Privacy Policy

1. Who we are (data controller)

The data controller responsible for your personal data is:

• Sanit Engineering Consultancy
• No. 19, Madinnagoda Road, Rajagiriya, Sri Lanka
• Email: sales@sanitecai.com
• Phone: +94 77 773 2579

For any question about this policy or your personal data, contact us using the details above.

2. What personal data we collect

When you use our contact / quotation form we collect only what we need to respond to you:

• Name (required)
• Email address (required)
• Message (required)
• Company, phone number and service of interest (all optional)

Our web server and edge security may also process limited technical data such as your IP address, browser user-agent and request timestamp, strictly to keep the site secure and available.

3. Why we use it, and our lawful basis

We process the personal data above to:

• Respond to your enquiry and prepare the quotation you request. Lawful basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering a contract) and/or Article 6(1)(f) (our legitimate interest in handling business enquiries).
• Protect the website against attacks and abuse (technical/security logs). Lawful basis: Article 6(1)(f) (our legitimate interest in the security of our systems).

We do not use your contact details for marketing without your separate, opt-in consent, and we do not carry out automated decision-making or profiling.

4. Who we share it with

We do not sell your personal data. We share it only with service providers who help us operate, and only as needed:

• Our email provider, to receive and reply to your enquiry.
• If our online form back-end is enabled, the form processor Formspree, Inc. (United States) transmits your submission to us. As shipped, the form instead opens your own email client (or sends directly to us), so no third-party form processor receives your data unless and until that back-end is enabled.

5. International transfers

We are based in Sri Lanka. Where a processor outside your country is used (for example, if the Formspree form back-end is enabled, data is processed in the United States), that transfer is protected by an appropriate safeguard under Articles 44-49 GDPR, such as Standard Contractual Clauses and the processor's Data Processing Agreement. You may request details of the safeguards in place using the contact details above.

6. How long we keep it

We keep enquiry data only as long as necessary to handle your request and any resulting business relationship (typically up to 24 months after our last contact), after which it is securely deleted. Technical security logs are kept for a short period (rotated routinely) and then discarded.

7. Your rights

Subject to GDPR, you have the right to:

• Access the personal data we hold about you (Art.15)
• Rectify inaccurate data (Art.16)
• Erase your data (Art.17)
• Restrict or object to processing (Art.18, Art.21)
• Data portability (Art.20)
• Withdraw consent at any time, where processing is based on consent (Art.7)

To exercise any of these rights, email sales@sanitecai.com. You also have the right to lodge a complaint with your local data-protection supervisory authority.

8. Cookies and tracking

This website sets no non-essential or tracking cookies and uses no third-party analytics or advertising trackers, so no cookie-consent banner is required. Note that the embedded Google Map on our Contact page is served by Google and may set its own cookies when displayed; see Google's privacy policy for details.

9. How we protect your data

Consistent with ISO/IEC 27001:2022 practices, the site enforces HTTPS/TLS, a strict Content-Security-Policy and hardened security response headers, and access controls that keep configuration and source artefacts non-public. Personal data is handled on a need-to-know basis by our team.

10. Changes to this policy

We may update this policy from time to time. The current version and its "last updated" date are always shown at the top of this page.

Contact us about your data