SLBACON25 - Privacy Policy

Privacy Policy

Effective Date: July 2025
Last Updated: 6th July 2025

1. Purpose of This Policy

This Privacy Policy outlines how SLBACON25 (organized by IIBA Colombo Chapter) collects, uses, discloses, stores ("Process") and protects your personal data in compliance with the Sri Lankan Personal Data Protection Act, No. 9 of 2022 ("PDPA").

It applies to data collected through our official website (www.slbacon.org) for ticketing, event communication, and associated services.

We are responsible for making decisions about how your personal information (PII) is processed. If you do not agree with our policies and practices, please do not use our Services.

2. What Information We Collect

2.a Identifying & Contact Information: Full name, email address, mobile number, organization, and job title.

2.b Payment-Related Information: Transaction details (processed securely via PayHere). Credit/debit card details are not stored.

2.c Website Usage Data: IP address, device type, browser, OS, and interactions (via cookies/analytics).

2.d Communication History: Emails/messages sent to us and newsletter signup status.

3. Why We Collect Your Data

Organize and manage events and services.
Process registrations, payments, and bookings.
Communicate event updates and respond to inquiries.
Arrange accommodation bookings (when requested).
Improve our platforms and user experience.
Meet legal and contractual obligations.

4. How We Collect Your Data

Directly: via forms, newsletter signups, or communication.
Automatically: via cookies and analytics tools.
Via third parties: e.g., PayHere confirms successful transactions.

5. Use of Cookies

Improve website functionality.
Track performance and usage.
Understand visitor preferences.

6. How We Process Your Data

Payment Processor: PayHere (secure handling).
Event Service Providers: Email marketing and ticketing tools.
Legal Authorities: When required by law.
Affiliates/Partners: With your consent (e.g., networking, sponsors).

All third parties are contractually obligated to protect your data in line with PDPA.

7. Data Retention

We retain data only as long as necessary for:

The purpose for which it was collected.
Legal/accounting (e.g., 7 years for finance).
Your marketing preferences.

Data is securely deleted or anonymized when no longer required.

8. Data Security Measures

SSL encryption on transmissions.
Role-based internal access.
Regular audits and monitoring.
Secure PDPA-compliant infrastructure.

9. Your Rights Under PDPA

Access your personal data.
Request corrections.
Withdraw consent at any time.
Request data portability.
Restrict processing under certain conditions.

Contact: events@colombo.iiba.org (response in 30–90 days).

10. Data Transfers Outside Sri Lanka

We may use overseas services (e.g., email/cloud). In such cases, we ensure:

Adequate data protection in recipient country.
Valid legal mechanisms (e.g., contracts).
Your informed consent where required.

11. Data Breach Notification

If a breach risks significant harm, we will notify:

Affected individuals
Sri Lanka Data Protection Authority (DPA)

Notifications will be made as soon as reasonably possible in line with PDPA.

12. Children’s Privacy

This site is not for individuals under 18. We do not knowingly collect data from minors. If discovered, it will be deleted. Contact us if you believe this has occurred.

13. Third-Party Sites

Our website may link to external platforms (e.g., IIBA, PayHere). This policy does not cover those services. Review their privacy policies separately:

14. Changes to This Policy

We may revise this Privacy Policy for legal or operational reasons. The revised date will appear at the top. Please revisit this page to stay informed.

15. Contact Us

If you have questions or wish to exercise data rights, email us:

Use subject line: Privacy Policy Inquiry - [your message]

If unresolved, you may escalate to the Sri Lanka DPA via https://dpa.gov.lk.

↑