SmashTaps – Leader in digital innovation Your trusted technology partner

Schedule a call
Schedule a call

Privacy Policy

Effective 4 June 2025 – Last reviewed 4 June 2025

1 Who We Are

SmashTaps (Pvt) Ltd (“SmashTaps”, “we”, “our”, “us”) is a private limited company incorporated in Sri Lanka. This Privacy Policy governs personal information processed when you visit www.smashtaps.com or interact with us through any website form, newsletter, career submission, or related channel (collectively, the “Site”).

2 Applicable Law and Scope

Our data-handling practices align with Sri Lanka’s Personal Data Protection Act, No. 9 of 2022 (“PDPA”). Although some sections of the PDPA are not yet fully operative, we voluntarily apply its principles today.

3 Information We Collect

Contact and identity details – for example, your name, email address, phone number, company and job title, supplied when you fill out enquiry forms, subscribe to newsletters, register for events or write to us.

Technical and usage data – such as IP address, browser type, device identifiers, pages visited and time spent on each page. We obtain this automatically through cookies, server logs and analytics tools.

Marketing preferences – your opt-in status and areas of interest, captured when you choose to receive or decline communications.

Recruitment information – CVs, portfolio links, cover letters and interview notes you provide during job applications.

Billing and payment details – occasionally, purchase-order numbers or invoicing contacts collected in the course of direct business transactions.

We do not knowingly collect data from anyone under 16 years of age.

4 Why We Process Your Data

We process your information to:

  1. Respond to enquiries and schedule demonstrations – necessary to take steps you request before entering into a contract or for our legitimate business interests.
  2. Send newsletters, product updates and invitations – based on your consent, which you may withdraw at any time.
  3. Improve the Site’s performance, analyse traffic and detect misuse – pursued under our legitimate business interests while respecting your privacy rights.
  4. Evaluate job applications and communicate with candidates – necessary for recruitment and potential employment contracts.
  5. Meet legal and regulatory obligations – for example, tax, accounting and compliance requirements.

All processing is adequate, relevant and limited to what is necessary for these purposes, in line with the PDPA’s data-minimisation principle.

5 Cookies and Analytics

We use first-party cookies for basic site functionality and a small number of third-party tools (Google Analytics 4 and Plausible) to understand how visitors use our pages. A cookie banner lets you accept or refuse non-essential cookies, and you can disable cookies via your browser settings.

6 How We Share Information

We share personal data only where necessary, and never sell or rent it. Typical recipients are:

  • Cloud-hosting and email-delivery providers (e.g., Hostinger) that keep the Site operational.
  • Analytics vendors that help us measure performance.
  • Marketing and CRM platforms (e.g., Mailchimp) used to send newsletters.
  • Professional advisers such as auditors, accountants and lawyers who support our business functions.
  • Regulators or courts when we are legally required to disclose information.

7 International Transfers

Some of our service providers operate outside Sri Lanka, meaning your data may be transferred abroad. We limit such transfers to jurisdictions with adequate protections or require contractual safeguards that reflect PDPA standards on confidentiality and security.

8 Retention Periods

  • Marketing data is retained until you unsubscribe or for up to 24 months after your last interaction, whichever comes first.
  • Contract and invoicing records are kept for seven years to satisfy tax and audit obligations.
  • Recruitment files are retained for 12 months after a position is filled unless you give us permission to hold them longer for future opportunities.

After the relevant period ends, we securely delete or anonymise the information.

9 Security Measures

We protect personal data through HTTPS/TLS encryption, encrypted storage where available, role-based access controls, regular patching and vulnerability scanning. While no system can guarantee absolute security, we continually refine our technical and organisational safeguards.

10 Your Rights under the PDPA

When the PDPA is fully in force, you will have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccuracies or incomplete information.
  • Erase data that is no longer necessary for the stated purposes.
  • Object to or restrict specific types of processing.
  • Receive your data in a portable, machine-readable format where technically feasible.
  • Withdraw consent at any time for processing based solely on consent.
  • Complain to the Sri Lanka Data Protection Authority once it is operational.

To exercise any of these rights, email hello@smashtaps.com. We will verify your identity before acting on the request.

11 Third-Party Links

Our Site may contain links to external websites such as social-media pages or design portfolios. Their privacy practices are independent of ours, and you should review their policies before providing personal data.

12 Updates to This Policy

We may revise this Privacy Policy to reflect changes in law or our operations. Any update will carry a new “Effective” date, and significant changes will be highlighted on the Site.

13 Contact

Data Protection Officer
SmashTaps (Pvt) Ltd
Colombo, Sri Lanka
Email: hello@smashtaps.com

If you believe your privacy concern remains unresolved, you may raise the matter with the Sri Lanka Data Protection Authority once it is formally established.