Privacy Policy
INSIGHT SQUARE (PVT) LTD
Last Updated: 2026 / 01 / 01
1. Introduction
Insight Square (PVT) Ltd (“Company”, “we”, “our”, or “us”) is a technology and digital solutions provider specializing in enterprise systems, software development, data solutions, and IT consulting.
We are committed to protecting your personal data in accordance with applicable data protection laws, including but not limited to:
General Data Protection Regulation (GDPR)
Sri Lanka Personal Data Protection Act (PDPA)
Other applicable international data protection laws
This Privacy Policy explains how we collect, use, process, disclose, and safeguard your information.
2. Data Controller
Insight Square (PVT) Ltd is the Data Controller of your personal data.
Contact Details:
Email: [email protected]
Phone: +94 715674222
Website: www.insightsquare.asia
3. Categories of Data We Collect
3.1 Personal Identification Data
Full name
Email address
Phone number
Job title and company name
3.2 Technical & Usage Data
IP address
Device type and operating system
Browser type and version
Website usage behavior (pages, time spent, clicks)
3.3 Business & Client Data
(For enterprise solutions, ERP, SaaS, or custom systems)
Customer databases (processed on behalf of clients)
Operational data
Transaction records
Machine or system-generated data (IoT, RFID, etc.)
3.4 Communication Data
Emails, inquiries, support tickets
Meeting records or notes
4. Legal Basis for Processing (GDPR)
We process personal data under the following lawful bases:
Consent – when you explicitly provide information
Contractual necessity – to deliver services
Legal obligation – compliance with laws
Legitimate interests – business improvement, security, analytics
5. Purpose of Data Processing
We use your data for:
Delivering IT services, ERP systems, and custom solutions.
Client onboarding and project management.
System integration, deployment, and support.
Improving our products, AI systems, and analytics.
Communication and customer relationship management.
Marketing (only with consent where required).
Security monitoring and fraud prevention.
6. Data Processing in IT Systems
As an IT solutions provider, we may:
Act as a Data Processor on behalf of clients
Process data stored within:
ERP systems (e.g., Odoo or custom platforms)
RFID / IoT systems
Cloud infrastructure and databases
We process such data strictly under client instructions and applicable agreements.
7. International Data Transfers
Your data may be transferred and processed in countries outside Sri Lanka, including:
Cloud service providers (AWS, Azure, etc.)
International project operations
We ensure:
Adequate safeguards
Standard Contractual Clauses (SCCs) where applicable
Secure data handling practices
8. Data Sharing & Disclosure
We may share your data with:
8.1 Service Providers
Cloud hosting providers
Analytics tools
Communication platforms
8.2 Business Partners
Only when necessary for project delivery
8.3 Legal Authorities
When required by law or legal process
We never sell personal data.
9. Data Security Measures
We implement industry-standard security controls:
Encryption (data in transit & at rest).
Access control & authentication.
Secure cloud infrastructure.
Regular security audits and monitoring.
Role-based access systems.
10. Data Retention
We retain data only as long as necessary:
Client data → based on contractual agreements.
Marketing data → until consent is withdrawn.
Legal data → as required by law.
11. Your Rights
Under applicable laws, you have the right to:
Access your data
Rectify inaccurate data
Request erasure (“Right to be forgotten”)
Restrict processing
Data portability
Object to processing
Withdraw consent
To exercise your rights, contact: [email protected]
12. Contact & Complaints
For privacy-related inquiries:
+94 715674222
You also have the right to lodge a complaint with a relevant data protection authority.