Metatechno Lanka Company Pvt Ltd (hereinafter referred to as “the Company”) recognizes the importance of protecting personal information in all business activities, including recruitment, system development and related services. We are committed to handling personal information responsibly and ensuring its secure management. This Privacy Policy explains how we collect, use, store, and safeguard personal information submitted to the Company.

To put this commitment into practice, we have established the following Privacy Policy. This policy is accessible to the public and has been shared with our entire workforce, including permanent, contract, intern, and outsourced staff. We ensure its implementation, continuous monitoring, and improvement.

1. The Company request for personal information, only for the business purposes and the personal information will be collect only through lawful and fair methods. MTL takes reasonable technical and organizational measures to safeguard your personal information against unauthorized access, disclosure, alteration, or destruction. Only authorized personnel involved will have access to the personal information, and they are bound to confidentiality obligations.
2. When we ask you to provide personal information, we will clearly explain the purpose of use and obtain it in a lawful and fair manner.
3. The information you provide will only be used within the scope of legitimate business operations, recruitments, employment, HR management, and never for any other purpose without your consent. We also take steps to prevent any unintended use.
4. We take necessary and appropriate security measures to prevent leakage, loss, or damage of personal information. If an unexpected incident occurs, we act promptly to minimize impact, take corrective actions, and implement measures to prevent recurrence.
5. We comply with the laws and regulations of Sri Lanka and international guidelines related to the protection of personal information.
6. To ensure effective personal information protection, we maintain and continuously improve our Privacy Protection Policy under Information security Management System.
7. All members of our workforce who handle personal information are provided with awareness training. A dedicated Chief Information Security Officer (CISO) will oversee and ensure the safe and appropriate management of personal data.
8. Any inquiries, complaints, or requests regarding personal information held by the Company will be handled promptly and appropriately through our designated contact point. Established May 31, 2024.

May 31, 2024 Initial release

Feb 28, 2025 Reviewed

Metatechno Lanka Company (Pvt) Limited.

1. Collection and Use of Personal Information

We collect and use personal information only for purposes necessary to conduct our business operations.

• Personal information may be collected directly from individuals or indirectly through partners and service providers. Such as names, email address, contacts, postal address, or meetings.
• Application-related information including résumé/CVs, cover letters, educational qualifications, employment history, skills, and any other documents individuals choose to upload.
• Technical information such as IP address, browser type, access time, and referring website, which may be collected automatically for security and analytics purposes. Information collected directly

1. Use of Personal Information in Business Activities
• For Clients, Customers & Business Contacts Providing information about our products, partner products, and services
• Delivering and supporting our software solutions Responding to inquiries, arranging meetings, and business coordination
• Managing events, workshops, and demonstrations
2. Use of Employee Personal Information
• Employment, HR, and labor management

2. Measures for Safe Management of Personal Information

We take appropriate steps to prevent loss, misuse, unauthorized access, leakage, or alteration of personal information.

Basic Security Policies

Our applicable security policies are published on our website.

Internal Rules

Documented guidelines define how personal information must be handled.

Organizational Controls

A structured privacy management system is in place.

Internal and external audits are conducted regularly. In case of an incident, Incident Handling In Charge will take immediate action.

Physical Controls

Office entry is restricted by ID card verification.

Measures are taken to prevent theft or loss of devices and documents.

Human Controls

All employees undergo regular privacy and information-security awareness.

Confidentiality obligations are clearly defined.

Technical Controls

User authentication and access control based on job roles

Protection against unauthorized access

Antivirus and security monitoring tools

Management of Third-Party Service Providers

All vendors are evaluated both before onboarding and throughout the contract period.

The final approval and oversight are carried out by the Chief Information Security Officer (CISO).

Data Stored Outside Sri Lanka

When personal information is stored or processed outside Sri Lanka, we assess the data protection laws and security practices of the relevant country to ensure appropriate safeguards are in place.

3. Third-Party Disclosure

We take appropriate steps to prevent loss, misuse, unauthorized access, leakage, or alteration of personal information.

• When required by applicable law, regulation, or legal process.
• When necessary to protect life, safety, or property and obtaining consent is difficult.
• When cooperation is required for public health or law enforcement.
• When legally mandated authorities require such information for official duties.

4. Requests for Disclosure or Corrections

Individuals or their authorized representatives may request:

• Notification of the purpose of use
• Disclosure of personal information
• Correction, addition, or deletion
• Suspension of use or deletion
• Suspension of third-party provision
• Disclosure of third-party disclosure records

Requests will be handled promptly after verifying the identity of the requester.

5. Data Retention

MTL will retain your information only as long as necessary for recruitment purposes or as required by law. If you wish to have your personal data removed from our records, you may contact us at any time. Project data will be deleted immediately after the project contract has been completed.

6. Cookies and Tracking

Our careers page may use cookies and similar technologies to enhance your browsing experience and gather usage statistics. You can control cookie settings through your browser.

7. Updates to This Policy

MTL reserves the right to update or amend this Privacy Policy from time to time. Any changes will be posted on this page with the updated effective date.

8. Contact Information

For inquiries, complaints, or concerns about the handling of personal information, please contact our designated privacy officer.

May 31, 2024 Initial release

Feb 28, 2025 Reviewed

Metatechno Lanka Company (Pvt) Limited.

Nadeesh Indrajith

General Manager