Questionnaire Answers
What types of material data does Traveloka or vendors working on Traveloka’s behalf store, process, handle, or disclose to others in the regular course of business?
The material data that traveloka stores and processes are as following:
- Customer Data (Product Manager)
- Transaction and Payment Data (Operation tools)
- Product Inventory and Partner's Data (such as flight data, hotel catalog, restaurant, Train, Ebilling, etc) (Product Manager)
Understand the data that are critical to Traveloka & where is critical or sensitive personal or company information stored (e.g., shared vs. private cloud, on premises), and who owns the servers or facilities that host the data?
List of Critical data and the location:
- AWS : Payment, financial data, product inventory and partner data
- Google drive: HR Data, organization file storage.
- On Premise: Internal IT tools such as Active Directory etc
- Handles by Third party for example: Payroll (by tmf-group)
Understand the customer data ownership & privacy, including any applicable regulatory & compliance policies. How does Traveloka utilize the data collected?
We use the data mainly in our customer data platform to analyze customer data and transaction to customize your experience when using the Site and measuring and improving customer experience and satisfaction as stated in our Privacy Policy. https://www.traveloka.com/en-id/privacypolicy
Understand the security risk management policies (e.g. access control, anti-virus software deployment). Do you have a comprehensive written security management program and is the program periodically reviewed for sufficiency?
Currently, we have:
- Traveloka Information Security Policy
- Traveloka Access Control Policy
- Traveloka Change Management Policy
- Traveloka Password Policy
- Traveloka Security Incident Response Policy
We are currently developing more policies and guidelines.
Do you have data security insurance coverage/ do you insist on it for third party vendors?
The effort that we give to ensure our data security can be seen from:
- Developing of Information Security Policy
- Conducting Security Assessment prior to using new product or releasing new feature in our change management.
- Third party assessment to ensure that our vendors implement equivalent or higher security level and meet our security requirement before engaging in partnership.