Cookie Policy

Last updated: 06 May 2026

This Cookie Policy describes the cookies and similar technologies (collectively, "cookies") that PT UNIT GLOBAL SYSTEM ("UnitPay") uses on this website, what they do, on what lawful basis they are set, how long they persist, and how you can manage them. The policy supplements our Privacy Policy and aligns with UU PDP (Law 27 of 2022), GDPR Article 5 and recitals on consent, and the consent-management practices expected by Indonesian and EU regulators.

1. What cookies are

Cookies are small text files that a website places on your device when you visit. Similar technologies include localStorage, sessionStorage, IndexedDB, pixel beacons, and SDK-level identifiers. For the purposes of this policy, we treat all of these as "cookies" unless we specifically distinguish them. Cookies allow a site to recognise your browser between requests, remember preferences, support security controls, and measure how the site is used.

First-party cookies are set by this site under the domain unitpay.net. Third-party cookies are set by services we embed (for example, our consent management platform). We disclose third-party recipients explicitly in section 4 below.

2. Categories of cookies we use

We classify cookies into four categories aligned with the categories recognised by our consent management platform and by Indonesian and EU regulators:

  • Strictly necessary: required for the site to function (security, load-balancing, consent recording, language preference). These cookies are not optional; without them the site cannot reliably serve you a page. Lawful basis: legitimate interest in operating the service (no consent required under UU PDP Art 20(f); GDPR Recital 30 and Art 6(1)(f)).
  • Functional: enable enhanced features that improve your experience but are not strictly necessary (for example, remembering a chosen layout). These cookies are set only with your consent.
  • Analytics: help us understand how the site is used in aggregate (pages viewed, time on page, navigation paths) so that we can improve content and performance. Identifiers used for analytics are pseudonymised at collection. These cookies are set only with your consent.
  • Advertising and marketing: would be used if and when we run marketing campaigns. At present we do not run paid advertising on this site, and no advertising cookies are set. If that changes, this policy will be updated and consent will be re-solicited.

3. Specific cookies set on this site

The current cookie inventory is maintained by our consent management platform and surfaced in the cookie preferences modal accessible at any time via the link in the footer or the button at the end of this page. For transparency, the principal cookies set today are:

  • _iub_cs-* (first-party, strictly necessary): records your consent state for each cookie category. Persists 12 months. Set by the consent management platform.
  • _iub_uid (first-party, strictly necessary): anonymous identifier linked to your consent record for audit purposes. Persists 12 months.
  • lang (first-party, strictly necessary): remembers your selected interface language (English or Bahasa Indonesia). Session cookie or persistent for 12 months depending on whether you set a preference.
  • session (first-party, strictly necessary): a server-side session anchor for CSRF protection on form submissions. Cleared at session end.

No analytics, functional, or advertising cookies are set on this marketing site at the time of writing. The merchant cabinet at unitpay.com/cabinet is a separate origin with its own cookie disclosure.

4. Third parties

The third parties whose cookies or technologies may be set on this site, with their roles, are:

  • Iubenda (https://www.iubenda.com) acts as our consent management platform. It serves the consent banner, records consent decisions, and provides the audit trail required under UU PDP and GDPR.

We do not embed third-party advertising trackers, social-media tracking pixels, session-replay vendors, or behavioural-profiling services. Should any change to this list become necessary, we will update this page and re-solicit consent before the new third party is activated.

5. Lawful basis and consent

Strictly-necessary cookies are set under the legitimate-interest basis described in section 2 without prior consent, as their absence would prevent the service from functioning. All other cookies require your prior, freely-given, specific, informed, and unambiguous consent under UU PDP Article 20(a) and GDPR Article 6(1)(a). Consent is captured per purpose ("perPurposeConsent"): you can accept all categories, reject all non-essential categories, or grant consent selectively. The consent record is stored with timestamp, version of this policy, and the categories accepted so that we can demonstrate compliance to the Personal Data Protection Authority on request.

Refusing optional cookies does not impair core site functionality. You will continue to receive a full marketing site experience.

6. How to manage your preferences

You can change your cookie preferences at any time using the Cookie preferences link, also available in the footer on every page. The button reopens the preferences modal provided by our consent management platform; your previous decisions are pre-filled and you can revise them in either direction.

You may also manage cookies through your browser settings, including deleting existing cookies and blocking future ones. Each browser exposes these controls differently; refer to your browser's documentation for current instructions. Deleting our consent cookies will cause us to re-solicit consent on your next visit.

7. Withdrawing consent

Consent may be withdrawn at any time. Withdrawal takes effect for future processing; processing performed before withdrawal remains lawful. To withdraw consent, use the cookie preferences modal described in section 6 and uncheck the categories you no longer wish to consent to. The change applies immediately on save; cookies in the deselected categories are unset and the corresponding scripts no longer load on subsequent navigation.

8. Retention

Persistent cookies persist for the duration shown in section 3. Session cookies are cleared automatically when you close your browser. Your consent record (the audit trail of which categories you accepted, on what date, against which version of this policy) is retained for 24 months from the last interaction so that we can evidence consent for the period during which it was relied on, after which it is deleted.

9. Cross-references and complaints

This policy should be read together with our Privacy Policy (general data protection) and the Indonesia-specific UU PDP Personal Data Notice. Complaints regarding our use of cookies may be addressed to dpo@unitpay.net or escalated to the Indonesian Personal Data Protection Authority or, where applicable, the EU supervisory authority in your jurisdiction.

10. Changes to this policy

We review this policy at least annually and whenever we add, remove, or materially change a cookie or its retention period. Material changes are flagged at the top of this page and consent is re-solicited where the change broadens the categories or recipients you previously consented to. The "Effective date" below indicates the version currently in force.

Effective date: 06 May 2026