General
Simsyn Pvt Ltd, company number PV 81863 and registered office 32/A1/2, Narahempita Road, Nawala, Srilanka (“we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves and by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.
Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.
The personal data that is provided to us is provided either directly from the individual concerned, from a third party acting on behalf of an individual, or from publicly available sources (such as internet searches, Companies House).
Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy statement.
We reserve the right to update this Privacy Policy from time to time at our discretion. If we do so, the updated version will be effective as soon as it is accessible. You are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.
If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether we use their information in this different manner. We will use information in accordance with the Privacy Policy under which the information was collected.
Data collection and use
Professional services
We provide services to businesses, individuals, and other organisations. The exact data held will depend on the services to be provided.
Where we engage with clients for professional services, we may collect and process personal data to satisfy a contractual obligation. We request that clients only provide the personal data that is required for us to fulfil our contractual obligation.
Why do we process data?
Where data is collected for professional services, it is used for several purposes, as follows.
Providing services to clients. Data is processed in accordance with our letter of engagement between our clients and us and may sometimes be further clarified in written documentation supplied before any data processing may occur. We provide a range of professional services to our clients, which includes;
Client management
When communicating with and assessing the needs of clients, personal data may be processed to ensure that their needs are appropriately satisfied. This may include assessing whether the collection of services provided to our clients are appropriate.
Administration
To manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal business records, managing client relationships, hosting events, administering client facing applications, and maintaining internal operating processes.
Regulatory
To undertake professional services, we may from time to time be required to collect and process personal data to fulfil regulatory, legal, or ethical requirements. This may include (but is not limited to) the verification of identity of individuals.
To receive our email alerts, you must complete a registration form. During registration you are required to give contact information (such as name and e-mail address). This information is used to contact you about the services you have expressed an interest in or those of carefully selected third parties. The provision of demographic information (such as business sector), and unique identifiers, is optional, but encouraged so we can provide a more personalised experience.
We request information from you on our order forms. You must provide contact information (such as name and delivery address) and financial information (such as credit card number and expiry date). This information is used for billing purposes and to fulfil customer orders. If we have trouble processing an order, this contact information is used to get in touch with the user.
Surveys & polls. From time to time, we may request information from our users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as business sector). Contact information will be used to notify the winners when applicable and award prizes. Survey information will be used for purposes of monitoring or improving our services and the results of surveys may be published.
What data is processed?
The data that is processed is dependent on the service that is being provided and on the recipient of this service.
Services to businesses, non-profits, and other organisations. We process the personal data of individuals associated with our clients. Personal data may include any relevant financial or non- financial information necessary for us to provide our services.
Services to individuals. Personal data may include contact details and tax identifiers, information about business activities and any other specifically relevant data.
How long do we hold data for?
We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 6 years). We may keep data for longer to establish, exercise, or defend our legal rights and the legal rights of our clients.
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
Business Contacts
Personal data from our contacts, which covers both potential and prior customers are held in our customer relationship management tool (CRM tool).
This information is entered into the system after contact is made between a staff member of Simsyn Pvt Ltd and a business contact individual.
We use technology to profile our business contacts, so that we can assess the health of our relationship with our business contacts. We will rely on the appropriate condition for processing data.
Why do we process data?
Where personal data on business contacts is held, it is used for several purposes, as follows.
- Promote and develop our offerings.
- Communication of technical updates.
- Hosting and facilitating of events.
- Relationship management.
- Administration and management.
What data do we hold?
Personal data that may be stored in the CRM tool includes, but is not limited to, name, email address, physical address, job title, and details of the initial meeting.
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
How long do we hold data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected.
Our people
We collect personal data for our people as part of the administration, management, and promotion of our business activities.
Our staff handbook explains further how personal data is held for our staff and partners.
Applicants
Where an individual is applying to work for Simsyn Pvt Ltd, personal data is collected through the application process. Data is often collected through forms on the website, details of which can be found in the section describing people who use our website. Data collected via the website will be used for the purposes detailed below.
There are several purposes that personal data for applicants are collected.
- Employment. We process an applicant’s personal data to assess their potential employment at Simsyn Pvt Ltd
- Administration and management. We may also use this personal data to make informed management decisions and for administration purposes.Personal data collected for applicants is held for as long as necessary to fulfil the purpose for which it was collected, or for a maximum of two years where those purposes no longer become necessary.
Sharing of Personal Data
We do not share personal data with others except (a) when we inform you and give you an opportunity to opt out of having your personal information shared; (b) to allow advertisers and advertising networks to collect information about your computer or mobile device, activities, and geographic location to enable them to display targeted ads to you; (c) to respond to legal requirements (including under the Data Protection Act 2018 as amended, or its local equivalent) or protect a third party’s rights, property, or safety; and (d) to any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions.
International Transfers
Where possible, personal data resides within the Srilanka but may be transferred to, and stored at, a destination outside the Country. It may also be processed by staff operating outside the Country who work for us or for one of our suppliers. We will take all reasonable steps to ensure that your data is treated securely, in accordance with this privacy statement.
We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the Country are done lawfully.
Children’s Privacy
All our Websites and all other Service are not directed to anyone under the age of 13. The Site does not knowingly collect or solicit information from anyone under the age of 13 or allow anyone under the age of 13 to sign up for the Service. If we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at data@simsyn.com.
Security
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We take appropriate security measures (including physical, electronic, and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. The technology that we use and the security policies which we have implemented are intended to safeguard your information from unauthorised access and improper use.
Individual rights
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
Individuals may request access to their personal data held by us as a data controller.
Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
Individuals may request that we erase their personal data, where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
If you wish to exercise any of these rights, please send an email to data@simsyn.com
We hope that you will not ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to data@simsyn.com. We will investigate and respond to any complaints we receive.
This Privacy Policy shall be governed by and construed in accordance with the law of Srilanka.
