PERSONAL DATA PROTECTION POLICY (the “policy”)
Prima Ceylon (Private) Limited is committed to keeping all your personal data secure. We take the protection of your privacy and the confidentiality of your personal data seriously, and we process personal data in compliance with all applicable data protection laws and regulations.
This Policy explains how we collect, use and look after your personal data.
1. DATA CONTROLLER
The Personal Data collected by this website and your interaction with this website is collected by Prima Ceylon (Private) Limited (PCL) who acts as the Data Controller. Prima Ceylon (Private) Limited is responsible for deciding how we hold and use your Personal Data. You should be aware that even though Prima Ceylon (Private) Limited is principally responsible for looking after your Personal Data, such information may be shared within the Prima Group for the purposes as described in this Privacy Policy. When using your Personal Data, each member of the Prima Ceylon (Private) Limited will comply with the standards as set out in this Privacy Policy.
2. DEFINITIONS
We use the following definitions in this Policy:
“Prima Ceylon (Private) Limited”, “PCL”, “we”, “us” or “our” means Prima Ceylon (Private) Limited and its subsidiaries.
“Personal Data” means any data relating to an individual who can be identified from that data, or from that data and other information which we have or are likely to have access to (and includes information which our representatives or service providers have). In addition to factual information, it also includes any expression of opinion about an individual, and any indication of our intentions (or the intentions of any other person) in relation to such an individual.
3. HOW WE COLLECT PERSONAL DATA
We use the following definitions in this Policy:
“Prima Ceylon (Private) Limited”, “PCL”, “we”, “us” or “our” means Prima Ceylon (Private) Limited and its subsidiaries.
“Personal Data” means any data relating to an individual who can be identified from that data, or from that data and other information which we have or are likely to have access to (and includes information which our representatives or service providers have). In addition to factual information, it also includes any expression of opinion about an individual, and any indication of our intentions (or the intentions of any other person) in relation to such an individual.
3.1 These are some of the ways in which we collect Personal Data:
(a) information we receive when you contact us through our website (by filling in and submitting your data via our website www.prima.lk;
(b) information we receive when you subscribe to our mailing list;
(c) if you are a customer or potential customer, information obtained by us through our business dealings;
(d) if you are a shareholder, information provided by you in connection with your shareholding; and
(e) if you are interested in a career opportunity with us, information provided by you in connection with your application.
4. TYPES OF PERSONAL DATA WE COLLECT
4.1 These are the types of Personal Data that we collect:
(a) Information that you provide to us. The nature of your relationship with us, and the kind of communication that you request from us, will determine the type of Personal Data we may ask for, including but not limited to your email address, first and last names, job title, name of the company you work for, and the country where you are based, your education and employment history.
(b) Information that is passively or automatically collected when you visit our website, including but not limited to how you arrive at our website, the type of browser and operating system you are using, your IP address, and your clickstream and timestamp information (e.g. the pages you have viewed, the time at which such pages were accessed, and the amount of time spent per page).
5. HOW WE USE PERSONAL DATA
5.1 Personal Data may be stored and used by us for the following purposes:
(a) where we have obtained your specific consent;
(b) to send you marketing communications (e.g. press releases, sustainability reports, quarterly reports, annual reports and other publications which we think may be of interest to you);
(c) if you are a customer or potential customer, to administer and manage our business relationship (including performance of any legal agreement between us);
(d) if you are a shareholder, to keep in touch with you in connection with your shareholding;
(e) if you are a job applicant, to assess your suitability for a career opportunity in which you have expressed interest; and
(f) to comply with applicable laws and regulations.
5.2 However we use Personal Data, we make sure that such use is lawful. The law allows or requires us to use Personal Data for various reasons. These include:
(a) to perform our contractual obligations;
(b) to discharge legal or regulatory obligations;
(c) to do so under legal proceedings; and
(d) to pursue our legitimate interests, such as (by way of a non-exhaustive list):
(i) to detect and prevent fraud and other potentially illegal activities;
(ii) to protect our network and information security (e.g. prevention of personal data breaches and cyber-attacks);
(iii) to establish, exercise or defend our legal rights; and
(iv) to conduct analytics on our website traffic, e.g. pages and links clicked, patterns of navigation, time spent at a page, devices used, location of users, etc.
5.3 Some of the aforesaid reasons for using Personal Data may overlap and there could be several reasons which justify our use of Personal Data.
5.4 We will take steps to ensure that Personal Data is accessed only by employees who have a need to do so for the purposes as described in this Policy. They are subject to a duty of confidentiality and will only use Personal Data in accordance with our instructions.
6. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
6.1 We may share Personal Data within the Prima Group for the purposes as described in this Policy.
6.2 We may also share Personal Data outside of the Prima Group for the following purposes:
(a) with third parties whom we have engaged to provide services to us (e.g. administrative, audit, logistics, information technology and research services). These third parties will be bound by appropriate data protection obligations and they will only use and process Personal Data on our behalf in accordance with our instructions and for the purposes as described in this Privacy Policy (and not for their own purposes);
(b) where we are required under law or regulation to disclose Personal Data; this may include (by way of a non-exhaustive list) disclosure in response to a court order, or release of information to a government authority, regulator or law enforcement agency;
(c) to the extent mandated by law for the protection of our legitimate interests; and
(d) in the event that our business is sold or integrated with another business, Personal Data may be disclosed to the prospective buyer and its advisors (who will be bound by appropriate data protection obligations), and will be passed to the new owner when it acquires the business.
6.3 Please be assured that we will not sell, rent or give away your Personal Data to third parties for commercial purposes without your consent.
7. INTERNATIONAL TRANSFER OF PERSONAL DATA
7.1 Prima Group is a global business. Our customers and operations are located around the world. This means Personal Data is collected on a global basis, and may be transferred to locations outside of the country where it is collected.
7.2 We will always ensure that any international transfer of Personal Data is consistent with legal and regulatory requirements, e.g. (by way of a non-exhaustive list):
(a) where Personal Data is transferred to a country outside of the European Economic Area (“EEA”), such country is recognised by the European Commission as providing an adequate level of protection for Personal Data;
(b) where Personal Data needs to be transferred to a recipient based in a country outside of the EEA which is not recognised by the European Commission as providing an adequate level of protection for Personal Data, we will require such recipient to be bound by standard contractual clauses which are approved by the European Commission for the protection of Personal Data;
(c) where Personal Data is transferred from within the European Union to the United States, the recipient is a certified participant in the EU-U.S. Privacy Shield Framework; and
(d) where Personal Data is shared internationally within the Prima Group, such transfer is subject to Binding Corporate Rules which adequately safeguards the protection of privacy.
8. HOW LONG WE KEEP PERSONAL DATA
8.1 We will retain Personal Data for only as long as is reasonably necessary for the purposes as described in this Policy.
8.2 In some circumstances, however, legal or regulatory requirements may obligate us to retain Personal Data for a longer period of time.
9. YOUR RIGHTS
9.1 You have the following rights in relation to your Personal Data:
(a) require us to provide information regarding your Personal Data, e.g. give you a copy of the Personal Data about you that we hold, let you know where we got your Personal Data, how we use your Personal Data, what we use it for, who we disclose it to, whether we transfer it to another country (and where), how we protect it and how long we keep it for (if such information is not already provided in this Policy);
(b) require us to rectify your Personal Data if it is inaccurate or incomplete; we may seek to verify any new information provided by you before we rectify our existing records;
(c) where the use of your Personal Data is based on your consent (see section 5.1(a)), you can withdraw your consent at any time; however, please note that we may still be entitled to use your Personal Data if we have another legitimate reason to do so, e.g. for a purpose as described in section 5.2;
(d) where the use of your Personal Data is based on our legitimate interests (see section 5.2(d)), you can object to such use if you believe your fundamental rights and freedoms outweigh our legitimate interests; however, there may be circumstances where we have a legal basis to deny your request;
(e) require us to delete your Personal Data, but only where:
(i) you have withdrawn your consent for us to use your Personal Data (where the use of your Personal Data is based on your consent) (see section 5.1(a));
(ii) it is no longer needed for the purpose for which it was collected;
(iii) you have successfully objected to the use of your Personal Data (see section 9.1(d)); or
(iv) we are required by law or regulation to do so.
However, we are not obliged to comply with your request to delete your Personal Data if we are legally entitled to retain it, e.g. for a purpose as described in section 5.2;
(f) require us to retain but not use your Personal Data; note, however, that this right is only available to you where:
(i) you dispute its accuracy, and we are verifying it (see section 9.1(b));
(ii) its use is unlawful, but you do not want us to delete it;
(iii) it is no longer needed for the purpose for which it was collected, but we still need it to establish, exercise or defend our legal rights; or
(iv) you have raised your objection to the use of your Personal Data, and we are verifying whether we have a legal basis to deny your request (see section 9.1(d)).
Nonetheless, we are legally entitled to continue to use your Personal Data following a request by you not to use it, where:
(i) we have your consent;
(ii) we need to do so in order to establish, exercise or defend our legal rights; or
(iii) we need to do so in order to protect the rights of another natural or legal person;
(g) where you have given us your Personal Data, require us to provide such data to you in a structured, commonly used and machine-readable format, or transmit such data to a third party where this is technically feasible; note, however, that this right is only available to you where:
(i) the legal basis for processing your Personal Data is either your consent or the performance of a contract with you; and
(ii) such processing is carried out by us using automated means (i.e. excluding paper files);
(h) where your Personal Data is transferred outside of the EEA, require us to provide information on the safeguards under which such information is shared; and
(i) to lodge a complaint with your national Personal Data Protection Commission about how we use your Personal Data; we ask that you please speak with us first to resolve any issues, but you have the right to contact your national Personal Data Protection Commission at any time if you wish to do so.
9.2 To exercise your rights, you may contact us at any time using the contact details provided in section 10. We may need to ask you for proof of identity when you contact us, so that we can be sure that your Personal Data is not disclosed to any person who has no right to receive it.
10. CONTACT DETAILS
10.1 If you have any questions regarding this Policy, or if you wish to unsubscribe from our mailing list at any time, please contact us at:
Prima Ceylon (Private) Limited
No. 50,
Sri Jayawardenapura Mw,
Rajagiriya,
Sri Lanka
Telephone : +94 112 864 580
Fax : +94 112 863 709
Email : info@prima.com.lk
10.2 If you have any concerns about how we use your Personal Data, please contact us in the first instance and we will do our best to address your concerns as quickly as possible. You may also lodge a complaint with your national data protection supervisory authority at any time if you wish to do so (see section 9.1(i)).
11. UPDATES
11.1 From time to time, we may update this Policy to take into account new legal requirements, advancements in information technology, or changes in the way we operate our business. We invite you to review the Policy from time to time so that you will always know what personal information we collect, how we collect it, how we use it and who we share it with.
11.2 This Policy was last updated on 04th December 2020.