Thank you for visiting the Sri Lanka CERT website and reviewing our website privacy policy. Our privacy policy explains how we handle the personally identifiable information (PII) that you provide to us when you visit us online to browse, obtain information, or filing a report.

Sri Lanka CERT Website does not automatically capture any specific personal information from you, (like name, phone number or e-mail address), that allows us to identify you individually.

If the Sri Lanka CERT Website requests you to provide personal information, you will be informed for the particular purposes for which the information is gathered and adequate security measures will be taken to protect your personal information.

We do not sell or share any personally identifiable information volunteered on the Sri Lanka CERT Website to any third party (public/private). Any information provided to this website will be protected from loss, misuse, unauthorized access or disclosure, alteration, or destruction.

Personally identifiable information includes information that is personal in nature and which may be used to identify you. You may provide PII to us when you send us an e-mail message or a filing a report online. We do not require you to register or provide PII to visit our websites.

The PII you provide on a Sri Lanka CERT website will be used only for the purpose for which you provided it. As a general rule, Sri Lanka CERT does not collect PII about you when you visit our websites, unless you choose to provide such information to us. Submitting PII through our website is voluntary. By doing so, you are giving the permission to use the information for a specific, stated purpose.

If you choose to provide us with PII through such methods as completing a web form, we will use that information to help us provide you the information or service you have requested. The information we may receive from you varies based on what you do when visiting our site.

Sri Lanka CERT has developed this statement to inform you about how we deal with privacy issues concerning the information we collect in the course of performing our duties as a leading Computer Emergency Readiness Team for Sri Lanka.

What information is collected and how is it used?

The type of information we collect falls into the following categories:

Internet connectivity-related data

When you visit the Sri Lanka CERT website or communicate with Sri Lanka CERT servers or Internet infrastructure, we may record certain information in relation to your activity such as:

• your IP or proxy server IP
• basic domain information
• your Internet service provider is sometimes captured depending upon the configuration of your ISP connection
• the date and time of your visit to the website
• the type and version of the browser you are using
• the operating system which your computer uses

Internet connectivity-related data is used only for statistical and internal management purposes.

Cyber security incident data

As part of our role as a leading CERT for Sri Lanka, we collect and receive reports about computer security incidents affecting Sri Lankan digital infrastructure. This information is used for two primary reasons:

• to provide the incident handling service to members experiencing a computer security incident
• to identify changing trends and computer attack-related activity in general

The collection of computer security incident reports is an essential by-product of the Incident Handling Service we provide as a leading CERT for Sri Lanka. In order to provide this service, sometimes it is necessary for Sri Lanka CERT to contact other parties in relation to an incident, such as the alleged attacking site, an Internet service provider, an overseas CERT, etc.

Sri Lanka CERT will not disclose details of the reporting party in handling an incident unless permission has been granted by the reporting party. Acting on its own discretion, Sri Lanka CERT will often disclose pertinent details about a reported incident to appropriate third parties for the purposes of providing coordination and handling of that incident. In many cases details about the incident will be sanitized to minimize the amount of information passed about a site which has been affected. In cases where the reporting party is also the affected site, details of the reporting party (affected site) will not be disclosed without permission.

Contact details of persons who report computer security incidents

Contact details of persons who report computer security incidents on behalf of their employer organization or as individuals in their own right will not be disclosed to third parties, except with the reporting person’s consent and then only for the purposes of providing the incident handling service in relation to the incident.

How this Information is Protected

Sri Lanka CERT adopts multiple mechanisms to secure our network and the sensitive and personal information stored on it, or otherwise held in our possession.

Additionally, for those who wish to send sensitive incident or vulnerability information to Sri Lanka CERT by electronic mail, we recommend the use of encryption. We have secure communication mechanisms for this purpose.

Sri Lanka CERT will not give access to its member mailing list to any third party. Sri Lanka CERT may, however, inform our members of matters of potential interest to them, which do not specifically relate to the provision of Sri Lanka CERT ‘s subscription services, but relates to Sri Lanka CERT ‘s mission more generally.

Third-Party Websites and Applications

Sri Lanka CERT uses social media websites and other kinds of third-party websites. Sri Lanka CERT uses social media websites to engage in dialogue, share information and media, and collaborate with the public. Sri Lanka CERT may also use these websites to make information and services widely available, while promoting transparency and accountability, as a service for those seeking information about or services from Sri Lanka CERT.

Sri Lanka CERT does not used third-party websites to solicit and collect personally identifiable information(PII) from individuals. Any PII collected by the third-party website will not be transmitted or stored by Sri Lanka CERT.

Visiting Other Websites

Our website may contain links to international agencies, private organizations, and commercial entities. These websites are not within our control and may not follow the same privacy, security, or accessibility policies. Once you link to another site, you are subject to the policies of that site.