The Institute of Internal Auditors – Sri Lanka (IIASL)
Last Updated: 26 September 2025
Introduction
The Institute of Internal Auditors – Sri Lanka (IIASL) values the privacy of its members, affiliates, customers and visitors to our websites, portals and social media pages. This policy explains how we collect, use, disclose and protect your personal information and the rights you have regarding that information.
By using our websites, mobile applications, social media channels, email, WhatsApp or submitting personal information in hardcopy, you consent to the collection and processing of your data as set out in this policy.
We comply with the Personal Data Protection Act, No. 9 of 2022 (PDPA) of Sri Lanka and, where applicable, international data protection laws such as the General Data Protection Regulation (GDPR) and the UK Data Protection Act.
Scope
This policy applies to all websites and applications operated by IIASL and to personal information provided through memberships, event registrations, training enrolments, certifications, surveys and other interactions. It does not apply to third-party websites or services.
Definitions
- Personal Data: Any information relating to an identified or identifiable individual.
- Sensitive Personal Data: Includes government-issued IDs, financial, health or biometric data.
Types of Personal Data We Collect
- Personal identifiers (name, NIC, passport, date of birth, gender)
- Contact information (address, email, phone)
- Employment and professional details
- Academic information
- Financial and billing information
- Device and usage data
- Photographs and audio-visual material
- Other information provided via surveys or communication
Purposes and Legal Bases for Processing
- Contractual necessity
- Legitimate interests
- Consent
- Legal obligations
- Vital and public interests
Cookies and Tracking
Our websites use cookies to enhance user experience and collect analytics data. You may control cookies through your browser settings.
Data Sharing and Disclosure
We may share personal data with service providers, IIA Global affiliates, professional advisers, event partners, or legal authorities when required. We do not sell personal data.
Cross-Border Data Transfers
Personal data may be processed outside Sri Lanka with appropriate safeguards such as contractual clauses or adequacy decisions.
Data Retention
Data is retained only as long as necessary and securely deleted or anonymised when no longer required.
Security of Personal Data
We use administrative, technical and physical safeguards to protect personal data. However, no system is completely secure.
Data Subject Rights
- Right to access
- Right to rectify
- Right to erase
- Right to object
- Right to restrict processing
- Right to data portability
- Right to withdraw consent
- Right to complain
Children’s Privacy
IIASL services are not intended for children under 13, and we do not knowingly collect data from children.
Changes to This Policy
We may update this policy periodically. Changes will be reflected by the “Last Updated” date.
Contact Us
Mr. P W Indika Darshana
Member Relations Committee Chair
Email: [email protected]
Tel: +94 76 523 5468
Ms. Shakunie Jayathunga
Administrative Secretary
Email: [email protected]
Tel: +94 77 194 4015