This Privacy Notice (“Notice”) describes how Ceylon Cold Stores PLC (“we”, “us”, “our”), a company registered in Sri Lanka bearing registration number PQ4 and having its registered office at No. 117, Sir Chittampalam A. Gardiner Mawatha, Colombo 2 processes your Personal Data.
1. Scope
This Notice applies when you:
- Visit our offices or production sites;
- Visit websites operated by us and other websites owned or controlled by us;
- Use our mobile applications;
- Interact with us on our social media;
- Use our services online or in-person;
- Participate in events organized by us;
- Contact us by phone, mail or email; or
- Contract with us.
2. What is Personal Data?
- Personal Data is any information that could directly or indirectly, by itself or in combination with other information, identify you.
- Personal Data excludes anonymous data or data that has been anonymized.
3. What type of Personal Data do we collect from you?
We may collect Personal Data or other data which when combined identifies you, that falls within the following categories:
- General identifiers such as your name, gender and contact information;
- Publicly available data made available by you directly or by linking social media or other accounts with us;
- Communication and feedback information;
- Online activity and behavior such as Internet Protocol (IP) address, online user identification profiles and browsing behaviour;
- Site access information such as log in credentials (e.g., user name for accessing restricted content);
- Organizational and professional information;
- Location data such as IP address, MAC address, GPS, devices, cell towers, Wi-Fi access points;
- Government verified information such as information from identity cards or passports;
- Account and registration information; or
- Financial information including credit debit or other payment data.
Please note that there may be overlaps between the categories of Personal Data that will be processed by us.
4. Do we collect non-Personal Data?
- Yes, we may collect non-Personal Data such as aggregated and anonymized data or statistical and demographic data which may sometimes be derived from your Personal Data but which cannot be used to identify you either directly or indirectly.
- Such data may be used for analytical activities with the objective of improving our operations.
- Aggregated and anonymized data may be shared (not sold) with our business partners to perform these analytical operations.
- If the anonymized and aggregated data results in your direct or indirect identification, such data will be treated as Personal Data.
5. Can you refuse to provide Personal Data?
Yes, you can always refuse to supply Personal Data, except that it may prevent you from engaging in certain website, platform related activities or limit your access to our services.
6. What happens if you provide false or inaccurate Personal Data to us?
If you do not provide the Personal Data we need to process because of a law or for the performance of a contract, we may not be able to meet your requests or continue providing our services to you.
Additionally, if we believe the Personal Data you have provided is false or fraudulent, we can refuse services, terminate the contract, and report you to authorities.
7. What are your obligations if you are providing Personal Data of a third party?
If you are providing the Personal Data of a third party you do so on the basis that that person has given you prior consent and that person is aware of the contents of this Notice and their rights in respect of the Personal Data provided to us.
8. Do we process the Personal Data of children?
- We do not and our software and services do not target, and are not structured to attract, children under the age of 16.
- We do not collect any registration information from users who indicate they are under the age of 16.
- If you provide us with Personal Data about your child, or a child to whom you are the legal guardian, that will be deemed to be consent to the collection and processing of that child’s data.
- We will not sell the personal data of any person who we know is under the age of 16 without express, valid authorization.
9. How do we use your Personal Data?
Our use of your Personal Data is prescribed by law and the following table sets out the lawful bases for processing your Personal Data.
| Use |
Lawful basis for processing Personal Data |
| To provide our services to you and to conduct our business. |
- Contract performance
- Legitimate interests (to enable us to perform our obligations and provide our services to you)
- Consent
|
| To facilitate the use of our websites and to ensure content is relevant. |
- Legitimate interests (to allow us to provide you with the content and services on the websites)
- Consent
- Contract performance
|
For marketing and business development purposes.
Please note that we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in section (r)below. |
- Legitimate interests
- Consent
|
| For research and development purposes |
- Legitimate interests (to allow us to improve our services).
|
| For recruitment purposes |
- Legitimate interests (to ensure that we can make the most appropriate recruitment decisions
- Contract performance (in order for us to take steps at your request to enter into a contract with you)
|
| To fulfil our legal, regulatory, or risk management obligations such as to comply with our legal obligations (performing client due diligence/”know your client”, anti-money laundering, anti-bribery, sanctions or reputational risk screening, identifying conflicts of interests); for the prevention of fraud and/or other relevant background checks as may be required by applicable law and regulation and best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them); to enforce our legal rights, to comply with our legal or regulatory reporting obligations and/or to protect the rights of third parties; |
- Legal obligations
- Legitimate interests (to cooperate with law enforcement and regulatory authorities, to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud).
- Where we process special categories of personal data we may also rely on substantial public interest (prevention or detection of crime) or legal claims
|
| To ensure that we are paid |
- Contract performance
- Legitimate interests (to ensure that we are paid for our services).
|
| To inform you of changes to our services or policies and notices, including this Statement |
- Legitimate interests (to ensure we can notify you about changes to our services and policies and to maintain our relationship with you).
|
| To reorganize or make changes to our business -In the event that we are undergo a re-organization (for example if we merge, combine or divest a part of our business), we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transfer to that re-organized entity or third party your personal data for the same purposes as set out in this Privacy notice or for the purpose of analyzing any proposed re-organization; |
- Legitimate interests (in order to allow us to change our business).
|
10. How do we share your Personal Data?
We do not sell, trade, or rent your Personal Data.
We may share your personal data with our service providers, agents, and trusted associates to facilitate your purchases, promote our products, and conduct business, data analytics, and promotional activities. These business partners are bound by contract to maintain confidentiality and to limit the processing of your Personal Data for the limited purpose of fulfilling the contractual obligation.
11. How do we use cookies?
For more information on our use of cookies and how you can change your cookies preferences, please refer to our Cookie Policy.
12. Why do we record CCTV footage?
- We may use CCTV on our premises to ensure the safety of our customers, patrons, employees, service providers and business partners.
- This CCTV footage may be used to monitor the behaviour of the people within our premises, and where relevant to aid investigations into potential or actual criminal, fraudulent incidents or other incidents of a related nature.
- We may share such footage with law enforcement authorities and/or judicial authorities to assist with investigations, proceedings or other legal action.
- Such footage may also be used in internal disciplinary inquiries.
13. For how long will we retain your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, compliance or reporting requirements. For more information about our Retention Policy please contact us.
14. How are we protecting your Personal Data?
- We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data.
- Where your Personal Data must be shared with business partners, Personal Data will only be shared with business partners who need it to perform their services. These business partners will only use your Personal Data according to our instructions and will be bound by obligations of confidentiality and Personal Data processing best practices.
15. What are your rights as a data subject?
You have the right to exercise the following rights by submitting a written request:
- Withdraw your consent to the processing of your Personal Data;
- Access your Personal Data;
- Request the rectification or completion of inaccurate or incomplete Personal Data;
- Request the erasure of your Personal Data if:
- We have breached our obligations under the Personal Data Protection Act, No.9 of 2022;
- You have withdrawn your consent; or
- We are required by law to do so.
16. How do we handle your written request pursuant to (15.) above?
We will respond within 21 working days to confirm if:
- We have granted your request
- We have refused your request with reason for such refusal; and
- We have refrained from further processing your personal data.
17. How are changes made to this Privacy Notice?
This Notice is kept under review and is subject to change in line with our Privacy Policy. We therefore encourage you to review them when you visit the website to stay informed of how we are using Personal Data.
This Notice was last updated on 2 December 2024.
18. Interaction with our other policies and procedures
This Notice supplements our other privacy and legitimate interest notices or policies and is not intended to override them.
19. What happens if the Sinhala or Tamil versions of this Notice differ?
This Notice may be translated into different languages, and in the event of any inconsistency among the versions, the English version shall prevail.
20. How can you contact us?
If you have any enquiries or feedback on our personal data protection policies and procedures; or need more information on or, need access to the Personal Data you have provided us please contact our Data Protection Officer via email on [email protected] or on (+94) 77-2723976.
21. Your Acceptance
- By using this site, you acknowledge that you have read and understood this Notice.
- If you do not agree with the terms outlined, you should refrain from using the site. Continued use of the site after any updates to this Notice will be considered as your acceptance of those updates.
