ideacade.com

Data Protection Policy

Data Protection Policy

🔒 Data Protection Policy

Your Privacy & Data Security

At Ideacade, we take the protection of your personal data seriously. This policy explains what data we collect, why we collect it, and how we keep it safe — in full compliance with Sri Lanka's data protection law.

Effective: May 2025 PDPA No. 9 of 2022 Compliant Last Updated: May 2025
🏛️
Compliant with the Personal Data Protection Act (PDPA) No. 9 of 2022 Sri Lanka's primary data protection legislation, regulated by the Data Protection Authority of Sri Lanka. Ideacade processes your personal data lawfully, transparently, and securely in accordance with this Act.
1
What Personal Data We Collect

When you enroll in an Ideacade program, we collect the following personal information for identity verification, course administration, and certification purposes:

🪪
NIC / National Identity Card
Collected for identity verification and to issue official certificates in your legal name.
👤
Full Name
Used for course records, certificates, and communication.
📞
Contact Number
Used for WhatsApp class updates, support, and important notices.
📧
Email Address
Used for course materials, payment receipts, and policy communications.
💳
Payment Information
Payment records are stored for refund processing and financial records only.
📍
Location (Optional)
Collected where relevant for batch scheduling and regional support.
2
How We Protect Your NIC & Sensitive Data

Your National Identity Card (NIC) number is a sensitive piece of personal data. Ideacade takes the following strict measures to ensure it is protected at all times:

🛡️
NIC Data Security Measures
Applied to all sensitive student records
🔐 Access Control
Only authorized Ideacade staff can access NIC data. No third parties.
🎯 Purpose Limitation
NIC is used only for identity verification and certificate issuance — nothing else.
🗄️ Secure Storage
Data is stored in secured systems with restricted access and regular review.
🚫 No Selling
Your NIC and personal data will never be sold, rented, or shared for commercial purposes.
🗑️ Data Retention
NIC data is retained only as long as necessary for the stated purpose, then deleted.
📋 Audit Trail
Any access to your NIC data is logged and monitored internally.
3
Why We Collect Your Data

Under the PDPA, personal data must only be collected for a specified, explicit and legitimate purpose. Ideacade collects your data strictly for the following reasons:

  • Student enrollment & identity verification — to confirm you are who you say you are when enrolling in a course
  • Certificate issuance — to print your legal name and details on official Ideacade certificates
  • Course administration — to manage batch access, class communications, and learning materials
  • Payment & refund processing — to maintain accurate financial records and process any approved refunds
  • Legal compliance — to meet our obligations under Sri Lankan law, including the PDPA No. 9 of 2022
4
Your Rights Under the PDPA

As a data subject under Sri Lanka's Personal Data Protection Act No. 9 of 2022, you have the following rights regarding your personal data held by Ideacade:

👁️
Right to Access
Request a copy of the personal data we hold about you at any time.
✏️
Right to Rectification
Ask us to correct any inaccurate or incomplete data we hold.
🗑️
Right to Erasure
Request deletion of your data where it is no longer needed for the original purpose.
🚫
Right to Object
Object to the processing of your personal data in certain circumstances.
↩️
Right to Withdraw Consent
Withdraw your consent to data processing at any time by contacting us.
📋
Right to Portability
Receive your data in a structured, readable format upon request.
ℹ️
How to Exercise Your Rights
To exercise any of the above rights, send a written request to hello@ideacade.com. We will respond within 21 business days as required by the PDPA.
5
Data Sharing & Third Parties

Ideacade does not sell, rent, or share your personal data with third parties for commercial or marketing purposes. Your data may only be shared in the following limited and lawful circumstances:

  • Service providers — trusted tools we use to deliver our courses (e.g. video platforms, payment gateways) under strict confidentiality agreements
  • Legal obligation — if required by Sri Lankan law, a court order, or a regulatory authority such as the Data Protection Authority
  • Your consent — if you have explicitly agreed to a specific sharing arrangement
6
Data Protection Contact

If you have any questions, concerns, or requests related to your personal data or this policy, please contact the Ideacade admin team directly:

📧 Email
hello@ideacade.com
📞 Phone
+94 77 785 4956
7
Policy Updates

Ideacade reserves the right to update this Privacy & Data Protection Policy at any time to reflect changes in our practices or Sri Lankan law. Any updates will be communicated via email and published on our official website. Continued enrollment after an update constitutes acceptance of the revised policy.

Your data is safe with us 🔒

Questions about how we handle your personal data? We're here to help.

Email hello@ideacade.com