privacy policy

1. Introduction

2. Scope of the Policy

This Policy applies to personal information collected from individuals who interact with ICIEOS through:

3. Data Controller and Processing Roles

ICIEOS LLC is the primary Data Controller responsible for determining the purposes and means of processing personal information collected through the website. ICIEOS (PVT) LTD may act as a Data Processor where it processes information under the instructions of ICIEOS LLC, or as a Joint Controller when both entities collaboratively determine certain processing activities, such as recruitment and internal coordination. This framework provides operational flexibility while maintaining compliance with applicable laws across jurisdictions.

4. Information We Collect

A. Information You Provide

ICIEOS collects personal information that you voluntarily submit when engaging with our website or communicating with us. This may include your name, email address, phone number, company information, project details, employment history, uploaded CVs, portfolios, or any materials submitted for consultation or career consideration. This information is collected to allow ICIEOS to respond to inquiries, evaluate service requests, assess potential candidates, and maintain accurate business communication.

B. Information Collected Automatically (No Cookies Currently Used)

The current public website does not use cookies. However, when you visit the website, we may automatically collect limited technical information necessary for security, system operations, and basic analytics. This may include your IP address, browser type, device indicators, pages visited, and general usage patterns. These forms of data collection are essential for maintaining the stability and performance of the website, and do not involve tracking technologies that monitor behavior across sessions or platforms.

C. Future Use of Cookies (Order Management Dashboard)

Our upcoming order management dashboard may require the use of cookies and similar technologies for authentication, session management, analytics, and user experience enhancement. When these features are launched, ICIEOS will update this Policy and publish a dedicated Cookie Policy describing the categories of cookies used and the mechanisms available for managing consent.

5. Legal Bases for Processing

Where required by applicable laws, ICIEOS may process personal information based on consent, legitimate interests, contractual or pre-contractual necessity, or compliance with legal obligations. Our legitimate interests may include responding to inquiries, managing internal operations, improving services, ensuring website security, and engaging in routine business communications. Users may withdraw consent at any time where applicable, without affecting the lawfulness of processing performed prior to withdrawal.

6. How We Use Personal Information

ICIEOS uses personal information for the purposes of communicating with users, evaluating service requests, preparing proposals, managing recruitment processes, sending newsletters or updates (with the option to unsubscribe), performing analytics that do not rely on cookies, improving website performance, maintaining security, and managing internal operations. We may also use personal information to comply with legal obligations, maintain business documentation, and support dispute resolution. ICIEOS does not use personal information for automated decision-making that produces legal or similarly significant effects.

7. Recruitment and Career Applications

When you submit an application, CV, or other materials for career consideration, ICIEOS processes this information to assess your suitability for current or future opportunities. Due to the nature of our operations and internal systems, ICIEOS retains applicant information for a reasonable period to consider candidates for future opportunities, or until you request removal. If you wish to withdraw your application or have your information deleted, you may do so by contacting us using the details in Section 21. Requests will be honored unless retention is required to meet legal or operational obligations.

8. Data Retention

ICIEOS retains personal information only for as long as is reasonably necessary to fulfill the purposes for which it was collected, or as required by governing laws. Retention periods may vary depending on the nature of the information, regulatory requirements, operational needs, and technical constraints. When data is no longer needed, ICIEOS will take reasonable steps to delete or anonymize it where feasible. These processes allow ICIEOS to maintain operational flexibility while ensuring responsible data handling.

9. International Data Transfers

ICIEOS may transfer personal information across borders, including to the United States, Sri Lanka, the European Union, and other locations where our service providers operate infrastructure. To safeguard such transfers, ICIEOS may rely on mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs), contractual protections, encryption, restricted access protocols, and other organizational measures designed to provide an appropriate level of protection, consistent with applicable laws.

10. Third-Party Service Providers

ICIEOS engages trusted third-party providers to support hosting, infrastructure management, communication, analytics (non-cookie based), and security. These providers may include Cloudflare, Microsoft Azure, MongoDB Atlas, and similar platforms. Such providers process information strictly in accordance with ICIEOS’s instructions and under contractual terms that restrict their ability to use personal information for independent purposes. As our operations evolve, ICIEOS may engage additional providers and update internal documentation accordingly.

11. Disclosure of Personal Information

ICIEOS does not sell, rent, or exchange personal information. We may disclose personal information when necessary to support operational functions, comply with legal or regulatory requirements, respond to lawful requests, protect our rights or systems, prevent fraud or security threats, or support business restructuring activities such as mergers or acquisitions. Any such disclosures will be carried out responsibly and in adherence with applicable laws and contractual obligations.

12. Rights of US Residents

Certain US states provide residents with rights over their personal information. These may include the right to access, delete, or obtain information about personal information collected. ICIEOS does not sell or share personal information as defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Rights requests may be submitted using the contact details provided in Section 21. ICIEOS does not currently respond to “Do Not Track” browser signals, as no consistent industry standard for responding to such signals exists at this time.

13. Rights of EU and UK Users

Users in the European Union and the United Kingdom may exercise rights under the GDPR and UK GDPR, including rights to access, correct, delete, restrict, object, and request portability of their personal information. Users may also withdraw consent where applicable. Requests will be processed in accordance with applicable laws and may require verification of identity to protect personal information from unauthorized access.

14. Rights Under the Sri Lanka Personal Data Protection Act

Individuals in Sri Lanka may exercise rights under the Personal Data Protection Act No. 9 of 2022, including the right to access personal information, request corrections, withdraw consent, and object to certain processing activities. Users may submit complaints to the Data Protection Authority once operational. ICIEOS is not currently required to appoint a Data Protection Officer; however, privacy-related inquiries may be directed to the contact information provided in Section 21.

15. Children’s Privacy

ICIEOS does not knowingly collect personal information from individuals under the age of 16. Should such information be identified, ICIEOS will take reasonable steps to delete it promptly.

16. Security Measures

ICIEOS implements appropriate administrative, technical, and physical safeguards to protect personal information from unauthorized access, alteration, disclosure, or destruction. These may include encryption, secure hosting environments, firewalls, monitoring systems, and access controls. While ICIEOS takes reasonable steps to protect information, no security system is infallible, and absolute security cannot be guaranteed.

17. Verification of Requests

To protect personal information, ICIEOS may take reasonable steps to verify the identity of individuals submitting privacy-related requests. Verification requirements may vary depending on the nature of the request and the applicable laws governing the individual’s jurisdiction.

18. Disclaimer of Warranties

The website and its content are provided on an “as is” and “as available” basis. ICIEOS does not warrant uninterrupted access, error-free operation, or freedom from vulnerabilities. Your use of the website is at your own risk.

19. Changes to Processing Activities

ICIEOS may introduce new processing activities, technologies, or features as needed to support evolving business operations. Any significant changes will be reflected in updates to this Policy, and ICIEOS reserves the right to make such changes at its discretion.

20. Changes to This Privacy Policy

ICIEOS may modify or update this Privacy Policy at any time to reflect operational needs, regulatory changes, or technological advancements. Updates will be posted on this page, and the “Last Updated” date will be amended accordingly. Continued use of the website after updates constitutes acceptance of the revised Policy.

21. Contact Information

For inquiries, requests, or concerns relating to this Privacy Policy or the handling of personal information, you may contact us at: