Unified Data Privacy Policy
& Legal Framework
Governing our multi-jurisdictional operations across Sri Lanka, Singapore, Bangladesh, and Australia β in compliance with global data protection standards.
Introduction and Jurisdictional Scope
In the current era of rapid cloud transformation and AI-driven enterprise evolution, Finetech Consultancy (FCPL) recognizes the strategic necessity of a unified legal framework to govern its multi-jurisdictional operations. This policy serves as the foundational data governance architecture for www.fcpl.biz and its global subsidiaries: Finetech International, Finetech Holdings Singapore, and Finetech Global Solutions.
FCPL operates as a Data Controller and Data Fiduciary, maintaining a centralized governance model anchored at our primary head office in Rajagiriya, Sri Lanka, with regional compliance hubs in Dhaka, Bangladesh, and Singapore.
| Jurisdiction | Primary Regulatory Framework |
|---|---|
| π±π° Sri Lanka | Personal Data Protection Act No. 9 of 2022 |
| π§π© Bangladesh | Personal Data Protection Ordinance 2025 |
| πΈπ¬ Singapore | Personal Data Protection Act (PDPA) |
| π¦πΊ Australia | Privacy Act 1988 (including the 13 Australian Privacy Principles) |
This document constitutes the foundational agreement between FCPL and its global users, ensuring that data moving across cross-border silos maintains the highest standard of legal protection.
Information Collection: Core Operations and AI Innovations
FCPL has transitioned from traditional data capture to advanced, interaction-based collection. We distinguish between Personal Data (identifiers, contact details) and Sensitive Personal Data as defined by the Bangladesh Ordinance 2025, which includes biometric data, genetic information, and financial condition records.
- Website FormsCollection of contact and service inquiry data.
- Cookies & TrackingMetadata collection for portal performance and user journey mapping.
- Chatbot LogsProcessing of natural language interactions to refine halsaguru models and route support.
- Location DataSpecific collection via AI agents for disaster response and emergency management.
- Third-Party Service ProvidersIntegrated data streams from Google Workspace, Microsoft Azure, and infrastructure partners.
Purpose of Processing and Legitimate Interests
FCPL processes data under clearly defined legal grounds, prioritizing contractual fulfillment and the pursuit of legitimate business interests consistent with the Asante Capital Model of global best practices.
| Legitimate Interest | Description |
|---|---|
| Fraud Prevention | Ensuring network security and data integrity across all platforms. |
| Direct Marketing | Promotion of cloud-native, AI/ML, and Cybersecurity solutions. |
| Intragroup Transfers | Administrative and operational efficiency across subsidiaries. |
| Legal Enforcement | Enforcement of legal claims and reporting possible criminal acts. |
| AML Compliance | Whistleblowing and Anti-Money Laundering compliance obligations. |
| IT Security | Physical and IT security of our multi-cloud infrastructure. |
| Market Research | Service optimization and internal risk management. |
These interests drive our promise of "15x Productivity" gains. Processing of employee data via our Timespot solution enables clients such as Emerald Isle Manpower and Ritz Clothing to achieve scalable, cloud-native workflows.
Regional Annex A: Australian Privacy Principles (APP) Compliance
FCPL adheres to the transparency standards of the Office of the Australian Information Commissioner (OAIC), mapping our operations to all 13 APPs.
Regional Annex B: Bangladesh Personal Data Protection Ordinance 2025
Under the 2025 Ordinance, FCPL operates with rigorous compliance for our Dhaka-based operations.
| Data Classification | Localization Strategy |
|---|---|
| Public | Cloud-first strategy permitted. |
| Private / Internal | Cloud-first strategy with access controls. |
| Confidential | Encrypted storage with restricted access. |
| Restricted | Localized within Bangladesh per Section 34. |
Subject rights under the Ordinance include the Right to Erasure (Section 15), Right to Portability (Section 14), and the unique Right to Prevent Processing (Section 16) if continued processing is likely to cause harm to the data subject.
Data Security, Storage, and Cross-Border Transfers
FCPL employs a "Security-by-Design" philosophy, leveraging our Google Premier Partner status to protect multi-cloud environments.
- Pseudonymization & EncryptionDe-identification of sensitive datasets and AES-256 encryption at rest and in transit.
- Network ResiliencePeriodic assessments of electronic communications networks and risks to processing systems as required by Section 21(3)(e) of the Bangladesh Ordinance.
- International Transfers via SCCsStandard Contractual Clauses (Asante Model) approved by the Information Commissioner bridge jurisdictional gaps across Dhaka, Singapore, and Colombo β ensuring identical standards of protection in all regions.
Legal Terms: Limitations of Liability and Indemnity
FCPL balances technical innovation with robust risk management across all operating jurisdictions.
| Jurisdiction | Liability Position |
|---|---|
| π¦πΊ Australia | Liability caps strictly subject to non-excludable statutory guarantees under the Australian Consumer Law (ACL). |
| πΈπ¬ Singapore & Other Regions | Liability limited to the value of the service contract in place. |
FCPL is not liable for indirect, incidental, or consequential damages resulting from service interruptions or data-subject errors.
User Rights and Contact Information
We empower data subjects to manage their digital rights across all regions of operation.
Rajagiriya, Sri Lanka
161 Motijheel C/A, Dhaka 1000
International Plaza, Singapore 079903
Notice of Change
FCPL reserves the right to update this policy to reflect the evolving regulatory landscape, including future directives under the Bangladesh Personal Data Protection Ordinance 2025. Continued use of services after such updates constitutes acceptance of the modified terms.