Privacy Policy

1. Introduction

Kadapela.lk ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our e-commerce services.

By using our website, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us, including:

• Account Information: Name, email address, phone number, date of birth
• Delivery Information: Shipping addresses, billing addresses
• Payment Information: Payment method details (processed securely by third-party processors)
• Order History: Purchase history, product preferences, order details
• Communication: Messages, reviews, customer service interactions

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on site, search queries, click patterns
• Location Data: General location based on IP address
• Referral Information: Website that directed you to our site

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Necessary for website functionality, shopping cart, and checkout process
• Analytics Cookies: Help us understand how visitors interact with our website
• Marketing Cookies: Used to deliver personalized advertisements and promotions
• Preference Cookies: Remember your settings and preferences

3. How We Use Your Information

3.1 Primary Uses

• Order Processing: Process and fulfill your orders, handle payments and deliveries
• Account Management: Create and manage your account, provide customer support
• Communication: Send order confirmations, shipping updates, and customer service messages
• Product Recommendations: Suggest products based on your browsing and purchase history
• Website Improvement: Analyze usage patterns to improve our website and services

3.2 Marketing Communications

• Send promotional emails about new products, sales, and special offers
• Display targeted advertisements on our website and partner sites
• Conduct customer satisfaction surveys and feedback requests
• Note: You can opt-out of marketing communications at any time

3.3 Legal and Business Purposes

• Comply with legal obligations and government requests
• Prevent fraud, security threats, and illegal activities
• Enforce our terms of service and protect our rights
• Business transfers (mergers, acquisitions, asset sales)

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted third parties who assist in our operations:

• Payment Processors: Secure payment processing (we don't store complete payment details)
• Shipping Partners: Courier services for order delivery
• Cloud Storage: Secure data hosting and backup services
• Analytics Providers: Website performance and user behavior analysis
• Marketing Partners: Email marketing and advertising platforms

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety, or that of our users
• Investigate fraud, security breaches, or policy violations
• Respond to emergency situations involving public safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, with continued protection under this Privacy Policy.

5. Data Security

5.1 Security Measures

• Encryption: All sensitive data is encrypted using industry-standard protocols
• Secure Servers: Data stored on secure, protected servers with regular security updates
• Access Control: Limited access to personal information on a need-to-know basis
• Regular Monitoring: Continuous monitoring for security threats and vulnerabilities
• Staff Training: Regular training on data protection and security best practices

5.2 Payment Security

• All payment transactions are processed through secure, PCI-compliant payment gateways
• We do not store complete credit card numbers or sensitive payment information
• Payment data is tokenized and encrypted during transmission

5.3 Data Breach Response

In the unlikely event of a data breach, we will:

• Immediately investigate and contain the breach
• Notify affected users within a reasonable timeframe
• Report to relevant authorities as required by Sri Lankan law
• Take steps to prevent future breaches

6. Your Rights and Choices

6.1 Account Access and Control

• Access: View and update your personal information through your account
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Data Export: Request a copy of your personal information

6.2 Communication Preferences

• Email Unsubscribe: Use the unsubscribe link in marketing emails
• SMS Opt-out: Reply "STOP" to promotional text messages
• Account Settings: Manage communication preferences in your account
• Customer Service: Contact us to update your preferences

6.3 Cookie Management

• Use our cookie consent banner to manage cookie preferences
• Adjust browser settings to block or delete cookies
• Note: Disabling essential cookies may affect website functionality

7. Data Retention

7.1 Retention Periods

• Account Information: Retained while your account is active
• Order History: Kept for 7 years for legal and tax compliance
• Payment Data: Tokenized data retained as required by payment processors
• Marketing Data: Retained until you opt-out or request deletion
• Website Logs: Typically retained for 12-24 months

7.2 Data Deletion

• When you close your account, we delete or anonymize your personal information
• Some information may be retained for legal compliance or legitimate business interests
• Backup copies may take up to 90 days to be completely removed

8. International Data Transfers

Your information may be transferred to and processed in countries other than Sri Lanka, including:

• Cloud storage providers with servers in different regions
• International payment processors
• Global analytics and marketing platforms

We ensure that such transfers comply with applicable data protection laws and that adequate safeguards are in place to protect your information.

9. Children's Privacy

• Our services are not intended for children under 13 years of age
• We do not knowingly collect personal information from children under 13
• If we discover we have collected information from a child under 13, we will delete it promptly
• Parents or guardians may contact us to request deletion of their child's information

10. Third-Party Websites and Services

• Our website may contain links to third-party websites and services
• We are not responsible for the privacy practices of these third parties
• We encourage you to review the privacy policies of any third-party sites you visit
• Social media plugins may collect information according to their own privacy policies

11. Legal Basis for Processing (GDPR Compliance)

We process your personal information based on the following legal grounds:

• Contract Performance: To fulfill our obligations under the sales contract
• Consent: Where you have given specific consent (e.g., marketing communications)
• Legitimate Interests: For business operations, fraud prevention, and website improvement
• Legal Compliance: To comply with applicable laws and regulations

12. Sri Lankan Data Protection Laws

We comply with relevant Sri Lankan legislation, including:

• Electronic Transactions Act No. 19 of 2006
• Computer Crimes Act No. 24 of 2007
• Evidence (Special Provisions) Act No. 14 of 1995
• Other applicable privacy and data protection regulations

13. Updates to This Privacy Policy

• We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements
• Updated policies will be posted on our website with a revised "Last Updated" date
• Significant changes will be communicated through email or website notices
• Your continued use of our services after updates constitutes acceptance of the revised policy

14. Data Protection Officer

For questions about our data practices or to exercise your privacy rights, you may contact our Data Protection Officer:

• Email: privacy@kadapela.lk
• Subject Line: "Privacy Inquiry" or "Data Protection Request"
• Response Time: We will respond to privacy requests within 30 days

16. Acknowledgment

By using Kadapela.lk, you acknowledge that you have read, understood, and consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.