ACA Information Security and Privacy Global Policy Statement
ACA, the premier institution for educational and cultural initiatives in Sri Lanka, is dedicated to maintaining the highest standards of information security and privacy across its operations. This policy governs the collection, use, and protection of personal data in all locations where ACAÂ operates and across all systems used for information processing.
Key Principles and Commitments
ACA upholds the Personal Data Protection Act No. 9 of 2022 (‘PDPA’) as its global privacy standard. Local data protection laws in the countries of operation complement this standard. In cases of conflict, adherence to internationally accepted privacy principles in local laws takes precedence.
ACA is committed to ensuring the confidentiality, integrity, availability, and resilience of collected, stored, and processed information. This commitment aligns with Sri Lankan law, international good practice, legal requirements, and contractual obligations.
ACA allows individuals to exercise their rights regarding their personal information, including the right to lodge complaints if they believe their information has been mishandled.
Personal information is retained for only as long as necessary, ensuring compliance with data protection principles.
Â
The organization takes measures to protect the rights and freedoms of individuals whose information may be transferred to countries with differing data protection laws.
Actual or suspected breaches of information security are promptly reported and thoroughly investigated.
ACA assesses the maturity of its information security controls annually to maintain a robust security posture.
These standards are extended to the organization’s supply chain and delivery partners, ensuring a comprehensive approach to information security.
ACA commits to providing adequate resources for the implementation of this global policy statement. Regular communication and understanding of these standards will be ensured across the organization.
This global policy statement will be subject to an annual review to incorporate new legal and regulatory developments and ensure alignment with the best practices in information security and privacy.
For ACA’s data protection and privacy policies, please refer to the following information
By enrolling, you agree to the terms of ACA Privacy Policy, outlining the collection and use of personal information.
Data Protection Regulations
ACA is unwavering in its commitment to data protection regulations, applying principles that align with the Personal Data Protection Act No. 9 of 2022 (‘PDPA’) in Sri Lanka and international best practices. This commitment spans our global operations, empowering individuals with rights over their personal information and establishing stringent guidelines for organizations processing such data.
Our Information Security and Privacy Policy outlines the treatment of personal information. It ensures that your data is handled with utmost care and in compliance with relevant regulations.
If you wish to exercise your rights concerning personal information, submit a written request via post or email. While written requests are preferred, we’re available for telephone inquiries as well. Please provide the necessary proof of identity and other details for swift processing.
For privacy-related concerns, reach out to our Information Governance Advisor (Disclosures) at the following address:
Information Governance Advisor (Disclosures)
- ACA
- Level-35, West Tower, World Trade Centre, Sri Lanka
- Phone: [Your Phone Number]
- Email: in**@*********************ia.com
We may request proof of identity, home address, and additional information to locate your data. Processing begins once your identity is confirmed.
Right to Access Personal Information
Request a copy of the personal information held about you, known as the right of ‘subject access.’
Right to Restrict Processing
In specific situations, you can require us to restrict the processing of your personal information.
Right to Object to Processing
Exercise this right in scenarios like direct marketing or automated decision making.
Right to Erasure (“Right to Be Forgotten”)
Ask for the secure deletion or destruction of your personal information in certain circumstances.
Right to Data Portability
Request a copy of your information in a machine-readable format or ask us to send it to another organization.
If you have concerns about our data processing, you have the right to complain to a national data protection regulator. In Sri Lanka, you may contact [Sri Lanka’s Data Protection Authority] for guidance.
We facilitate the sharing of personal information through meticulously crafted data-sharing agreements, ensuring confidentiality and compliance with data protection standards. In instances where data travels beyond our organizational boundaries, we adhere to the guidelines set by the Personal Data Protection Act No. 9 of 2022 in Sri Lanka, ensuring data flow aligns with the parameters established in the PDPA to uphold privacy and security standards.
We engage other organizations for specific services, ensuring that your personal information remains protected.
With your consent, we may use your information for direct marketing to enhance your experience. You have the option to opt-out at any time.
We retain personal information according to our corporate retention requirements, detailed in our corporate retention schedules.
Automated fraud checks are conducted to ensure fair transactions and protect individuals. You have the right to contest any fraud decision made about you.
For general queries, contact our Data Protection Officer via the  in**@*********************ia.com.
We may engage in digital marketing campaigns on social media platforms with your consent, using pseudonymized data.