Data Privacy Policy
1. Policy Statement
At Balanita Private Limited, we are committed to protecting the privacy and confidentiality of personal data entrusted to us by our employees, clients, partners, and other stakeholders. This Data Privacy Policy outlines our commitment to compliance with data protection laws and regulations and establishes guidelines for the collection, processing, and safeguarding of personal data.
2. Scope and Applicability
This policy applies to all employees, contractors, vendors, and third parties who may have access to personal data in the course of their duties or business relationships with Balanita Private Limited.
3. Legal Compliance
Balanita Private Limited is committed to complying with all applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR) in the European Union and the Personal Data Protection Act (PDPA) in Sri Lanka.
4. Data Collection and Processing
- Personal data shall be collected and processed lawfully, fairly, and transparently.
- Data collection shall be limited to what is necessary for specified, explicit, and legitimate purposes.
- Where required by law, consent shall be obtained from data subjects prior to the collection or processing of their personal data.
5. Purpose Limitation
Personal data shall only be processed for the purposes for which it was collected or for compatible purposes consistent with the original purpose of collection. Any further processing of personal data shall be compatible with the initial purpose and shall not override the interests or fundamental rights of data subjects.
6. Data Accuracy and Quality
Balanita Private Limited shall take reasonable steps to ensure that personal data is accurate, complete, and up-to-date. Employees shall promptly rectify or delete any inaccurate or outdated personal data upon becoming aware of errors or changes.
7. Data Security
- Personal data shall be protected against unauthorized access, disclosure, alteration, or destruction through appropriate technical and organizational measures.
- Access to personal data shall be restricted to authorized personnel on a need-to-know basis, and employees shall be trained on data security best practices.
- Balanita Private Limited shall regularly assess and update its security measures to address emerging threats and vulnerabilities.
8. Data Retention and Disposal
- Personal data shall be retained only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations.
- Upon expiration of the retention period, personal data shall be securely disposed of in a manner that prevents unauthorized access or disclosure.
9. Data Subject Rights
Balanita Private Limited shall respect the rights of data subjects regarding their personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. Employees shall promptly respond to data subject requests in accordance with applicable laws and regulations.
10. Data Transfer
- Personal data shall only be transferred to third parties or countries outside the jurisdiction where adequate data protection measures are in place.
- Data transfer agreements or other appropriate safeguards shall be implemented to ensure the protection of personal data during transfer.
11. Third-party Data Processors
- Third-party data processors engaged by Balanita Private Limited shall adhere to data protection standards consistent with this policy.
- Data processing agreements shall be established with third-party data processors to govern the handling of personal data and ensure compliance with applicable data protection laws and regulations.
12. Incident Response and Breach Notification
- Balanita Private Limited shall maintain procedures for responding to data breaches, including assessing the severity of the breach, mitigating risks, and notifying affected individuals and regulatory authorities as required by law.
- Employees shall report any actual or suspected data breaches to the Data Protection Officer or designated personnel promptly upon becoming aware of the incident.
13. Employee Training and Awareness
- Balanita Private Limited shall provide regular training and awareness programs to educate employees about their responsibilities regarding data privacy and security.
- Training shall cover topics such as handling personal data securely, recognizing and reporting data breaches, and complying with data protection laws and regulations.
14. Monitoring and Compliance
- Balanita Private Limited shall monitor compliance with this Data Privacy Policy and conduct regular audits or assessments to ensure adherence to data protection standards.
- Any non-compliance with this policy shall be promptly addressed through appropriate corrective actions, including disciplinary measures if necessary.
15. Documentation and Record-keeping
- Balanita Private Limited shall maintain documentation of data processing activities, including records of consent, data processing agreements, data protection impact assessments, and any other relevant documentation required by law.
16. Review and Updates
- This Data Privacy Policy shall be reviewed and updated regularly to reflect changes in laws, regulations, and best practices in data protection.
- Any updates or revisions to this policy shall be communicated to all employees and relevant stakeholders in a timely manner.
Adherence to this Data Privacy Policy is mandatory for all employees, contractors, vendors, and third parties associated with Balanita Private Limited. By upholding the principles outlined in this policy, we demonstrate our commitment to protecting the privacy and confidentiality of personal data and maintaining the trust and confidence of our stakeholders.
Update: 23-January-2024