Privacy Policy
DataArch Lanka is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices regarding the collection, use, and protection of your data when you interact with our data architecture consulting services.
This policy is effective as of January 15, 2025, and applies to all information collected through our website, services, and communications. We encourage you to read this policy carefully to understand how we handle your information.
Your privacy is our priority. We implement industry-standard security measures and follow strict data protection protocols.
Information Collection and Use
Information We Collect
Personal Information
We collect information you voluntarily provide when using our services:
- • Full name and professional title
- • Business contact information
- • Company name and industry details
- • Project requirements and technical specifications
- • Communication preferences
Technical Information
We automatically collect certain technical data:
- • IP address and geographic location
- • Browser type and version
- • Device information and operating system
- • Website usage patterns and page interactions
- • Referral sources and search terms
Professional Information
During consultations, we may collect:
- • Current system architecture details
- • Business processes and requirements
- • Technical challenges and objectives
- • Budget and timeline considerations
- • Stakeholder information
How We Use Your Information
Service Delivery
- • Providing architecture consulting services
- • Developing customized solutions
- • Project communication and updates
- • Technical support and maintenance
- • Performance monitoring and optimization
Business Operations
- • Processing service requests
- • Invoice generation and payment processing
- • Quality assurance and compliance
- • Legal and regulatory requirements
- • Business analysis and improvement
Data Protection Measures
Security Infrastructure
We implement comprehensive security measures to protect your information:
- • SSL/TLS encryption for data transmission
- • AES-256 encryption for data storage
- • Multi-factor authentication systems
- • Regular security audits and assessments
- • Firewall protection and intrusion detection
- • Access controls and user permissions
- • Backup and disaster recovery procedures
- • Staff security training and protocols
Data Handling Protocols
Collection
- • Minimal data collection principle
- • Explicit consent requirements
- • Purpose limitation compliance
Processing
- • Lawful basis establishment
- • Data accuracy maintenance
- • Processing transparency
Storage
- • Secure storage facilities
- • Data retention limits
- • Secure deletion procedures
Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
| Scenario | Purpose | Safeguards |
|---|---|---|
| Service Providers | Technical infrastructure and support | Data processing agreements |
| Legal Requirements | Compliance with applicable laws | Limited to legal necessity |
| Business Transfer | Merger or acquisition activities | Contractual privacy protections |
Your Rights and Data Management
Individual Rights
Under applicable data protection laws, you have specific rights regarding your personal information. We are committed to facilitating these rights promptly and transparently.
Right to Access
Request copies of your personal information and details about how we process it.
Right to Rectification
Request correction of inaccurate or incomplete personal information.
Right to Erasure
Request deletion of your personal information under certain circumstances.
Right to Portability
Request transfer of your data to another organization in a structured format.
Right to Restrict Processing
Request limitation of how we process your personal information.
Right to Object
Object to certain types of processing, including direct marketing.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.
Retention Periods
- • Active client data: Duration of engagement plus 7 years
- • Website usage data: 24 months from collection
- • Marketing communications: Until consent is withdrawn
- • Legal compliance data: As required by applicable laws
- • Financial records: 10 years as per tax regulations
International Data Transfers
Your personal information may be transferred to and processed in countries outside Sri Lanka. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information.
Adequacy Decisions
Transfer to countries with equivalent protection levels
Standard Contractual Clauses
Binding agreements ensuring data protection standards
Additional Safeguards
Technical and organizational security measures
Privacy by Design
We integrate privacy considerations into all aspects of our business operations, from system design to service delivery. Our privacy-by-design approach ensures that privacy protection is built into our processes from the ground up.
Contact and Complaints
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us through our website's contact form. We are committed to addressing your concerns promptly and professionally.
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.