Home About FAQs Help Contact
Search Campaigns Blog
Compliance
Compliance

Introduction

Pethsama.org is committed to protecting the privacy and security of personal information in accordance with the Sri Lanka Personal Data Protection Act, No. 9 of 2022 (“PDPA”), which came into force in 2023, and any other applicable laws.
The PDPA aims to regulate the collection, processing, storage, and sharing of personal data, ensuring individuals have greater control over how their information is used, while promoting responsible data handling in the digital era.

We recognise that trust is the foundation of our platform. Whether you are creating a petition, signing one, or simply browsing, you should know exactly how your data is used and that it is handled with care.

Our Commitment

We are dedicated to:

  • Protecting personal data through secure processes and technologies.

  • Being transparent about how and why we collect, process, and store information.

  • Respecting your rights under the PDPA and any relevant international data protection standards.

We maintain internal policies and safeguards that are regularly reviewed to ensure they meet both legal requirements and best practices.

How We Comply with the PDPA

1. Data Collection & Purpose Limitation
We collect only the information necessary for the operation of our services, and process it solely for the purposes stated at the time of collection.

2. Consent & Lawful Processing
Where required, we obtain explicit consent before processing your personal data. You may withdraw your consent at any time.

3. Data Accuracy & Retention
We take steps to keep personal data accurate and up to date, and we retain it only for as long as necessary to fulfil the purposes for which it was collected or as required by law.

4. Data Subject Rights
Under the PDPA, you have the right to:

  • Access your personal data and receive information about how it is used.

  • Request corrections to any inaccurate or incomplete data.

  • Request deletion of your personal data (subject to legal and operational considerations).

  • Restrict or object to certain types of processing.

5. Security Measures
We employ technical and organisational measures to protect personal information, including:

  • Data encryption in transit and at rest.

  • Secure access controls and authentication measures.

  • Regular backups and disaster recovery protocols.

  • Monitoring and auditing to detect and prevent unauthorised access.

6. Third-Party Disclosures
Where we use trusted third parties to support our operations (e.g., hosting providers, payment processors), we ensure they meet our security and compliance standards. Data is not sold to any third party.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with the PDPA and to act as a contact point for any data protection-related inquiries.

If you have questions, requests, or concerns about your personal data, please contact:

Data Protection Officer
📧 contact@pethsama.org