GDPR

Introduction

This European Union General Data Protection Regulation (“GDPR”) and Company Privacy Policy (“Policy”) applies to individuals who visit www.whiterock.lk (“Site”) from the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland. It describes how White Rock Global Solutions (Pvt) Ltd and its subsidiaries (“White Rock Global Solutions,” “We,” or “Us”) collect, use, and disclose Personal Data (information relating to an identified or identifiable individual in the EEA, UK, or Switzerland) through our website.

This Policy supplements our full Company Privacy Policy at https://whiterock.lk/privacy-policy/. Unless otherwise defined here, terms align with those in the main Privacy Policy.

White Rock Global Solutions is committed to compliance with the GDPR and partners with clients to meet regulatory requirements. We’ve enhanced our services, contracts, and documentation to align with GDPR standards and support our clients’ compliance efforts.

For European Citizens and Residents Only

If you are an EEA citizen/resident or from a region with stricter data protection laws than Sri Lanka, note that your information may be transferred to jurisdictions with differing laws. Staff or service providers outside the EEA may process your data. Where required, we will obtain your explicit consent for such transfers.

All processing complies with:

  • The EU Directive 95/46/EC (until May 25, 2018).
  • The GDPR (Regulation (EU) 2016/679) thereafter.

For GDPR purposes, White Rock Global Solutions acts as the “data controller” for Personal Data collected via our Site, unless we process data on behalf of another controller (then we are a “data processor”). GDPR definitions override any conflicting terms here.

Your Data Rights Under GDPR

You have the right to:

  1. Access – Request confirmation of processing and a copy of your data (machine-readable). Email: contact@whiterock.lk.
  2. Rectification – Correct inaccurate or incomplete data.
  3. Erasure – Request deletion (unless overriding interests apply).
  4. Restrict Processing – Limit how we use your data (storage may continue).
  5. Object to Processing – Oppose use for:
  • Legitimate interests/public tasks.
  • Direct marketing.
  • Research/statistics.
  1. Data Portability – Receive your data in a structured, machine-readable format.
  2. Lodge Complaints – File a complaint with a supervisory authority in your EU member state.
  3. Withdraw Consent – Revoke prior consent (does not affect lawful prior processing).

Data Transfers

White Rock Global Solutions is headquartered in Sri Lanka. Your data may be transferred to or accessed in jurisdictions with differing protection levels. We safeguard transfers through:

  • Intercompany agreements based on Standard Contractual Clauses (SCCs) for EEA/Switzerland transfers.
  • Adequate security measures for other regions.

By using our services from outside the U.S., you consent to cross-border data transfers.

Contact

For GDPR inquiries, contact our Data Protection Officer at:
Email: contact@whiterock.lk
Postal Address: White Rock Global Solutions (PVT)Ltd , 53/1/A, Ramakrishna Rd, Colombo 06, Sri Lanka. 00600

Last Updated: 29th April 2025