x
Menu

Privacy Policy

Who We Are

OCTAVE – Data & Advance Analytics Centre of Excellence of John Keells Holdings PLC (“OCTAVE”, “we”, “our”, “us”) is a company registered in Sri Lanka bearing company registration number PV 00289188, with its registered office at No. 117, Sir Chittampalam A. Gardiner Mawatha, Colombo 2, Sri Lanka.

We are part of the John Keells Group of companies (“Group”) that is one of Sri Lanka’s largest conglomerates listed in the Colombo Stock Exchange. With a heritage of over 150 years, through innovation and strategic partnerships, the Group has become the leader in many key industry verticals. The Group is a driver and an integral part of the Sri Lankan economy. For more details, please visit our website Largest Listed Conglomerate in the Colombo Stock Exchange | John Keells Group, Sri Lanka.

Why your Privacy is Important to Us

OCTAVE remains committed to ensuring a robust and transparent personal data protection framework.

As such your privacy is important to us, and we wish to assure you that the Personal Data we collect about you will be treated with care. This Privacy Policy informs you about:

  • how we look after your Personal Data when you avail of any services, when you apply for a career at OCTAVE, contract with us, visit our website, interact with including over the phone, via email, through our mobile applications and our social media platforms;
  • your privacy rights; and
  • the protection afforded by law.

By accepting the terms of this Privacy Policy, contracting with us and/or continuing to avail yourself of our services, you confirm that you have read, understood and agreed to this Privacy Policy.

Definitions

This Privacy Policy uses a number of definitions which are set out below:

Personal Data: any information or data which identifies an individual (directly or indirectly) whether alone or in combination with other identifiers we possess or can reasonably access. Personal Data does not include anonymized data, aggregated data or data which does not disclose the identity of an individual.

Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including collecting, organizing, storing, preserving, amending, retrieving, using, transmitting, disclosing, erasing or destroying it.

Special Categories of Personal Data: any data which reveals detail of an individual’s race or ethnicity, religious or philosophical beliefs, sexual relations, sexual orientation, political opinions, trade union membership, offences, proceedings, convictions, information about health, genetic, bio metric data and/or personal data relating to a child.

Important Information

This website is not intended for children, and we do not knowingly collect data relating to children unless provided by their parents or guardians.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on differing occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

Data Controller

OCTAVE is the Data Controller of all Personal Data relating to our clients, investors, employees and third-party contractors, as well as any other Personal Data processed in connection with our businesses. This means that we are responsible for determining when, why and how to process Personal Data in line with applicable data protection law.

Contact Us

Should you have any inquiries in relation to this Policy please contact the following:

Full name of legal entity: OCTAVE Advanced Analytics Pvt. Ltd.
Designation: Head of Data & Advanced Analytics
Postal address: No. 117, Sir Chittampalam A. Gardiner Mawatha, Colombo 2, Sri Lanka.
Email address: octave@keells.com

Your duty to provide accurate information and inform us of changes

It is important that the Personal Data we hold about you is accurate, valid and up to date. It is your obligation as well to keep us informed of any changes to your Personal Data during the continuance of your relationship with us.

Your duty to ensure the security of your own personal devices

It is important that you ensure the security of the devices used to transfer Personal Data to us as no data transmissions over the Internet can be guaranteed as 100% secure. Therefore, we expect that you secure all devices against security and cyber risks.

Please bear in mind that we will not request for Personal Data or account information by any unsolicited means of communication. Therefore, you are responsible for keeping your Personal Data and account information secure.

Third party consent

In the event you provide us with any personal information or Personal Data on behalf of another person, you confirm that such Personal Data has been obtained by you and provided to us with the prior specific consent of such person who has fully apprised himself/herself of terms and conditions of this Privacy Policy. Any such third-party Personal Data provided by you shall be accurate, up to date, valid and not include any false, inaccurate information, any misstatements of fact, misrepresentations or the like.

Third-party links

This website may include links to third-party websites, plug-ins and applications which are not maintained or controlled by us. Clicking on those links or enabling those connections may allow third parties to collect or share Personal Data about you based on their own terms of use and privacy. We do not control these third-party websites and are not responsible for their privacy statements and therefore we request that you fully apprise yourself of the terms and conditions contained on such websites. We are not responsible for any third- party actions or their security controls in respect of any Personal Data they may collect or process via their website, service or otherwise.

The Data We Collect

We may process different kinds of data about you and those of third parties you disclose to us which we have grouped as follows:

  • Personal Data which you provide us which may include your name, address, national identification number, date of birth, place of permanent residence, email address and contact information.
  • Technical Data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage data relating to you use this website or our services.
  • Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Aggregated and Anonymized Data

When you visit this website or use any of our mobile applications, we may also collect, use, store and share aggregated, anonymized, statistical or demographic data which may be derived from your Personal Data (Aggregated Data and/or Anonymized Data).

Aggregated and/or Anonymized Data is not considered Personal Data, as it cannot directly or indirectly reveal your identity. Aggregated and/or Anonymized Data may include the time and length of your visit to this website, the pages you have visited on this website, details of the website you visited immediately prior to visiting this website. We may also record the name of your internet service provider.

We may use such Aggregated and/or Anonymized Data to conduct analytical activities, to measure site activity to improve our website and for communications and services. For example, we may aggregate your Usage data to calculate the percentage of users accessing a specific website feature.

We may in this regard share such Aggregated and/or Anonymized Data with companies within the Group and/or data analytical service providers.

However, if we combine Aggregated and/or Anonymized Data with your Personal Data in a manner that you can be identified (directly or indirectly), we will treat such combined data as Personal Data.

Failure to provide Personal Data or provision of inaccurate or false Personal Data

Where we need to collect Personal Data by law, under the terms of a contract with you, our website terms and conditions or where such Personal Data is required to furnish further information regarding the provisions of any of our services and you fail to provide such Personal Data when requested, we may not be able to proceed with your requirements, including the performance of any contract with you or are trying to enter into with you. In these circumstances, we have the right to notify you and cancel or refuse to accept the services you are looking for.

In the event we have reason to believe that any Personal Data provided by you is false, inaccurate, a misstatement of fact, a misrepresentation, an act of identity theft, a violation of any third party right or similar circumstance, we have the right to refuse any services you require, terminate our contract if any, and where relevant, report you to the relevant regulatory authorities.

How Your Personal Data is Collected?

We use different methods to collect Data about you, including through:

Direct interactions. You (or a person or agent acting on your behalf) may give us your Personal Data by corresponding with us by post, phone, email, directly through the website, social media platforms or otherwise, including when Personal Data is provided in feedback given to us and/or complaints on our services.

This Website. We may automatically collect Technical Data about your equipment, browsing actions and patterns when you interact with this website by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see Section 5 below and our Cookie Policy for further details.

Our mobile website and mobile applications. These have the ability to access mobile device information to better serve our customers and stakeholders.

Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources such as:

  • analytics providers within and/or outside Sri Lanka (such as Google based analytics providers);
  • advertising networks based within and/or outside Sri Lanka;
  • search information providers within or outside Sri Lanka.

How We Use Your Personal Data

We will only use your Personal Data to the extent permitted by law.

Most commonly, we will rely on the following types of lawful basis to process your Personal Data:

Legitimate Interests:The legitimate interests of OCTAVE in conducting and managing its business in order to ensure a high standard of service, secure experience and legal compliance. We use best endeavours to balance any potential impact to you and your rights (both positive and negative) prior to processing your Personal Data for our legitimate interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you (save with your express consent or as required/permitted by law).

Performance of Contract: processing and using your data is necessary for the performance of any services or contract to which you are a party to or to take steps at your request before entering into such a contract and the provision of the same to our service providers, agents and other parties as required for the purpose of facilitating the performance of the contract with you.

Comply with legal or regulatory obligations: It may be necessary for us to process your Personal Data to ensure compliance with applicable legal obligations or to comply with requests from Government, law enforcement, regulatory, judicial or related authorities in relation to obligations under law, regulation, national or public security or related inquiry.

Purposes for which we will use your Personal Data

The table below highlights the means by which we may use your Personal Data, and the basis we rely on to do so (which may include our Legitimate Interests). While this is not an exhaustive list, you may obtain further information from us in this regard, if required. And we will be able to provide additional information you may require in that regard upon request.

 

Purpose/Activity Type of data Basis for processing
To provide you with further information, advise, services or in the performance of a contract. Personal Data Necessary to comply with a legal obligation and applicable law.
Necessary for our legitimate interests to present you with the right kinds of products and services.
To manage our relationship with you which will include:

  • Personalizing your usage experience
  • Improving our services
Technical

Usage

Marketing and Communications

Necessary to comply with a legal obligation

Necessary for our legitimate Interests (to keep our records updated and to study how clients use our web services)

Necessary for our legitimate interests to present you with the right kinds of products and services

Necessary for our legitimate interest in Improving our web services

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Technical Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organization or group restructuring exercise)

Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure the effectiveness of the advertising we serve to you Usage

Marketing and Communications

Technical

Necessary for our legitimate Interests (to study how clients use our services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve this website, services, marketing, client relationships and experiences Marketing and Communication

Technical

Usage

Aggregated and/or Anonymized Data

Necessary for our legitimate interests (to define types of clients for our services, to keep this website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about services that may be of interest to you Technical

Usage

With your consent, to improve your experience.

 

Cookies and other tracking technologies

This website makes use of cookies and other tracking technologies (Cookies’) to measure site activity and to enhance your experience in searching our services. Cookies are alphanumeric identifiers that are sent to your computer when you visit websites and online services. If your web browser’s preferences are set to accept it, the cookie is stored on your computer’s hard drive. Cookies enable our and other websites to recognize your preferences and to tailor content to you. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so and where relevant obtain your prior consent.

Marketing

We strive to improve our services and also share marketing communications relating to our products and services as well as those of any Group company that may be of interest to you subject to the permitted limits of Personal Data usage.

Third-party marketing

We will request your express consent before we share your Personal Data with any company outside the Group for marketing purposes.

Disclosures of Your Personal Data

We may have to share your Personal Data in relation to the “Purposes for which we will use your Personal Data” enumerated above (under Section 5) with third parties including the following:

Internal Third Parties

Companies within the Group and their associates (including those based within and outside Sri Lanka) who may act as joint controllers or processors, consultants or service providers (including in relation to services you may require, data analytics, marketing and research, revenue optimization and other services in connection with the operations of our businesses).

External Third Parties

  • Service providers, contractors and agents acting as processors who provide services such as data processing and analytics, marketing and research, revenue optimization and other services to OCTAVE in connection with the operations of its business.
  • Business partners of OCTAVE associated with its industry groups such as leisure, transportation, retail, property, IT, consumer foods, plantation, financial services etc.
  • Professional advisers, including those who provide consultancy, banking, legal, financial, insurance, tax and accounting services.
  • With any law enforcement authority or governmental institution for public or national security, OCTAVE or Group security, your security or any other investigative purpose.
  • Regulators and other authorities who require information and Personal Data including in relation to reporting processing activities undertaken by us.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. In particular, we require our third-party service providers to limit the processing of Personal Data for specified purposes and in accordance with our instructions.

International Transfers

Given the diversified nature of the Group with companies and business operations extending beyond Sri Lanka, it may be necessary to transfer your information and Personal Data outside Sri Lanka.

Data Security

We have put in place appropriate security measures to prevent the unauthorised processing or loss of your Personal Data. Additionally, we have implemented measures that limit access to your Personal Data to those who have a business and need to know such information. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. Processes have been implemented to detect and address any actual or suspected Personal Data breaches. As required by applicable law, we will notify you and the applicable regulator in the event of such a breach.

Please bear in mind that we cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.

Data Retention

How long will you use my Personal Data for?

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, compliance or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the legal requirements under applicable law.

Subject to such requirements, you may ask us to delete your data.

In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you and you can no longer be identified by it) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

You have the following rights in relation to your Personal Data under applicable data protection law:

  • Request access to your Personal Data.
  • Request to correct Personal Data. This enables you to update any incomplete or inaccurate data we hold. Note we may need to verify the accuracy of the new data you provide to us.
  • Request the erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data. Note that we may not always be able to comply with such request dependent on the circumstances, our legal obligations and applicable law which will be notified to you consequent to receiving your request for erasure.
  • Object to processing your Personal Data, where your rights override our Legitimate Interests.
  • Request that we restrict the processing of your Personal Data.
  • Request the transfer of your Personal Data to you or a third party. We will provide you, or such third party of your choice, the Personal Data in a structured, commonly used, machine-readable format.
  • Withdraw consent to use your Personal Data. Such withdrawal shall, however, be subject to applicable law and our legal obligations and will not affect the lawfulness of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may not be able to proceed with providing you with our services and assistance.

If you wish to exercise any of the rights set out above, please reach out to us on the contact information provided above.

No fee usually required.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, unreasonable, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to verify your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond.

We will use all best endeavours to respond to all legitimate requests within twenty-one days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. We will keep you updated in such case.

Use of CCTV

We may use CCTV across our premises to ensure the safety of all our customers, patrons, employees, service providers and business partners. In particular, we may use CCTV footage to monitor the behaviour of all persons within our premises and where relevant to aid investigations into potential or actual criminal, fraudulent incidents or other incidents of a related nature. We may share such footage with law enforcement authorities and/or judicial authorities to assist with investigations, proceedings or other legal action.

Changes to this Privacy Policy

We may update or amend this Privacy Policy from time to time and the updated version will be posted on this website. We request that you revisit this website from time to time for updates on the Privacy Policy.
The Privacy Policy may be translated into different languages, and in the event of any inconsistency among the versions, the English version shall prevail.

Clarifications or Complaints

If you have any clarifications or complaints about the content of this Privacy Policy or the manner in which your Personal Data is processed, we encourage you to contact us by using the information provided above in this regard.