This Privacy Policy is effective 15 MARCH 2021.

This Digital Privacy Policy (“Privacy Policy”) describes how MAS Holdings (Private) Limited a company duly incorporated under the laws of Sri Lanka having its registered address at No.199, Kaduwela Road, Battaramulla, Colombo 02, Sri Lanka (“we” or “us” or “our”) collects, uses and discloses your personal data through a variety of digital means: when you are accessing or using this website or mobile application (the “Platform”) on any computer, mobile phone, tablet, console or other device (collectively, “Device”). We may modify this Privacy Policy at any time effective upon its posting.

We reserve the right to change this Privacy Policy at any time by posting the updated Policy here along with the date on which the Policy was changed. If we make material changes to this Privacy Policy that affect the way we collect, use and/or share your personal information, if you have signed-up with us or subscribed to our newsletters (if applicable), we will notify you by including a "NEWLY UPDATED" label with the "PRIVACY POLICY" link on our Services for 30 days after material changes are made.

For European Economic Area ("EEA") data subjects:  We are required to set out the legal basis for collecting, using, disclosing, transferring or processing your personal data.  We have identified that legal basis in this Privacy Policy. For EEA data subjects, we have also explained where appropriate the tests we have applied in assessing that legal basis (such as a "balancing test").  More information on the balancing test is available upon request.

 

WHAT PERSONAL DATA WE COLLECT AND WHY AND LEGAL BASIS

We collect personal data in the following ways:

 

Active collection

Active collection means personal data you provide to us when you share your request for quotations with us. We may ask you to provide us with your name, your surname, your company or institution name, your email address, your contact number, your address, and other limited amounts of personal data. We process such personal data for the purpose of providing our services to you, to connect you with our trading/manufacturing entities, and to communicate with you regarding the services. Providing such personal data is voluntary. However, without providing such personal data, we will not be able to process your request for quotations and you will not be able to sign up for an account. We will further use this personal data to optimize our products, learn more about our customers, including to build a database of interested consumers who can help us finalize and customize our products, identify potential early adopters and provide you updates on our products if you do expressly confirm that you wish to receive such updates. We do not collect any credit card or other payment card data from you via the Platform. For the avoidance of any doubt, no financial transaction shall take place via this Platform.

For EEA data subjects:  The legal basis for the processing of the above personal data relating to active collection in some cases will be the contract on the use of the Platform concluded with you. The legal basis for the processing of the above personal data in some cases will be our legitimate interest, which is the use of personal data to connect you with our trading/manufacturing entities, develop our products and our business. We have assessed in a balancing test that the processing is necessary to achieve our aforementioned legitimate interests and that our legitimate interests are not overridden by your interests or your fundamental rights and freedoms.

We will also use your personal data to send you email and other marketing messages about our products. The personal data we collect allows us to keep you posted on our latest product announcements. If the law requires us to do so, we will first seek your consent before sending you marketing messages. For EEA data subjects: We will only send you marketing messages when you have consented to receive them. The legal basis for the processing of such personal data is consent.

 

Passive collection

Passive collection means: information, which may include personal data, which is automatically collected as you navigate through and interact with the content on the Platform, as well as install information on your Device (such as cookies).

The purpose of passively collecting your information is to understand the visitors’ behaviour and engagement to different areas of the Platform, along with to improve the overall customer experience. Through the tracking code embedded in our Platform, the information, which may include personal data, collected includes: 

 

2.1 Device-specific data

The following information may be collected through your Device and browser:

  • your Device's IP address (collected and stored in an anonymized format);
  • device screen size;
  • device type (unique device identifiers) and browser information;
  • geographic location (country location only);
  • preferred language used to display the webpage.

2.2 Log data

Our servers automatically record information that includes:

  • referring domain;
  • pages visited;
  • geographic location;
  • preferred language used to display the webpage;
  • date and time when Platform pages were accessed;

2.3 Cookies

We do not currently respond to "do not track" signals in browsers; we are trying to provide a customized experience. The Platform uses "cookies" to collect information, which may include personal data including standard internet log information and details of your behavioural patterns upon visiting our Platform. We do this to provide you with a better experience, identify preferences, diagnose technical problems, analyse trends and to improve the Platform.  "Cookies" are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the Platform.

Find out more about our cookie policy here: https://plus.masholdings.com/pages/cookie-policy

For EEA data subjects:  The legal basis for the automatic collection of personal data listed above are our legitimate interests which are the following: to monitor and maintain the performance of the Platform and to analyse trends, usage and activities in connection with our Platform, to provide a better experience for you, to identify preferences, to diagnose technical problems and to analyse trends and to improve the Platform. We have assessed in a balancing test that the processing is necessary to achieve our aforementioned legitimate interests and that our legitimate interests are not overridden by your interests or your fundamental rights and freedoms. Providing such personal data is voluntary.

The Platform also uses cookies to collect information to be used for targeted marketing purposes and/or tracking purposes.  If the law requires us to do so, we will first seek your consent before using cookies in this way. For EEA data subjects:  We will only use cookies in this way with your consent.  The legal basis for such processing is your consent.

 

WHAT WE COLLECT FROM OTHER INTERACTIONS WE HAVE WITH YOU AND FROM THIRD PARTIES

To the extent you have consented to us doing so, we may combine personal data you give us with other personal data we hold about you from digital/other sources, transactions and communications. This may include personal data obtained from social media platforms, our stores, direct mail, catalogues, events, products and applications, or other interactions. To the extent you have consented, we may also combine that personal data with data that is publicly available and data from third parties.

For EEA data subjects:  The legal basis for the combination of such personal data is your consent.

 

SHARING PERSONAL DATA

  1. CORPORATE GROUP

We may provide your personal data to our  Affiliates, some of which may be outside the European Union. The access is limited to colleagues with a need to know.

For purposes of this Privacy Policy, Affiliates shall mean any one or more business entities which, directly or indirectly, are controlling, controlled by, or under common control of MAS. Control shall mean the ownership of 33% or more of the share capital of a company or having management control of a company.

For EEA data subjects:  The legal basis for the respective transfer of your personal data is our legitimate interests. Our legitimate interests are the transmission of personal data within the group of companies to connect you with our trading/manufacturing entities and for internal administrative and support purposes. We have assessed in a balancing test that the processing is necessary to achieve our aforementioned legitimate interests and that our legitimate interests are not overridden by your interests or your fundamental rights and freedoms.

 

  1. SERVICE PROVIDERS

 We do not share personal information with third parties except as stated in this Privacy Policy. We may disclose information to companies affiliated with us and/or unaffiliated third parties (i) to provide the products and services you have requested; and (ii) for administrative, analytical, and logistical purposes. For example, we may provide information to connect you with our trading/manufacturing entities.

In addition, we may share information with our corporate group companies for the purposes such as vendor and customer registrations, developing and designing products, manufacturing and shipping of products to customers. We also share information with certain third-party companies with which we have a business relationship such as logistic partners, system developers, auditors, legal and regulatory institutes.

If the information is to be collected directly from you, you may in some cases have the option to decline providing that information. However, your choice to not provide information may impact your use of certain features or services.

To the extent permitted or required by applicable law we may disclose personal data upon governmental request, in response to a court order, when required by law, to enforce our policies, or to protect our or others’ rights, property or safety. To the extent permitted by law we may share personal data to prevent illegal uses of our products and services or violations of the Terms of Use, or to defend ourselves against third-party claims. We may also share personal data with companies assisting in fraud protection or investigation.

For EEA data subjects:  The legal basis for such processing is compliance with a legal obligation to which we are subject or our legitimate interests, such as exercise or defense of legal claims. We have assessed in a balancing test that the processing is necessary to achieve our aforementioned legitimate interests and that our legitimate interests are not overridden by your interests or your fundamental rights and freedoms.

 

  1. BUSINESS TRANSFERS

Your personal data may be transferred to a third party as a part of our business assets in a sale of a part or all of our business. If this should happen, notice of the transfer will be provided by posting to the Platform or other form of communication.

For EEA data subjects:  The legal basis for the transfer may be your consent, the performance of a contract, the pursuit of legitimate interests, or other applicable legal bases.

 

SHARING - YOU CHOOSE

You may choose to share certain personal data. In order to participate in certain features, you may have to adjust your privacy settings and share more personal data. You may also choose to share your activity on other platforms, such as Facebook and Twitter. Please read the privacy policies of those platforms, because your activity published on those platforms will no longer be governed by this Privacy Policy.

For EEA data subjects:  The legal basis for sharing this personal data is your consent.

 

PROTECTING THE PERSONAL DATA

Security Measures: We use a variety of security measures, including encryption and authentication tools, to help protect your personal data.

We use reasonable technical, administrative, and physical measures to protect your personal information. When your personal information is shared, we will take a reasonable approach to prevent the unauthorized use of personal information.

Please note, however, that while we attempt to safeguard your personal information, no method of transmitting or storing electronic information is ever completely secure, and thus we make no warranty, express, implied, or otherwise, that your information will never be accessed, used or released in a manner that is inconsistent with this Privacy Policy. In no event shall we be liable for any damages (whether consequential, direct, incidental, indirect, punitive, special or otherwise) arising out of, or in any way connected with, a third party's unauthorized access to your information, regardless of whether such damages are based on contract, strict liability, tort or other theories of liability, and also regardless of whether we are given actual or constructive notice that damages were possible, except as provided under applicable laws.

 

INTERNATIONAL DATA TRANSFER

The personal data that we collect or receive about you may be transferred to and processed by recipients who are located inside or outside the European Economic Area and which do not provide for an adequate level of data protection. The countries that are recognized to provide for an adequate level of data protection from an EU law perspective are Andorra, Argentina, Canada, Switzerland, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Jersey, New Zealand and the Eastern Republic of Uruguay. Recipients in the US may partially be certified under the EU-U.S. Privacy Shield and thereby deemed to provide for an adequate level of data protection from an EU law perspective. To the extent your personal data is transferred to countries that do not provide for an adequate level of data protection from an EU law perspective, we will base the respective transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission. You can ask for a copy of such appropriate safeguards by contacting us as set out in Section “CONTACT US”. The access is limited to recipients with a need to know.

 

KEEPING YOUR PERSONAL DATA

Please do contact us in the event you wish to modify or delete your profile within certain of our services. Your information previously posted may still be publicly viewable. We may keep information and content in our backup files and archives. Your personal data will be retained as long as necessary to provide you with the services requested. When we no longer needs to use your personal data to comply with contractual or statutory obligations, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your personal data, including if we need to keep your personal data to comply with legal or regulatory obligations to which we are subject, e.g. statutory retention periods and usually contain retention periods, or if we need it to preserve evidence within the statutes of limitation.

 

LEGAL REQUIREMENTS

Please note that the laws and regulations of several countries, including without limitation, the requirements imposed under the applicable regulation, require us to provide foreign and domestic government agencies with access to the personal information you disclose to us and data that we have about you and transaction history. We do not have control or knowledge of the storage and use of that data after it has been delivered to the respective government entity. Further, to the extent required by law, we may disclose personal information to government authorities, or to third parties pursuant to a subpoena or other legal process, and we may also use or disclose your information as permitted by law to protect the rights or property of us, our customers, our services, or its users.

 

MINORS

Our website is not designed or directed at children. We will not intentionally collect, maintain, or distribute information about anyone under the age of 16.

If you are a parent or guardian of a child who has provided personal information without your knowledge and consent, you may request us to remove this children’s information by emailing us at PrivacyOffice@masholdings.com

 

LINKS TO OTHER SITES

We'd also like to remind visitors that we provide additional links to resources we think you'll find useful. These links will lead you to sites that are not affiliated with us and may operate under different privacy practices. Our visitors are responsible for reviewing the privacy policies for such other websites, as we have no control over information that is submitted to these companies.

OBTAINING AND HANDLING YOUR CONSENT

By using our Services and submitting personal information to this site, you are accepting and consenting to the practices and uses described in this Privacy Policy. This Privacy Policy is not a contract. We will seek to obtain your additional consent where required by applicable law.

 

Application of local laws

Where required by local law, you may have the right to access, update or request that we delete your personal information. To inform us of inaccuracies or changes to your personal information, please use the below contact information to reach out to MAS. We will, in accordance with applicable law, update, grant access to, or delete such information. Please note, requests to correct, transfer or delete personal information are subject to applicable legal, ethical reporting, or document retention obligations imposed on us.

When you provide us with your information, you acknowledge that this information may be stored, transferred, and processed on servers located anywhere in the World, including either inside or outside of the USA, Singapore or the European Economic Area.

 

YOUR RIGHTS

If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.

Pursuant to applicable data protection law you may have the right to: request access to your personal data, request rectification of your personal data; request erasure of your personal data, request restriction of processing of your personal data; request data portability, and object to the processing of your personal data. Please note that these aforementioned rights might be limited under the applicable national data protection law. For further information on these rights, please refer to Section “Your rights in detail”.

You also have the right to lodge a complaint with a data protection supervisory authority. To exercise your rights please contact us as stated in Section “Contact us”.

 

Your rights in detail

 

Right of access

You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

 

Right to be informed

You may have the right to know the purposes for processing your personal data, our retention periods for that personal data, and with whom it will be shared. This privacy policy provides you with this information. You may reach out to us to obtain any further information needed to enable to exercise your rights.

 

Right to rectification

You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

Right to erasure (“right to be forgotten”)

Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data. 

 

Right to restriction of processing

Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

 

Right to data portability

Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.

 

Right to object

If the processing of your personal data is based on legitimate interests, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data.

Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case, your personal data will no longer be processed for such purposes by us.

 

CONTACT US

If you have concerns or questions regarding this Privacy Policy, or if you wish to issue a request to exercise your rights where applicable by law, please provide your name and contact information along with the request. Please contact us as follows:

Amila Pathirana

Business Development Lead, Medical Apparel and PPE

amilapa@masholdings.com

M: (+94) 77 791 5590

 

Alternatively, inquiries may be mailed to the following address:

Mailing address:

PrivacyOffice@masholdings.com

MAS Holdings (Private) Limited

-c/o – Data Protection Officer

Privacy Office

No.199, Kaduwela Road,

Battaramulla

Sri Lanka

Effective date - Policy was last updated and effective on MARCH 15, 2021.