Privacy Notice

EYEPAX IT Consulting (Pvt) Ltd, along with its subsidiaries and affiliated entities, collectively referred to as “EYEPAX,” is committed to respecting and protecting your privacy. This Privacy Notice outlines our privacy practices regarding the collection, use, and management of your personal data, in compliance with the Personal Data Protection Act (PDPA) of Sri Lanka and the ISO 27701 privacy standard.

Collection of Personal Data

We collect basic personal information, which is stored in our database and/or logbook. The types of personal data we gather may vary based on our relationship with you. Basic information includes, but is not limited to, the following:

Personal Identification: Full name, date of birth, national ID/passport numbers.

Contact Information: Address, phone number, email address.

  • For Employees/Former Employees: In addition to the basic information, we collect:
    • Employment Details: Employment history, job title, department, salary information, performance reviews, disciplinary records.
    • Financial Information: Bank account details, tax information, benefits information.
    • Health Information: Medical records, health insurance details, disability status, leave records.
    • Legal Documentation: Employment contracts, non-disclosure agreements (NDAs), legal claims, visa/work permit information.
  • For Candidates/Former Candidates: In addition to the basic information, we collect:
    • Professional Information: Resume/CV, job application, cover letter, references, educational qualifications, certifications.
    • Employment History: Previous job titles, employers, durations of employment, salary expectations.
    • Background Checks: Criminal record check, credit check, professional license verification.
  • For Visitors (Office Premises): In addition to the basic information, we collect:
    • Visit Details: Date and time of visit, purpose of visit, person being visited, vehicle registration number.
    • Security Information: CCTV footage, visitor badge records, access logs.
  • For Third Parties Staff (Vendors, B2B Contacts, third party agency staff, Trainers, Temps, Contractors): In addition to the basic information, we collect:
    • Professional Information: Job title, employer, contract details, certifications, work history.
    • Financial Information: Payment details, invoice information, tax information.
    • Security Information: Access credentials, security clearances, CCTV footage.
  • For Prospective Customers: In addition to the basic information, we collect:
    • Professional Information: Job title, company name, industry, areas of interest.
    • Marketing Information: Communication preferences, sales interaction history, survey responses, subscription details.
    • Behavioral Information: Website usage data, interaction with marketing campaigns, purchase intent data.

Purpose of Processing Personal Data

The collection, use, and disclosure of personal data are conducted to ensure the security of individuals and assets, and to protect confidential information. These measures are in place to prevent losses, fraud, theft, injuries, acts of terrorism, and similar incidents. Additionally, personal data may be processed for the following purposes:

  • To comply with legal obligations
  • To sign a contract with you
  • To protect your vital interests or those of another person
  • To perform a task carried out in the public interest or in the exercise of official authority
  • For legitimate interests pursued by EYEPAX, except where such interests are overridden by your interests or fundamental rights and freedoms

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose.
  • Contractual Necessity: To fulfill our contractual obligations or to take steps linked to a contract.
  • Legal Obligations: To comply with our legal obligations.
  • Legitimate Interests: When processing is necessary for our legitimate interests, and your interests and fundamental rights do not override those interests.

Security

EYEPAX has implemented various technical, physical, contractual, and organizational measures to secure personal data. These measures are designed to prevent loss, damage, unauthorized use, disclosure, alteration, or access, taking into account the nature of the data and potential vulnerabilities.

Transfer and Disclosure of Personal Data

As part of an international consortium, we may transfer and disclose your personal data beyond your country of residence, including outside Sri Lanka. Your data, while outside your home country, will be subject to the jurisdiction and legal requirements of the host country, including disclosure to authorities, judicial entities, or law enforcement and regulatory agencies as per local laws. We ensure that appropriate safeguards are in place to protect your data during such transfers.

Retention of Personal Data

Your personal data will be retained for a period necessary to fulfill the purposes for which it was collected, address inquiries, resolve issues, or comply with legal obligations. Following this period, all records of your personal data will be deleted from EYEPAX systems. When we delete your personal information, we utilize industry-standard methods to ensure that any recovery or retrieval of your information is not possible.

Your Rights

Under the PDPA, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request access to your personal data.
  • Right to Rectification: You have the right to request correction of any inaccurate personal data.
  • Right to Erasure: You have the right to request deletion of your personal data under certain conditions.
  • Right to Restriction of Processing: You have the right to request restriction of processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to request the transfer of your personal data to another organization or directly to you, under certain conditions.
  • Right to Object: You have the right to object to the processing of your personal data under certain conditions.

For Further Information

For more details about your rights regarding personal data, data transfers, retention, and our security measures, please contact [email protected]. Should you have any concerns or complaints about your personal data’s processing, reach out to EYEPAX’s Data Protection Officer at [email protected].

Data Protection Officer

EYEPAX IT Consulting (Pvt) Ltd

189 Galle Rd, Colombo, Sri Lanka

Privacy Notice Updates

We reserve the right to amend this Privacy Notice at our discretion, updating it as necessary. The latest version supersedes any previous ones. Please check this Privacy Notice periodically for updates. Your continued use of our services implies agreement to abide by its terms, including any changes.

Version: 1.0

Updated On: 17.07.2024