{"id":4310,"date":"2026-05-17T04:57:22","date_gmt":"2026-05-17T04:57:22","guid":{"rendered":"https:\/\/srilankaexport.com\/data-processing-addendum\/"},"modified":"2026-05-17T04:57:22","modified_gmt":"2026-05-17T04:57:22","slug":"data-processing-addendum","status":"publish","type":"page","link":"https:\/\/srilankaexport.com\/si\/data-processing-addendum\/","title":{"rendered":"Data Processing Addendum"},"content":{"rendered":"<style>\r\n.sle-pg{font-family:Inter,-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;color:#1A202C;width:100%;}\r\n.sle-pg *{box-sizing:border-box;}\r\n.sle-legal-hero{background:linear-gradient(160deg,#6E102F 0%,#8D153A 100%);padding:56px 24px 64px;text-align:center;color:#fff;}\r\n.sle-legal-hero__inner{max-width:720px;margin:0 auto;}\r\n.sle-legal-hero__kicker{display:inline-block;background:rgba(255,183,3,.18);border:1px solid rgba(255,183,3,.5);color:#FFB81C;font-size:.7rem;font-weight:700;letter-spacing:.12em;text-transform:uppercase;padding:4px 14px;border-radius:20px;margin-bottom:14px;}\r\n.sle-legal-hero h1{font-size:clamp(1.75rem,4vw,2.5rem);font-weight:800;line-height:1.15;margin:0 0 10px;color:#fff;}\r\n.sle-legal-hero__updated{font-size:.875rem;color:rgba(255,255,255,.7);margin:0;}\r\n.sle-legal-body{max-width:780px;margin:0 auto;padding:56px 24px;}\r\n.sle-legal-body h2{font-size:1.25rem;font-weight:800;color:#8D153A;margin:32px 0 12px;padding-top:24px;border-top:2px solid #FFB81C;display:inline-block;padding-right:24px;}\r\n.sle-legal-body h2:first-child{margin-top:0;padding-top:0;border-top:none;}\r\n.sle-legal-body h3{font-size:1.0625rem;font-weight:700;color:#1A202C;margin:18px 0 8px;}\r\n.sle-legal-body p{font-size:.9375rem;color:#1A202C;line-height:1.7;margin:0 0 14px;}\r\n.sle-legal-body ul,.sle-legal-body ol{margin:0 0 14px;padding-left:24px;}\r\n.sle-legal-body li{font-size:.9375rem;color:#1A202C;line-height:1.7;margin-bottom:6px;}\r\n.sle-legal-body a{color:#8D153A;font-weight:600;text-decoration:underline;text-decoration-color:#FFB81C;text-underline-offset:3px;}\r\n.sle-legal-body a:hover{color:#FFB81C;}\r\n.sle-legal-body strong{color:#8D153A;}\r\n.sle-legal-body table{width:100%;border-collapse:collapse;margin:0 0 14px;font-size:.875rem;}\r\n.sle-legal-body th,.sle-legal-body td{border:1px solid #E2E8F0;padding:8px 10px;text-align:left;vertical-align:top;}\r\n.sle-legal-body th{background:#F8FAFB;color:#8D153A;font-weight:700;font-size:.8125rem;text-transform:uppercase;letter-spacing:.04em;}\r\n.sle-legal-callout{background:#FFF8E1;border-left:4px solid #FFB81C;padding:14px 18px;margin:14px 0;border-radius:0 6px 6px 0;}\r\n.sle-legal-callout p{margin:0;font-size:.875rem;color:#6E102F;}\r\n.sle-legal-cta{background:#F8FAFB;border-radius:12px;padding:24px 28px;margin-top:40px;text-align:center;}\r\n.sle-legal-cta h3{font-size:1.0625rem;font-weight:800;color:#8D153A;margin:0 0 6px;}\r\n.sle-legal-cta p{font-size:.9rem;color:#5A6A7A;margin:0 0 14px;}\r\n.sle-legal-cta a{display:inline-block;background:#FFB81C;color:#6E102F;font-weight:700;padding:11px 24px;border-radius:6px;text-decoration:none;font-size:.9rem;transition:transform .18s,background .18s,box-shadow .18s;}\r\n.sle-legal-cta a:hover{background:#C8910C;color:#6E102F;transform:translateY(-1px);box-shadow:0 4px 12px rgba(255, 184, 28,.35);}\r\n@media (max-width:600px){.sle-legal-hero{padding:40px 20px 48px;}.sle-legal-body{padding:36px 20px;}}\r\n<\/style>\r\n<div class=\"sle-pg\">\r\n<section class=\"sle-legal-hero\">\r\n<div class=\"sle-legal-hero__inner\">\r\n<span class=\"sle-legal-hero__kicker\">\u0db1\u0dd3\u0dad\u0dd2\u0db8\u0dba<\/span>\r\n<h1>Data Processing Addendum<\/h1>\r\n<p class=\"sle-legal-hero__updated\">\u0d85\u0dc0\u0dc3\u0db1\u0dca \u0dba\u0dcf\u0dc0\u0dad\u0dca\u0d9a\u0dcf\u0dbd\u0dd3\u0db1 \u0d9a\u0dd2\u0dbb\u0dd3\u0db8: 2026 \u0db8\u0dd0\u0dba\u0dd2<\/p>\r\n<\/div>\r\n<\/section>\r\n<article class=\"sle-legal-body\">\r\n<h2>1. Purpose<\/h2>\r\n<p>This Data Processing Addendum (&ldquo;DPA&rdquo;) supplements our <a href=\"\/si\/privacy-policy\/\">\u0db4\u0dde\u0daf\u0dca\u0d9c\u0dbd\u0dd2\u0d9a\u0dad\u0dca\u0dc0 \u0db4\u0dca\u200d\u0dbb\u0dad\u0dd2\u0db4\u0dad\u0dca\u0dad\u0dd2\u0dba<\/a> and <a href=\"\/si\/terms-of-service\/\">\u0dc3\u0dda\u0dc0\u0dcf \u0db1\u0dd2\u0dba\u0db8\u0dba\u0db1\u0dca<\/a> to address the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar data-protection laws where SriLankaExport.com (operated by Harker International (Private) Limited (Reg. No. PV 00338032), Kandy, Sri Lanka) processes Personal Data on behalf of EU or UK-based Buyers and Vendors.<\/p>\r\n\r\n<h2>2. Roles<\/h2>\r\n<p>For data the user submits to us directly (account registration, inquiries, transaction data): Harker International is the <strong>Controller<\/strong>.<\/p>\r\n<p>For data a Vendor or Buyer routes through our platform that originates with their own customers or counterparties (e.g. consignee details, end-user information): Harker International acts as a <strong>Processor<\/strong> on behalf of that Vendor or Buyer (the Controller).<\/p>\r\n\r\n<h2>3. Subject Matter &amp; Duration<\/h2>\r\n<p>The subject matter is the processing required to provide marketplace and trade-facilitation services. The duration is the term of the user&rsquo;s account plus the retention periods set out in the Privacy Policy and applicable record-keeping law.<\/p>\r\n\r\n<h2>4. Nature &amp; Purpose of Processing<\/h2>\r\n<ul>\r\n<li>Hosting, storing, and displaying account and transaction data.<\/li>\r\n<li>Routing communications between Buyer and Vendor.<\/li>\r\n<li>Generating commercial documentation (invoices, packing lists, certificates).<\/li>\r\n<li>Sanctions and AML screening as part of compliance obligations.<\/li>\r\n<li>Analytics and platform improvement (aggregated).<\/li>\r\n<\/ul>\r\n\r\n<h2>5. Categories of Data Subjects &amp; Personal Data<\/h2>\r\n<ul>\r\n<li><strong>Data subjects<\/strong>: account holders, their employees, consignees, end-users, and (limited) website visitors.<\/li>\r\n<li><strong>Personal data<\/strong>: name, business email, business phone, postal address, role\/title, payment-instrument identifiers (managed by Stripe, not stored by us), IP address, browsing analytics.<\/li>\r\n<li><strong>Special-category data<\/strong>: not processed in the ordinary course.<\/li>\r\n<\/ul>\r\n\r\n<h2>6. Sub-processors<\/h2>\r\n<p>We rely on the following sub-processors. We give 30 days&rsquo; notice via email to the registered Controller before adding or replacing a sub-processor that processes Personal Data.<\/p>\r\n<table>\r\n<thead><tr><th>Sub-processor<\/th><th>\u0d85\u0dbb\u0db8\u0dd4\u0dab<\/th><th>\u0dc3\u0dca\u0dae\u0dcf\u0db1\u0dba<\/th><\/tr><\/thead>\r\n<tbody>\r\n<tr><td>Hostinger International Ltd.<\/td><td>Hosting infrastructure<\/td><td>EU (Lithuania) \/ SG \/ US<\/td><\/tr>\r\n<tr><td>QUIC.cloud \/ Cloudflare<\/td><td>CDN and security<\/td><td>Global edge network<\/td><\/tr>\r\n<tr><td>Stripe Payments Europe Ltd.<\/td><td>Payment processing<\/td><td>EU (Ireland)<\/td><\/tr>\r\n<tr><td>Google LLC (GA4)<\/td><td>Web analytics<\/td><td>US (Standard Contractual Clauses in place)<\/td><\/tr>\r\n<tr><td>Hostinger SMTP \/ mail<\/td><td>Transactional email<\/td><td>EU \/ SG<\/td><\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\r\n<h2>7. International Transfers<\/h2>\r\n<p>Where Personal Data is transferred outside the EEA \/ UK, we rely on the EU Standard Contractual Clauses (2021\/914) and, where applicable, the UK International Data Transfer Addendum. Transfers to Sri Lanka (where Harker International is based) are made under the SCCs and supplemented by the security measures described below.<\/p>\r\n\r\n<h2>8. Security Measures<\/h2>\r\n<ul>\r\n<li>HTTPS \/ TLS 1.2+ on all public endpoints.<\/li>\r\n<li>WP application-level authentication; admin two-factor authentication strongly encouraged and required for sensitive roles.<\/li>\r\n<li>Database backed up daily; encrypted at rest.<\/li>\r\n<li>Access to production restricted to named operators via SSH key authentication.<\/li>\r\n<li>Payment data tokenised via Stripe; we do not store card numbers.<\/li>\r\n<li>Quarterly security review of plugins and themes; LiteSpeed Cache rules audited.<\/li>\r\n<\/ul>\r\n\r\n<h2>9. Data-Subject Rights Assistance<\/h2>\r\n<p>We assist Controllers in responding to data-subject requests (access, rectification, erasure, restriction, portability, objection) at no additional charge for routine requests. Forward such requests to <a href=\"mailto:info@harker.international\">info@harker.international<\/a>; we will respond within 30 days.<\/p>\r\n\r\n<h2>10. Breach Notification<\/h2>\r\n<p>We notify Controllers without undue delay (and in any case within 72 hours of becoming aware) of any Personal Data breach affecting their data. The notice will include nature of the breach, categories and approximate numbers of data subjects, likely consequences, and remediation measures.<\/p>\r\n\r\n<h2>11. Deletion or Return of Data<\/h2>\r\n<p>On termination of services we delete or return Personal Data on Controller request, except where retention is required by law (e.g. Sri Lankan customs \/ tax record-keeping of 6 years).<\/p>\r\n\r\n<h2>12. Audit<\/h2>\r\n<p>Controllers may request, no more than annually, a summary of our security posture and sub-processor list. On-site audits are accommodated with reasonable notice for Controllers materially affected by the processing.<\/p>\r\n<div class=\"sle-legal-cta\">\r\n<h3>Need a countersigned DPA?<\/h3>\r\n<p>\u0d8a\u0db8\u0dda\u0dbd\u0dca <a href=\"mailto:info@harker.international\">info@harker.international<\/a> with subject &ldquo;DPA Request&rdquo;. We will return a countersigned PDF within 5 business days.<\/p>\r\n<a href=\"\/si\/contact-us\/\">\u0d85\u0db4 \u0dc4\u0dcf \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0 \u0dc0\u0db1\u0dca\u0db1<\/a>\r\n<\/div>\r\n<\/article>\r\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Legal Data Processing Addendum Last updated: May 2026 1. Purpose This Data Processing Addendum (&ldquo;DPA&rdquo;) supplements our Privacy Policy and Terms of Service to address the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar data-protection laws where SriLankaExport.com (operated by Harker International (Private) Limited (Reg. No. PV 00338032), Kandy, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"full-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-4310","page","type-page","status-publish","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/pages\/4310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/comments?post=4310"}],"version-history":[{"count":0,"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/pages\/4310\/revisions"}],"wp:attachment":[{"href":"https:\/\/srilankaexport.com\/si\/wp-json\/wp\/v2\/media?parent=4310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}