Privacy Policy – co-energi (Pvt) Ltd

1. Introduction

​

At co-energi (Pvt) Ltd (“co-energi,” “we,” “our,” or “us”), we are committed to safeguarding the personal data and privacy of our clients, partners, employees. This privacy policy outlines how we collect, use, store, share, and protect personal information. This policy applies to all personal data processed by co-energi in the course of our business activities, including project delivery, documentation, and stakeholder communications.

​

2. Information We Collect

​

We may collect and process the following types of personal and business-related information:

​

• Personal Identification Information: name, title, e-mail address, phone number, job role, organization.

• Project and Technical Information: designs, drawings, technical reports, specifications, sustainability documentation, and other project-specific materials.

• Communication Records: e-mails, call logs, meeting notes, and other forms of correspondence.

• Employment or Recruitment Data: CVs, qualifications, and employment history for recruitment purposes.

​

3. How We Collect Information

​

We gather information through the following methods:

​

• Direct Collection: during consultations, meetings, e-mails, or calls with clients and stakeholders.

• Third-Party Sources: trusted partners, referrals, or service providers with your consent or as required to deliver our services.

 

4. How We Use Your Information

​

Your data is used strictly for business-related purposes, including:

​

• Providing MEP consulting, sustainability services, and project documentation.

• Managing client relationships, service delivery, and project coordination.

• Complying with contractual, regulatory, or legal obligations.

• Improving our operations, service offerings, and internal quality systems.

• Sending updates only with prior consent.

​

We do not use your personal data for automated decision-making or profiling.

​

5. Our Legal Basis for Processing

​

We process personal data based on one or more of the following legal grounds:

​

• Your consent

• Fulfillment of a contract

• Compliance with a legal obligation

• Our legitimate interests (e.g., improving service delivery or business communication)

​

6. Information Sharing and Disclosure

​

We do not sell or lease your personal data to any third party. However, we may share your information as follows:

​

• With Clients and Partners: When necessary to facilitate project delivery.

• With Legal Authorities: If legally required to comply with judicial, governmental, or regulatory obligations.

• Photographic Material: co-energi does not take photographs of client premises, personnel, or project-related visuals without prior consent. We also do not share any photographs or visual materials on any public platform (including social media, marketing, or presentations) without the client’s explicit permission.

​

7. Data Security Measures

​

We are committed to maintaining the confidentiality, integrity, and availability of your data through:

​

• Secure systems and encrypted communication channels

• Role-based access control for internal systems

• Employee data handling and confidentiality policies

• Periodic security reviews and IT audits

• Incident response protocols to manage potential data breaches

​

8. Data Breach Response Protocol

​

In the unlikely event of a data breach:

​

• We will promptly identify, contain, and investigate the incident.

• Affected parties will be informed where required by law.

• Preventive actions will be implemented to mitigate future risks.

​

9. Data Retention

​

We retain personal and project-related data only for as long as is necessary to:

​

• Delivering services and fulfilling contractual obligations

• Meeting regulatory and legal requirements

• Address disputes or audit inquiries

​

After the retention period ends, your data is securely deleted or anonymized in accordance with internal policies.

​

10. Your Rights

​

Under the Sri Lanka Personal Data Protection Act and applicable laws, you have the right to:

​

• Access your personal data

• Request correction of inaccurate or incomplete data

• Request erasure or restriction of processing (subject to legal exceptions)

• Object to processing in certain contexts (e.g., direct marketing)

• Withdraw consent at any time

• Request data portability where technically feasible

​

To exercise these rights, please contact us at the e-mail below. We will respond within the timeframes required by law.

​

11. Internal Confidentiality and Employee Access

​

All co-energi employees are bound by confidentiality and data handling protocols. Internal access to personal data is granted only to authorized personnel based on role and responsibility.

We conduct regular staff training and audits to ensure compliance with our privacy and information security standards.

​

12. Policy Review and Updates

​

This privacy policy is reviewed at least annually or whenever legal, operational, or technological changes require updates. Any material changes will be published on our website and/or communicated directly to clients or stakeholders.

​

Last Updated: 29 July 2025