Nobridge - Business Marketplace Platform

PT Vav Technologies Indonesia, operating under the name Nobridge, and its affiliates (collectively, "Nobridge," "we," "us," or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy ("Policy") explains how we collect, use, disclose, store, and safeguard your information when you access or use our website, platform, applications, tools, and all related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Policy, you must immediately cease all use of our Services. This Policy forms part of and is incorporated into our Terms of Service.

Our Services are designed to facilitate mergers and acquisitions ("M&A") advisory, deal-sourcing, and marketplace transactions for small and medium-sized enterprises ("SMEs") across Asia and globally. Given the commercially sensitive nature of M&A transactions, we take data protection with the utmost seriousness.

1. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

"Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"), including but not limited to name, identification number, location data, online identifiers, and factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
"Business Data" means any information relating to a business entity, including financial statements, operational data, customer lists, trade secrets, proprietary methodologies, intellectual property, and any other information provided in connection with a potential M&A transaction.
"Processing" means any operation or set of operations performed on Personal Data or Business Data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
"Controller" means the entity that determines the purposes and means of Processing Personal Data. Nobridge acts as the Controller for Personal Data collected through the Services.
"Processor" means any entity that processes Personal Data on behalf of the Controller.
"User" or "you" means any individual or entity that accesses or uses the Services, including but not limited to Buyers, Sellers, advisors, brokers, and general visitors.
"Buyer" means any User who uses the Services to browse, evaluate, or acquire businesses or business interests.
"Seller" means any User who uses the Services to list, market, or divest businesses or business interests.
"Platform" means the Nobridge website, web application, mobile applications, APIs, and any other digital interface through which the Services are delivered.
"Cookies" means small data files placed on your device when you visit the Platform, used to store information about your browsing activity and preferences.
"Applicable Law" means all applicable laws, regulations, guidelines, and codes of practice relating to the Processing of Personal Data in any jurisdiction where we operate or where our Users are located.

2. Information We Collect

We collect information from and about you through various means when you interact with our Services. The types of information we collect include the following:

2.1 Personal Information You Provide Directly

When you register for an account, submit forms, use our Services, or communicate with us, we may collect:

Identity Information: Full legal name, date of birth, nationality, government-issued identification numbers and documents (passport, national ID, driver's license), photographs, and professional headshots.
Contact Information: Email address, telephone number, mobile number, mailing address, business address, and other contact details.
Account Information: Username, password (stored in encrypted form), account preferences, role designation (Buyer, Seller, Advisor), and account settings.
Professional Information: Job title, company name, industry, professional qualifications, licenses, certifications, LinkedIn profile, professional biography, and areas of expertise or investment interest.
Financial Information: Bank account details, payment card information (processed through secure third-party payment processors), billing address, tax identification numbers, proof of funds, and financial capacity documentation.
Verification Information: Documents and information submitted for identity verification, anti-money laundering ("AML") checks, know-your-customer ("KYC") procedures, and accredited investor verification, including source of wealth declarations.
Communication Content: The content of messages, inquiries, emails, feedback, reviews, and other communications you send through or in connection with the Services.

2.2 Business Information

In connection with M&A transactions facilitated through the Platform, we may collect:

Listing Information (Sellers): Business name, industry classification, location, operating history, number of employees, business description, reason for sale, asking price, deal structure preferences, and anonymized business summaries.
Financial Data: Revenue figures, net income, EBITDA, cash flow statements, balance sheets, profit and loss statements, financial projections, tax returns, audit reports, and other financial records.
Operational Data: Customer and supplier information (in aggregated or anonymized form where possible), contracts, leases, intellectual property registrations, employee details, organizational charts, and standard operating procedures.
Legal and Compliance Data: Corporate registration documents, shareholder agreements, articles of incorporation, regulatory licenses and permits, pending or past litigation records, and compliance certifications.
Due Diligence Materials: Any documents, data, or information uploaded to or shared through the Platform's virtual data room or document exchange features in connection with a potential transaction.
Transaction Data: Details of expressions of interest, letters of intent, offers, bids, counteroffers, deal terms, closing conditions, and post-closing adjustments.

2.3 Information Collected Automatically

When you access or use the Services, we automatically collect certain information, including:

Device Information: Device type, operating system and version, unique device identifiers, hardware model, browser type and version, screen resolution, and language preferences.
Log Data: IP address, access times and dates, pages viewed, time spent on pages, clickstream data, referring/exit URLs, and error logs.
Usage Data: Features used, actions taken on the Platform, search queries, listings viewed, documents accessed, interaction patterns, and frequency and duration of use.
Location Data: Approximate geographic location inferred from your IP address, and, where you provide consent, more precise location data from your mobile device.
Network Information: Internet service provider, connection type, connection speed, and network configuration data.

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your use of the Services. These include:

Strictly Necessary Cookies: Essential for the operation of our Platform, enabling core functionality such as security, session management, network management, and accessibility. These cookies cannot be disabled.
Performance and Analytics Cookies: Help us understand how Users interact with the Platform by collecting and reporting information anonymously, including page visit counts, traffic sources, bounce rates, and user flow patterns.
Functionality Cookies: Allow the Platform to remember choices you make (such as language, region, or display preferences) and provide enhanced, personalized features.
Targeting and Advertising Cookies: Used to deliver advertisements relevant to you and your interests, to limit the number of times you see an advertisement, and to measure the effectiveness of advertising campaigns.
Third-Party Cookies: Set by third-party services that appear on our pages, including analytics providers (such as Google Analytics), social media platforms, and advertising networks.

2.5 Information from Third Parties

We may receive information about you from third-party sources, including:

Identity Verification Providers: Information from KYC/AML screening services, credit bureaus, and identity verification platforms.
Business Intelligence Services: Publicly available business information, corporate registry data, industry databases, and commercial data aggregators.
Social Media and Professional Networks: Information from LinkedIn, social media profiles, and other publicly available professional profiles, where you have connected such accounts or where the information is publicly available.
Referral Partners: Information provided by business brokers, M&A advisors, financial institutions, accounting firms, and law firms who refer clients to our Platform.
Payment Processors: Transaction confirmation, payment status, and fraud detection information from third-party payment service providers (e.g., Stripe).
Public Records and Databases: Information from government registries, court records, regulatory filings, and other publicly available sources relevant to due diligence and verification.

3. How We Use Your Information

We process your information for the following purposes:

3.1 Providing and Maintaining the Services

Creating, managing, and authenticating your account.
Facilitating the listing, discovery, evaluation, and negotiation of M&A transactions.
Operating the marketplace, matching Buyers with suitable Sellers, and vice versa.
Processing and facilitating communications between Users, including through our messaging system.
Providing customer support, responding to inquiries, and resolving disputes.
Processing subscriptions, payments, refunds, and generating invoices and receipts.

3.2 Verification, Compliance, and Risk Management

Conducting identity verification, KYC, and AML checks as required by Applicable Law and our internal policies.
Verifying business listings, financial information, and other data submitted to the Platform.
Detecting, investigating, and preventing fraud, money laundering, terrorist financing, unauthorized access, and other illegal or prohibited activities.
Enforcing our Terms of Service, this Privacy Policy, and other agreements.
Managing risk, conducting internal audits, and maintaining security incident response procedures.

3.3 Improving and Personalizing the Services

Analyzing usage patterns, trends, and user behavior to improve Platform functionality, user interface, and user experience.
Personalizing content, recommendations, search results, and notifications based on your preferences, activity, and profile.
Conducting research, surveys, and statistical analysis to develop new features, products, and services.
Testing new features, conducting A/B testing, and optimizing Platform performance.

3.4 Communications

Sending transactional messages related to your account, listings, inquiries, and transactions (e.g., confirmation emails, status updates, alerts).
Sending administrative notices, including security alerts, system updates, policy changes, and service announcements.
Sending marketing and promotional communications about our Services, events, and relevant industry updates (where you have opted in or where permitted by Applicable Law).
Facilitating in-platform notifications and real-time messaging.

3.5 Legal and Regulatory Compliance

Complying with Applicable Law, regulatory requirements, legal processes, and governmental requests.
Establishing, exercising, or defending legal claims.
Cooperating with law enforcement, regulatory authorities, and courts as required or permitted by law.
Maintaining records as required by tax, financial reporting, corporate governance, and other regulatory obligations.

4. Legal Basis for Processing

We process your Personal Data on the following legal bases, as applicable under the relevant Applicable Law:

Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes providing you access to and use of the Services, processing transactions, and fulfilling our obligations under our Terms of Service.
Legitimate Interests: Processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include: operating and improving the Platform; ensuring network and information security; preventing fraud and illegal activity; conducting internal administration, accounting, and auditing; conducting business analytics and market research; and marketing our Services to existing customers.
Consent: Where required by Applicable Law, we process your Personal Data based on your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time by contacting us, though withdrawal will not affect the lawfulness of Processing based on consent before its withdrawal.
Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject, including AML/KYC requirements, tax obligations, regulatory reporting, and responding to lawful requests from public authorities.
Vital Interests: In rare circumstances, Processing may be necessary to protect the vital interests of you or another natural person.
Public Interest: Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

5. Information Sharing and Disclosure

We may share your information in the following circumstances and with the following categories of recipients. We do not sell your Personal Data to third parties.

5.1 With Other Users

Information you choose to include in your profile, listings, or communications on the Platform will be visible to other Users in accordance with Platform functionality and your privacy settings:

Anonymized Listing Data: Certain listing details (such as industry, location, revenue range, and asking price) may be displayed to all registered Users in an anonymized format that does not directly identify the business or its owner.
Verified User Access: Additional details, including business identity and financial information, may be disclosed to Users who have completed our verification process and have been granted access to detailed listing data, subject to non-disclosure agreements ("NDAs") and confidentiality obligations.
Transaction Counterparties: In the course of an M&A transaction facilitated through the Platform, relevant information may be shared between Buyers, Sellers, and their respective advisors, subject to applicable confidentiality agreements.

Disclaimer: Nobridge does not guarantee the confidentiality of information shared between Users through the Platform. Users are responsible for executing appropriate confidentiality agreements before sharing sensitive information. Nobridge shall not be held liable for any unauthorized disclosure of information by other Users.

5.2 Service Providers and Processors

We engage third-party service providers who process Personal Data on our behalf to perform functions and provide services to us, including:

Cloud Hosting and Infrastructure: Servers, databases, content delivery networks, and storage services.
Payment Processing: Secure payment gateway providers (e.g., Stripe) for processing subscription fees and other payments.
Identity Verification and KYC/AML: Providers of identity verification, background checks, sanctions screening, and anti-money laundering compliance services.
Analytics and Performance Monitoring: Web analytics, error tracking, performance monitoring, and business intelligence tools.
Communication Services: Email delivery, SMS messaging, push notification services, and customer support platforms.
Professional Services: Legal, accounting, auditing, insurance, and consulting firms providing professional advice and services to Nobridge.
Marketing and Advertising: Advertising platforms, marketing automation tools, and customer relationship management systems.

All service providers are contractually obligated to protect your data, process it only for specified purposes, and comply with applicable data protection requirements.

5.3 Business Transfers

If Nobridge is involved in a merger, acquisition, reorganization, bankruptcy, receivership, dissolution, sale of all or substantially all assets, or similar corporate transaction, your information may be transferred, assigned, or disclosed to the acquiring entity or successor, subject to the same privacy protections described in this Policy. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements and Protection of Rights

We may disclose your information if we believe in good faith that such disclosure is necessary to:

Comply with any applicable law, regulation, legal process, subpoena, court order, or governmental request.
Enforce our Terms of Service, this Privacy Policy, or other agreements, including investigation of potential violations.
Detect, prevent, investigate, or address fraud, security incidents, technical issues, or illegal activity.
Protect the rights, property, safety, or security of Nobridge, our Users, our employees, or the public, as required or permitted by law.
Respond to claims that any content on the Platform violates the rights of third parties.
Cooperate with law enforcement investigations, regulatory inquiries, and legal proceedings.

5.5 Cross-Border Data Transfers

Given the international nature of our business and the cross-border nature of M&A transactions, your information may be transferred to, stored in, and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from and may be less protective than the laws of your jurisdiction.

Where we transfer Personal Data internationally, we implement commercially reasonable safeguards to protect your data. By using our Services, you acknowledge and consent to the transfer of your information to countries outside your jurisdiction for the purposes described in this Policy.

5.6 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for any purpose, including market research, industry analysis, benchmarking, and business development. Such data is not considered Personal Data under most Applicable Laws.

6. Data Security

We implement and maintain commercially reasonable and industry-standard technical, administrative, and physical security measures designed to protect your information from unauthorized access, use, alteration, disclosure, destruction, loss, or accidental damage. These measures include, but are not limited to:

Encryption: Encryption of data in transit using TLS/SSL protocols and encryption of sensitive data at rest using AES-256 or equivalent encryption standards.
Access Controls: Role-based access controls, multi-factor authentication, strong password policies, and principle of least privilege for employees and contractors who access Personal Data.
Infrastructure Security: Firewalls, intrusion detection and prevention systems, network segmentation, regular vulnerability assessments, and penetration testing.
Monitoring and Logging: Continuous monitoring of systems for suspicious activity, comprehensive audit logs, and automated alerting for security events.
Incident Response: Documented incident response procedures, including notification protocols in compliance with Applicable Law.
Employee Training: Regular data protection and security awareness training for all personnel who handle Personal Data.
Vendor Management: Due diligence assessments of third-party service providers' security practices and contractual requirements for data protection.

Important Notice: Despite our efforts, no method of transmission over the Internet, method of electronic storage, or security system is completely secure or impervious to all threats. While we strive to use commercially reasonable means to protect your Personal Data, we cannot and do not guarantee the absolute security of your information. Any transmission of Personal Data to us is at your own risk, and you are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. You agree to notify us immediately of any unauthorized use of your account or any other breach of security.

7. Data Retention

We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

The amount, nature, and sensitivity of the Personal Data.
The potential risk of harm from unauthorized use or disclosure.
The purposes for which we process the data and whether we can achieve those purposes through other means.
Applicable legal, regulatory, tax, accounting, or other requirements.
Applicable statutes of limitation for potential legal claims.

Specific retention periods include:

Account Data: Retained for the duration of your account and for a period of seven (7) years following account closure, or longer as required by Applicable Law.
Transaction Records: Retained for a minimum of seven (7) years from the date of the transaction, or longer as required by tax, accounting, or regulatory requirements.
KYC/AML Records: Retained for a minimum of five (5) years from the termination of the business relationship, or longer as required by AML legislation in the relevant jurisdiction.
Communication Records: Retained for a minimum of three (3) years from the date of the communication, or longer as required for dispute resolution or legal compliance.
Marketing Consent Records: Retained for the duration of the consent and for a reasonable period thereafter to demonstrate compliance.
Log and Usage Data: Generally retained for up to twenty-four (24) months, unless longer retention is required for security, legal, or compliance purposes.

When your Personal Data is no longer required, we will securely delete, destroy, or anonymize it in accordance with our data retention and destruction policies. Anonymized data that can no longer be associated with you may be retained indefinitely.

8. Your Rights

Depending on your jurisdiction and the Applicable Law, you may have certain rights regarding your Personal Data. We are committed to facilitating the exercise of these rights in accordance with Applicable Law. Please note that these rights are not absolute and may be subject to exceptions and limitations.

8.1 Right of Access

You have the right to request confirmation as to whether we process your Personal Data and, if so, to obtain a copy of the Personal Data we hold about you, together with information about how and why we process it.

8.2 Right to Rectification (Correction)

You have the right to request that we correct any inaccurate or incomplete Personal Data we hold about you. You can typically update your account information directly through your dashboard.

8.3 Right to Erasure (Deletion)

You have the right to request the deletion of your Personal Data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent (where consent is the legal basis for processing). This right is subject to exceptions, including where retention is necessary for compliance with legal obligations, for the establishment, exercise, or defense of legal claims, or for reasons of public interest.

8.4 Right to Data Portability

Where technically feasible, you have the right to receive the Personal Data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or contract and is carried out by automated means.

8.5 Right to Restriction of Processing

You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data, when the processing is unlawful but you oppose erasure, or when we no longer need the data but you require it for legal claims.

8.6 Right to Object

You have the right to object to the processing of your Personal Data where processing is based on our legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing your Personal Data for such purposes promptly.

8.7 Right to Withdraw Consent

Where we process your Personal Data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction if you believe that our processing of your Personal Data infringes Applicable Law. We encourage you to contact us first so that we can attempt to resolve your concern.

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at Business@nobridge.co. We will respond to your request within the timeframe required by Applicable Law (typically within thirty (30) days). We may need to verify your identity before fulfilling your request. If your request is manifestly unfounded, excessive, or repetitive, we reserve the right to charge a reasonable fee or refuse to act on the request, as permitted by Applicable Law.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better browsing experience, and to report information to website operators.

9.2 How We Use Cookies

We use cookies and similar technologies for the following purposes:

Authentication and Security: To recognize you when you sign in, maintain your session, prevent CSRF attacks, and detect fraudulent or unauthorized activity.
Preferences: To remember your settings, language preferences, display preferences, and other customizations.
Analytics: To understand how Users interact with the Platform, which pages are most frequently visited, where errors occur, and to measure the effectiveness of content and features.
Advertising: To serve relevant advertisements, limit ad frequency, and measure ad campaign effectiveness (where applicable).
Performance: To monitor Platform performance, load balancing, and to optimize page load times and user experience.

9.3 Third-Party Analytics

We may use third-party analytics services, such as Google Analytics, Mixpanel, Hotjar, or similar services, to collect and analyze usage data. These services may use cookies and other tracking technologies to collect data about your use of the Platform and other websites, including your IP address, browser type, pages visited, time spent on pages, and interactions. The information generated is typically transmitted to and stored by these third parties on their servers. We encourage you to review the privacy policies of these third-party analytics providers.

9.4 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that if you choose to disable cookies, some features of the Platform may not function properly or may become unavailable. You can also opt out of certain analytics cookies through the opt-out mechanisms provided by analytics services (e.g., Google Analytics Opt-out Browser Add-on).

9.5 Do Not Track Signals

Some browsers transmit "Do Not Track" ("DNT") signals to websites. Due to the lack of a common industry standard for interpreting DNT signals, we do not currently respond to or alter our practices when we detect a DNT signal from your browser. We will continue to monitor developments in DNT technology and may update this practice in the future.

10. Children's Privacy

Our Services are designed for business professionals and are not intended for use by individuals under the age of eighteen (18), or the age of majority in their jurisdiction, whichever is higher. We do not knowingly collect, solicit, or process Personal Data from children. If we become aware that we have collected Personal Data from a child without appropriate parental or guardian consent, we will take steps to delete that information as quickly as possible. If you believe that a child has provided us with Personal Data, please contact us immediately at Business@nobridge.co.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, services, or resources that are not owned or controlled by Nobridge, including those of our service providers, partners, advertisers, and other third parties. This Privacy Policy applies only to our Services and does not extend to any third-party websites or services.

We have no control over, and assume no responsibility for, the content, privacy policies, practices, or security of any third-party websites or services. The inclusion of a link or integration does not imply endorsement by Nobridge. We strongly encourage you to review the privacy policies and terms of service of every third-party website or service you visit or interact with. You access and use third-party websites and services at your own risk, and Nobridge shall not be liable for any damages, losses, or claims arising from your use of such third-party websites or services.

12. International Data Transfers

Nobridge operates across multiple jurisdictions. As such, your Personal Data may be transferred to, and processed in, countries other than the country in which you are located. These international transfers are necessary for the operation of our Services and for facilitating cross-border M&A transactions.

We take commercially reasonable steps to protect your Personal Data when it is transferred internationally. By using our Services, you acknowledge and consent to the international transfer and processing of your Personal Data as described in this Policy. If you have concerns about international data transfers, please contact us before using the Services.

13. Your Privacy Rights

Depending on where you are located, you may have additional rights under the data protection laws applicable in your jurisdiction. These may include rights of access, correction, deletion, restriction of processing, data portability, and the right to object to certain processing activities.

We are committed to respecting your privacy rights as provided under the laws applicable to you. If you wish to exercise any rights available to you under your local data protection laws, please contact us at Business@nobridge.co. We will respond to your request within a commercially reasonable timeframe and in accordance with applicable legal requirements.

If you believe that our processing of your Personal Data infringes applicable law, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. We encourage you to contact us first so that we can attempt to resolve your concern directly.

14. Automated Decision-Making and Profiling

We may use automated processing, including profiling, in connection with the Services for the following purposes:

Fraud Detection and Prevention: Automated systems may analyze transaction patterns, account activity, and behavioral signals to detect and prevent fraudulent or suspicious activity.
Risk Assessment: Automated tools may be used to assess the risk profile of Users and transactions for AML/KYC compliance purposes.
Matching and Recommendations: Algorithmic matching may be used to recommend relevant listings, Buyers, or Sellers based on your profile, preferences, and activity on the Platform.
Content Moderation: Automated tools may be used to screen user-generated content for compliance with our Terms of Service and community guidelines.

Where automated decision-making produces legal effects or similarly significantly affects you, you have the right (where provided by Applicable Law) to:

Obtain meaningful information about the logic involved in the automated decision.
Express your point of view and contest the decision.
Obtain human intervention in the decision-making process.

To exercise these rights, please contact us at Business@nobridge.co.

15. Confidentiality in M&A Transactions

We recognize the commercially sensitive nature of M&A transactions. In addition to the data protection measures described in this Policy, we implement the following safeguards for transaction-related information:

Non-Disclosure Agreements: Users may be required to execute NDAs before accessing detailed listing information or due diligence materials.
Access Controls: Access to confidential transaction documents is restricted to verified, authorized parties and is logged and auditable.
Staged Disclosure: Information about listed businesses is disclosed in stages, with increasingly detailed information available only to parties who have demonstrated serious interest and have been verified.
Data Room Security: Virtual data rooms used for due diligence incorporate security features such as watermarking, download restrictions, access expiration, and detailed activity tracking.

Notwithstanding the foregoing, Nobridge does not guarantee the absolute confidentiality of any information shared through the Platform and shall not be liable for any breach of confidentiality by third parties, including other Users, except to the extent caused by Nobridge's gross negligence or willful misconduct.

16. Limitation of Liability

To the maximum extent permitted by Applicable Law:

Nobridge shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, data, business opportunities, goodwill, or reputation, arising out of or relating to any breach of this Privacy Policy or any unauthorized access to, use of, or disclosure of your Personal Data, regardless of the cause of action or theory of liability.
Nobridge's total aggregate liability to you for all claims arising out of or relating to this Privacy Policy shall not exceed the greater of (a) the total amount of fees paid by you to Nobridge in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred United States dollars (USD $100).
You acknowledge and agree that the limitations of liability set forth in this section are fundamental elements of the agreement between you and Nobridge, and that Nobridge would not provide the Services without such limitations.

17. Indemnification

You agree to indemnify, defend, and hold harmless Nobridge, its officers, directors, employees, agents, affiliates, successors, and assigns from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to: (a) your breach of this Privacy Policy; (b) your use of the Services; (c) your violation of any rights of another party, including other Users; (d) your violation of any Applicable Law; or (e) any content or information you provide through the Services.

18. Governing Law and Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Indonesia, without regard to its conflict of law provisions. Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, or the breach, termination, or invalidity thereof, shall be resolved in accordance with the dispute resolution provisions set forth in our Terms of Service. You irrevocably submit to the exclusive jurisdiction of the courts of the Republic of Indonesia for the resolution of any such disputes, subject to the rights provided under Applicable Law in your jurisdiction.

19. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time at our sole discretion. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Provide prominent notice on our Platform, such as a banner or pop-up notification.
Where required by Applicable Law, send you a direct notification via email or through the Platform.
Where required by Applicable Law, obtain your consent to the updated Policy before continuing to process your Personal Data under the new terms.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Policy, you must stop using the Services and, if applicable, close your account. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Previous versions of this Privacy Policy are available upon request by contacting us at Business@nobridge.co.

20. Severability

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid, illegal, or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the original intent of the parties.

21. Entire Agreement

This Privacy Policy, together with our Terms of Service and any other agreements expressly incorporated by reference, constitutes the entire agreement between you and Nobridge with respect to the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written, relating to the protection and processing of your Personal Data through the Services.

22. Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data protection practices, please contact us using the following information:

Company: PT Vav Technologies Indonesia (operating as Nobridge)
Email: Business@nobridge.co
Subject Line: Privacy Policy Inquiry

We will endeavor to respond to your inquiry within thirty (30) days or within the timeframe required by Applicable Law in your jurisdiction. For requests that are particularly complex or numerous, we may extend the response period by an additional sixty (60) days, in which case we will notify you of the extension and the reasons for the delay.

If you are not satisfied with our response, you may escalate your concern to the relevant data protection authority in your jurisdiction.