• Image1
  • image2
  • inner1
  • home slide 2

YOU SHOULD REVIEW THE FOLLOWING STATEMENT PRIOR TO SUBMITTING ANY PERSONAL INFORMATION TO THIS WEBSITE.This Website is hosted and operated by the IT Governance and Risk Consulting (Pvt) Ltd, 11/24, 1/1 Melder Place, Nugegoda, Sri Lanka (mentioned below as "The ITGRC").

The ITGRC respects privacy of our customers, partners and suppliers of products or services, clients, and their customers. The purpose of this Privacy Statement is to provide you with information concerning our services, the types of information we are provided by third parties or obtain ourselves through your visits to our Website, how we use that information, whether we disclose the information provided to us to others, and the options you have with regard to the use and correction of that information. Although privacy laws can, from jurisdiction to jurisdiction, directly conflict with each other, our goal in handling personal information provided to us is to comply with applicable data protection and privacy laws worldwide and to offer users of our Website notice, choice, the ability to consent, security, data integrity, access, and enforcement with regard to personal identifiable information (PII). The ITGRC strives to provide protection to your personal information no matter where that information is collected, transferred or retained.

Collection of Personal Information

Personally identifiable information means any information or data that may be used to identify an individual, and may include but is not limited to your name, physical or email address, phone number, type of hardware or software you own, credit card details, and other information required to provide you with the product, service, or support requested. Depending on the nature of the services provided by The ITGRC to our partners or suppliers or the services provided to The ITGRC from its partners or suppliers, The ITGRC may receive personal information either from you directly or from our partner or supplier.

The ITGRC may receive and process personal information provided by you in the following situations:

i) Requesting information about products and services.
ii) Entering a contest or promotion.
iii) Ordering newsletter or other informational tools.
iv) Where you submit an order for services or downloading contents.
v) Purchasing, downloading and/or registering products.
vi) Signing up for additional services.
vii) For the purpose of verification of your identity or fraud prevention purposes.
viii) For examination registration purposes.

BY SUBMITTING INFORMATION AS ABOVE YOU ARE CONSENTING TO SUCH COLLECTION OF PERSONAL INFORMATION. In all cases however, we will ensure that personal information shall always be obtained on a fair basis and in accordance with applicable law. 

Use of Personal Information


We will use the personal information provided to us for the following:

i) To take, process or deliver your service order, process or obtain payment or notify you of the status of your order.

ii) in connection with keys, access codes or other information as may be required to permit you to access our sites to receive products, updates or services.
iii) The screening of the service order by a validation system ('Fraud Screening System') to prevent fraudulent orders.
iv) To provide it to industry and credit related organizations for security, credit or fraud prevention purposes.
v) To register your purchase for warranty, technical support or similar purposes.
vi) To facilitate the renewal of subscriptions for products or services.
vii) To provide you with effective customer service and/or technical support.
viii) To monitor service or purchasing patterns.
ix) To provide you with service updates, announcements, and other product offerings.
x) To send you, with your consent, newsletters or promotional emails or undertake other promotional activities.
xi) To permit you to participate in online surveys and polls, assuming you voluntarily agree to provide such information in connection with these surveys and polls.
xii) To improve The ITGRC's websites, the customer experience and any related products or services.
xiii) For other purposes as notified to you from time to time (subject to applicable legal requirements).

We will observe applicable law and take all reasonable steps to ensure any person or entity receiving personal information for the purposes described above, are obligated to protect and keep secure the personal information on your behalf.


Management of Personal Information

The ITGRC tries hard to keep personal information accurate and up-to-date. If you find that your personal information is not accurate, please let us know in writing. Without prejudice to your rights of access and other rights in relation to your personal information under applicable law, The ITGRC will use best efforts to investigate your concerns after we receive your inquiry and make the necessary corrections, additions and/ or deletions. If you wish to have your personal information deleted, please let us know in writing and we will take all reasonable steps to delete it unless we need to keep it for legal reasons.

Information Holding Period

Your personal information are protected using encryption and/ or credentials,  as it may be necessary depending on the sensitivity of the data. Personal information collected in digital form for the purposes of examination  (eg: ITIL, CISA CISM,CISSP etc)   shall be maintained  for maximum of one year and thereafter be purged.

Disclosure of Personal information

The ITGRC discloses your personal information directly to you upon your written request; provided, however, that we may reject all or part of your request when:

i) The disclosure may harm the life, the body, the property and the rights of third parties.

ii) The disclosure may lead a breach of applicable law and regulation.

iii) Where you have failed to provide sufficient evidence to verify your identity.

Cookies and Web Beacons

We may use "Cookies" and other tracking technologies such as web beacons. "Cookies" are small text files that are transferred to your computer's hard disk by the website. The ITGRC's cookies are used to identify a computer or browser, not to identify specific customer traits. If you do not want cookies in your browser, you may set your browser to reject cookies or to notify you when a website attempts to place a cookie in your browser.

Web Beacons (also referred to as GIF files, pixels or action tags) help The ITGRC recognize a unique cookie on your browser. We use this tool to compile aggregate information about you, and it is not personally identifiable. This information includes IP addresses, search terms, domain names, and browser types. We use this information to track usage and other patterns on our Websites.

Sharing Personal Information

The ITGRC may receive personally identifiable information either from you directly or from our partner or supplier who provides us with the personal information to fulfill a service to you on their behalf. In some circumstances, personal information that The ITGRC receives from you directly may be provided to our partners or suppliers in order for them to fulfill a service to us for your benefit or directly to you. We may also provide your information in order to register your purchase with the manufacturer or service provider for warranty, technical support, after sales service or similar purposes.

The ITGRC also employs other companies to provide services to us in connection with your transaction or after sales services. We do use companies to process credit card payments, deliver packages, send mail, analyze data, Fraud Screening, provide marketing aid and assistance, provide customer service, and otherwise provide services to us to enable us to serve you and enhance our services. These organizations may have access to personal information as required to permit them to perform their obligations to us in this regard.

The ITGRC may be required to respond to subpoenas, court orders or be asked to respond to other legitimate requests for your personal information from appropriate law enforcement or governmental authorities. We will not provide you with notice of such requests. In such situations, we will release personally identifiable information to third parties when we believe it is appropriate for us to do so in order to comply with the law or to protect against fraud. We will also release such information:

i) To cooperate with law enforcement or other governmental investigations (without necessarily requiring the law enforcement or government agency requesting the information to formally serve us with a subpoena).
ii) To comply with all valid court orders or subpoenas.
iii) To protect the legal rights of The ITGRC, its employees, our users or any member of the public.
iv) To protect the property of The ITGRC, its employees, our users or any member of the public.
v) When we believe it is needed for fraud protection and/or credit risk reduction.
vi) To protect the personal safety of our employees, agents, other users or the public in general.

The ITGRC also reserves the right to report to such entities any activities that we believe to be unlawful. Any such report of the activities outlined in (1) through (6) will be made without prior notice to you, and you consent to such disclosure by us.

The ITGRC is not in the business of selling, trading or renting personal information. We will not use or share your personally identifiable information with others except those individuals or entities which have a business relationship with The ITGRC of which you are aware.

Your Choices

You can decide whether or not to provide personal information to The ITGRC and withdraw your consent to us processing your personal information at any time. However, if you do not provide personal information or withdraw such consent you may not be able to make purchases, enlist services or access certain offers or options that may be of benefit to you. At the time you provide your information, we will also offer you a choice as to whether or not you wish to receive further communications about special offers, product information, or other marketing messages. We may provide this information to our business partners and suppliers. If you choose not to receive these communications, we will not use your personally identifiable information for this purpose.

You may choose to unsubscribe from notices of special offers described in the preceding paragraph. The ITGRC provides you with the ability to unsubscribe at any time.

Changes to this Privacy Statement

Without prejudice to your rights under applicable data protection or privacy law, The ITGRC may amend this Privacy Statement from time-to-time. We will notify you of such amendments or changes by updating the "Effective Date" at the top of this Privacy Statement.

The ITGRC Contact Information

If you would like to contact us with questions or comments concerning our Privacy Statement or if you feel your inquiry or request has not been addressed to your satisfaction, please contact ITGRC via e-mail This email address is being protected from spambots. You need JavaScript enabled to view it. .


The Swirl logoTMis a trade mark of AXELOS Limited.
ITIL®is a registered trade mark of AXELOS Limited.
PRINCE2®is a Registered Trade Mark of AXELOS Limited.
COBIT®is a trademark of ISACA®registered in the United States and other countries.
CISM CRISC CGEIT CISA® are Registered Trade Marks of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute
CISSP is a registered mark of The International Information Systems Security Certification Consortium ((ISC)2)