Back to Home

Privacy Policy

Updated for 2026. This policy ensures your data is handled according to the Sri Lanka Personal Data Protection Act (PDPA) and global privacy standards.

Data Collection & Minimization

We collect only essential data (name, email, passport details) required for government permits (ETA) and hotel bookings. We adhere to the principle of data minimization under SL PDPA No. 9.

Lawful Basis for Processing

We process your data based on 'Contractual Necessity' to fulfill your tour and 'Legal Obligation' for tax and tourism authority reporting in Sri Lanka.

International Transfers

For international guests (EU/UK), we ensure cross-border data transfers comply with GDPR standards, using secure encryption for all transit data.

Retention Period

Personal records are retained for 7 years following your tour to comply with Sri Lankan financial auditing laws, after which they are securely deleted.

Data Subject Access Request (DSAR)

Under the PDPA, you have the right to access, rectify, or erase your data. Please email info@srilankajagathtours.com with the subject \"DSAR Request\" to exercise these rights.