Privacy Policy

by MysrilankaTravel

The purpose of this Policy is to record the data protection and data management rules applied by

Hereinafter referred to as “the Service Provider”) manages the data on the Website, on the website or on the customers (hereinafter referred to as the “Affected”) on the website (hereinafter referred to as “the Website”).

The purpose of this Policy is to ensure that all services provided by the Provider, regardless of their nationality or place of residence, to all individuals, are assured that their rights and fundamental freedoms, in particular their privacy, are respected in the processing of their personal data (data protection).

  1. Definitions, Abbreviations

2.1. Data handling

According to the law in force, any operation or all of the operations carried out on the data record, irrespective of the method used, In particular, it collects, captures, fixes, stores, stores, alters, uses, retrieves, transmits, discloses, aligns or interconnects, blocks, erases and destroys data and prevents future use of data, captures photographs, sound or images; record physical attributes (eg finger or palm print, DNA sample, iris image) suitable for identifying the person.

2.2. Data Manager

A data subject is a natural or legal person or an organization without legal personality who either independently or with others determines the purpose of managing the data, makes and executes decisions on the data handling (including the used device) or performs it with the data processor.

2.3. Data Processing

A data processor is a natural or legal person or an organization without legal personality who, on the basis of a contract, including a contract concluded under the terms of the law, processes data. The data processor may not make a substantive decision on data management, process personal data that he or she is aware of, only processed by the data controller, do not process data for his own purposes, and store and retain personal data according to the data controller’s instructions.

2.4. Personal data

Personal data: data related to the data subject, in particular the name, identifier and the knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, as well as the conclusion that may be deduced from the data.

2.5. Special data

Personal data related to health status, abnormal passion, and criminal personal data are considered to be special data.

  1. Data handler

Company name / Name: MySriLankaTravel representing : U.K. Sugath Gamini

Address: No: 266/4 Colombo Road, GALLE, Mahomodora, Sri Lanka


e-mail address:

Register number:

  1. The legal basis for data handling

4.1. The web content contained in the web site (hereinafter referred to as the “Web site”) is processed on the basis of the Relevant Voluntary Disclosure Statement of the Affected Person, which includes the express consent of the Affected Person to use their personal information provided during the use of the Website .

The legal basis for data management is the CXII 2011 Law on Information Self-Destruction and Freedom of Information. TV. (Infotv.) Section 5 (1) (a), on the basis of the voluntary contribution of the person concerned, and in accordance with Section CVIII of 2001 on certain aspects of electronic commerce services and information society services; law.

Your consent to the use of the Site by registering, or voluntarily providing the information in question, is affected by each Affiliation.

4.2. The purpose of data management is to ensure the provision of services available on the Website. The Service Provider has the sole purpose of providing the information provided by the Affected person solely for the fulfillment of the order, delivery to the house, billing, contact, or, if Affected, a newsletter, to send a newsletter and subsequent conditions of the contract

4.3. The data to be automatically recorded is intended for statistical purposes.

4.4. The Service Provider shall not use or use the personal data provided for purposes other than those set out in these points. Issuance of personal data to a third party or authorities may, unless expressly provided for by law, be subject to prior consent by the Participant.

4.5. The Service Provider does not control any Personal Information you have entered. The correctness of the data given is solely the responsibility of the person giving it. When you contact any of your Affected Email addresses, you are responsible for solely using the provided e-mail address. With respect to this responsibility, any liability associated with an entry in a given e-mail address shall be borne exclusively by the Person who has registered the e-mail address.


5.1. Data management related to registration

The purpose of data management is:

By storing the data you have entered during registration, Data Handler can provide a more convenient service (for example, you will not need to re-enter your data for a new purchase)

Scope of managed data:

In the course of data management, the Data Controller manages your:

  • Name
  • Your email address
  • telephone numbers
  • Your address

Duration of data handling: Until its consent is withdrawn.

5.2. Billing data management

The purpose of data management is:

Issue an invoice complying with the law and fulfillment of the obligation to keep accounting records. The Under Article 169 (1) – (2) of the Companies Act, the companies must keep an accounting record directly and indirectly supporting the accounting records.

Scope of managed data:

In the course of data management, the Data Controller manages your:

  • Name
  • Your email address
  • telephone numbers
  • Your billing address
  • In the case of a company, the tax number

Duration of data handling:

The invoices issued are set out in the Articles of Association. Pursuant to Article 169 (2), for eight years from the date of issue of the invoice. Please note that, if you withdraw your consent to the issuance of your account, the Data Manager is the Infotv. (6) (5) (a), he / she is entitled to retain his or her personal data during the issuance of the invoice for 8 years.

5.3. Data management related to the newsletter

The purpose of data management is:

By storing the information you have entered during the subscription, the Data Manager can provide a more convenient service (eg by calling the Attentor’s attention to the actions, information that he or she is interested in, useful information for others).

Scope of managed data:

In the course of data management, the Data Controller manages your:

  • Name
  • Your email address

Duration of data handling:

In the case of a newsletter, personal data will be processed from newsletter until unsubscribe.


The Data Handler uses cookies (cookies) when visiting the site. The cookie is a font and number information package that our site sends to your browser with the purpose of saving certain settings, facilitating the use of our site and contributing to collecting some relevant, statistical information about our visitors.

Cookies do not contain personal information and are not suitable for individual user authentication. Cookies often contain a unique identifier – a secret, randomly generated number line – that your device stores. Some cookies will be discontinued after the site is closed and some will be stored for a longer period of time on your computer.

Detailed cookie information is provided in the separate cookie policy, which forms an integral part of the Privacy Policy of .


7.1. The handling of personal data provided during registration and purchase begins with registration and will be canceled upon request.

7.2. The above provisions do not affect the fulfillment of the retention obligations laid down by law (eg accounting law). The invoices issued are set out in the Articles of Association. Pursuant to Article 169 (2), for eight years from the date of issue of the invoice.

7.3. In the case of a newsletter, personal data will be processed from newsletter until unsubscribe.


8.1. Data is primarily the Service Provider’s and Service Provider’s internal staff, but they are not disclosed to third parties.

8.2. The operation of the underlying IT system, the fulfillment of the orders, and the settling of the settlement may be carried out by the Service Provider’s data processor (eg system operator, carrier company, accountant).

8.3. The Data Controller manages the personal information of the People in a Traceable and Legislative manner. In addition, personal data will be transmitted to third parties solely and solely upon the consent of the Affected Person and will only be disclosed for official requests.

Name of processors:


Please note that we use Google Analytics, Google Remarketing, AdWords Conversion Tracking, Facebook Remarketing, and HotJar to measure the attendance of the website and monitor visitor behavior, statistics, and performance of your ads.

The linked programs in your browser are so called. Cookies are placed, which store user unique identifiers. As a visitor to, you can enable Google Analytics, Google Remarketing, AdWords Conversion Tracking, Facebook Remarketing and HotJar. You will also contribute to monitoring your behavior, tracking it, and utilizing all the services provided by the programs.

Additionally, you have the option of disabling the data capture and storage of cookies for the future in the future as described below. Please note that the settings and usage of Google Analytics, Google Remarketing, AdWords Conversion Tracking, Facebook Remarketing, and HotJar programs are fully consistent with the requirements of the data protection authority.

According to Google, Google Analytics uses first-party cookies to report visitors’ interactions on your site. These cookies record only personally identifiable information. Browsers do not share their own cookies between domains. For more information on cookies, see the Google Ad and Privacy FAQ.

9.1. Google Analytics

Data Manager uses Google Analytics primarily for the production of its statistics, including measuring the effectiveness of its campaigns. Using this program, Data Manager mainly learns how many visitors visited your Website and how much time visitors spent on the Website. The program recognizes the visitor’s IP address, so you can track whether the visitor is a returning or new visitor, as well as tracking the way the visitor has made a Web site and where he entered.

9.2. Google Remarketing

By using Google Remarketing, you also collect your DoubleClick cookie data in addition to the usual Google Analytics data. The DoubleClick cookie allows you to use the remarketing service, which primarily ensures that visitors to will later be able to meet the Data Manager advertiser’s free Google ads interface. The Data Manager uses Google Remarketing for your online ads. Data handler ads are served on third-party providers, such as Google, on web sites. Data management and external service providers, such as Google, use their own cookies (such as Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) to access users based on previous visits to the Website , and optimize and display ads.

9.3. Google AdWords conversion tracking

The purpose of Google AdWords conversion tracking is to enable Data Manager to measure the effectiveness of AdWords ads. This is done using cookies placed on the user’s computer, which exist for 30 days.

9.4. Facebook Remarketing

The Data Manager uses Facebook’s remarketing pixel to increase the efficiency of Facebook ads, to build a remarketing list. So, after visiting the Web site, you can show ads to an external service provider, such as Facebook. Remarketing lists are not suitable for person identification. The visitor’s personal information is not included, only the browser software is identified.

9.5. HotJar

Data Manager uses the HotJar program primarily to produce its statistics, including measuring the effectiveness of its website. Using this program, the Data Manager mainly learns information about where the site reads and clicks. This is displayed in a heat map display. The program recognizes the visitor’s IP address, so you can track which country of the visitor is on which device to access the Internet.


The Service Provider treats the recorded data in a confidential manner and does everything to ensure the security of the data, and uses them in the manner necessary for the proper functioning of the Website. This includes, inter alia, sending email and sms to contacts provided by the Affector, in which case the message will be sent via that provider.

The Service Provider will never sell or lend relevant personal data to third parties for marketing purposes. In the case of a summons, judicial decision or legal proceedings, the Service Provider may, if necessary, pass on the personal data of the person concerned and other relevant information.

In addition, the Service Provider can assure or exercise its law-based rights and protect against legal action.

The Service Provider selects the IT tools used to manage the data in such a way that during the operation the data processed will only be available to the Service Provider, as authorized by it, to retain the data on the recorded data in the data recording procedure outside – do not change, the recorded data will be protected from unauthorized access.

The data handled by the Service Provider may be transmitted by an authority or by court order and by law, which informs its users in the Service Provider’s newsletter if it is not contrary to the official or judicial notice or the relevant legal provision.


Affected are the following rights. The Service Provider will respond to the request within a maximum of 1 month. We will do everything we can to react much earlier.

11.1. Right to information

You may request us to provide information about the personal data we manage. You may request access to these data.

At any time, the Service sent by registered address, by registered mail or sent to the e-mail address … ask for information in writing. In the letter it sent request for information is considered credible if we can be clearly identified on the basis of the application submitted.

Email Requests for Email will only be considered credible if you send them from your email address, but this does not exclude the possibility of identifying it for security reasons other than before providing this information.

The request for information may cover the data we administer, the source of the data, the purpose, the legal basis, the duration of the data processing, the names and addresses of the data processors, the activities related to data management and, in the case of the transmission of personal data, to whom and for what purpose they have received or received your data.

11.2. Access right

If you ask us to let you know if your Personal Data is being processed, you will have access to data management, data categories, recipients, period of data storage, copyright, remedies, source data, automated decision making, and foreign data transmission in case of a yes response.

11.3. Correction right

Anytime you can request a written acknowledgment of receipt sent to our address, by registered mail or sent to the e-mail address Your personal data corrected or modified. Taking into account the purpose of data management, you may request incomplete Personal Data Supplement.

11.4. Right to forgone (Right to rescind)

You may request the deletion of the personal data we manage. Cancellation may be refused (i) for the purpose of exercising the right to freedom of expression and access to information, or (ii) where personal data are processed in the public interest (authorized by law); and (iii) be made in an equitable private interest (to present, enforce or protect legal claims).

We will inform you in any case of the refusal of the cancellation request, stating the reason for the cancellation. After the request for deletion of personal data, previous (deleted) data can no longer be recovered.

Newsletters can be retrieved via the unsubscribe link.

11.5. Right to Restrict Data Management

You may request that your personal data be handled if you dispute the accuracy of the treated Personal Data. In this case, the restriction applies to the time period that allows us to verify the accuracy of Personal Data.

Mark the Personal Data we manage, if you dispute its correctness or accuracy, but the incorrect or imprecise nature of the disputed Personal Data can not be ascertained clearly.

You may request that we restrict the handling of your Personal Data even if Data Management is illegal but is against the deletion of the treated Personal Data and instead asks for their use limitation.

You may also use this right if the purpose of Data Management is achieved, but you require the processing of your data to submit, enforce, or protect legal claims.

If you object to data handling, we limit the management of your personal data, which is limited to the duration of determining whether the data controller’s legitimate reasons prevail over the legitimate grounds of the data subject.

11.6. The right to data portability

You may request that personal data provided by you be handed over to you in a handwritten, widely used, machine-readable format and / or forwarded to another data controller.

11.7. Right to protest

You may object to the handling of Your Personal Data (i) if the processing of Personal Data is solely necessary to comply with our legal obligation or to enforce our legitimate interests; (ii) if the purpose of Data Management is to direct business acquisition, polling or scientific research; or (iii) if Data Management is performed in the interest of a public interest task.

We investigate the lawfulness of the protest and, if the grounds for the protest are established, Data Management will be terminated and the treated Personal Data will be blocked, and any protest and any action taken against it will be notified to all persons for whom the Personal Data affected by the protest were previously forwarded.

Valid from May 1, 2012