Privacy Policy

How we collect, use, store, and protect your personal information.

Last updated · Gifts Sri Lanka

No data sales

We do not sell your personal information. We use data to run our shop, deliver orders, and improve our service.

Your choices

You can ask to access, correct, or delete your data where applicable, and opt out of marketing at any time.

Contact

Questions or requests? Contact us. See also our Terms of Service.

Gifts Sri Lanka We respects your privacy. This Privacy Policy explains what personal data we collect when you visit our website, create an account, place an order, or contact us; how we use and share it; how long we keep it; and the rights you may have. By using our services, you acknowledge the practices described here (and our Terms of Service).

1. Who is responsible for your data

The data controller for personal data processed through this website is Gifts Sri Lanka, operating the site and related order and delivery services. Contact details used for privacy requests are those published on our Contact page.

If we use processors (e.g. hosting, payments), they process data only on our instructions and under appropriate agreements.

2. Information we collect

Depending on how you interact with us, we may collect:

  • Account & identity: name, email address, phone number, password (stored in hashed form), and profile preferences.
  • Orders & delivery: billing and delivery addresses, recipient name and contact details, delivery instructions, gift messages, order contents, and transaction references.
  • Payments: payment is handled by our payment providers; we typically receive limited information (e.g. last four digits, status, token)—not your full card number on our servers.
  • Communications: messages you send us (contact form, email, chat), and service emails we send you (order updates, support).
  • Reviews & content: product reviews, ratings, or photos you choose to submit.
  • Technical & usage: IP address, browser type, device type, approximate location derived from IP, pages viewed, referring URL, and timestamps—often via cookies or similar technologies (see below).

Providing certain data is necessary to fulfil orders; optional fields are marked where possible or are clearly voluntary (e.g. marketing sign-up).

3. Why we use your data (legal bases)

We process personal data where:

  • Contract: to register you, process and deliver your order, take payment, and provide customer support.
  • Legitimate interests: to secure our site, prevent fraud, analyse usage to improve our shop, and measure marketing effectiveness—balanced against your rights.
  • Consent: where required—for example non-essential cookies or marketing emails—you can withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, or lawful requests from authorities.

Exact legal bases can vary by jurisdiction; we apply the above in line with applicable law in Sri Lanka and, where relevant, your location.

4. How we use your information

We use personal data to:

  • Create and manage accounts; authenticate logins
  • Process payments, fulfil orders, and coordinate delivery (including sharing delivery details with couriers)
  • Send transactional messages (confirmations, delivery updates)—these are part of the service
  • Send marketing only where permitted; you may unsubscribe via the link in emails or by contacting us
  • Operate wishlists, reviews, and features you choose to use
  • Detect abuse, protect security, and enforce our Terms
  • Comply with law and respond to valid legal requests

5. Sharing of information

We do not sell your personal information. We may share data with:

  • Service providers: hosting, email delivery, analytics, payment processing, fraud screening, and delivery partners—only what they need to perform their services.
  • Professional advisers: lawyers or accountants where required, under confidentiality.
  • Authorities: when required by law or to protect rights, safety, and security.

If our business is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction; we will require the successor to honour this policy or notify you of changes.

Some providers may process data outside your country. Where we transfer data internationally, we use appropriate safeguards (e.g. contracts or provider certifications) where required by law.

6. Data security

We implement technical and organisational measures appropriate to the risk: access controls, encryption in transit where standard (e.g. HTTPS), secure handling of credentials, and limited internal access on a need-to-know basis.

Payment card data is processed by PCI-aware payment partners; we do not store full card numbers on our own systems. No online system is perfectly secure—please use a strong, unique password for your account and contact us if you suspect misuse.

7. Cookies and similar technologies

We use cookies and similar tools for:

  • Strictly necessary: session, security, cart, and login—required for the site to work
  • Functional: remember preferences (e.g. language) where we offer them
  • Analytics: understand traffic and improve pages (may use aggregated or pseudonymous data)

You can control cookies through your browser settings. Blocking all cookies may limit cart, checkout, or login. Where we use non-essential cookies subject to consent, we will reflect your choices via our cookie banner or settings when implemented.

8. Retention

We keep personal data only as long as necessary for the purposes above, including:

  • Orders & tax: typically for the period required by commercial and tax law (often several years for invoices and transaction records)
  • Account: until you close your account, then a short period to resolve disputes unless law requires longer retention
  • Marketing: until you unsubscribe or object, and briefly after to honour your choice
  • Logs & security: for a limited period for troubleshooting and security

When retention ends, we delete or anonymise data where feasible.

9. Your rights

Depending on applicable law, you may have the right to:

  • Access a copy of your personal data
  • Rectify inaccurate or incomplete data
  • Erase data in certain circumstances
  • Restrict processing in certain cases
  • Object to processing based on legitimate interests or to direct marketing
  • Data portability for data you provided, where technically feasible
  • Withdraw consent where processing was consent-based, without affecting prior lawful processing
  • Lodge a complaint with a supervisory authority where you live or work, if applicable

To exercise these rights, contact us with your name, email, and a description of your request. We may need to verify your identity before fulfilling certain requests.

10. Children

Our services are directed at adults who may purchase gifts for others. We do not knowingly collect personal data from children under 16 (or the age required in your jurisdiction) without parental consent. If you believe we have collected a child’s data in error, please contact us and we will delete it promptly.

11. Automated decisions

We do not use fully automated decision-making that produces legal or similarly significant effects solely by automated means. Some fraud checks may use automated scoring; you may contact us for human review if this affects you unfairly.

12. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The “Last updated” date at the top will change when we do. For material changes, we may provide additional notice (e.g. on the site or by email). We encourage you to review this page periodically.

13. Contact us

For privacy-related questions, concerns, or requests, please contact us using the details on our website.

Related policies

Terms of Service · Returns & refunds · Shipping & delivery

Contact us