Company Name: Nebule (Pvt) Ltd ("we", "our", "us")
We value your privacy and are committed to protecting your personal information in accordance with the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka ("PDPA"). This Privacy Policy explains how we collect, use, and protect your data when you use our platform.
1. Information We Collect
We may collect and process the following personal data:
Identity and Contact Details: Name, email address, phone number, NIC / Passport Number, University Information, Student Identification Numbers, Account Details
Meeting Data: Audio, video, chat, or shared documents during online meetings (only if recorded, and with prior consent).
Technical Data: IP address, browser type, device details, and usage logs.
Communications: Any information shared through email or other correspondence.
2. Purpose of Processing
Your data is processed for the following lawful purposes:
To provide and manage our online meeting and advisory services.
To verify your identity and schedule sessions.
To communicate with you and provide support.
To improve our services and user experience.
To comply with legal and regulatory obligations.
To handle complaints and dispute resolution.
We will not process your data for any unrelated purpose without your prior consent.
3. Legal Basis for Processing
We process your personal data based on:
Your consent, when you voluntarily provide information or participate in meetings.
Contractual necessity, for providing advisory services you request.
Legal obligations, where disclosure is required by law.
4. Data Sharing and Disclosure
We may share your personal data only with:
Authorized service providers (such as cloud hosting or video recording storage platforms and verification service providers) that process data on our behalf under strict confidentiality.
Regulatory or law enforcement authorities, when required under applicable laws.
We do not sell, rent, or trade personal data to any third party.
5. Cross-Border Data Transfers
Where personal data is transferred outside Sri Lanka, we ensure such transfers comply with the PDPA and are subject to appropriate data protection safeguards.
6. Data Retention
Personal data is retained only as long as necessary. Meeting recordings (if any) are deleted within Seven (07) days. Personal data may be retained for Three (03) months after deletion for compliance purposes.
7. Data Security
We adopt reasonable technical and organizational measures to protect your personal data.
8. Your Rights Under the PDPA
You have the right to:
Request access to your personal data
Request correction or deletion
Withdraw consent
Lodge a complaint with the Data Protection Authority of Sri Lanka
To exercise these rights, contact us at [insert email].
9. Cookies and Tracking
We may use cookies to enhance user experience. You can manage cookies via browser settings.
10. Updates to This Policy
This policy may be updated periodically. The latest version will always be available on our website.