Privacy Policy
Effective date: 17 August 2025
MySimkari is an internal human resources information system operated by Biro Kepegawaian Kejaksaan (“we”, “us”). We use it to manage staff data, attendance, training, performance records, and related HR processes.
This policy explains what we collect, why we collect it, and how we protect it. It applies to the services available at MySimkari.
What we collect
- Account & identity: full name, employee/ID number, work email, unit, position/grade, employment status.
- HR records: attendance logs, leave and training history, appraisal notes, certifications, and documents you or HR upload.
- Authentication data: when you sign in with Google (OAuth/OpenID), we receive your Google user ID (
sub), name, work email, and (if available) profile image. We do not access your email contents.
- Technical data: device/browser info, IP, timestamps, and audit trails of actions taken in the system.
- Cookies & sessions: necessary cookies to keep you signed in and protect your session.
How we use your data
- To authenticate users (including Google Sign-In) and keep accounts secure.
- To run core HR processes: records management, attendance, training, performance and reporting.
- To maintain integrity of case-related access and audit trails for compliance.
- To improve reliability, security, and usability of MySimkari.
Google Sign-In
We use Google OAuth/OpenID Connect strictly for identity verification. We request the minimal scopes needed (typically openid, email, profile). We do not read your Gmail, Calendar, Drive, or contacts.
We do not sell or share Google user data with third parties. We do not use Google data for advertising. Access tokens are used only to complete sign-in and session creation.
Legal basis & retention
- Processing is necessary for employment administration and legitimate interests of Biro Kepegawaian Kejaksaan in operating secure HR systems and meeting legal obligations.
- We keep account and HR records for as long as required by internal policy and applicable law. System logs are retained for a limited period needed for security and audits.
Sharing & transfers
- We may share data with authorized internal units and vetted service providers (e.g., hosting, security, email) under confidentiality and data protection terms.
- We do not disclose HR records to the public. External disclosure occurs only when required by law or with proper authorization.
Security
We apply administrative, technical, and physical safeguards, including access controls, encryption in transit, and regular security reviews. No system is perfect, but we work to prevent, detect, and respond to incidents.
Your rights
Subject to internal policy and applicable law (including Indonesia’s Personal Data Protection Law No. 27 of 2022), you may request access, correction, or deletion of your personal data held in MySimkari. Some records must be retained by law or for audit purposes.
Children
MySimkari is for authorized personnel only and is not intended for children.
Changes
If we make material changes, we will update this page and adjust the “Effective date”.