At Sri Holidays Asia, we are committed to protecting and respecting your privacy.
The policies explains when and why we collect personal information about people and companies who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Please read the following carefully to understand our views and practices regarding your personal data and how it is obtained, processed, shared, and stored.
Our main admin contact details are as follows: Sri Holidays, 203, K.C.De Silvapura , Baseline Road, Thibirigaskatuwa, Negombo - Sri Lanka.
1.4.2 Telephone number: +94 (0) 94 31 222 4747.
1.5 Our Data Protection Officer is Don Sanuja Virajini, whose contact details are as follows:
1.5.1 Telephone number: +94(0) 31 222 4747.
2. Information we collect from you
2.1.1 filling in forms or making a general enquiry via our website;
2.1.2 registering your interest in partnering with us;
2.1.3 providing information in the course of negotiating and/or entering into contractual agreements with us; and
2.1.4 corresponding with us by phone, email or otherwise. Information we collect about you
2.2 The information we collect when you engage with us for any of the purposes described above may include, for example:
2.2.1 your name, email address and phone number;
2.2.2 your marketing preferences;
2.2.3 the Internet Protocol (IP) address attached to your device;
2.2.4 your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and certain device information; and
2.2.5 information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our website (including date and time), services you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
3. Uses made of the information
3.1 We use information held about you in the following ways.
3.1.1 for internal record keeping and account creation;
3.1.2 in order to enter into contractual agreements with you in relation to hotel services;
3.1.3 to carry out our obligations arising from any contracts entered into between you and us, including, but not limited to, the processing and administration of bookings;
3.1.4 to provide you with the services that you request from us;
3.1.5 to contact you in the course of providing services to you in your capacity as a travel agent, hotel operator or technology platform provider, as applicable;
3.1.6 for insight purposes (e.g. to analyse market trends and demographics, and develop the service which we offer to you or other individuals in the future); and
3.1.7 to send promotional emails about other services we offer which are similar to those that we already provide to you or that you have enquired about; (with your consent).
4. Our legal grounds for processing your information
4.1.1 it is necessary for us to do so for the performance of a contract or for the purpose of taking steps to enter into a contract with you; or
4.1.2 if it is our legitimate business interests to do so (for example for internal record keeping, insight or marketing purposes, as detailed above); or
4.2 For any other processing of your personal data, we will only do so in accordance with data protection laws.
5. Sharing your information
5.2 The personal data you provide to us may be shared with and processed by:
5.2.1 regulators or other third parties for the purposes of monitoring and/or enforcing any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
5.2.2 any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
5.2.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
5.2.4 external hosting providers in order for the administration of our website (or any other online platform operated by us);
5.2.5 our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
5.2.6 third parties where you have a relationship with that third party and you have consented to us sending information (for example social media sites or other third party application providers);
5.2.7 third parties for marketing purposes (with your consent); and
5.2.8 another organisation to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets.
6. How long will we keep your information for?
6.1 Unless we are required or permitted by law to hold on to your information for a specific retention period, we may retain your information for the following purposes and periods:
6.1.1 if we are holding data for the performance of a contract with you, we will store information on our systems for a period of seven years following completion of a trip by the hotel guest/traveller (or upon termination of our contract with you, if later); and
6.1.2 if we are holding information for our legitimate business interests (as outlined above), we will delete your information if it is no longer necessary for us to retain it, e.g. if our business focus moves to a different market sector.
6.2 Where we no longer need your personal information, we will dispose of it in a secure manner.
7.1 We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:
7.1.1 we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and
7.1.2 we frequently carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud.
7.2 However, while we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted to any website or other online platform operated by us via an internet or similar connection.
7.3 The registration process via any website or other online platform operated by us may include the creation of a username, password and/or other identification information. All such details should be kept confidential by you and should not be disclosed to or shared with anyone. In order to protect your account, please choose a strong password (which should include a mixture of letters and numbers) and ensure that it is kept safe. If you disclose details of your username or password information, you will be responsible for all activities undertaken on the platform where they are used.
7.4 All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
8. Your rights to your personal data
8.1 You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing.
8.1.1 you will have the following rights:
18.104.22.168 right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs);
22.214.171.124 right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
8.1.2 in certain circumstances, you will also have the following rights:
126.96.36.199 right to erasure/”right to be forgotten”: the right to withdraw your consent to our processing of the data (if the processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);
188.8.131.52 right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
184.108.40.206 right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and
220.127.116.11 right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
1.1 We are committed to safeguarding the privacy of personal data that we either collect or process, be it through direct communication, through our website, or via our B2B Travel Agents. Sri Holidays Asia is committed to upholding the principles of the GDPR and all personal data will be held in accordance with the regulation.
1.2 Our registered head office office address is Sri Holidays, 203, K.C.De Silvapura , Baseline Road, Thibirigaskatuwa, Negombo - Sri Lanka
1.3 Contact with Sri Holidays can be made at the following:
1.3.1 Phone Number +94 (0) 94 31 222 4747
1.3.2 For Email please use our contact form
2. Data Provided Via Contractual Client Relationships
2.1 In all our contractual client dealings, it is explicitly stated that it is the responsibility of the client (our B2B Travel Agents) to seek authorisation for Sri Holidays Asia to use personal data to fulfil its obligation in respect of providing the service requested. Unless otherwise instructed, Sri Holidays Asia will assume this permission has been sought and given when a booking is received.
2.2 Sri Holidays Asia will only ever transfer minimal customer information to any location in accordance with the GDPR lawful basis for processing. Furthermore, Sri Holidays Asia warrants to the customer that it shall:
2.2.1 Only process personal data in accordance with the B2B Agents instructions, and to fulfil our obligation in respect of facilitating a booking request, making no further use of the personal data without express permission.
2.2.2 Take appropriate technical and organisational measures against unauthorised or unlawful processing of, against accidental loss or destruction of, or damage to, personal data as necessary to enable it to process the personal data in compliance with the regulation.
2.3 Furthermore, Sri Holidays Asia agrees that it shall not engage any third party to process personal data on its behalf unless the B2B Agent has obtained consent from the customer, and:
2.3.1 The third party selected has provided sufficient guarantees to Sri Holidays Asia in respect of the technical and organisational measures governing the processing to be carried out, and
2.3.2 The third party has entered into a written contract with Sri Holidays Asia which imposes on the third party that they shall not transfer personal data outside of the EEA without the customers’ prior written consent being given to the B2B Agent who is engaged with the customer and who collects the personal data.
2.4 Sri Holidays Asia will take all reasonable steps in accordance with all relevant legal responsibilities to ensure the reliability of its employees who have access to personal data of customers. If Sri Holidays Asia receives a complaint, notice, request (including Subject Access Requests) or communication which relates directly or indirectly to the processing of personal data, or to Sri Holidays Asia ’s compliance with the GDPR, we commit to act within the specified timescales set out in the regulation and take the necessary steps in assisting with the request.
3. Information we hold
3.1 Sri Holidays Asia shall maintain a record of all categories of processing activities carried out including data we hold to conduct our business, and also the data of our employees. The record of processing activities contains:
3.1.1 The purpose of the processing,
3.1.2 A description of the categories of data subjects and the categories of personal data processed,
3.1.3 The categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations,
3.1.4 Where possible, the envisaged time limits for erasure of the different categories of data
3.1.5 Where possible, a general description of the technical and organisational security measures
3.1.6 The name and contact details of third party processors acting on behalf of Sri Holidays Asia
4. Information we collect
4.1 Sri Holidays Asia may collect, receive, store and use the following kinds of personal data:
4.1.1 Customer information provided to us, by B2B Agents, for Sri Holidays Asia to fulfil a booking request.
4.1.2 Any other information sent to Sri Holidays Asia , by B2B Agents, that may be pertinent to the fulfilment of a booking request. This information may extend for instance to the names of family members, a photocopy of a passport, child ages/dates of birth, or details of disabilities.
5.1 In addition to the disclosures outlined in this Privacy Notice, Sri Holidays Asia may disclose personal data:
5.1.1 To the extent that we are required to do so by law
5.1.2 In connection with any legal proceedings or prospective legal proceedings
5.1.3 To establish, exercise or defend our legal rights, including providing information to others for the purposes of fraud prevention.
6. Individual Rights
6.1 The Right to be informed
6.1.2 Regarding personal data given to Sri Holidays Asia by its B2B Travel Agents, information about the processing of this data is provided in the terms of our contracts with the B2B Agents. It is the responsibility of the B2B Agent to inform the customer about any extended processing arrangements in the booking activity.
6.2 The right of access, rectification, erasure, restriction of processing and portability of your data
6.2.1 The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the processing. In terms of core business activity, Sri Holidays Asia is a Data Processor, processing the personal data of customers in order to provide a service. The customer personal data however is controlled by the B2B Agent.
6.2.2 Sri Holidays Asia commits to responding to B2B Agents should a request for access to, rectification of, erasure of, restriction of processing or data portability be made. For details on how to make such a request, please see section ‘Data Subject Requests’ below.
6.2.3 If a customer has provided consent to the B2B Agent for the processing of their data, they have the right (in certain circumstances) to withdraw that consent at any time. This will not affect the lawfulness of the processing before consent was withdrawn. Sri Holidays Asia will endeavour to act upon any request made by a B2B Agent to cease the processing of a customer’s data, in the event one is made.
6.2.4 You have the right to lodge a complaint to the ICO if you believe we have not complied with the requirements of the GDPR with regard to your personal data. Please visit the ICO’s website for instructions on how to do this.
7. Subject Access Requests
7.1 Sri Holidays Asia commits to responding to Subject Access Requests within 1 calendar month as specified in the GDPR. When making a Subject Access Request, the following steps must be followed:
7.1.1 The request must be made in writing
7.1.2 The requester must supply information to prove who they are (to eliminate risk of unauthorised disclosure)
7.1.3 The requester must supply appropriate information to help Sri Holidays Asia to locate the information they require.
7.2 Upon receipt of a request, Sri Holidays Asia will provide:
7.2.1 Information on whether or not the personal data is processed
7.2.2 A description of the data, purposes and recipients
7.2.3 A copy of the data
7.3 Written Data Subject Requests can be sent by registered mail or Online