Transaction Data Export Request Form | PT. Silot Technology Indonesia

1

Requestor Information (PIC)

Full Name

Employee ID

Position / Title

Department

Email Address

Phone / Extension

Request Date

Target Completion Date

2

Reason for Request

Request Category

Priority Level

Detailed Reason

3

Purpose & Intended Use

Intended Recipient / User

Destination Team / Entity

Data Retention Period by Recipient

Data Handling After Use

⏰ Request Deadline (Date & Time)

Deadline Date

Deadline Time

📧 Email Notification Recipients

Upon successful data export, a confirmation notification will be sent to all recipients listed above. Press Enter or , after each email address.

Purpose of Data Use

4

Risk Mitigation & Regulatory Compliance

4.1 Mitigation Measures Applied

Data Anonymization / Masking Applied Encrypted Data Transfer (TLS / PGP) Access Restricted to Named Individuals Only NDA / Confidentiality Agreement Signed by Recipient Secure Transfer Channel Used (VPN / SFTP) Data Destruction After Use — Confirmed in Writing Audit Log Enabled for All Data Access Events Data Export Activity Recorded in System Log

4.2 Bank Indonesia (BI) Regulatory Scope

The following Bank Indonesia regulations govern the handling, transfer, and cross-border export of transaction data. All applicable regulations must be acknowledged before this request is approved.

PBI No. 23/6/PBI/2021 — Penyedia Jasa Pembayaran (Payment Service Provider) Data localization mandate: all payment system transaction data must be stored and processed within Indonesian territory (domestic servers). Cross-border data transfers require written approval from Bank Indonesia and must comply with data governance standards.

PBI No. 19/12/PBI/2017 — Penyelenggaraan Teknologi Finansial (Fintech Regulation) Fintech operators are required to maintain strict confidentiality of consumer data and must report any data breach incidents to Bank Indonesia within the stipulated regulatory timeframe. Data access logs must be maintained and made available upon request.

PADG No. 22/23/PADG/2020 — Payment System Data Localization Policy Data residency requirement: financial transaction data must not be permanently stored or processed outside the Republic of Indonesia without explicit written permission from Bank Indonesia. Temporary processing abroad requires documented justification.

SE BI No. 23/17/DKSP/2021 — Technical Guidelines on Payment System Operations All transaction data export processes must follow approved security protocols. The export workflow must be fully auditable by Bank Indonesia upon request, including complete access logs, authorization trails, and data handling records.

BI Compliance Confirmation — The requestor confirms that this data export fully complies with all applicable Bank Indonesia regulations listed above:

I confirm full compliance with all Bank Indonesia regulations listed above.

4.3 OJK (Otoritas Jasa Keuangan) Regulatory Scope

The following OJK regulations apply to the export and handling of financial transaction data. Compliance with these regulations is mandatory for all cross-border or inter-entity data transfers.

POJK No. 38/POJK.03/2016 — Manajemen Risiko dalam Penggunaan Teknologi Informasi oleh Bank Umum Every management of transaction data — including cross-border export — must fall within the documented IT risk management framework. All export activities must be risk-assessed, approved, and documented per OJK requirements with complete audit trails.

POJK No. 77/POJK.01/2016 — Layanan Pinjam Meminjam Uang Berbasis Teknologi Informasi (Fintech Lending) Operators must maintain confidentiality, integrity, and availability of user data at all times. Disclosure of data to third parties is only permitted with a valid legal basis, explicit documented approval, and recipient accountability confirmation.

POJK No. 11/POJK.03/2022 — Penyelenggaraan Teknologi Informasi oleh Bank Umum Banks must maintain written policies on data management and protection, including mandatory multi-level approval procedures for accessing and exporting sensitive transaction data. Single-party authorization is explicitly prohibited for data of this classification.

POJK No. 13/POJK.02/2018 — Inovasi Keuangan Digital (Digital Financial Innovation) Digital financial innovations must comply with consumer protection principles, including maintaining the strict confidentiality of transaction data from unauthorized or unapproved access. Data sharing arrangements must be formalized in writing before any transfer occurs.

UU No. 27 Tahun 2022 — Undang-Undang Perlindungan Data Pribadi (PDP Law) Any cross-border transfer of personal data must comply with PDP Law requirements: a valid legal processing basis must exist, a data protection agreement must be established with the recipient entity, and data subject notification must be provided where required by law. Non-compliance constitutes a criminal offense under Indonesian law.

OJK & PDP Compliance Confirmation — The requestor confirms that this data export complies with all applicable OJK regulations and UU No. 27/2022 (PDP Law):

I confirm full compliance with all OJK regulations and UU No. 27/2022 (PDP Law) listed above.

Risk Assessment Level

Applicable Internal Policy Reference

Additional Mitigation Description

5

Transaction Data Detail

Data Period (From)

Data Period (To)

Data Format

Estimated Volume / Records

Systems / Databases Involved

Data Classification Level

Scope of Data Fields Requested

Filter / Query Conditions

6

Supporting Evidence & Attachments

Reference Ticket / Request No.

Authorized by (Superior Name)

List of Attached Supporting Documents

ℹ Physical attachments must be submitted alongside this form to the Data Custodian. Digital attachments may be uploaded to the company's secure document management system and referenced above with file names and upload timestamps.

7

Additional Notes

Additional Notes / Special Instructions

★

3-Level Approval & Signature

⚠ All three levels of approval are mandatory before any data export may proceed. This form is VOID if any signature block is incomplete, undated, or missing. Signatures must match the designated PIC for each level.

Level 1 — Requestor

Data Export Request

Fitrah Akbar Budiono

Signature

Sign here with mouse or touch

Clear

Full Name

Position

Date Signed

Approval Status

✅ Approved 🕐 Pending ❌ Rejected

Notes

Level 2 — Data Core Officer

Data Exported By

Shan Shan

Signature

Sign here with mouse or touch

Clear

Full Name

Position

Date Signed

Approval Status

✅ Approved 🕐 Pending ❌ Rejected

Notes

Level 3 — Operations Manager

Report Submission & Custody

Ilham Renjono

Signature

Sign here with mouse or touch

Clear

Full Name

Position

Date Signed

Approval Status

✅ Approved 🕐 Pending ❌ Rejected

Notes

🔒

Data Ownership & Custody Notice

Upon final approval, all data files, related reports, and this completed form must be exclusively delivered to and archived by Ilham Renjono (Manager Operasional). He bears full and sole accountability for data custody when this information is requested by Auditors, Regulators, or Business Relations. No other party is authorized to retain, duplicate, or redistribute copies of the exported data without prior written consent from the Data Custodian.