Skip to Content

Privacy Policy


INSIGHT SQUARE (PVT) LTD

Last Updated: 2026 / 01 / 01

1. Introduction

Insight Square (PVT) Ltd (“Company”, “we”, “our”, or “us”) is a technology and digital solutions provider specializing in enterprise systems, software development, data solutions, and IT consulting.

We are committed to protecting your personal data in accordance with applicable data protection laws, including but not limited to:

  • General Data Protection Regulation (GDPR)

  • Sri Lanka Personal Data Protection Act (PDPA)

  • Other applicable international data protection laws

This Privacy Policy explains how we collect, use, process, disclose, and safeguard your information. 

2. Data Controller


Insight Square (PVT) Ltd is the Data Controller of your personal data.

Contact Details:

3. Categories of Data We Collect


3.1 Personal Identification Data

  • Full name

  • Email address

  • Phone number

  • Job title and company name

3.2 Technical & Usage Data

  • IP address

  • Device type and operating system

  • Browser type and version

  • Website usage behavior (pages, time spent, clicks)

3.3 Business & Client Data

(For enterprise solutions, ERP, SaaS, or custom systems)

  • Customer databases (processed on behalf of clients)

  • Operational data

  • Transaction records

  • Machine or system-generated data (IoT, RFID, etc.)

3.4 Communication Data

  • Emails, inquiries, support tickets

  • Meeting records or notes

4. Legal Basis for Processing (GDPR)


We process personal data under the following lawful bases:

  • Consent – when you explicitly provide information

  • Contractual necessity – to deliver services

  • Legal obligation – compliance with laws

  • Legitimate interests – business improvement, security, analytics

5. Purpose of Data Processing


We use your data for:

  • Delivering IT services, ERP systems, and custom solutions.

  • Client onboarding and project management.

  • System integration, deployment, and support.

  • Improving our products, AI systems, and analytics.

  • Communication and customer relationship management.

  • Marketing (only with consent where required).

  • Security monitoring and fraud prevention.

6. Data Processing in IT Systems


As an IT solutions provider, we may:

  • Act as a Data Processor on behalf of clients

  • Process data stored within:

    • ERP systems (e.g., Odoo or custom platforms)

    • RFID / IoT systems

    • Cloud infrastructure and databases

We process such data strictly under client instructions and applicable agreements.

7. International Data Transfers


Your data may be transferred and processed in countries outside Sri Lanka, including:

  • Cloud service providers (AWS, Azure, etc.)

  • International project operations

We ensure:

  • Adequate safeguards

  • Standard Contractual Clauses (SCCs) where applicable

  • Secure data handling practices

8. Data Sharing & Disclosure


We may share your data with:

8.1 Service Providers

  • Cloud hosting providers

  • Analytics tools

  • Communication platforms

8.2 Business Partners

  • Only when necessary for project delivery

8.3 Legal Authorities

  • When required by law or legal process

We never sell personal data.

9. Data Security Measures


We implement industry-standard security controls:

  • Encryption (data in transit & at rest).

  • Access control & authentication.

  • Secure cloud infrastructure.

  • Regular security audits and monitoring.

  • Role-based access systems.

10. Data Retention


We retain data only as long as necessary:

  • Client data → based on contractual agreements.

  • Marketing data → until consent is withdrawn.

  • Legal data → as required by law.

11. Your Rights 


Under applicable laws, you have the right to:

  • Access your data

  • Rectify inaccurate data

  • Request erasure (“Right to be forgotten”)

  • Restrict processing

  • Data portability

  • Object to processing

  • Withdraw consent

To exercise your rights, contact: [email protected]

12. Contact & Complaints


For privacy-related inquiries:

You also have the right to lodge a complaint with a relevant data protection authority.