HomePrivacy Policy

Privacy Policy

Effective Date: Feb 12, 2026 | Last Updated: May 13, 2026

NGX Consultants Private Limited (“the Company,” “we,” “us,” or “our”) is committed to maintaining the confidentiality and security of the information entrusted to us. This Privacy Policy outlines how we collect, use, process, and protect personal data in accordance with the Personal Data Protection Act (PDPA), No. 9 of 2022 of Sri Lanka.

By using our website, services, or engaging in a business relationship with us, you consent to the practices described in this policy.

1. Scope of This Policy

This policy applies to all personal data processed by NGX Consultants Private Limited, whether collected via our website, email, or during the provision of IT Managed Services (MSP) and consulting. Our website is https://www.ngxconsultants.com

Note on Role: Where we provide services to a business client, we generally act as a “Processor” under the instructions of that client (the “Controller”). In such instances, the client’s privacy policy shall govern the data, and our obligations are defined by our service agreement with that client.

2. Information We Collect

To provide expert IT services, we may collect the following categories of information:

  • Identity Data: Name, business title, and identification numbers.

  • Contact Data: Email address, phone number, and physical business address.

  • Technical Data: IP addresses, device identifiers, system logs, and network configuration data required for IT support and security monitoring.

  • Usage Data: Information about how you use our website and services.

3. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Performance of a Contract: To fulfill our service obligations to you.

  • Legitimate Interests: To improve our IT services, ensure network security, prevent fraud, and for internal business administration.

  • Legal Obligation: To comply with Sri Lankan laws and regulatory requirements.

  • Consent: Where you have provided explicit permission for a specific purpose (e.g., marketing).

4. How We Use Your Information

We use the collected data for the following business-related purposes:

  • Providing, managing, and maintaining IT infrastructure and services.

  • Performing cybersecurity audits and risk assessments.

  • Communicating regarding service updates, technical alerts, or administrative changes.

  • Protecting our business interests, including the defense of legal claims.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share information with third parties only in the following circumstances:

  • Service Providers: Trusted partners who assist in service delivery (e.g., cloud infrastructure providers like Microsoft 365 or Google Workspace).

  • Legal Requirements: When mandated by a court of law or regulatory authority in Sri Lanka.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets.

6. Cross-Border Data Transfers

Given the nature of IT Managed Services, data may be stored on servers located outside of Sri Lanka (e.g., regional data centers of global cloud providers). We ensure that such transfers comply with the requirements of the PDPA and that appropriate safeguards are in place to protect your data.

7. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by law. The retention period is determined at our sole discretion based on the duration of our business relationship and applicable statutory limitation periods for legal claims.

8. Security of Information

We implement industry-standard technical and organizational security measures to protect data. However, as no method of transmission or electronic storage is 100% secure, we cannot guarantee absolute security. Our liability for data breaches is limited to the maximum extent permitted by Sri Lankan law.

9. Your Rights

Under the PDPA, you have the right to:

  • Request access to your personal data.

  • Request correction of inaccurate data.

  • Object to processing based on legitimate interests.

  • Request erasure of data (subject to our legal and contractual retention obligations).

To exercise these rights, please contact our Data Protection Officer at the details provided below. We reserve the right to charge a reasonable fee for processing complex requests.

10. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices or the law. Updates will be posted on our website with a revised “Effective Date.” Your continued use of our services constitutes acceptance of the updated policy.

11. Contact Information

For any inquiries regarding this policy or your data, please contact:

NGX Consultants Private Limited

Attn: Data Protection Officer

Email: [email protected]

Location: Colombo, Sri Lanka