1. Information We Collect
1.1 Information You Provide Directly

• Name, job title, company name, and contact details (email address, phone number, postal address).
• Account credentials if you register on our platform.
• Payment and billing information necessary for processing transactions.
• Communications and correspondence you send to us.
• Information provided in service enquiry forms, proposals, or contracts.

1.2 Information Collected Automatically

• IP address, browser type, operating system, and device identifiers.
• Pages visited, time spent on pages, and navigation paths on our website.
• Cookies, web beacons, and similar tracking technologies (see Section 7 on Cookies).
• Referral source and search terms used to find our website.

1.3 Information from Third Parties

• Business contact information from publicly available sources or professional networking platforms.
• Data provided by clients for the purpose of service delivery (e.g., employee records, customer databases) — handled under strict data processing agreements.

2. How We Use Your Information
We use personal information for the following purposes:

• To provide, manage, and improve our outsourcing Services.
• To communicate with you about your enquiries, proposals, or ongoing engagements.
• To process payments and manage billing.
• To send service-related updates, notices, or changes to our Terms or policies.
• To send marketing communications (only with your consent, where required by law).
• To analyse website usage and improve user experience.
• To comply with legal and regulatory obligations.
• To detect, prevent, and investigate fraud or security incidents.

3. Legal Basis for Processing
We process personal data on the following legal grounds:

• Contractual necessity — to fulfil our obligations under a Service Agreement with you.
• Legitimate interests — to operate and improve our business, provided such interests are not overridden by your rights.
• Legal obligation — where processing is required to comply with applicable law.
• Consent — where you have given us specific, informed, and freely given consent.

4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information with:

• Service providers and subcontractors who assist in delivering our Services (subject to confidentiality and data protection obligations).
• Payment processors and financial institutions for billing purposes.
• Professional advisors including lawyers, accountants, and auditors under duties of confidentiality.
• Government authorities or law enforcement agencies when required by law or to protect our legal rights.
• Acquirers or successors in the event of a merger, acquisition, or sale of business assets.

Any third-party processors we engage are contractually required to implement appropriate security measures and to process data only on our instructions.


5. International Data Transfers
As an outsourcing company, some of our operations and those of our subcontractors may involve the transfer of data across international borders. When transferring personal data outside Sri Lanka, we ensure appropriate safeguards are in place, including:

• Contractual clauses that impose equivalent data protection obligations on recipients.
• Transfers only to countries or entities with adequate data protection frameworks.

6. Data Retention
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Specific retention periods are:

• Client engagement data: for the duration of the engagement plus seven (7) years.
• Website enquiry data: up to two (2) years from the date of enquiry.
• Marketing contact data: until you opt out or withdraw consent.
• Financial records: as required by Sri Lankan tax and corporate law.

After the applicable retention period, data is securely deleted or anonymised.


7. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience. These include:

• Essential cookies — required for the website to function properly.
• Analytics cookies — to understand how visitors interact with our site (e.g., Google Analytics).
• Preference cookies — to remember your settings and preferences.
• Marketing cookies — used with your consent to deliver relevant advertisements.

You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect website functionality. A cookie consent banner on our website allows you to manage your preferences.


8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• Encryption of data in transit (TLS/SSL) and at rest where applicable.
• Access controls and authentication mechanisms limiting data access to authorised personnel.
• Regular security audits and vulnerability assessments.
• Employee training on data protection and security best practices.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.


9. Your Rights
Depending on applicable law, you may have the following rights regarding your personal data:

• Right to access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your data, subject to legal obligations.
• Right to restrict processing — to request that we limit how we use your data.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — at any time where processing is based on consent.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request.


10. Children’s Privacy
Our website and Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.


11. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal information.


12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised policy on our website with an updated effective date. For material changes, we will provide additional notice (such as email notification to registered clients). Your continued use of our Services after such changes constitutes your acceptance of the revised policy.


13. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data handling practices, please contact our Data Protection Officer at:

Ceylon Knowledge Services Pvt Ltd
Email: [email protected]
Website: www.ceylonknowledge.com
Registered in: Sri Lanka

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in Sri Lanka.