Privacy Policy

1. Who I am (data controller)

The data controller responsible for your personal data is:

• Dr. Chanaka Lasantha Nanayakkara
• Colombo, Sri Lanka
• Email: chanaka.lasantha@gmail.com

For any question about this policy or your personal data, contact me using the details above.

2. What personal data I collect

When you use my contact / consultation form I collect only what I need to respond to you:

• Name (required)
• Email address (required)
• Message (required)
• Company, phone number and service of interest (all optional)

My web server and edge security may also process limited technical data such as your IP address, browser user-agent and request timestamp, strictly to keep the site secure and available.

3. Why I use it, and my lawful basis

I process the personal data above to:

• Respond to your enquiry and prepare the proposal you request. Lawful basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering a contract) and/or Article 6(1)(f) (my legitimate interest in handling business enquiries).
• Protect the website against attacks and abuse (technical/security logs). Lawful basis: Article 6(1)(f) (my legitimate interest in the security of my systems).

I do not use your contact details for marketing without your separate, opt-in consent, and I do not carry out automated decision-making or profiling.

4. Who I share it with

I do not sell your personal data. I share it only with service providers who help me operate, and only as needed:

• My email provider, to receive and reply to your enquiry.
• If my online form back-end is enabled, the form processor Formspree, Inc. (United States) transmits your submission to me. As shipped, the form instead opens your own email client (or sends directly to me), so no third-party form processor receives your data unless and until that back-end is enabled.

5. International transfers

I am based in Colombo, Sri Lanka. Where a processor outside your country is used (for example, if the Formspree form back-end is enabled, data is processed in the United States), that transfer is protected by an appropriate safeguard under Articles 44-49 GDPR, such as Standard Contractual Clauses and the processor's Data Processing Agreement. You may request details of the safeguards in place using the contact details above.

6. How long I keep it

I keep enquiry data only as long as necessary to handle your request and any resulting business relationship (typically up to 24 months after our last contact), after which it is securely deleted. Technical security logs are kept for a short period (rotated routinely) and then discarded.

7. Your rights

Subject to GDPR, you have the right to:

• Access the personal data I hold about you (Art.15)
• Rectify inaccurate data (Art.16)
• Erase your data (Art.17)
• Restrict or object to processing (Art.18, Art.21)
• Data portability (Art.20)
• Withdraw consent at any time, where processing is based on consent (Art.7)

To exercise any of these rights, email chanaka.lasantha@gmail.com. You also have the right to lodge a complaint with your local data-protection supervisory authority.

8. Cookies and tracking

This website sets no non-essential or tracking cookies and uses no third-party analytics or advertising trackers, so no cookie-consent banner is required. Note that any embedded Google Map on my Hire Me page is served by Google and may set its own cookies when displayed; see Google's privacy policy for details.

9. How I protect your data

Consistent with ISO/IEC 27001:2022 practices, the site enforces HTTPS/TLS, a strict Content-Security-Policy and hardened security response headers, and access controls that keep configuration and source artefacts non-public. Personal data is handled on a need-to-know basis.

10. Changes to this policy

I may update this policy from time to time. The current version and its "last updated" date are always shown at the top of this page.

Contact me about your data