Privacy Policy

Privacy Policy

Effective Date:  01-10-2024
Last updated: 10-01-2025

1. Introduction

Welcome to BioBeauty Lanka (we/us/our). Protecting your personal information is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website https://biobeautylanka.lk/ (the “Website”) or purchase products from us.
We are committed to processing your information in accordance with applicable data protection laws in Sri Lanka, including the Personal Data Protection Act No. 9 of 2022 (“PDPA”). Wikipedia

2. What information we collect

We may collect the following types of personal data:

• Identity & contact data: such as your name, email address, billing/shipping address, phone number, username and password (if you create an account).

• Transactional data: details about purchases you make on our Website, the products you order, and payment information (we may not store full payment card details ourselves; payment may be processed by a third-party payment gateway).

• Technical/usage data: IP address, browser type, operating system, referral website, pages visited, time and date of access, device identifiers, cookies and similar tracking technologies.

• Marketing and communications data: your preferences for receiving marketing from us and your communication preferences.

• Optional sensitive data: where applicable (for example, if you voluntarily provide product or health-related information in a review or form).
  We collect the above via direct interactions (when you place an order, register an account, subscribe to a newsletter, contact us), automated technologies (cookies, analytics tools) and from third parties (for example, marketing or analytics providers).

3. How we use your information

We will only use your personal data where we have a lawful basis to do so (for example: processing your order, our legitimate business interests, or your consent). Examples of how we use your data include:

• To process and fulfill your orders, manage your account, communicate about shipping, returns, and any other customer service matters.

• To improve our Website, product offerings, usability, user experience, and to provide custom content.

• To send you marketing communications (only if you have opted in) and promotions about our products, special offers, events— you may unsubscribe at any time.

• To comply with legal obligations (tax, auditing, fraud prevention) and to protect our rights, property or safety of our users.

• To detect and prevent fraud and misuse of the Website.

4. Disclosure of your information

We may share your personal data with the following categories of recipients:

• Service providers: third-party vendors who perform services on our behalf (e.g., payment processors, shipping/courier companies, email providers, analytics services).

• Affiliates and business partners: if we merge with or are acquired by another company, or collaborate with partners for joint promotions.

• Legal and regulatory bodies: where required by applicable law, regulation, legal process or to respond to lawful requests.
  We require all third-party service providers to treat your data securely and in accordance with applicable laws.

5. International transfers

Some of the service providers we use may be located outside Sri Lanka (or may transfer data to countries outside Sri Lanka). In those cases we will ensure that suitable safeguards (such as standard contractual clauses or equivalent) are in place to protect your personal data.

6. Retention of your data

We will retain your personal data only as long as necessary for the purposes set out in this policy (such as fulfilling orders, legal compliance, resolving disputes). After that we will securely delete or anonymize your data.

7. Cookies and tracking technologies

We use cookies and similar tracking technologies to collect technical/usage data, help us understand how users interact with our Website, improve functionality, and personalise content and marketing.
You can manage or disable cookies in your browser settings (though this may impact website functionality). More details of our cookies and how we use them are set out in our [Cookies Policy] (link if applicable).

8. Your rights under the PDPA

Under the PDPA of Sri Lanka, you have certain rights in respect of your personal data, subject to applicable conditions. These rights may include:

• The right to access the personal data we hold about you. Mondaq+2devote.se+2

• The right to request correction or updates if your personal data is inaccurate or incomplete. Mondaq+1

• The right to request erasure of your personal data where it is no longer required for the purpose it was collected, or you withdraw consent (subject to legal retention obligations). Mondaq+1

• The right to object to certain processing of your personal data. Mondaq

• The right to withdraw consent at any time (to the extent our processing is based on consent).
  If you would like to exercise any of these rights, please contact us using the contact details below. We may ask for proof of identity before fulfilling your request.

9. Data security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration or destruction. While we make reasonable efforts to protect your data, no system is completely secure and we cannot guarantee absolute security.

10. Children’s privacy

Our Website is intended for use by adults. We do not knowingly collect personal data from children under 16 years of age. If we become aware that someone under this age has provided personal data, we will take steps to delete such data.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (for example to reflect changes in our business, legal requirements or how we use data). We will post the updated policy on the Website with the “Last updated” date. We encourage you to review this page periodically.

12. Contact us

If you have any questions or concerns about this Privacy Policy or our personal data practices, please contact us:
Email: [email protected]
Phone: 0705171646
Address: No 297/3 Kanduboda, Delgoda, Srilanka

By using our Website or submitting your information to us, you acknowledge that you have read and understood this policy and consent to our collection, use and disclosure of your personal data as described above.