Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the  Privacy Policy Generator.

1. Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purpose of this Privacy Policy:

  1. Account means a unique account created for You to access our Service or parts of our Service.

  2. Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to C.C.R. C.S.R. Lanka Pvt. Ltd., 2nd Floor, McLaren's Building, 123 Bauddhaloka Mawathe, Colombo 4, Sri Lanka .

  3. Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

  4. Country  refers to: Sri Lanka.

  5. Device  means any device that can access the Service such as a computer, a cell phone or a digital tablet.

  6. Personal Data   is any information that relates to an identified or identifiable individual.

  7. Service  refers to the Website.

  8. Service Provider  means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.

  9. Usage Data  refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  10. Website  refers to the Mother and Child-Friendly Seal for Responsible Business website, accessible from  www.srilanka-motherandchildseal.org

  11. You  means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used during the expression of interest phase, to assess your company’s eligibility to become a Seal initiative member and to be awarded the seal. Personally identifiable information may include, but is not limited to:

Company Assessment Data

In order to apply for the Seal Initiative, your company will be required to fill in a capacity self-assessment form in the secure portal. This information will not be made accessible to the public. The information collected include data on the following key areas:

The data collected through the capacity self-assessment phase is for The Centre's review and assessment and will not be shared on the public section of the website and only shared within the secure portal.

Your company will also be expected to submit the capacity strengthening plan, as well as the action plan and monitoring plan that will be undertaken by the company in relation to family friendly workplace initiatives. A summary of the action plan will be shared in the public portal of the website, after confirmation from your company focal point.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

3. Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: What Are Cookies?.

We use both Session and Persistent Cookies for the purposes set out below:

4. Use of Your Personal Data

The Mother and Child-Friendly Seal for Responsible Business website collects personally identifiable information in the following ways:

Member and Client Data

When a company applies to take part in the Mother and Child-Friendly Seal for Responsible Business we ask them to fill out a questionnaire to assess their eligibility. We also host a website portal for Seal members to upload, edit and track their application and all associated documents, to share initiative updates and information about their mother and child-friendly interventions, to give and receive feedback etc. Information collected includes:

Company Assessment Data

In order to apply for the Seal Initiative, your company will be required to fill in a capacity self-assessment form in the secure portal. This information will not be made accessible to the public. The information collected include data on the following key areas:

Your company will also be expected to submit the capacity strengthening plan, as well as the action plan and monitoring plan that will be undertaken by the company in relation to family friendly workplace initiatives. A summary of the action plan will be shared in the public portal of the website, after confirmation from your company focal point.

All personal data collected will only be used to process your company’s Seal initiative membership application and send you invites or announcements from the Mother and Child-Friendly Seal for Responsible Business initiative or on occasion events from The Centre for Child Rights and Business (abbreviated as ‘The Centre’) that might be of interest to members, if you have subscribed to The Centre’s mailing list. We do not sell personal data to anyone and do not share it.

Events Data

Individuals within companies provide their corporate information to register for an event, workshop or meeting with the Mother and Child-Friendly Seal for Responsible Business initiative. During event registration, where information is voluntarily provided during event signup, we collect the following information from you:

The seal initiative’s events may be photographed and/or video/audio recorded for the purpose of reflecting the events in the Mother and Child-Friendly Seal for Responsible Business website and on The Centre’s website. We focus our efforts solely on the key note speakers and other voluntary participants from the audience, as well as the audience as a whole.

Website Visitors’ Data

In general, website visitors do not need to provide personalised information to The Company. We do collect "aggregate data," that is, group data with no personal identifiers. We use this aggregate data to help us understand how the site is being used, to track our monthly website traffic and to improve its usability. We also use it to enhance the quality and availability of products and services we offer.

We also, with explicit permission, use aggregate data from online surveys you choose to fill out for research and publication purposes.

If personal data is provided, and retained, it is only name, business contact email, and business contact phone number, which allow the Seal initiative administrators to contact the visitor at his or her organisation. The Company solely holds the information and engages in no contact-sharing programme with other organisations.

When you access the Site [or our mobile application], your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site [or our mobile application]. In compliance with the EU ePrivacy Directive, the Mother and Child-Friendly Seal for Responsible Business website asks permission of the visitor prior to setting Cookies. Should the visitor agree, the Mother and Child-Friendly Seal for Responsible Business website server will only collect the following information:

In addition, where this is available, The Company will also collect:

We only use this data to improve the visitor’s website experience.
When it comes to Cookies, we rely on consent given as the lawful basis under GDPR Article 6(1)(a).

Inquiries

When you send an inquiry to us through our contact form, we use the personal data that you have stated in the contact form to answer you. Any personal data received from you will not be used for any other purpose without your prior consent and knowledge and will not be disclosed.
We rely on a legitimate interest as the lawful basis under GDPR Article 6(1)(f) for the processing of data in connection to inquiries.

Surveys

In order to ensure that the services we offer meet your requirements, we may ask for your feedback in form of surveys and polls. Any feedback received from you will only be used for the purpose of improving our services and will not be disclosed.
We rely on your consent as the lawful basis under GDPR Article 6(1)(a) for the processing of data in connection with surveys.

Interviews

If we contact you to perform stakeholder interviews, any personal data received from you will not be used for any other purpose without your prior consent.

eCommerce

The Company’s use of ecommerce is limited to registration for a limited number of events, webinars, workshops and online training each year. Individuals within companies provide their corporate information to register for an event. We use the data collected in order to manage attendee numbers and monitor whether our events are reaching the targeted audiences.

We rely on fulfilment of contract as the lawful basis under GDPR Article 6(1)(b) for the processing of eCommerce Data.

5. Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

6. Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

7. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

8. Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

9. Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

10. Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Complaints

If you want to lodge a complaint over our processing of your personal data, please contact us directly. If we cannot help you, you can lodge a complaint to the national  Data Protection Authority.

12. Changes

We recognise that data protection and privacy is an ongoing responsibility, so we reserve our right to make changes to this Data Protection and Privacy Policy from time to time as we undertake new personal data practices or adopt new privacy policies, etc. If such changes are substantial, we will notify you via email, provided that we have your email address.

13. Corporate Information

C.C.R. C.S.R. Lanka Pvt. Ltd. is a registered company in Sri Lanka that develops and manages the Mother and Child Friendly Seal for Responsible Business initiative, as well as provides training and consultancy services on various aspects of child rights to business entities, development agencies and civil society organisations.

C.C.R. C.S.R. Lanka Pvt. Ltd. is owned by The Centre for Child Rights and Business (shortened version ‘The Centre’). The Centre consists of three legal entities: Rädda Barnen AB (parent company), CCR CSR (Beijing) Limited (subsidiary) and CCR CSR (HK) Ltd (subsidiary). Rädda Barnen Service AB with its subsidiaries is wholly owned by Save the Children Sweden.

14. Contacting us

If you have any questions about this Privacy Policy, You can contact us: