Privacy Policy

1.1 Information You Provide Directly

When you use the contact form or subscribe to updates, we collect:

• Name
• Email address
• Message content (if submitted via contact form)
• Organization, country, or other optional information you choose to provide

1.2 Information Collected Automatically

When you visit the Site, we automatically collect certain technical information through analytics services (Google Analytics):

• IP address (anonymized for analytics)
• Browser type and version
• Device type (desktop, mobile, tablet)
• Pages visited on the Site
• Time spent on pages
• Approximate geographic location (country/region level)
• Referring website (how you arrived at our Site)
• Date and time of access

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies for analytics and to improve Site functionality. Cookies are small text files stored on your device. You can control or disable cookies through your browser settings, though some Site features may be affected.

Types of cookies we use:

• Essential cookies: Required for basic Site functionality (e.g., form submission, session management)
• Analytics cookies: Help us understand how visitors use the Site (via Google Analytics)

We use the information we collect for the following purposes:

• To respond to your inquiries: When you submit a contact form, we use your information to respond to your message and provide requested information about the framework, collaborations, training, or licensing
• To send updates: If you subscribe, we may send newsletters or updates about the A-R-R-A Framework, new resources, publications, or events (you can unsubscribe anytime)
• To improve the Site: Analytics data helps us understand how the Site is used, what content is most valuable, and how to improve user experience
• To ensure security: We monitor for abuse, spam, or unauthorized access to protect the Site and its users
• To comply with legal obligations: We may process information as required by applicable laws or to protect our rights

We do not sell, rent, or trade your personal information.

We may share your information in the following limited circumstances:

• Service Providers: We use trusted third-party service providers to help operate the Site, including:
  Web hosting services • Email delivery and newsletter management • Analytics (Google Analytics)

  These providers only access information needed to perform their services and are contractually obligated to protect it.

• Legal Requirements: We may disclose information if required by law, court order, or legal process, or to protect our rights, safety, or the safety of others
• Business Transfers: In the unlikely event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction (you would be notified)

Google Analytics

We use Google Analytics to understand how visitors interact with the Site. Google Analytics collects information anonymously and reports website trends without identifying individual visitors. Google's use of this information is governed by their Privacy Policy:

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on:

We take reasonable technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. These measures include:

• Secure hosting infrastructure
• HTTPS encryption for data transmission
• Restricted access to personal information
• Regular security reviews

However, no online system can be guaranteed 100% secure. Please use the Site at your own discretion and contact us immediately if you suspect any security breach.

We retain your information only as long as necessary for the purposes outlined in this Privacy Policy:

• Contact form submissions: Retained as long as needed to respond to your inquiry and maintain communication records (typically 3–5 years)
• Newsletter subscriptions: Retained until you unsubscribe or request deletion
• Analytics data: Retained according to Google Analytics settings (typically 26 months, anonymized)

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Withdraw Consent: Unsubscribe from newsletters or withdraw consent for data processing
• Object or Restrict Processing: Object to or request restriction of certain data processing activities
• Data Portability: Request your data in a portable format (where applicable)

How to exercise your rights:

• Email hasitha@theroifirm.com with your request
• Use the unsubscribe link in any newsletter email

We will respond to your request within 30 days (or as required by applicable law).

The Site is operated from Sri Lanka. If you are accessing the Site from outside Sri Lanka, please be aware that your information may be transferred to, stored, and processed in Sri Lanka or other countries where our service providers operate. By using the Site, you consent to such transfers. We take steps to ensure your information is protected in accordance with this Privacy Policy.

The Site is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at hasitha@theroifirm.com, and we will promptly delete such information.

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with additional rights:

• Legal Basis for Processing: We process your information based on:
  Your consent (e.g., newsletter subscriptions) • Legitimate interests (e.g., analytics to improve the Site) • Legal obligations (e.g., compliance with applicable laws)
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country if you believe we have violated your data protection rights
• Data Protection Officer: For GDPR-related inquiries, contact hasitha@theroifirm.com

We may update this Privacy Policy from time to time to reflect changes in our practices, Site functionality, or legal requirements. The "Last updated" date at the top will indicate the latest revision. Significant changes will be clearly noted on the Site or communicated via email if you have subscribed. Your continued use of the Site after changes constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests related to this Privacy Policy or your personal information:

© W.A. Hasitha Supun Jayathilaka, 2012–2026

We are committed to protecting your privacy and handling your information responsibly.