Umbra – Remote Sri Lankan Consultants for UK Businesses

Untitled design (1) 2
Menu

Privacy Policy

Privacy Policy

1. Introduction

Welcome to Umbra. This Privacy Policy outlines how we collect, use, and protect your personal data. First Capital Solutions (Pvt) Ltd, trading as Umbra, is committed to ensuring the privacy and protection of your information. This policy complies with the UK General Data Protection Regulation (GDPR) and other applicable laws.

2. Data Controller

The data controller is First Capital Solutions (Pvt) Ltd.

  • Company Name: First Capital Solutions (Pvt) Ltd

  • Registration Number: PV 86160

  • Address: 425/1, 2/1, Havelock Road Colombo 00600

  • Website: umbra.lk

  • Contact Email: privacy@umbra.lk

  • Phone Number: +94711237018

3. Data Collection

We collect personal data from website visitors and clients. The types of data we collect may include data relating to identity, contact details, online activity, and professional history.

We collect data through:

  • Direct collection during client onboarding

  • Contact forms (to be implemented in the future)

  • Cookies (to be implemented in the future)

  • Website analytics

We use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to collect information about your use of the website, including your IP address, browsing behavior, and other usage data.

We do not collect sensitive personal data (also known as ‘special category data’ under the GDPR). Client payment information is collected offline, not through the website. We do not collect data from children.

4. Use of Data

We use the collected data to:

  • Provide our services

  • Communicate with clients

  • Conduct marketing activities

  • Analyze website usage

  • Improve our services

We do not currently use data for automated decision-making, including profiling. We may do so in the future, when we have a more dynamic website.

5. Data Sharing

We do not share personal data with any third parties.

6. International Data Transfers

We do not transfer data to countries outside of Sri Lanka and the UK. We use industry-standard safeguards to protect your data.

7. Data Retention

We retain personal data until a removal request is received from the user.

We retain data as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Specifically:

  • We retain client data for the duration of the contract and as required by applicable laws and regulations.

  • We retain candidate data (e.g., CVs) for a reasonable period in consideration of potential future roles.

  • We retain website visitor data (e.g., IP addresses) for a limited period for security and analytics purposes.

  • Marketing data is retained until the user opts out.

8. Data Security

We protect personal data using encryption, access controls, and secure servers.

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Our procedures include:

  • Identifying the type and scope of the breach.

  • Containing the breach to prevent further data loss.

  • Assessing the risks to individuals affected by the breach.

  • Notifying the relevant supervisory authority (e.g., the ICO in the UK) within 72 hours of becoming aware of the breach, if required.

  • Communicating the breach to affected individuals, if required.

  • Investigating the breach and taking steps to prevent similar breaches in the future.

  • Maintaining documentation of the breach and the actions taken in response.

9. Your Rights

Under the UK GDPR, individuals have the following rights:

  • The right to be informed: Individuals have the right to be informed about the collection and use of their personal data. This Privacy Policy serves this purpose.

  • The right of access: Individuals have the right to access their personal data and be provided with a copy.

  • The right to rectification: Individuals have the right to request that inaccurate or incomplete personal data be corrected.

  • The right to erasure (‘right to be forgotten’): Individuals have the right to request the deletion or removal of their personal data where there is no compelling reason for its continued processing.

  • The right to restrict processing: Individuals have the right to request the restriction of the processing of their personal data.

  • The right to data portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.

  • The right to object: Individuals have the right to object to the processing of their personal data in certain circumstances, including for direct marketing, profiling, and scientific/historical research and statistics.

  • Rights in relation to automated decision-making and profiling: Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

You can exercise your rights by contacting us at privacy@umbra.lk. We will respond to your request within the timeframes specified by the UK GDPR. We may require you to verify your identity before fulfilling your request.

10. Legal Basis for Processing

We process your data based on the following legal bases:

  • Contract: Processing is necessary for the performance of a contract with you.

  • Legitimate Interests: Processing is necessary for our legitimate interests in providing and improving our services.

  • Consent: We will obtain your consent for specific processing activities, such as marketing communications, where required by law.

11. Cookies and Tracking Technologies

We use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to collect information about your use of the website, including your IP address, browsing behavior, and other usage data. This information is used to compile reports and help us improve our website.

  • Purpose of processing:

    • Collect data

    • View user behavior

    • Assess website conversion rates

    • Re-marketing

  • Legal basis: Legitimate Interests.

We will implement a prominent cookie banner on our website to obtain user consent for the use of Google Analytics cookies. The banner will provide clear information about the types of cookies used, their purpose, and how users can manage their preferences. Users can also manage cookie preferences through their browser settings.

12. Employer of Record (EOR) Details

For client and employee registration, we collect standard basic data.

The data protection responsibilities of our clients (the companies who use our EOR services) and our responsibilities are as follows: To be provided.

13. Changes to this Privacy Policy

We will notify users of any changes to our Privacy Policy via a website pop-up and email for registered users.

Scroll to Top