Privacy Policy

Introduction

Intervest (Pvt) Ltd (“Company,” “we,” “our,” or “us”) is a specialized provider of software solutions and shared services. We are committed to safeguarding the personal data of individuals with whom we interact, including our clients, employees, service providers, and other stakeholders. This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with the Data Protection laws and other applicable laws.

 

Information We Collect

Personal Information

We may collect and process information relating to identity, such as names, identification numbers, and dates of birth; contact details including addresses, email addresses, and telephone numbers; professional details such as employment information, job titles, and credentials; financial data including banking information, billing records, and transaction histories; and technical data such as device identifiers, IP addresses, browser types, operating systems, time zones, usage metrics, and diagnostic data derived from digital interactions.

Special Categories of Personal Data

We may process sensitive personal data such as biometric data or other data defined under the applicable Data Protection laws, only when it is strictly necessary and with your explicit consent or as otherwise permitted by law.

 

How We Collect Your Data

We may collect personal data through:

  • Direct Interactions: When you contact us, use our platforms, submit forms, or communicate with our team.
  • Automated Technologies: Through cookies and usage tracking on our websites and platforms.
  • Third Parties: Including business partners, clients, public sources, and service providers who lawfully share data with us.

 

How We Use Your Data

Your personal data may be used for the following lawful purposes:

  • To provide and manage software and shared services to clients.
  • For customer support, feedback, and service-related communication.
  • To administer contracts, process payments, and fulfill legal obligations.
  • To improve our digital platforms and services.
  • To send communications, including updates, notices, or marketing material where permitted.
  • For security, integrity, and fraud prevention.
  • To comply with legal or regulatory obligations under applicable laws and frameworks.

 

Legal Basis for Processing

We process your data under one or more of the following legal bases:

  • Your consent, where required;
  • Performance of a contract to which you are a party;
  • Compliance with a legal obligation;
  • Our legitimate business interests, provided these are not overridden by your fundamental rights.

 

Your Rights

Under the applicable Data Protection Laws, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data under specific circumstances.
  • Right to Object: Object to processing for direct marketing or on grounds of legitimate interest.
  • Right to Restrict Processing: Request temporary suspension of processing.
  • Right to Data Portability: Request your personal data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw your consent where processing is based on it.

You may exercise these rights by contacting our Data Protection Officer (details below). We will respond in accordance with legal timeframes.

 

Data Sharing and Transfers

We may share your personal data with:

  • Affiliates within the Intervest group of companies.
  • Authorized Service Providers supporting our operations (e.g., IT, cloud, payroll, legal).
  • Clients or Partners, in accordance with project or service-related contracts.
  • Regulators, law enforcement, or courts, if required by law.
  • Others, with your explicit consent or as otherwise lawfully permitted.

If data is transferred outside Sri Lanka, we ensure adequate safeguards are in place as required under applicable data protection regulations.

 

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, regulatory, and contractual requirements. Once retention is no longer necessary, data will be securely deleted or anonymized.

 

Data Security

We implement robust administrative, physical, and technical measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These include encryption, access controls, monitoring, and staff awareness programs.

 

Cookies and Tracking Technologies

Our websites use cookies and similar tracking technologies to enhance usability, measure performance, and support marketing activities. You can manage your preferences through your browser settings or via our cookie consent banner.

 

Third-Party Links

Our digital platforms may include links to third-party websites. These are governed by their own privacy policies, and we accept no responsibility or liability for their content or data practices.

 

Conflicts or Supplemental Notices

This Privacy Policy may be supplemented by service-specific privacy notices where necessary. In the event of a conflict, such supplemental notice will prevail for the relevant service or engagement.

Complaints related to privacy will be handled in accordance with our Complaints Policy.

 

Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technological changes. The updated version will be posted on our website with a revised “effective date.” Your continued use of our services after changes take effect constitutes your agreement to the updated terms.

 

Contact Us

If you have any questions, concerns, or wish to exercise your data protection rights, please contact:

Intervest
Data Protection Officer
Risk & Compliance Department
Level 23, 324 Havelock Road, Colombo 006, Sri Lanka
Email: compliance@intervest.lk