01Overview
UTMIQ (PVT) LTD ("UTMIQ", "we", "us", or "our") is a technology solutions company registered in Sri Lanka. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website at utmiq.com, contact us via WhatsApp or email, or engage us for services.
By using our website or services, you agree to the practices described in this policy. If you do not agree, please do not use our website or provide us with your information.
The short version: We collect only what we need to deliver our services and respond to enquiries. We do not sell your data, ever. You can ask us to delete it at any time.
02Information we collect
We collect information in the following ways:
Information you give us directly
- Name and contact details (email address, phone number, WhatsApp number) provided when you reach out
- Business name and role when relevant to scoping a project
- Details about your project, processes, or technical requirements shared during conversations
- Any files, data, or documentation you send us in the course of an engagement
Information collected automatically
- Basic website analytics: pages visited, time on site, referring URL, device type, and browser (collected via privacy-respecting analytics tools)
- IP address and approximate geographic location (country/region level)
- Cookies and similar technologies — see the Cookies section below
We do not collect sensitive personal information such as national identity numbers, financial account details, health information, or biometric data.
03How we use your information
We use the information we collect to:
- Respond to your enquiries and understand your project requirements
- Scope, quote, deliver, and support the services you engage us for
- Send project updates, invoices, and service-related communications
- Improve our website and understand how visitors interact with it
- Comply with legal obligations under Sri Lankan law and applicable international regulations
- Protect our legitimate business interests and prevent fraud or misuse
We rely on the following legal bases for processing: contract performance (when we are delivering services you've engaged us for), legitimate interests (responding to inbound enquiries, improving our website), and legal compliance (record-keeping obligations).
We will only use your information for the purposes stated here. If we want to use it for something different, we will ask for your explicit consent first.
04Sharing your data
We do not sell, rent, or trade your personal information. We may share it in these limited circumstances:
- Service providers: Third-party tools we use to operate our business (e.g. cloud hosting providers, communication platforms). These providers are contractually bound to protect your data and use it only to provide services to us.
- Legal requirements: If required to do so by law, court order, or governmental authority in Sri Lanka or another applicable jurisdiction.
- Business transfers: If UTMIQ merges with or is acquired by another entity, your information may be transferred as part of that transaction. We will notify you before this happens.
No third party receives your project data or business information for their own marketing or commercial purposes.
05Data retention
We keep your information for as long as needed to fulfil the purposes described in this policy or as required by law:
- Enquiry and pre-sales communications: up to 2 years from last contact
- Client project records: up to 7 years following project completion (to meet standard accounting and contractual obligations)
- Website analytics data: aggregated and anonymised after 14 months
After these periods, we securely delete or anonymise your information. You can request earlier deletion at any time — see Your rights.
06Your rights
Depending on your location, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Ask us to update inaccurate or incomplete information
- Deletion: Ask us to erase your personal data where we have no legal obligation to retain it
- Restriction: Ask us to limit how we process your data in certain circumstances
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on our legitimate interests
- Withdraw consent: Where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at contact@utmiq.com. We will respond within 30 days. We may need to verify your identity before processing your request.
07Cookies
Our website uses a minimal set of cookies. We do not use advertising or tracking cookies.
- Strictly necessary: Session and security cookies required for the website to function correctly. These cannot be disabled.
- Analytics: Anonymised, aggregate data about how pages are used. No personally identifiable information is stored. You can opt out through your browser settings.
You can control cookies through your browser settings at any time. Disabling analytics cookies will not affect your ability to use the website.
For full detail, see our Cookie Policy.
08Security
We take appropriate technical and organisational measures to protect your information from unauthorised access, loss, or misuse. These include encrypted data transmission (HTTPS), access controls, and secure storage practices.
No method of transmission over the internet is completely secure, however, and we cannot guarantee absolute security. If you believe your data has been compromised, contact us immediately at contact@utmiq.com.
In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.
09International transfers
UTMIQ is based in Sri Lanka. If you are accessing our services from outside Sri Lanka, your information may be transferred to and processed in Sri Lanka or other countries where our service providers operate.
Where we transfer data internationally, we ensure appropriate safeguards are in place — such as standard contractual clauses — consistent with applicable data protection law.
10Children
Our website and services are directed at businesses and adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
11Policy changes
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify active clients by email. We encourage you to review this policy periodically.
Your continued use of our website or services after changes take effect constitutes your acceptance of the updated policy.
12Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, please reach out:
We aim to resolve all privacy concerns promptly. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.