VSIS Privacy Policy

---

1. Introduction

V S Information Systems (Pvt) Ltd (hereinafter referred to as “VSIS,” “we,” or “our”) is committed to safeguard the privacy and security of personal information collected from our clients, suppliers, employees, visitors to our premises and corporate website, and other interested parties (hereinafter referred to as “client,” “you,” or “your”).

This Privacy Policy explains how VSIS collects, uses, stores, and discloses information in compliance with the Personal Data Protection Act (PDPA) ACT, No. 9 OF 2022 Sri Lanka.

2. Scope of the Policy

This policy applies to:

• Clients and customers who engage with VSIS products, solutions and services.
• Suppliers and contractors who involve in VSIS business operations.
• Visitors to VSIS business premises.
• Visitors to the VSIS corporate website.
• Employees whose personal data is managed through the VSIS Human Resources Information System (HRIS).

VSIS collects, processes, and manages personal data through the following systems and platforms:

• Customer Relationship Management (CRM) System: Used for ticketing and issue resolution.
• Enterprise Resource Planning (ERP) System: Used for processing invoices, sales orders, procurement, logistics, and tendering.
• Human Resources Information System (HRIS): Used for managing employee data.
• Corporate Website: Used for inquiries and other interactions.
• Marketing and Promotional Events: Includes customer data collected for business outreach.
• Visitor Log: Maintains records of individuals entering VSIS premises.
• Internal IT Systems: Used for managing access controls, IT asset tracking, and user account administration.

3. Information We Collect

VSIS may collect the following types of personal data:

3.1 Clients & Customers

• Personal identification details (i.e. Name, Email, Contact number(s), Company details, NIC, Address).
• Descriptions of issues, Resolutions, and Interactions logged in the CRM as tickets.
• Billing and payment details processed through the ERP.

3.2 Employees

• Personal identification details (i.e. Name, Address, Date of Birth, NIC, Police and GS Records, Profile Picture, Signature).
• Employment records (i.e. Performance, Payroll, and Benefits details).
• Emergency contact information.

3.3 Suppliers and Contractors

• Business details (i.e. Contracts, Contact information, NIC, Signatures, Payment details).

3.4 Website Visitors

• Information provided through forms (i.e. Name, Email, Message).
• Browsing data (i.e. IP address, Cookies).

4. How We Use Information

VSIS use the collected information for the following purposes:

4.1 Clients & Customers

To deliver products and services, process orders and invoices, manage support tickets, and maintain effective communication.

4.2 Employees

To manage employment records, payroll, and other HR-related functions.

4.3 Suppliers and Contractors

To communicate with suppliers and contractors.

4.4 Website Visitors

To respond to inquiries, improve website functionality, and provide relevant updates.

4.5 Visitors to Premises

To ensure security, maintain visitor logs, and manage access control in accordance with safety and compliance requirements.

5. Disclosure of Information

VSIS do not disclose your personal data to third parties except:

• With Your Consent: When you have given explicit permission.
• With Service Providers: VSIS may share data with trusted third-party service providers who support our business operations, subject to confidentiality agreements and ongoing evaluations of their compliance with applicable PDPA requirements.
• For Legal Compliance or Legal Requirements: To fulfil legal obligations, enforce contracts, safeguard our rights and safety, or as mandated by law, regulation, or court order.

Note: All data sharing is governed by confidentiality agreements and NDAs to ensure data protection.

6. Data Security

VSIS is committed to safeguard the information entrusted to VSIS by implementing comprehensive technical, administrative, and physical security measures. These measures are designed to protect data against unauthorized access, alteration, disclosure, or destruction.

In the event of theft, loss, or unauthorized access to sensitive data, the incident shall be reported to the relevant organization / personal within 72 hours of becoming aware of the incident. Immediate actions will be taken to mitigate risks, investigate the cause, and ensure compliance with applicable legal and contractual obligations.

VSIS also conduct regular audits, vulnerability assessments, and employee training to strengthen the internal data security practices.

7. Data Retention

VSIS retain information for as long as necessary to fulfil the purposes outlined in this policy or comply with legal, regulatory, or contractual obligations.

8. Clients and Customer Rights

Depending on applicable laws, individuals may have the right to:

• Access: Request information about individuals’ personal data and how it is processed.
• Correction: Request corrections if data is inaccurate or incomplete.
• Deletion: Request deletion of data, subject to legal requirements.
• Withdrawal of Consent: Withdraw consent to the processing of data where applicable.

To exercise these rights, contact us at info@vsis.lk.

9. Cookies and Website Tracking

VSIS may use cookies and other tracking technologies to collect information about client’s interaction with our website to improve user experience. You can control the use of cookies through your browser settings.

10. Policy Update

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be communicated via our website or other appropriate channels.

11. Contact Information

For questions, concerns, or to exercise your rights under this Privacy Policy, please contact us at:

• Email: info@vsis.lk
• Phone: +94-11-2-038-500
• Address: V S Information Systems (Pvt) Ltd, No. 07, Suleiman Terrace, Colombo 05, Sri Lanka.