ceylontravelhub2024@gmail.com ☎ +94 71 235 1891 | +94 75 700 6612
Legal & Transparency

Privacy Policy

01 — Introduction

Our Commitment to Your Privacy

Welcome to Ceylon Horizons (Pvt) Ltd ("Ceylon Horizons", "we", "our", or "us"). We are a Sri Lanka–based travel and tourism company dedicated to providing exceptional travel experiences across the Pearl of the Indian Ocean.

This Privacy Policy explains how we collect, use, store, and share information about you when you visit our website, make a booking, or interact with our services. We are committed to protecting your personal data and complying with applicable data protection regulations.

By using our website or services, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of our services.

02 — Data Collection

Information We Collect

We collect information you provide directly, information gathered automatically, and information from third parties where applicable.

Personal Information

Full name, passport details, nationality, date of birth, email, phone number, and postal address.

Booking Details

Travel dates, destinations, accommodation preferences, tour selections, and special requirements.

Payment Data

Billing address and transaction references. Card details are processed via PCI-DSS compliant gateways — we do not store card numbers.

Technical Data

IP address, browser type, device identifiers, pages visited, time spent, and referral source.

We may also collect health information (dietary requirements, mobility needs) only with your explicit consent, to tailor your travel experience safely.

03 — Purpose of Use

How We Use Your Information

We use personal data for the following purposes:

  • Booking fulfilment — Processing reservations, coordinating tours, hotel confirmations, and transportation arrangements.
  • Customer communication — Sending booking confirmations, itinerary updates, and travel advisories.
  • Visa & regulatory compliance — Sharing passport details with relevant Sri Lankan authorities where legally required.
  • Marketing — Sending promotional offers and newsletters (only with your consent, which you may withdraw at any time).
  • Personalisation — Tailoring recommendations based on your interests and past travel history.
  • Analytics & improvement — Understanding how visitors use our website to improve our services and user experience.
  • Legal obligations — Maintaining records for tax, accounting, and dispute resolution.
04 — Sharing & Disclosure

How We Share Your Information

Ceylon Horizons does not sell, rent, or trade your personal data. We may share information with:

  • Service partners — Hotels, transport providers, local guides, and activity operators necessary to fulfil your tour package.
  • Payment processors — Secure third-party payment gateways (e.g., PayHere, Stripe) under strict data agreements.
  • Legal authorities — Immigration, customs, or law enforcement agencies when required by Sri Lankan or international law.
  • Business transfers — In the event of a merger or acquisition, your data may be transferred with appropriate notice.
  • Analytics providers — Anonymised and aggregated data only (e.g., Google Analytics).

All third-party partners are contractually obligated to handle your personal data securely and only for the specified purpose.

05 — Cookies

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and gather analytics. Types of cookies we use:

  • Essential cookies — Required for the website to function (session management, security).
  • Performance cookies — Track page views and load times to improve website performance.
  • Functionality cookies — Remember your preferences (language, currency, location).
  • Marketing cookies — Used to deliver relevant advertisements (only with consent).

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

06 — Security

Data Security

We implement industry-standard security measures to protect your personal data:

  • SSL/TLS encryption for all data transmission
  • Secure servers hosted within ISO 27001-certified facilities
  • Role-based access controls limiting staff access to personal data
  • Regular security audits and vulnerability assessments
  • Two-factor authentication for administrative systems

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. In the event of a data breach, we will notify affected individuals in accordance with applicable law.

07 — Retention

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Booking records — 7 years (Sri Lankan tax and accounting requirements)
  • Marketing preferences — Until consent is withdrawn
  • Website analytics — Up to 26 months
  • Enquiry correspondence — 2 years from last interaction

After the applicable retention period, your data is securely deleted or anonymised.

08 — Your Rights

Your Rights & Choices

You have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data where no legal obligation requires retention.
  • Restriction — Request that we limit processing of your data in certain circumstances.
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — Withdraw consent for marketing at any time by contacting us or clicking "unsubscribe".

To exercise any of these rights, contact us at privacy@ceylonhorizons.lk. We will respond within 30 days.

09 — Third-Party Links

Third-Party Websites

Our website may contain links to third-party websites, including partner hotels, airlines, and tourism boards. Ceylon Horizons is not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before sharing any personal information.

10 — Children's Privacy

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided personal information to us without parental consent, please contact us immediately and we will delete such information promptly.

Bookings that include minors require consent from a parent or legal guardian, whose data we process in relation to the booking.

11 — Policy Updates

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website or sending an email to registered users. The updated policy will take effect on the date indicated at the top of this page.

We encourage you to review this policy periodically to stay informed about how we protect your information.