Whatsapp
Connect Now

Hot- Line : 011 244 0787

Capital One Privacy Notice (Sri Lanka)

  • Home
  • Capital One Privacy Notice (Sri Lanka)

Capital One Privacy Notice (Sri Lanka)

Capital One Privacy Notice (Sri Lanka)

At Capital One (hereinafter referred to as “Company”, “we”, “us”, or “our”), we are committed to safeguarding your privacy and ensuring that the processing of your personal data is carried out in accordance with the Personal Data Protection Act, No. 09 of 2022 (PDPA) and other applicable laws of Sri Lanka.

This Privacy Notice sets out the key principles under which we collect, use, retain, and share your personal data when you engage with us in Sri Lanka.

Collection of Data

We collect personal data through the following channels:

Direct interactions with you

  Your direct interactions through various means, i.e., emails, phone calls, meetings, and submissions through our website or secure portals.

• When you provide information during client onboarding, due diligence, or compliance checks, you will be following the flow of information.

1. Purpose of Processing

Your personal data will be collected and processed by us for the below reasons:

  • For the purpose of facilitating access to financial products and services.
  • Personal data is used solely for enabling access to facilitate our financial products and services, consistent with applicable regulations.
  • For fulfilling our contractual obligations and adhering to regulations.
  • For handling customer relationships which include notifications of new or improved services.
  • For the purpose of pursuing legitimate business interests such as the enforcement of legal claims.
  • For the compliance with requirements set by regulatory bodies like the Central Bank of Sri Lanka, the Securities and Exchange Commission of Sri Lanka, the Colombo Stock Exchange, and the Inland Revenue Department.

2. We may process the following categories of personal data:

  • Personal information: Name, birth date, nationality, residency status.
  • Contact information: Postal address, email, and telephone number.
  • Government issued identification numbers: National Identity Card (NIC) number, passport number, and tax identification number.
  • Financial data: Bank account number, statements, and income sources along with billing proof.
  • Compliance information: Politically exposed Person’s association (PEP), FATCA/Common Reporting Standards (CRS)compliance status, and other KYC related customer data.
  • Where special categories of personal data are required under law, we will notify you and obtain consent or rely on other lawful bases as permitted by the PDPA.

3. Retention

Your personal data will be retained only for as long as necessary to:

  • Deliver our services.
  • Comply with legal and regulatory obligations.
  • Respond to lawful requests from authorities.
  • Where data is anonymized or tokenized, we may use it for lawful business purposes without further notice.

4. Sharing and Transfers

We may share your personal data:

  • Within Capital One Group entities to ensure seamless service delivery.
  • With service providers and business partners, limited to what is necessary for service provision.
  • With regulators, law enforcement, and statutory bodies as required by law.
  • With investment managers or financial intermediaries registered with Sri Lankan regulators, where applicable.
  • Your personal data may be transferred outside Sri Lanka. In those instances, we will put in place safeguards that are commercially reasonable to ensure confidentiality and integrity that are compliant with PDPA. Nevertheless, you admit that the total security is impossible to assure.

5. Your Rights under the PDPA

You, as a data subject, have the right to exercise the following rights:

  • Access: Request the issuance of your personal data that we have processed.
  • Rectification: Request the correction of the inaccurate or incomplete data.
  • Erasure: Request the deletion of your personal data, and this will be done only with regard to the PDPA limits.
  • Objection: Under certain conditions, oppose further processing.
  • Withdrawal of consent: If the data processing is entirely based on your consent, you have the rights to revoke it whenever you want.
  • Review of automated decisions: Request human review of decisions made solely through automated processing.

All requests are to be sent in writing and must state, in clear terms, the personal data to which they relate. Our response will be within the deadlines set by the PDPA.

6. Security

We adopt technical, contractual, and organizational measures to ensure that your personal information is not intercepted, abused, or leaked. However, on the other hand, it can still be stated that there is no such system that can guarantee complete security 100% of the time.

7. Contact Us

For any queries, concerns, or to exercise your rights under the PDPA, please feel free to contact us:

Capital One – Sri Lanka Compliance Office

Email: info@capitalone.lk

Telephone: : 011 (244) 0787

You may also contact the Data Protection Authority of Sri Lanka for further guidance.

8. Updates

This Privacy Notice could be refreshed as a reflection of changes in law, regulation, or company practices. We suggest that you keep on checking our website at intervals for the most current version.

Effective Date: 24th November 2025