At Serene Villa Hiriketiya ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our resort, use our services, or interact with our website.
1. Information We Collect
1.1 Personal Information
We may collect the following types of personal information:
- Identity Information: Full name, date of birth, nationality, passport/ID number
- Contact Information: Email address, phone number, postal address
- Reservation Details: Check-in/check-out dates, room preferences, special requests
- Payment Information: Credit card details, billing address (processed securely)
- Guest Preferences: Dietary requirements, accessibility needs, service preferences
- Emergency Contacts: Names and contact details of emergency contacts
1.2 Automatically Collected Information
- Website Usage: IP address, browser type, pages visited, time spent
- Device Information: Device type, operating system, unique device identifiers
- Location Data: Approximate location based on IP address (with consent)
- Cookies and Tracking: Website preferences, login information, analytics data
1.3 Information from Third Parties
- Booking platforms (Booking.com, Expedia, etc.)
- Travel agencies and tour operators
- Social media platforms (when you interact with our pages)
- Payment processors and financial institutions
2. How We Use Your Information
2.1 Primary Purposes
- Reservation Management: Process bookings, manage check-in/check-out, room assignments
- Service Delivery: Provide accommodation, dining, spa, and other resort services
- Payment Processing: Handle transactions, billing, and refunds
- Communication: Send booking confirmations, updates, and important notices
- Guest Experience: Personalize services based on preferences and past stays
2.2 Secondary Purposes (with consent)
- Marketing Communications: Send promotional offers, newsletters, and updates
- Service Improvement: Analyze usage patterns to enhance our services
- Loyalty Programs: Manage reward points and member benefits
- Surveys and Feedback: Request reviews and feedback on your experience
2.3 Legal and Safety Purposes
- Comply with legal obligations and regulations
- Ensure guest and staff safety and security
- Prevent fraud and unauthorized activities
- Respond to legal requests and proceedings
3. Information Sharing and Disclosure
3.1 We may share your information with:
- Service Providers: Third-party vendors who assist in providing our services (housekeeping, maintenance, food service)
- Payment Processors: Banks and payment companies for transaction processing
- Booking Partners: Online travel agencies and booking platforms
- Government Authorities: When required by law or for safety purposes
- Emergency Services: In case of medical emergencies or safety concerns
- Business Partners: Tour operators, transportation providers (with consent)
3.2 We do NOT sell your personal information to third parties
Your personal data is never sold for commercial purposes. We only share information as outlined in this policy or with your explicit consent.
4. Data Security
4.1 Security Measures
- Encryption: All sensitive data is encrypted during transmission and storage
- Access Controls: Strict employee access controls and authentication protocols
- Regular Audits: Periodic security assessments and vulnerability testing
- Secure Facilities: Physical security measures for data storage locations
- Staff Training: Regular privacy and security training for all employees
4.2 Data Breach Response
In the unlikely event of a data breach, we will:
- Immediately investigate and contain the breach
- Notify affected individuals within 72 hours
- Report to relevant authorities as required by law
- Provide support and guidance to affected guests
5. Your Rights and Choices
5.1 Access and Control
- Access: Request a copy of your personal information we hold
- Correction: Update or correct inaccurate personal information
- Deletion: Request deletion of your personal information (subject to legal requirements)
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing for marketing or other non-essential purposes
5.2 Marketing Communications
- Opt-out of marketing emails using unsubscribe links
- Contact us directly to update communication preferences
- Choose which types of communications you wish to receive
5.3 Cookies and Tracking
- Manage cookie preferences through your browser settings
- Opt-out of analytics tracking where possible
- Control location sharing permissions on your device
6. Data Retention
6.1 Retention Periods
- Guest Records: 7 years after last stay (for accounting and legal purposes)
- Marketing Data: Until you opt-out or 3 years of inactivity
- Website Analytics: 26 months maximum
- CCTV Footage: 30 days unless required for investigation
- Financial Records: As required by Sri Lankan law (minimum 5 years)
6.2 Secure Disposal
When data is no longer needed, we securely delete or destroy it using industry-standard methods to prevent unauthorized access or recovery.
7. International Data Transfers
As a Sri Lankan-based resort, your data is primarily processed in Sri Lanka. However, some of our service providers may be located in other countries. When we transfer data internationally, we ensure:
- Adequate protection through standard contractual clauses
- Compliance with applicable data protection laws
- Regular monitoring of data handling practices
- Immediate notification if protection standards change
8. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16 without parental consent. If we become aware that we have collected information from a child under 16, we will take steps to delete such information promptly.
8.1 Family Bookings
When families book with children, we collect only necessary information for:
- Room occupancy and safety requirements
- Age-appropriate services and activities
- Emergency contact information
- Dietary restrictions or medical needs
9. Cookies and Website Technologies
9.1 Types of Cookies We Use
- Essential Cookies: Required for website functionality
- Analytics Cookies: Help us understand website usage
- Marketing Cookies: Used for targeted advertising (with consent)
- Preference Cookies: Remember your settings and preferences
9.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality and your user experience.
10. Updates to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we will:
- Post the updated policy on our website
- Update the "Last Modified" date
- Notify you via email if you have an active booking or subscription
- Provide a summary of key changes when appropriate
11. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
12. Governing Law
This Privacy Policy is governed by the laws of Sri Lanka, including:
- Personal Data Protection Act No. 9 of 2022
- Computer Crimes Act No. 24 of 2007
- Electronic Transactions Act No. 19 of 2006
- Consumer Affairs Authority Act
Any disputes arising from this policy will be subject to the jurisdiction of Sri Lankan courts.
