is incorporated and licensed in Indonesia with limited liability and a subsidiary of PT Bank OCBC NISP Tbk ("OCBC").

PT Bank Commonwealth is an established bank serving Retail and SME customers. Bank Commonwealth offers a range of products and/or services to meet the financial needs of customer, and seeks to maintain high levels of customer service satisfaction.

PT Bank Commonwealth is licensed and supervised by the Financial Services Authority (OJK) and Bank Indonesia (BI), and is a member of Indonesia Deposit Insurance Program (LPS).

As a financial institution that comply with the prevailing laws and regulations, and in order providing you with our products and/or services, we need to process your personal data which includes obtaining and collecting, processing and analyzing, storing, correcting and updating, displaying, transferring, disclosing, using and/or deleting or destroying your personal data in the course of providing our products and services.

This Privacy Statement describes how your personal data and/or credit information is collected and processed by PT Bank Commonwealth.

In this statement and our official website, we may include links to various third-party websites. Where we do so, the third-parties are solely responsible for their own content and for what they do with any personal data they may collect from their websites.

2. Processing your personal data

2.a. What information do We collect?

We collect your personal data directly from you most of the time, however we may also collect information about you from other parties.

We collect personal data when you:

  • enquire about, apply for, or use our products or services
  • contact us to make an enquiry or give us feedback
  • visit our website or use our digital services
  • participate in other activities we offer, such as competitions or surveys
  • communicate with us or do business with us.

We are required to collect certain types of your personal data to fulfil our obligations to the prevailing laws and regulations in Indonesia. However we do attempt to limit our collection of your personal data to what is necessary to offer you the products and/or services you need. Depending on those products and services, or your interactions with us, we may collect the following types of personal data:

  • Personal and contact details
    This may include your name, ID number, NPWP number, address, email address, phone number, mother’s name, and date of birth dan/or other data that we may require from time to time in accordance with the prevailing laws and regulations.
  • Identity documents
    • These may include your identity card (such as electronic KTP or passport), KITAS/KITAP, NPWP, country of tax residency
    • Citizenship, birth certificate, death certificate, marriage and divorce certificates (for example, to verify your identity).
  • Financial information
    This may include:
    • details of your employment, income, assets, liabilities
    • copies of bank statements, electricity, water, and phone bill, and credit card statements from other financial institutions
    • information from third parties about your credit history.
  • Credit information
    See “Your credit information” section for the types of credit information that we collect.
  • Transaction information
    This includes information about transactions that you have made using our products and services. For example, your debit card transactions or ATM fund withdrawals, or details of funds beneficiary.
  • Socio-demographic information
    This may include your marital status, age, gender, religion, number of dependents, occupation and nationality. For example when you open an account or apply for a home loan and/or SME credit loan. 
  • Interaction information
    This includes details of your interactions with us, such as when you visit a branch, call us, use our online or digital services, make an enquiry, provide feedback, or make a complaint.
  • Digital information
    We collect information from you electronically when you use our online and digital services, which includes information such as:
    • location information (if enabled on your device)
    • IP (internet protocol) address
    • details of the device used to access our digital services (including mobile and tablet)
    • details of the wi-fi network or mobile network used by your device
    • type of authentication used (for example touch ID or face ID).
  • Biometric information
    Biometric information (such as fingerprints or face), where this information is collected and used for the purpose of automated biometric verification or biometric identification.
  • Behavioural information
    This includes information that we generate about how you use our products and services. For example, if you use our banking services, we may generate information about your spending patterns so we can help you manage your money.
  • Call recordings
    On occasion, we monitor and record our calls with you. We will let you know if we are doing this.
  • Camera surveillance
    For the safety of our staff and customers, we use camera surveillance, such as CCTV, to monitor Bank Commonweath premises.
  • Publicly available information
    On occasion, we may collect and process information that is available publicly, such as from:
    • online forums, websites, Facebook, Twitter, YouTube or other social media (for example, if you use social media to interact with us)
    • public registers (for example information of citizens registered in Dukcapil, or information of companies registered in Ministry of Law and Human Rights database).
  • Information related to other individuals
    Under certain circumstances, you may provide Personal Data relating to other individuals (such as your spouse and/or family members) based on our request for the purpose of providing products and/or services you require from us. In such circumstances, you represent and guarantee that you have obtained consent from the individual to the processing of his or her personal data carried out by us and/or other parties cooperating with us. We reserve the right to request proof of such consent at any time if we need it.

Children's Privacy
If you are in the category of children or below the minimum age requirement in accordance with applicable laws and regulations, you will need consent from your parents and/or guardian to provide personal data to us.

By providing your personal data to us, we will process your personal data in accordance with our applicable policies.

Further information (if any) regarding the collection and handling of personal data related to our products and/or services is available in the terms and conditions of the products and services that we provide.

2.b. How do we use your information?

We’re careful about how we use and handle your information. We use it to deliver our products and services. We also use your information for other reasons such as to better understand you and your needs, and to let you know about other products and/or services you might be interested in.

Below is the explanation on how we may use your personal data. 

  • Serving our customers
    We use your information to deliver our products and/or services including to:
      • assess and process your applications for our products and services
      • administer and manage existing products or services you have with us
      • manage our relationship with you or your business
      • improve our service to our customers
      • let you know about other products and/or services that may be of interest to you. 
  • Improving our quality
    We use your information to improve the products and/or services we provide through activities such as:
      • reviewing customer feedback and assessing how you use our products and services
      • testing and validating the effectiveness of products, services and system enhancements
      • monitoring and reviewing call recordings, online chats and other business activity for quality assurance, training and compliance purposes.
  • Managing our operations
    We use your information to manage our operations including to:
      • deliver our products and services
      • make and manage customer payments and transactions
      • manage fees and interest due on your products and services
      • collect and recover credit that we provided
      • respond to complaints and seek to resolve them
  • Managing security, risk and crime prevention
    We use your information to:
      • prevent, detect and investigate suspicious or fraudulent activities
      • monitor our properties, for example using camera surveillance to ensure the safety of our employees and customers
      • investigate health and safety incidents involving our employees and customers
      • support the management of our information security and network to prevent cyber-attacks, unauthorised access and other criminal or malicious activities.
  • To comply with our obligations to prevailing laws
    Where required, we use your personal data to comply with the law, including our regulatory obligations, including to:
      • confirm your identity
      • share relevant information with law enforcement agencies, notaries, credit bureau, tax authorities and/or other regulatory bodies
      • screen applications and monitor accounts to identify criminal activity such as fraud, terrorist financing, bribery, corruption and money laundering
      • investigate financial crime.
  • Managing our business
    We use your information to run our business in an efficient and proper way. For example to manage our financial position, business capability planning, testing systems and processes, as well as managing communications, corporate governance, and audit.
  • Performing analytics activities
    We may combine information we have about you and our other customers (for example transaction information) with data from other sources, such as third party websites. We use this information to:
      • help us understand trends in customer behaviour including how products and/or services are used
      • improve the products and/or services we offer
      • improve the quality of our data
      • develop products and/or services that better meet our customers’ needs and behaviours
      • understand and manage our risks better.
  • Determine your eligibility for credit
  • See “Your credit information” section for how we use your credit information.

    We may also collect, use and disclose your information for other reasons where the law allows or requires us to.

Bringing you new products and services

From time to time, in accordance with the requirements of prevailing laws, we may also use your information, to tell you about products or services we think you might be interested in. To do this, we may contact you by the following communication channel (including through personal communication channel):

  • Email
  • Phone
  • SMS
  • Social media
  • Advertising through our apps, websites, or partner third-party websites
  • Mail.

If you don’t want to receive direct marketing messages, or want to change your contact preferences, you can do so by contacting us. Information on how to contact us is available in the “We’re here to help you” section.

We may first require to identify yourself before changing your preference.

2.c. Who do we share your information with?

We may share or disclose your personal data with our related companies. We may also share your information with our partner third parties (both in and/or outside of Indonesia), where this is permitted by law or for any of the purposes described in the “How do We use your information?” section. If we do this, we make sure there are arrangements are in place to protect your information.

Information on who we share your information with is set out in the terms and conditions that apply to the products and/or services we provide to you.

3. Keeping your information safe

Our staff are trained in how to keep your information safe and secure. We use secure systems and buildings to hold your information.

We store your hard copy and electronic records in secure buildings and systems, or use trusted third parties who cooperate with us. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal data we hold about you.

We keep personal data in accordance with our internal policy on data retention, and only for as long as your personal data is still needed–for example for business or legal reasons, help detect financial crimes, answer requests from regulators or authorized officers, and other things. When we no longer need information, we take reasonable steps to destroy or de-identify it.


4. Your credit information

We collect credit information about you when you apply or use our credit related products or services. 

What is credit information?

Credit information is personal data that is about credit that has been provided to you or that you have applied for. This includes credit for personal purposes and credit in connection with a business. It can also cover information about you as a guarantor of a loan.

Types of credit-related information we collect, hold, and disclose

We collect credit information directly from you when you apply for a credit related product or service. We also collect credit information about you from third parties, including Credit Information System Service (Sistem Layanan Informasi Kredit/SLIK) and/or Credit Information Management Agency (hereafter referred to as “LPIP”)

The types of credit information we collect and process are set out below:

  • Identification information
    This includes your name, gender, date of birth, and address.
  • Credit liability information
    This is information about any loans that you currently have open or may have had in the past. It includes the type of account, the open and/or close date, as well as the credit limit.
  • Repayment history
    This includes a history of your repayments, including whether you have made payments when due, or information of overdue payment (if any).
  • Default information
    Details of any defaults or other credit related infringements (for example fraud).
  • Public information
    Public record information such as:
    • court judgments
    • directorship and business proprietorship details
    • bankruptcy.
  • Information about credit worthiness

    Information about your credit worthiness such as credit scores, credit risk ratings, summaries and evaluations.

Why we collect and handle your credit information?

When you apply to us for credit or act as a guarantor, we need to know if you’re able to meet repayments under your agreement with us. We also try to avoid giving you further credit if this would put you in financial difficulty.

We use credit information to:

  • Confirm your identity
  • Assess your credit applications
  • Assess your ability to manage credit
  • Manage credit provided to you
  • Assist you to manage your credit related obligations and to consider any financial hardship requests
  • Derive scores, ratings, and evaluations relating to your credit worthiness which are used in our decision-making processes and ongoing reviews
  • Support the collection of overdue payments
  • Share information with LPIP, where the law permits us to do so.

We keep your credit information with your other information. For more information, refer to section “2.c. Who do We share your information with?”

Credit Information System Service (Sistem Layanan Informasi Kredit/SLIK) and/or Credit Information Management Agency (LPIP)

If you apply to us for credit or act as a guarantor, we may collect or share your information with LPIP. This information is used to determine your eligibility for credit.
LPIP include this information in their reports to help other credit providers to assess your credit worthiness.

We can also ask LPIP to give us your overall credit score, and may use credit information from LPIP together with other information to arrive at our own scoring of your ability to manage credit.

5. Accessing, updating and correcting your information

You have a number of rights regarding your personal data. We are committed in fulfilling your rights concerning personal data we have collected and processed. You can ask us to correct, complete, update, delete, access, or withdraw consent to processing of your personal data, while still following the applicable legal provisions. However, please note that in some circumstances, we may refuse your request, if for example it is permitted by or if your request conflicts with the applicable legal provisions.

You can contact us and ask to access your information. For further detailed information, we may ask you to fill out a request form. If your information is not correct or needs updating, let us know straight away.

How can you access your information?

You can ask us for a copy of your personal data that we hold by visiting a branch or by calling us. Information on how to contact us is in the ”We’re here to help” section.

How will we handle your request?

There is no fee for making a request to us, but sometimes we may charge you for the cost that may be incurred for the process required to put together the information you want. If there's a charge, we'll let you know how much it is likely to be, so you can choose if you want to go ahead.

We will respond to your request as soon as reasonably practical. Before we give you the information, we'll need to confirm your identity

In some cases, we can refuse access or only give you access to certain information. For example we might not let you see information that involves other people. In that case, we will inform it to you.

Can you correct, update, or delete your information?

It’s important that we have correct information about you, such as your current home address, email address and phone number. You can check or update your information at branch, via our online services, or contact us (see the ”We’’re here to help you” section).

If we don't think the information needs correcting, we'll inform you why. You can ask us to include a statement with the information that says you believe it's inaccurate, incomplete, misleading or out of date.

You can ask us to delete your Personal Data that is under our control, while still following the prevailing laws and regulations. However, we can refuse your request if permitted by or if your request is contrary to the provisions of prevailing laws and regulations.

However, the deletion of your information may mean that we will not be able to continue providing our services to you and we may need to terminate your existing relationship and/or services you have with us, in which case, you must complete all of your obligations to us before the termination of the relationship.

6. We’re here to help

If you want to update your personal data, or if you have a concern or complaint related to privacy, need more information, or want to update your preferences — you can contact us by visiting our nearest branch or reach the Call CommBank service at 1500 30 or (62-21) 2935 2935 (international access) or by sending an email to

Making a privacy complaint

If you have a concern or complaint about your privacy, let us know and we’ll try to fix it.

How can you make a complaint?

We try to get things right the first time—but if we don’t, we will do our best to fix it.

To make a complaint, you can contact one of our staff or customer service teams. We’ll look into the issue and try to fix it straight away.

What else can you do?

If you're not satisfied with how we manage your complaint after you've been through our internal complaints process, you are entitled to resolve the dispute through dispute resolution services. For further information, please refer to the following link:


We use technology in order to offer you the most convenient, secure and relevant services. An example of the technology that we use is a "cookie". Cookies are very small text files that your browser stores on your computer when you visit certain websites. When you visit a website that has issued a cookie, your browser sends the data stored in that cookie back to the website's server.

Why do we use cookies?

We use cookies to maintain the secure connection between your browser and our servers while you are using our secure websites.

You may be able to configure your browser to notify you when you are offered a cookie and decide whether or not to accept it. You may choose not to accept cookies when browsing our websites. However, you may be unable to log in to our secure services without accepting the cookies outlined above.


This Privacy Statement is bilingual, in both Indonesian and English. In the event there are inconsistencies in the explanations or requirements between the Indonesian and English versions or if there is any dispute on the meaning or interpretation, the Indonesian version shall prevail.

Things you should know

This Privacy Statement is last updated on 1 Mei 2024.

During our relationship with you, we may tell you more about how we collect and handle your information–for example, when you fill in an application form or receive product terms and conditions. You should always read these documents carefully.

Sometimes we update this Privacy Statement. You can always find the most up-to-date version on our website.