1. Who we are

Evergreen Supply Chain ("Evergreen", "we", "us", or "our") is a supply chain management and logistics solutions company. We are committed to protecting the personal data of our clients, partners, suppliers, employees, and website visitors in accordance with applicable data protection laws, including the Indonesian Personal Data Protection Law (UU PDP No. 27 Tahun 2022) and other relevant regulations.

This policy explains how we collect, use, store, and protect personal data when you engage with our services, platforms, or website.

2. Data we collect

We collect personal data in the following categories:

Identity dataContact dataBusiness dataFinancial dataTechnical dataLocation data

• Identity data — full name, job title, company name, national ID (if required for compliance).

• Contact data — email address, phone number, mailing and billing address.

• Business data — purchase orders, shipment records, contract details, service history.

• Financial data — bank account details, invoices, payment records (processed securely via our payment partners).

• Technical data — IP address, browser type, device identifiers, usage logs from our digital platforms.

• Location data — for shipment tracking purposes, GPS or address data tied to freight or delivery records.

3. How we use your data

We use personal data strictly for the following purposes:

• Providing, managing, and improving our supply chain and logistics services.

• Processing orders, shipments, and invoices.

• Communicating updates, service notifications, and support responses.

• Complying with customs, trade, and regulatory requirements.

• Conducting due diligence and anti-fraud checks on business partners.

• Analysing platform usage to improve our digital tools and services.

• Sending marketing communications (only where you have opted in).
  
  We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

  
  

4. Legal basis for processing

We process your personal data based on the following legal grounds:

• Contractual necessity — to fulfill our obligations under a service agreement with you.

• Legal compliance — to meet our obligations under applicable laws (e.g. customs, tax, trade regulations).

• Legitimate interests — for fraud prevention, network security, and business improvement.

• Consent — for marketing communications and non-essential cookies, where your opt-in is obtained.

  
  

5. Sharing your data

We may share your data with the following categories of recipients:

• Logistics and freight partners — carriers, customs brokers, and warehouse operators necessary to deliver our services.

• Technology service providers — cloud infrastructure, platform software, and analytics tools operating under data processing agreements.

• Financial institutions — banks and payment processors for billing and financial compliance.

• Regulatory authorities — government or customs agencies when required by law.

• Professional advisors — legal, audit, or insurance firms under confidentiality obligations.

Any third party accessing your data is bound by contractual obligations to protect it and use it only for specified purposes.

6. Data retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. Our general retention periods are:

• Client and contract records — 5 years after contract termination.

• Financial and invoicing records — 10 years, in line with tax regulations.

• Shipment and logistics records — 3 years from the date of delivery.

• Marketing consent records — until you withdraw consent.

• Technical/platform usage logs — 12 months on a rolling basis.

After these periods, data is securely deleted or anonymised.

7. Your rights

Under applicable data protection law, you have the right to:

AccessRectificationErasureRestrictionPortabilityObjection

• Access — request a copy of the personal data we hold about you.

• Rectification — ask us to correct inaccurate or incomplete data.

• Erasure — request deletion of your data where there is no lawful basis to retain it.

• Restriction — ask us to limit processing while a dispute is resolved.

• Portability — receive your data in a structured, machine-readable format.

• Objection — object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact our Data Protection Officer using the details below. We will respond within 30 days.

8. Cookies

Our website uses cookies to ensure functionality and improve user experience. Cookies are categorised as:

• Strictly necessary — required for the website to operate (cannot be disabled).

• Analytical/performance — help us understand how visitors use the site (requires consent).

• Marketing — used to deliver relevant ads and track campaign performance (requires consent).

You can manage your cookie preferences at any time via the cookie settings banner on our website.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include:

• Encryption of data in transit (TLS/HTTPS) and at rest.

• Role-based access controls limiting data access to authorised personnel.

• Regular security assessments and penetration testing of our platforms.

• Employee training on data protection and information security.

In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant authority without undue delay, as required by law.

10. Contact us

For any questions, requests, or concerns about this policy or how we handle your data, please reach out to us.