This Privacy Notice explains how Assetline Finance Limited (“Assetline”, “we”, “us”) collects, uses, stores, shares, and protects your personal data. We are committed to ensuring your privacy and maintaining the highest standards of data protection in line with the Personal Data Protection Act, No. 9 of 2022 (Sri Lanka) and other applicable regulations.
This document is designed to give customers, stakeholders, partners, and the general public a clear and concise understanding of our privacy practices.
We collect only the information necessary to provide our services safely, efficiently, and lawfully. This may include:
Identification Data: Name, NIC, passport, driving license, photographs, signatures, biometric identifiers (where applicable), and CCTV recordings.
Contact Data: Address, email, phone numbers.
Financial Data: Bank details, transactions, credit history, credit scores, loan information.
Employment / Professional Data: Occupation, employer details, qualifications.
Technical Data: IP address, device information, cookies, login activity.
Relationship Data: Details of guarantors, beneficiaries, references, or related parties.
Communications Data: Call recordings, emails, messages exchanged with us.
Special Category Data: As required for compliance (PEP status, criminal background checks, KYC/AML indicators, and data of minors with guardian consent).
Surveillance Records: CCTV footage, access control logs, visitor logs, and other monitoring records collected for security and fraud-prevention purposes.
We collect personal data through:
Direct Interactions: Applications, loan documentation, digital onboarding, branch visits, call center interactions, website forms.
Third Parties: Credit bureaus (CRIB), banks, regulators, law enforcement, verification agencies, and authorised service providers.
Digital Technologies: Cookies, online behavior analytics for service improvement.
We process personal data strictly for legitimate and lawful purposes, including:
A. To Provide You with Financial Services
Customer onboarding (KYC, AML).
Assessing loan eligibility and creditworthiness.
Maintaining your accounts and managing facilities.
Communicating about your agreements, payments, and services.
B. Employment and Merchant Onboarding
Recruitment processes.
Employee management and compliance.
Merchant due diligence and ongoing monitoring.
C. Marketing and Service Improvements
Informing you about new services or promotions (with your consent).
Conducting surveys and service quality reviews.
D. Legal and Regulatory Compliance
Compliance with the Central Bank of Sri Lanka, FIU, regulatory guidelines, sanctions, AML/CTF requirements.
Detecting and preventing fraud, financial crime, or suspicious activities.
Responding to legal requests, court orders, or regulatory examinations.
E. Operational and Security Purposes
Maintaining secure systems.
CCTV monitoring in branches and premises.
System audits, risk monitoring, and internal controls.
Automated decision-making for KYC, credit scoring, and identity verification.
We may share your data only when necessary and lawful, with:
Banks and Credit Bureaus (CRIB) for credit assessments.
Regulators and Government Authorities as required by law.
Auditors, Legal Advisors, and Professional Consultants.
Service Providers who support our operations (IT, payment processing, communication platforms, verification services).
Insurers and Insurance Brokers.
David Pieris Group Companies for group-level reporting, customer support, and marketing (with appropriate safeguards).
Parties to Corporate Transactions (mergers, acquisitions, restructurings).
When international data transfers occur, we ensure equivalent protection and safeguards.
We apply strict security controls, including:
Encryption and secure transmission of data.
Firewalls, intrusion detection, and continuous system monitoring.
Strict access controls and authentication protocols.
Regular audits, penetration testing, and internal policy enforcement.
Staff training on data privacy and confidentiality.
All third-party service providers handling personal data must adhere to Assetline Finance Limited’s confidentiality and information security standards.
We retain your personal data only for as long as required for:
Providing services and managing your relationship with us.
Meeting legal, operational, or regulatory obligations.
Defending legal claims or meeting audit requirements.
After retention periods expire, your data is securely deleted, anonymized, or archived according to our Data Retention Policy.
You are entitled to the following rights under applicable law:
Right to be informed about how we use your data.
Right of access to your personal information.
Right to rectification of inaccurate data.
Right to erasure (subject to legal requirements).
Right to withdraw consent for optional processing or marketing.
Right to restrict or object to certain processing activities.
Right to data portability.
Right regarding automated decision-making.
Right to appeal to the Data Protection Authority.
Requests can be made at any time using the contact details below.
If you have questions about this Privacy Notice, wish to exercise your privacy rights, or need to raise a concern, you may contact:
Data Protection Officer, Assetline Finance Limited
120/120A, Pannipitiya Road, Battaramulla, Sri Lanka
Telephone: +94 11 4700 100
Email: info@assetlinefinance.lk
Assetline Finance Limited is committed to maintaining a culture of privacy, trust, and responsible data handling to protect our customers, employees, and stakeholders.
