{"_id":"69045844594952f94e4720b3","type":"privacy-policy","content":" \n\n \n Privacy Policy — Shilpa Advisors\n \n\n\n
\n
\n 1) Who we are & how to reach us\n
\n

\n Controller (website/marketing/consulting/training/security): Shilpa Advisors
\n Processor (HRMS/SaaS): Shilpa Advisors acting under your instructions
\n Address: 215 – J5, Park Road, Colombo 00500, Sri Lanka
\n Contact: privacy@shilpaadvisors.com · +94 77 764 0985\n

\n
\n\n\n
\n
\n 2) Scope\n
\n

This notice explains how we collect, use, disclose, retain, secure, and transfer personal data across:

\n
    \n
  • Website & marketing (inquiries, downloads, newsletters)
    • \n
  • HRMS (SaaS) (attendance, leave, payroll, payslips, bank files)
    • \n
  • International Standards/ISO Consulting
    • \n
  • Employee Training & OBT (Kitulgala)
    • \n
  • Private Security Industry Support
    • \n
\n
\n\n\n
\n
\n 3) PDPA alignment\n
\n

\n We align with Sri Lanka’s Personal Data Protection Act, No. 9 of 2022 (PDPA)\n principles and will meet enforceable obligations and DPA rules/directives as\n they come into force. We maintain governance for transparency, purpose\n limitation, data minimisation, security, retention, and rights handling.\n

\n
\n\n\n
\n
\n 4) Data we collect \n
\n\n

4.1 Website/marketing: Name, company, role, email, phone/WhatsApp, preferences, IP, device, pages viewed, referrers, cookies/analytics, downloads, event sign-ups, messages.

\n\n

4.2 HRMS (SaaS): Employee master data (IDs, name, designation, department), attendance logs (biometric/web/CSV), leave balances/requests, payroll elements (earnings/deductions), statutory details (EPF/ETF/APIT), payslip and bank-file outputs, audit logs. Biometric templates are stored only on devices you control unless explicitly integrated by agreement.

\n\n

4.3 International Standards/ISO: Contact details of project owners/participants, training records, audit notes, CAPA logs, SOP approvals, evidence samples (document codes, not business secrets where avoidable).

\n\n

4.4 Training & OBT: Participant lists, role/department, attendance, feedback; limited health/dietary notes only if voluntarily provided for safety/logistics; emergency contact.

\n\n

4.5 Private Security Support: Point-of-contact details, guard roster names/IDs (where needed), drill registers, incident logs/metadata (we avoid sensitive content unless you instruct).

\n
\n\n\n
\n
\n 5) Sources of data\n
\n

\n Directly from you; from your employer (controller) for HRMS/consulting; from\n devices/automation; automatic cookies/analytics; from training/OBT partners or\n venues (logistics only).\n

\n
\n\n\n
6) Why we process data
\n \n\n
7) Legal bases
\n

\n Depending on context, we rely on contract necessity, legal obligation, consent (e.g., marketing, OBT health notes),\n public interest/emergency (safety), and legitimate interests (service improvement, network security,\n quality assurance) balanced with your rights.\n

\n\n
8) Cookies & analytics
\n

\n We use essential cookies (security, session) and analytics (aggregate usage). You can disable non-essential cookies in your browser;\n some features may not work without them.\n

\n\n
9) Sharing your data
\n

We share personal data only as needed to deliver services or comply with law:

\n \n

All processors are bound by confidentiality and data protection terms.

\n\n
10) International transfers
\n

\n Where data is stored/processed outside Sri Lanka (e.g., reputable cloud providers), we apply\n reasonable safeguards aligned with PDPA and any DPA rules/directives for cross-border transfers.\n We assess vendor security and limit data to the minimum necessary.\n

\n\n
11) Security measures
\n

\n Role-based access, least-privilege, strong authentication options, encryption in transit/at rest (where applicable),\n logging/audit trails, backups with retention, secure development practices, and incident response procedures.\n Where a personal data breach is suspected, we assess and notify you/authorities as required by law.\n

\n\n
12) Retention
\n \n\n
13) Your rights
\n

\n When enforceable, you may request access, rectification/completion, erasure, objection, and\n restriction (subject to legal limits).\n Exercise rights via{\" \"}\n \n shilpa.advisors@sltnet.lk .\n For HRMS, requests should go to your employer as the Controller; we support them as Processor.\n

\n\n
14) Children
\n

We serve organisations, not children. For OBT involving minors (e.g., educational clients), the organiser must secure appropriate consent.

\n\n
15) Marketing choices
\n

Unsubscribe anytime via email footer or by contacting us. For WhatsApp/SMS, reply STOP.

\n\n
16) Training/OBT photos & testimonials
\n

We may request permission to capture photos/testimonials for internal or marketing use. We never publish identifiable content without explicit consent (withdrawable anytime).

\n\n
17) Links & third-party sites
\n

Our site may link to others. Their privacy practices are their own; please review their notices.

\n\n
18) Changes to this notice
\n

We may update this notice for legal or operational reasons. We will update the “Last updated” date and notify account holders where appropriate.

\n\n
19) Contact & complaints
\n

\n Questions/requests:{\" \"}\n \n privacy@shilpaadvisors.com\n \n

\n

\n If unresolved, you may contact the Data Protection Authority of Sri Lanka once its enforcement operations and procedures are in effect.\n

\n ","createdAt":"2025-10-31T00:00:00.000Z","updatedAt":"2025-10-31T00:00:00.000Z"}