Effective Date: 1st January 2026
Introduction
SCU (Private) Limited (“SCU”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy in accordance with the Personal Data Protection Act No. 9 of 2022 of Sri Lanka (“PDPA”).
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in connection with;
- Our website www.scu.lk
- Student admissions and course delivery
- Academic and administrative operations
- Marketing and communications activities
By engaging with SCU, you acknowledge that your personal data will be processed in accordance with this Policy.
Categories of Personal Data Collected
We may collect and process the following categories of personal data;
Student and Applicant Data
- Full name
- Date of birth
- National Identity Card / Passport details
- Contact information (email, telephone, address)
- Academic qualifications and transcripts
- Emergency contact details
- Payment and billing information
- Attendance and academic performance records
Parent/Guardian Data (where applicable)
- Name and contact details
- Relationship to student
- Billing and payment details
Website User Data
- IP address
- Browser type and version
- Device information
- Usage statistics
- Cookies and tracking data
Staff and Contractor Data
- Employment-related information
- Identification and contact information
Lawful Basis for Processing
We process personal data based on one or more of the following lawful grounds under the PDPA;
- Consent – where you have provided clear consent.
- Performance of a Contract – including student enrolment agreements and employment contracts.
- Compliance with Legal Obligations – including regulatory and tax requirements.
- Legitimate Interests – including academic administration, security, fraud prevention, and service improvement.
- Protection of Vital Interests – in cases involving health or safety.
Where processing is based on consent, you may withdraw consent at any time.
Purposes of Processing
We process personal data for the following purposes;
- Processing admissions and student registration
- Delivering academic programs and assessments
- Managing attendance and academic records
- Communicating with students and parents
- Issuing certificates and transcripts
- Processing payments and maintaining financial records
- Marketing programs and events (where consent has been obtained)
- Ensuring campus and digital security
- Complying with regulatory and accreditation requirements
Cookies and Tracking Technologies
We use cookies and similar technologies to;
- Improve website functionality
- Analyse traffic using analytics tools
- Enhance user experience
You may configure your browser to refuse cookies. However, certain website features may not function properly.
Disclosure of Personal Data
We may disclose personal data to;
- Regulatory authorities and government bodies where legally required
- Professional advisors (legal, audit, compliance)
- Payment processors and financial institutions
- IT service providers and cloud hosting providers
- Academic partners and accreditation bodies
All third parties are contractually required to maintain confidentiality and comply with applicable data protection obligations.
International Data Transfers
Where personal data is transferred outside Sri Lanka, SCU ensures that appropriate safeguards are in place in accordance with the PDPA, including;
- Contractual data protection clauses
- Adequacy assessments
- Secure transfer mechanisms
Data Retention
We retain personal data only for as long as necessary for;
- Academic and administrative purposes
- Compliance with legal and regulatory requirements
- Legitimate institutional interests
Retention periods may vary depending on the type of data and applicable legal obligations.
Data Subject Rights
Under the PDPA, individuals have the right to:
- Request access to their personal data
- Request correction of inaccurate data
- Request erasure of data (subject to legal limitations)
- Withdraw consent (where processing is consent-based)
- Object to certain types of processing
- Request restriction of processing in certain circumstances
Requests may be submitted using the contact details below.
Children’s Data
Where SCU processes personal data of individuals under 18 years of age, such processing will be carried out;
- With the consent of a parent or legal guardian, where required; and
- In accordance with applicable legal safeguards.
Data Security
SCU implements appropriate technical and organizational measures to protect personal data against;
- Unauthorized access
- Loss or destruction
- Alteration
- Disclosure
While we take reasonable steps to safeguard data, no method of transmission over the Internet is completely secure.
Data Protection Officer
SCU has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the PDPA.
Data Protection Officer
SCU (Private) Limited
Name : ……………..
Email: ……………..
Complaints
If you believe your personal data has been processed unlawfully, you may;
- Contact SCU directly using the details above; and/or
- Lodge a complaint with the relevant regulatory authority in Sri Lanka in accordance with the PDPA.
Amendments to This Policy
SCU may update this Privacy Policy from time to time. Updated versions will be published on our website with a revised effective date.