JKH is the largest conglomerate listed on the Colombo Stock Exchange in Sri Lanka. With a heritage of over 150 years, through innovation and strategic partnerships, the John Keells Group of companies (“Group”) has become the leader in many key industry verticals. The Group is a driver and an integral part of the Sri Lankan economy. For more details, please visit our website Largest Listed Conglomerate in the Colombo Stock Exchange | John Keells Group, Sri Lanka.
Why your Privacy is Important to Us
JKH remains committed to ensuring a robust and transparent personal data protection framework.
As such your privacy is important to us, and we wish to assure you that the Personal Data we collect about you will be treated with care. This Privacy Policy informs you about:
Personal Data: any information which identifies an individual or information relating to an individual who can be identified (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data does not include anonymized data, aggregated data or data which does not disclose the identity of an individual.
Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including collecting, organizing, storing, preserving, amending, retrieving, using, transmitting, disclosing, erasing or destroying it.
Special Categories of Personal Data: any data which reveals detail of an individual’s race or ethnicity, religious or philosophical beliefs, sexual relations, sexual orientation, political opinions, trade union membership, offences, proceedings, convictions, information about health, genetic, bio metric data and/or personal data relating to a child.
Personal Data which you provide us which may include your name, address, national identification number, date of birth, place of permanent residence, email address and contact information.
Technical Data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage Data relating to you use this website or our services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
When you visit this website or use any of our mobile applications, we may also collect, use, store and share aggregated, anonymized, statistical or demographic data which may be derived from your Personal Data (Aggregated Data and/or Anonymized Data).
Aggregated and/or Anonymized Data is not considered Personal Data, as it cannot directly or indirectly reveal your identity. Aggregated and/or Anonymized Data may include the time and length of your visit to this website, the pages you have visited on this website, details of the website you visited immediately prior to visiting this website. We may also record the name of your internet service provider.
We may use such Aggregated and/or Anonymized Data to conduct analytical activities, to measure site activity to improve our website and for communications and services. For example, we may aggregate your Usage data to calculate the percentage of users accessing a specific website feature.
We may in this regard share such Aggregated and/or Anonymized Data with companies within the Group and/or data analytical service providers.
However, if we combine Aggregated and/or Anonymized Data with your Personal Data in manner that you can be identified (directly or indirectly), we will treat such combined data as Personal Data.
Where we need to collect Personal Data by law, under the terms of a contract with you, our website terms and conditions or where such Personal Data is required to furnish further information regarding the provisions of any of our services you and you fail to provide such Personal Data when requested, we may not be able to proceed with your requirements, including the performance of any contract with you or are trying to enter into with you. In these circumstances, we have the right to notify you and cancel or refuse to accept the services you are looking for.
In the event we have reason to believe that any Personal Data provided by you is false, inaccurate, a misstatement of fact, a misrepresentation, an act of identity theft, a violation of any third party right or similar circumstance, we have the right to refuse any services you require, terminate our contract if any, and where relevant, report you to the relevant regulatory authorities.
Direct interactions. You (or a person or agent acting on your behalf) may give us your Personal Data by corresponding with us by post, phone, email, directly through the website, social media platforms or otherwise, including when Personal Data is provided in feedback given to us and/or complaints on our services.
This website. We may automatically collect Technical Data about your equipment, browsing actions and patterns when you interact with this website by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see Section 5 below and our Cookie Policy for further details.
Our mobile website and mobile applications.These have the ability to access mobile device information to better serve our customers and stakeholders.
Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources such as:
| Purpose/Activity | Type of data | Lawful basis for processing (including our legitimate interest to give you the best and most secure user experience.) |
|---|---|---|
To provide you with further information, advise, services or in the performance of a contract. | Personal Data | Necessary to comply with a legal obligation and applicable law. Necessary for our legitimate interests to present you with the right kinds of products and services. |
To manage our relationship with you which will include: | Technical Usage Marketing and Communications | Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how clients use our web services) Necessary for our legitimate interests to present you with the right kinds of products and services. Necessary for our legitimate interest in improving our web services |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Technical | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Usage Marketing and Communications Technical | Necessary for our legitimate interests (to study how clients use our services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve this website, services, marketing, client relationships and experiences | Marketing and Communication Technical Usage Aggregated and/or Anonymized Data | Necessary for our legitimate interests (to define types of clients for our services, to keep this website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about services that may be of interest to you | Technical Usage | With your consent, to improve your experience. |
We strive to improve our services and also share marketing communications relating to our products and services as well as those of any Group company that may be of interest to you subject to the permitted limits of Personal Data usage.
We will request your express consent before we share your Personal Data with any company outside the Group for marketing purposes.
We may have to share your Personal Data in relation to the “Purposes for which we will use your Personal Data” enumerated above (under Section 5) with third parties including the following:
Companies within the Group and their associates (including those based within and outside Sri Lanka) who may act as joint controllers or processors, consultants or service providers (including in relation to services you may require, data analytics, marketing and research, revenue optimization and other services in connection with the operations of our businesses).
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. In particular, we require our third-party service providers to limit the processing of Personal Data for specified purposes and in accordance with our instructions.
Given the diversified nature of the Group with companies and business operations extending beyond Sri Lanka, it may be necessary to transfer your information and Personal Data outside Sri Lanka.
We have put in place appropriate security measures to prevent the unauthorised processing or loss of your Personal Data. Additionally, we have implemented measures that limit access to your Personal Data to those who have a business and need to know such information. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. Processes have been implemented to detect and address any actual or suspected Personal Data breaches. As required by applicable law, we will notify you and the applicable regulator in the event of such a breach.
Please bear in mind that we cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, compliance or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the legal requirements under applicable law.
Subject to such requirements, you may ask us to delete your data. In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you and you can no longer be identified by it) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You have the following rights in relation to your Personal Data under applicable data protection law:
If you wish to exercise any of the rights set out above, please reach out to us on the contact information provided above.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, unreasonable, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to verify your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will use all best endeavours to respond to all legitimate requests within twenty-one days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. We will keep you updated in such case.
We may use CCTV across our premises to ensure the safety of all our customers, patrons, employees, service providers and business partners. In particular, we may use CCTV footage to monitor the behaviour of all persons within our premises and where relevant to aid investigations into potential or actual criminal, fraudulent incidents or other incidents of a related nature. We may share such footage with law enforcement authorities and/or judicial authorities to assist with investigations, proceedings or other legal action.
We may update or amend this Privacy Policy from time to time and the updated version will be posted on this website. We request that you revisit this website from time to time for updates on the Privacy Policy.
The Privacy Policy may be translated into different languages, and in the event of any inconsistency among the versions, the English version shall prevail.
If you have any clarifications or complaints about the content of this Privacy Policy or the manner in which your Personal Data is proceed, we encourage you to contact us by using the information provided above in this regard.
JKH is the largest conglomerate listed on the Colombo Stock Exchange in Sri Lanka. With a heritage of over 150 years, through innovation and strategic partnerships, the John Keells Group of companies (“Group”) has become the leader in many key industry verticals. The Group is a driver and an integral part of the Sri Lankan economy. For more details, please visit our website Largest Listed Conglomerate in the Colombo Stock Exchange | John Keells Group, Sri Lanka.
Why your Privacy is Important to Us
JKH remains committed to ensuring a robust and transparent personal data protection framework.
As such your privacy is important to us, and we wish to assure you that the Personal Data we collect about you will be treated with care. This Privacy Policy informs you about:
Personal Data: any information which identifies an individual or information relating to an individual who can be identified (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data does not include anonymized data, aggregated data or data which does not disclose the identity of an individual.
Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including collecting, organizing, storing, preserving, amending, retrieving, using, transmitting, disclosing, erasing or destroying it.
Special Categories of Personal Data: any data which reveals detail of an individual’s race or ethnicity, religious or philosophical beliefs, sexual relations, sexual orientation, political opinions, trade union membership, offences, proceedings, convictions, information about health, genetic, bio metric data and/or personal data relating to a child.
Personal Data which you provide us which may include your name, address, national identification number, date of birth, place of permanent residence, email address and contact information.
Technical Data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage Data relating to you use this website or our services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
When you visit this website or use any of our mobile applications, we may also collect, use, store and share aggregated, anonymized, statistical or demographic data which may be derived from your Personal Data (Aggregated Data and/or Anonymized Data).
Aggregated and/or Anonymized Data is not considered Personal Data, as it cannot directly or indirectly reveal your identity. Aggregated and/or Anonymized Data may include the time and length of your visit to this website, the pages you have visited on this website, details of the website you visited immediately prior to visiting this website. We may also record the name of your internet service provider.
We may use such Aggregated and/or Anonymized Data to conduct analytical activities, to measure site activity to improve our website and for communications and services. For example, we may aggregate your Usage data to calculate the percentage of users accessing a specific website feature.
We may in this regard share such Aggregated and/or Anonymized Data with companies within the Group and/or data analytical service providers.
However, if we combine Aggregated and/or Anonymized Data with your Personal Data in manner that you can be identified (directly or indirectly), we will treat such combined data as Personal Data.
Where we need to collect Personal Data by law, under the terms of a contract with you, our website terms and conditions or where such Personal Data is required to furnish further information regarding the provisions of any of our services you and you fail to provide such Personal Data when requested, we may not be able to proceed with your requirements, including the performance of any contract with you or are trying to enter into with you. In these circumstances, we have the right to notify you and cancel or refuse to accept the services you are looking for.
In the event we have reason to believe that any Personal Data provided by you is false, inaccurate, a misstatement of fact, a misrepresentation, an act of identity theft, a violation of any third party right or similar circumstance, we have the right to refuse any services you require, terminate our contract if any, and where relevant, report you to the relevant regulatory authorities.
Direct interactions. You (or a person or agent acting on your behalf) may give us your Personal Data by corresponding with us by post, phone, email, directly through the website, social media platforms or otherwise, including when Personal Data is provided in feedback given to us and/or complaints on our services.
This website. We may automatically collect Technical Data about your equipment, browsing actions and patterns when you interact with this website by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see Section 5 below and our Cookie Policy for further details.
Our mobile website and mobile applications.These have the ability to access mobile device information to better serve our customers and stakeholders.
Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources such as:
| Purpose/Activity | Type of data | Lawful basis for processing (including our legitimate interest to give you the best and most secure user experience.) |
|---|---|---|
To provide you with further information, advise, services or in the performance of a contract. | Personal Data | Necessary to comply with a legal obligation and applicable law. Necessary for our legitimate interests to present you with the right kinds of products and services. |
To manage our relationship with you which will include: | Technical Usage Marketing and Communications | Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how clients use our web services) Necessary for our legitimate interests to present you with the right kinds of products and services. Necessary for our legitimate interest in improving our web services |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Technical | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Usage Marketing and Communications Technical | Necessary for our legitimate interests (to study how clients use our services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve this website, services, marketing, client relationships and experiences | Marketing and Communication Technical Usage Aggregated and/or Anonymized Data | Necessary for our legitimate interests (to define types of clients for our services, to keep this website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about services that may be of interest to you | Technical Usage | With your consent, to improve your experience. |
We strive to improve our services and also share marketing communications relating to our products and services as well as those of any Group company that may be of interest to you subject to the permitted limits of Personal Data usage.
We will request your express consent before we share your Personal Data with any company outside the Group for marketing purposes.
We may have to share your Personal Data in relation to the “Purposes for which we will use your Personal Data” enumerated above (under Section 5) with third parties including the following:
Companies within the Group and their associates (including those based within and outside Sri Lanka) who may act as joint controllers or processors, consultants or service providers (including in relation to services you may require, data analytics, marketing and research, revenue optimization and other services in connection with the operations of our businesses).
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. In particular, we require our third-party service providers to limit the processing of Personal Data for specified purposes and in accordance with our instructions.
Given the diversified nature of the Group with companies and business operations extending beyond Sri Lanka, it may be necessary to transfer your information and Personal Data outside Sri Lanka.
We have put in place appropriate security measures to prevent the unauthorised processing or loss of your Personal Data. Additionally, we have implemented measures that limit access to your Personal Data to those who have a business and need to know such information. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. Processes have been implemented to detect and address any actual or suspected Personal Data breaches. As required by applicable law, we will notify you and the applicable regulator in the event of such a breach.
Please bear in mind that we cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, compliance or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the legal requirements under applicable law.
Subject to such requirements, you may ask us to delete your data. In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you and you can no longer be identified by it) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
You have the following rights in relation to your Personal Data under applicable data protection law:
If you wish to exercise any of the rights set out above, please reach out to us on the contact information provided above.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, unreasonable, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to verify your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will use all best endeavours to respond to all legitimate requests within twenty-one days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. We will keep you updated in such case.
We may use CCTV across our premises to ensure the safety of all our customers, patrons, employees, service providers and business partners. In particular, we may use CCTV footage to monitor the behaviour of all persons within our premises and where relevant to aid investigations into potential or actual criminal, fraudulent incidents or other incidents of a related nature. We may share such footage with law enforcement authorities and/or judicial authorities to assist with investigations, proceedings or other legal action.
We may update or amend this Privacy Policy from time to time and the updated version will be posted on this website. We request that you revisit this website from time to time for updates on the Privacy Policy.
The Privacy Policy may be translated into different languages, and in the event of any inconsistency among the versions, the English version shall prevail.
If you have any clarifications or complaints about the content of this Privacy Policy or the manner in which your Personal Data is proceed, we encourage you to contact us by using the information provided above in this regard.