Home > Privacy & Data Protection Policy

The Institute of Internal Auditors – Sri Lanka (IIASL)
Last Updated: 26 September 2025

Introduction

The Institute of Internal Auditors – Sri Lanka (IIASL) values the privacy of its members, affiliates, customers and visitors to our websites, portals and social media pages. This policy explains how we collect, use, disclose and protect your personal information and the rights you have regarding that information.

By using our websites, mobile applications, social media channels, email, WhatsApp or submitting personal information in hardcopy, you consent to the collection and processing of your data as set out in this policy.

We comply with the Personal Data Protection Act, No. 9 of 2022 (PDPA) of Sri Lanka and, where applicable, international data protection laws such as the General Data Protection Regulation (GDPR) and the UK Data Protection Act.

Scope

This policy applies to all websites and applications operated by IIASL and to personal information provided through memberships, event registrations, training enrolments, certifications, surveys and other interactions. It does not apply to third-party websites or services.

Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Sensitive Personal Data: Includes government-issued IDs, financial, health or biometric data.

Types of Personal Data We Collect

  • Personal identifiers (name, NIC, passport, date of birth, gender)
  • Contact information (address, email, phone)
  • Employment and professional details
  • Academic information
  • Financial and billing information
  • Device and usage data
  • Photographs and audio-visual material
  • Other information provided via surveys or communication

Purposes and Legal Bases for Processing

  • Contractual necessity
  • Legitimate interests
  • Consent
  • Legal obligations
  • Vital and public interests

Cookies and Tracking

Our websites use cookies to enhance user experience and collect analytics data. You may control cookies through your browser settings.

Data Sharing and Disclosure

We may share personal data with service providers, IIA Global affiliates, professional advisers, event partners, or legal authorities when required. We do not sell personal data.

Cross-Border Data Transfers

Personal data may be processed outside Sri Lanka with appropriate safeguards such as contractual clauses or adequacy decisions.

Data Retention

Data is retained only as long as necessary and securely deleted or anonymised when no longer required.

Security of Personal Data

We use administrative, technical and physical safeguards to protect personal data. However, no system is completely secure.

Data Subject Rights

  • Right to access
  • Right to rectify
  • Right to erase
  • Right to object
  • Right to restrict processing
  • Right to data portability
  • Right to withdraw consent
  • Right to complain

Children’s Privacy

IIASL services are not intended for children under 13, and we do not knowingly collect data from children.

Changes to This Policy

We may update this policy periodically. Changes will be reflected by the “Last Updated” date.

Contact Us

Mr. P W Indika Darshana
Member Relations Committee Chair
Email: [email protected]
Tel: +94 76 523 5468

Ms. Shakunie Jayathunga
Administrative Secretary
Email: [email protected]
Tel: +94 77 194 4015

error: