Privacy Policy

1. Overview & Sri Lankan PDPA Compliance

At TokoMart.lk, we value your privacy and are committed to protecting your personal information. This Privacy Policy details how we collect, process, use, and store your personal data when you visit our website, place orders, register accounts, or communicate with us.

Our data practices are strictly structured to comply with the Sri Lankan Personal Data Protection Act, No. 9 of 2022 (PDPA). Under the PDPA, we serve as the "data controller" for the personal information you submit to us.

2. Personal Information We Collect

We collect personal information necessary to process transactions, manage accounts, and enhance your user experience, including:

• Identity & Account Details: Name, username, email address, password hashes, and profiles.
• Transaction & Shipping Information: Recipient name, billing address, delivery shipping address, telephone number, and order items.
• Payment Logs: While direct payment gateway integrations are marked as "Coming Soon", we collect bank transfer receipts and details submitted to confirm transactions.
• Communication Logs: Inquiry details, form submissions, and messages exchanged with our customer support or AI Chatbot.

3. Purpose of Processing Data

In accordance with the PDPA guidelines, we only process personal information for explicit, defined purposes:

• Processing, packing, and delivering your handcrafted flower orders.
• Sending security codes (OTP) and transaction confirmations (invoice receipts).
• Responding to design customization and commission requests.
• Improving site speed, usability, and visual presentation.
• Securing administrative databases and auditing security logs.

4. Data Storage & Security Measures

All user records, orders, and addresses are securely stored in our encrypted database. We have disabled fallback development files in production, enforcing PostgreSQL database connectivity and robust firewalls to prevent data leaks.

We do not share, sell, or rent your personal information with third-party marketers. Shipping information is shared only with our trusted courier delivery teams solely for logistics dispatch.

5. Your Rights Under the PDPA

Under the Sri Lankan Personal Data Protection Act of 2022, you hold the following rights regarding your data:

• Right of Access: Request a copy of all personal information we store about you.
• Right to Rectification: Request corrections to any inaccurate or incomplete details.
• Right to Erasure (Withdrawal of Consent): Request that we delete your account and personal details, subject to legal record-keeping requirements for tax audits.
• Right to Object to Processing: Prevent the use of your information for marketing.

To exercise these rights, please email our Data Protection officer at info@tokomart.lk.