Privacy Policy
Villa 20 Fort is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data in compliance with Sri Lanka’s Personal Data Protection Act No. 9 of 2022 (PDPA) and applicable laws.
Personal Data We Collect
- Contact details (name, email, phone, address)
- Booking information (dates, number of guests, special requests)
- Payment details (processed securely via third-party providers; we do not store full card numbers)
- Identification (passport/ID copy if required for check-in or legal reasons)
- Preferences/communications (e.g., dietary needs, messages)
- Technical data (IP address, browser type, device info, website usage via cookies/analytics)
How We Collect Data
- Directly from you (booking form, emails, phone inquiries, check-in)
- Automatically (website cookies, analytics tools like Google Analytics)
- From third parties (e.g., payment gateways, travel agents if applicable)
Purpose & Legal Basis for Processing
We process data to:
- Manage bookings, confirmations, and your stay
- Provide personalized services (e.g., breakfast preferences)
- Communicate (reservations, updates, feedback)
- Process payments and comply with legal/tax obligations
- Improve our website/services
- Send marketing (only with consent)
Legal bases: Contract performance, legitimate interests (e.g., security, fraud prevention), consent (e.g., marketing), legal obligations.
Sharing Your Data
We share data only when necessary:
- With service providers (payment processors, cleaners, maintenance – bound by confidentiality)
- Legal authorities (if required by law)
- In case of business transfer (with notice)
We do not sell your data.
Data Retention
We keep data only as long as necessary:
- Booking data: 6 years after stay (legal/tax reasons)
- Marketing consent: Until you unsubscribe
- Inquiries: 12 months unless needed longer
Your Rights (Under PDPA)
You have the right to:
- Access, correct, or delete your data
- Withdraw consent
- Restrict processing
- Lodge a complaint with the Data Protection Authority of Sri Lanka
Security
We use reasonable technical and organizational measures (encryption, access controls) to protect data. However, no transmission is 100% secure.
International Transfers
Data may be transferred outside Sri Lanka (e.g., cloud services). We ensure adequate safeguards.
Cookies & Analytics
Our website uses cookies for functionality and analytics. See our Cookie Policy [link if you have one] for details.
Changes to This Policy
We may update this policy. Changes will be posted here with the updated date.