Privacy Statement
This Privacy Statement ("Statement") describes how Information and Communication Technology Agency of Sri Lanka (referred to as "ICTA," "we," "us," or "our") collects, uses, discloses, and protects personal information as defined under the Personal Data Protection Act, No. 9 of 2022 ("PDPA"). This Statement outlines our commitment to protecting your privacy and your rights under the PDPA when you interact with our website. By using our website, you consent to the practices described in this Statement.
Information Collection
We may collect the following categories of personal information when you visit our website:
Identity Information: This includes your name, contact details, and any other identifying information you voluntarily provide through our website forms.
Technical Information: We automatically collect technical data, such as your IP address, browser type, operating system, and browsing behavior on our website.
Use of Information
We collect and use your personal information for the following lawful purposes:
Legitimate Interests: We use your information to communicate with you, respond to your inquiries, provide services you request, and improve our website's functionality.
Consent: With your explicit consent, we may use your information to send you marketing materials, newsletters, and updates about ICTA's services. You can withdraw your consent at any time.
Information Sharing
We do not disclose your personal information to third parties without your explicit consent, except in the following circumstances:
Service Providers: We may engage trusted third-party service providers to assist us in website operations or services. These providers process data on our behalf and are bound by confidentiality obligations.
Legal Compliance: We may disclose your personal information if required by law or in response to valid legal requests.
International Data Transfers
Some of our service providers may be located outside of your jurisdiction. We take appropriate measures to ensure that such transfers comply with data protection laws.
Your Rights
Under the PDPA, you have certain rights over your personal information, including the right to access, correct, delete, restrict processing, and object to processing. To exercise these rights, contact us using the information provided below.
Data Security
We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, or loss.
Retention Period
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.
Updates to this Statement
We reserve the right to update or modify this Statement to reflect changes in our practices or legal requirements. Updated versions will be posted on our website.
Effective Date
This Privacy Statement is effective as of 15th Sep 2023.
By using our website, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Statement.