VisitSrilanka.com Privacy Policy

We respect your privacy and are committed to protecting it. The purpose of this Privacy Policy is to inform you what personally identifiable information we may collect and how it may be used. This statement only applies to this Website.

We do not sell our database (information about you) to any other party.

You have the right to tell us you don’t want us to share your personal information with anyone – the Right to Restrict Processing under the GDPR. You can ask us to restrict processing by emailing us.

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://visitsrilanka.com. By using VisitSriLanka.com (further referred to as the “Site”, “Website”, “us,” “we” or “our”), you are consenting to the policies listed on this page.
This privacy policy includes our Cookie Policy, found at https://visitsrilanka.com/cookie-policy/ .

Who we are

Our website address is: https://visitsrilanka.com.

VisitSriLanka.com found at https://visitsrilanka.com/ (“Site”, “Website”, “us,” “we” or “our”) is governed by the following privacy policy (“Privacy Policy”).

We respect privacy and acknowledge that processing personal data in a lawful and proper manner is an important social responsibility and declare that it will strive to protect personal data. This privacy policy applies to you (hereafter “you”), as our prospective, current and former customer and/or supplier, and your usage of our products and services, our websites, or otherwise business dealings with us. In this privacy notice, we will explain how we process your personal data. Therefore, we encourage you to read this notice carefully.

What data do we collect?

The personal data collected varies depending on what you agree to be provided and therefore may include information such as your name, mailing address, e-mail address, telephone number, fax number, billing address, shipping address, payment information (including credit card numbers) and social media profiles.

We may also automatically collect information about the devices you use to interact with our website. The information we automatically collect may include IP address, device identifier, web browser, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on our site. We may also automatically collect information about how you use the site, such as what you have searched for and viewed on the site. The information automatically collected may be associated with any personal data you have provided.

How do we collect your data?

When our website is opened and used, we collect the personal data that your browser automatically transmits to our servers. The following information is stored temporarily in a so-called log file:

  •     IP address of the requesting computer
  •     Date and time of the access
  •     Name and URL of the file retrieved
  •     Website from which the access occurs (referrer URL)
  •     Browser used and possibly the operating system of your computer as well as the name of your access provider

Our website is not hosted by us but rather by a service provider who also may processes the aforementioned data on our behalf.

Information You Voluntarily Submit to the Website:

We may collect personal information from you such as your name or email address. For example, you may voluntarily submit information to the Website by leaving a comment, subscribing to a newsletter, or submitting a contact form. In addition, you are able to create a user profile, which allows you to create a username and password. We will store the username, but your password will not be visible in our records.

Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. If you buy products or services for others, we gather their contact information and shipping details, too. We refer to this information as “Order Information.”

We gather this information to allow us to process your inquiry. The relevant information is then used by us, our agents and sub-contractors to communicate with you on any matter relating to your inquiry and the provision of the service in general.

Information We Collect from Others:

We may receive information about you from other sources.  You may link your Facebook, Instagram, and/or Google accounts to your user profile.  If you choose to link your Facebook, Instagram, and/or Google accounts to your user profile, we will receive your name, email address and profile picture associated with that account.  The Website utilises the Facebook commenting system, so if you choose to comment on a Website post, your profile picture will appear.

Automatically-Collected Information:

We automatically collect certain information about you and the device with which you access the Website. For example, when you use the Website, we will log your IP address, operating system type, browser type, referring website, pages you viewed, some of the cookies that are installed on your device and the dates/times when you accessed the Website. We may also collect information about actions you take when using the Website, such as links clicked. If you request a password reset, your IP address will be included in the reset email.

Comments:

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media:

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Device Information

As you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Cookies:

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

We may log information using cookies, which are small data files stored on your browser by the Website. We may use both session cookies, which expire when you close your browser, and persistent cookies, which stay on your browser until deleted, to provide you with a more personalized experience on the Website.

The Website uses cookies to store visitors’ preferences, record user-specific information on what pages users access or visit, ensure that visitors are not repeatedly sent the same banner ads, customize Website content based on visitors’ browser type or other information that the visitor sends. Cookies may also be used by third-party services, such as Google Analytics, as described herein.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites:

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

For more information about the cookies we use, please see our Cookies Policy.

Do not track

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

You may, at any time, set your browser not to accept cookies or prevent the setting of cookies by the Website, by using a corresponding setting of your internet browser and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. For more information about cookies and how to disable them, you can consult the information at www.allaboutcookies.org/manage-cookies/. However, if users deactivate the setting of cookies in your Internet browser, not all functions of our Website may be entirely usable.

For more information on our use of cookies, please see our Cookies Policy.

How will we use your data?

We use personal data collected through our site only when we have a valid reason and the legal grounds to do so. We determine the legal grounds based on the purposes for which we have collected your personal data. We may use the information collected in the following ways:

To operate and maintain the Website;
To create your account, identify you as a user of the Website, and customize the Website for your account;
To send you promotional information, such as newsletters. Each email promotion will provide information on how to opt-out of future mailings;
To send you administrative communications, such as administrative emails, confirmation emails, technical notices, updates on policies, or security alerts;
To respond to your comments or inquiries;
To provide you with user support;
To track and measure advertising on the Website;
To protect, investigate, and deter against unauthorised or illegal activity.

We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud; and
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
When VisitSriLanka.com processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

Who we share your data with

Except when required by law, we will not sell, distribute, or reveal your email addresses or other personal information without your consent; however, we may disclose or transfer personal information collected through the Website to third parties who acquire all or a portion of our business, which may be the result of a merger, consolidation, or purchase of all or a portion of our assets, or in connection with any bankruptcy or reorganization proceeding brought by or against us.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Anonymous Data

From time to time, we may use anonymous data, which does not identify you alone, or when combined with data from other parties. This type of anonymous data may be provided to other parties for marketing, advertising, or other uses. Examples of this anonymous data may include analytics or information collected from cookies.

Publicly Visible information

If you create a user profile on the Website or leave a comment, certain information may be publicly visible. To create a user profile, you must choose a username and password and input your email address for profile confirmation. Your email address will never be available publicly. At your option, you may also add an avatar, a profile description, and a link to your website.

You may also choose to link your Facebook, Instagram, and Google Account.

Users may see your username, avatar, profile description and website information.

Third-party use of personal information.

We may share your information with third parties when you explicitly authorize us to share your information. We share your Personal Information with third parties to help us use your Personal Information, as described above.

Additionally, the Website may use third-party service providers to service various aspects of the Website. Each third-party service provider’s use of your personal information is dictated by their respective privacy policies.

The Website currently may use the following third-party service providers:

Content Delivery Network (CDN)

Cloudflare, Inc. – We use Cloudflare CDN for proper provision of the content of our website. Cloudflare CDN is a service of Cloudflare, Inc., which acts as a content delivery network (CDN) on our website for secure and efficient provision as well as optimisation of our site.
Their Privacy Policy can be viewed at https://www.cloudflare.com/privacypolicy.

Spam Detection

Visitor comments may be checked through an automated spam detection service.

Google’s reCaptcha – We use Google’s reCaptcha software to allow us to filter out spam from bots. If you decide to use any of our contact forms, cookies related to reCaptcha will have to be accepted via a dedicated checkbox.
Google’s Terms of service ( https://policies.google.com/terms ) and Privacy Policy ( https://policies.google.com/privacy ) apply.

Analytics

Google Analytics – We use Google Analytics to help us monitor, analyze and understand how our customers use the Site. It is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.You can opt-out of having made your activity on the site available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Newsletters

On the Website, you may subscribe to our newsletter, which may be used for advertising purposes. All newsletters sent may contain tracking pixels. The pixel is embedded in emails and allows an analysis of the success of online marketing campaigns. Because of these tracking pixels, we may see if and when you open an email and which links within the email you click. Also, this allows the Website to adapt the content of future newsletters to the interests of the user. This behavior will not be passed on to third parties.

Mail Chimp – this service is used for delivery of email updates and newsletters. We store your name and email address for purposes of delivering such communications.
Please refer to Mail Chimp’s privacy policy ( https://mailchimp.com/legal/privacy/ ) for further information.

Customer Support / Customer Relationship Management

HubSpot, Inc. – We use HubSpot for customer support services, our online marketing activities and Contact management (CRM). This is an integrated software solution which we use for various aspects of our online marketing.
Their Privacy Policy can be viewed at https://legal.hubspot.com/privacy-policy .

Display Ads

We may use third-party advertising companies to serve content and advertisements when you visit the Website, which may use cookies, as noted above. Companies or Ad networks we may use on the site include:

Google Adsense – This website uses Google AdSense, a service for the integration of ads.
Their Privacy Policy can be viewed at https://legal.hubspot.com/privacy-policy .

Affiliate Program Participation

The Website may engage in affiliate marketing, which is done by embedding tracking links into the Website. If you click on a link for an affiliate partnership, a cookie will be placed on your browser to track any sales for purposes of commissions. Affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and links to the affiliated site. Our affiliates may include and are not limited to the following:

  • Amazon Associates – Amazon’s affiliate marketing program ( Link: https://affiliate-program.amazon.com )
  • Rakuten Advertising ( Link: https://rakutenadvertising.com/partners/publishers/ )
  • Aliexpress Affiliate Program ( Link: https://portals.aliexpress.com )
  • TripAdvisor Affiliate Program ( Link: https://www.tripadvisor.com/affiliates )
  • Booking.com Affiliate Partner Programme ( Link: https://www.booking.com/affiliate-program/v2/index.html )
  • Travelpayouts Travel Affiliate Network ( Link: https://www.travelpayouts.com/en/ )
Behavioral Re-marketing / Re-targeting Ads

From time to time, the Website may engage in re-marketing efforts with third-party companies, such as Google, Facebook, or Instagram, in order to market the Website. These companies use cookies to serve ads based on someone’s past visits to the Website.

We use re-marketing services to advertise on third party websites to you after you visited our site. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our site.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

FACEBOOK – https://www.facebook.com/settings/?tab=ads
GOOGLE – https://www.google.com/settings/ads/anonymous
BING – https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting:
the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
the Digital Advertising Alliance of Canada in Canada https://youradchoices.ca/ or
the European Interactive Digital Advertising Alliance in Europe https://www.youronlinechoices.eu/, or
opt-out using your mobile device settings.

This list may be amended from time to time in the Website’s sole discretion.

How do we store your data?

VisitSriLanka.com securely stores your data at servers located in Singapore, Germany, Netherlands, Japan and the United States. Any personal information stored in our database is only accessible by our staff through a password protected interface. The database itself is hosted on servers provided by our choice of server providers at the time, who have their own internal security procedures to protect the database from unauthorized access.

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Privacy Policy against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessed by a limited number of personnel who need access to the information to perform their duties. 

The internet is not a secure medium. However we have put in place various security procedures. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. Hence, we cannot be responsible for events arising from unauthorized third parties gaining access to your personal information. It is solely your responsibility to maintain the secrecy of your user identities and password(s) at all times. If you have reason to believe that your interaction with us is no longer secure (e.g., you feel that the security of your account has been compromised), please contact us immediately.

How long we retain your data

Your personal data will be kept as long as it is required for the purposes for which they are obtained as well as in accordance with our legal and fiscal requirements.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.

We retain your Personal Data as long as we are providing the Services to you or our Users (as applicable). Even after we stop providing Services directly or indirectly to you, and even if you close your account or complete a transaction, we keep your Personal Data in order to comply with our legal and regulatory obligations. We may also keep it to assist with our fraud monitoring, detection and prevention activities. We also keep Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

Updating Your details

If any of the information that you have provided to us changes, for example if You change Your email address, name or if you wish to cancel Your registration, please let us know the correct details by contacting us.

Sale of business

If this website or business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.

Marketing

VisitSriLanka.com would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies.

Mail Chimp – Please refer to Mail Chimp’s privacy policy for further information.
Hubspot – Please refer to Hubspot’s privacy policy for further information.

If you have said we can (opted in), then we may send you marketing messages that we feel will be applicable to you. This will be to keep you up to date with the latest news, best practices, articles, methodologies and other industry information. We will also send these messages to help you find the products and services offered by VisitSriLanka.com.

If you have agreed to receive marketing, you may always opt out at a later date.

You have the right at any time to stop VisitSriLanka.com from contacting you for marketing purposes or giving your data to other members of VisitSriLanka.com.

If you no longer wish to be contacted for marketing purposes, you can stop receiving marketing messages from VisitSriLanka.com at any time:

  • By clicking the ‘unsubscribe’ link on any marketing email we send
  • By emailing us at [email protected]

Once you do this, we will update the information we hold on you to say that we should no longer send marketing messages to you.

We may continue sending you messages and communication that falls outside of marketing messaging in order to deliver our products and services to you.

Behavioral Advertising

VisitSriLanka.com uses re-marketing services to advertise on third party websites to you after you visited our site. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our site. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

FACEBOOK – https://www.facebook.com/settings/?tab=ads
GOOGLE – https://www.google.com/settings/ads/anonymous
BING – https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
TWITTER – https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads.
INSTAGRAM – https://www.facebook.com/off_facebook_activity/

Additionally, you can opt out of some of these services by visiting 

  • the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.
  • the European Digital Advertising Alliance at http://youronlinechoices.eu/.

To learn more about the choices that advertisers provide generally for individuals to influence how information about their online activities over time and across third-party Web sites or online services is collected and used, visit 

the Network Advertising Initiative at http://www.networkadvertising.org/managing/opt_out.asp, the Digital Advertising Alliance at http://www.aboutads.info/, or 
the European Digital Advertising Alliance at http://youronlinechoices.eu/.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request us for copies of your personal data. We may charge you a small fee for this service. You may access the personal information we have about you by submitting a request to hello [at] visitsrilanka [dot] com.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete. You may contact us at hello [at] visitsrilanka [dot] com to amend or update your personal information.

The right to erasure – In certain situations, you may request that we erase or forget your personal data. To do so, please submit a request to hello [at] visitsrilanka [dot] com.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to VisitSriLanka.com’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Opt-out – You may opt-out of future email communications by following the unsubscribe links in our emails. You may also notify us hello [at] visitsrilanka [dot] com to be removed from our mailing list.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email at hello [at] visitsrilanka [dot] com.

Please note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including but not limited to Singapore, Canada and the United States.

Finally, please note that we may need to retain certain information for record-keeping purposes or to complete transactions, or when required by law.

Sensitive Personal Information

At no time should you submit sensitive personal information to the Website. This includes your social security number, information regarding race or ethnic origin, political opinions, religious beliefs, health information, criminal background, or trade union memberships. If you elect to submit such information to us, it will be subject to this Privacy Policy.

Children’s Information

The Site is not intended for individuals under the age of 16.
If you are under sixteen (16) years of age, please do not use the Site or provide any information on the Site, including your name, screen name, username, address, telephone number, email address, and payment details.

If we learn we have collected or received personal information from a child under sixteen (16) years of age without verification of consent from a parent or guardian, the personal information collected or received shall be deleted with no delay.

The Website does not knowingly collect any personally identifiable information from children under the age of 16. If a parent or guardian believes that the Website has personally identifiable information of a child under the age of 16 in its database, please contact us immediately at hello [at] visitsrilanka [dot] com and we will use our best efforts to promptly remove such information from our records.

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

For further information, visit allaboutcookies.org.

How do we use cookies?

Our Company uses cookies in a range of ways to improve your experience on our website. For more information on our use of cookies, please see our Cookies Policy.

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

  • Essential: Some cookies are essential for you to be able to experience the full functionality of our site.
  • Functionality – We uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
  • Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit, etc.
  • Marketing / Advertising – We uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. We sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
  • Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.

For more information on the types of cookies we use, please see our Cookies Policy.

How to manage your cookies?

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. For more information about cookies and how to disable them, you can consult the information at www.allaboutcookies.org/manage-cookies/.

However, in a few cases, some of our website features may not function as a result.

For more information on how to manage your cookies, please see our Cookies Policy.

Personal Data Protection Act (“PDPA”) – Privacy Statement for Singapore

DATA PROTECTION NOTICE

This Data Protection Notice (“Notice”) sets out the basis which VisitSriLanka.com (“Site”, “Website”, “we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes. This section supplements the information contained in our privacy policy and applies solely to all visitors, users, and others who reside in Singapore (”consumers” or “you”).

PERSONAL DATA

As used in this Notice:
“customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and
“personal data” means data, whether true or not, about a customer who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include name, residential address, email address, telephone number, nationality and gender.

Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

We may collect and use your personal data for any or all of the following purposes:

  • performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;
  • verifying your identity;
  • responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
  • managing your relationship with us;
  • processing payment or credit transactions;
  • complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
  • any other purposes for which you have provided the information;
  • transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
  • any other incidental business purposes related to or in connection with the above.
  • We may disclose your personal data:
  • where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or
  • to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned purposes.

RELIANCE ON LEGITIMATE INTERESTS EXCEPTION

In compliance with the PDPA, we may collect, use or disclose your personal data without your consent for the legitimate interests of VisitSriLanka.com or another person. In relying on the legitimate interests exception of the PDPA, VisitSriLanka.com will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.

In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:

  • Fraud detection and prevention.
  • Detection and prevention of misuse of services.
  • Network analysis to prevent fraud and financial crime, and perform credit analysis.
  • Collection and use of personal data on company-issued devices to prevent data loss.

The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.

WITHDRAWING YOUR CONSENT

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within thirty (30) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 7 above.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

ACCESS TO AND CORRECTION OF PERSONAL DATA

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

PROTECTION OF PERSONAL DATA

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as minimised collection of personal data, authentication and access controls (such as good password practices, need-to-basis for data disclosure, etc.), encryption of data, data anonymisation, up-to-date antivirus protection, regular patching of operating system and other software, securely erase storage media in devices before disposal, web security measures against risks, usage of one time password(otp)/2 factor authentication (2fa)/multi-factor authentication (mfa) to secure access, and security review and testing performed regularly.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

ACCURACY OF PERSONAL DATA

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

RETENTION OF PERSONAL DATA

We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

CCPA – Privacy statement for California

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. This section supplements the information contained in our privacy policy above and applies solely to all visitors, users, and others who reside in the State of California (”consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

Access to Specific Information and Data Portability Rights

You have the right to request that VisitSriLanka.com disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you.

Deletion Request Rights

You have the right to request that VisitSriLanka.com delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Provide goods or services to you
Detect or resolve security or functionality-related issues
Comply with the law
Conduct research in the public interest
Safeguard the right to free speech
Carry out any actions for internal purposes that you might reasonably expect

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by email at hello [at] visitsrilanka [dot] com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

We will deliver our written response by email.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Categories of Personal Information We Collect

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Disclosures of Personal Information for a Business Purpose

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Identifiers.
  • Internet or other similar network activity.
  • Geo-location data.
  • Inferences drawn from other personal information.

In the preceding twelve (12) months, we have not sold any personal information for a third party’s commercial purpose or for monetary value however we do disclose personal information for internal business purposes.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Service Providers.
    We engage some trusted third parties to perform functions and provide services to us, including auditing, security, short-term uses, performing services, hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationship, database storage and management, and direct marketing campaigns. We may share your personal information with these third parties only to the extent necessary to perform these functions and provide services. We also require these third parties to maintain the privacy and security of the personal information they process on our behalf.

Privacy Policies of Other Websites

The VisitSriLanka.com website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. 

Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable terms, conditions and policies of the third party website to determine how they will handle any information they collect from you.

Embedded content from other websites:

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Changes to Our Privacy Policy

We keep our privacy policy under regular review and place any updates on this web page. We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Your Consent

If you are using this website this means that you accept and agree with the information provided herein, and that you accept our Terms of Service.

By submitting your information you consent to the use of that information as set out in this policy. If We change our Privacy Policy we will post the changes on this page, and may place notices on other pages of the website, so that you may be aware of the information We collect and how we use it at all times. Continued use of the service will signify that you agree to any such changes.

Please see below for the date this privacy policy was last updated.

Governing Law

This Privacy Policy shall be governed in all respects by the laws of Singapore.

How to contact us?

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at hello [at] visitsrilanka [dot] com.

How to contact the appropriate authority?

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Personal Data Protection Commission.

Email: [email protected]
Address: Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438

Effective date : 2021 – July – 01
Last Updated on : 2021 – July – 01