Types of Personal Data We Collect
Information you provide to us: we collect personal data you provide directly to us. This includes:
- your full name and contact information (such as mobile number, address, email address) and date of birth;
- transaction history such as goods and/or services purchased and rewards used;
- your credit card, mobile payment and other payment details;
- your Rewards Programme membership information, account details, profile or password details;
- your reviews, feedback and opinions about the Rewards Programme, goods and services;
- any other personal data you choose to provide to us.
Information We Collect Automatically When You Use the Sitewhen you access or use the Site, we automatically collect personal data about you, including:
- Log Information: we may collect system log information about your use of the Site, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Site.
- Device Information: we may collect information about the computer or mobile device you use to access our Site, including the hardware model, operating system and version, unique device identifiers (such as, IP address, IMEI number, the address of the device’s wireless network interface, or mobile phone number used by the device) and mobile network information.
- Location Information: we may collect information about the location of your device each time you access or use one of our mobile applications or otherwise consent to the collection of this information. You can turn off location services for a device at any time, but this may turn off some useful features.
- Information Collected by Cookies and Other Tracking Technologies: we and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Application and your experience, see which areas and features of our Application are popular and count visits. Web beacons are electronic images that may be used in our services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see our Cookies Policy.
How We Collect, Use and Disclose Your Personal Data
We may collect, use and disclose your personal data for the purposes set out below.
For the performance of our agreement with you, in order to:
- provide privileges, benefits and services to you, process applications for and administer the Rewards Programme membership, verify and validate your ability to access and use certain products and/or services and administer award points and rewards redemption;
- conduct market analysis, market research, customer satisfaction and quality assurance surveys to improve our goods and services; and
To comply with legal obligations to which we are subject:
- meet legal and regulatory requirements and administer general record keeping;
- preventing, detecting and investigating crime and analyzing and managing commercial risks; and
- conducting investigations.
Use of information based on your consent:
- facilitate direct marketing, promotional and customer management purposes, including sending you promotional communications (including without limitation emails and push notifications) or special offers if you have consented to receive the same. Please see section “Direct Marketing” below;
- for any other purposes for which we have your consent.
In order to register the Rewards Programme via our mobile application, make an online purchase, or if you make an enquiry, you must provide us with certain mandatory personal data such as full name, date of birth, email address and mobile number, otherwise we may not be able to process your registration or comply with our legal obligations.
Disclosures of Your Personal Data
We will keep your personal data confidential but we may share your personal data to the following entities and parties for the purposes listed above (where applicable):
- between and among the Company and a limited number of our affiliates as are relevant for the above purposes and to facilitate the operation of our business or to provide goods and services requested by you, but we shall only do so on a need to know basis;
- with third-party payment processors, payment service providers, external banks, credit card companies, IT and marketing support service providers and other consultants, vendors and service providers, within or outside Sri Lanka, who need access to such information to carry out work or provide services on our behalf or who help us to provide the Site to you;
- with any law enforcement, courts, Government or regulatory bodies (in whatever jurisdiction), or otherwise in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, court order or legal process;
- if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of the Company, our affiliates or others;
- with your employer(s) in case you are a tenant of one of the Participating Retailers in the One Galle Face Mall;
- With credit reporting agencies in connection with us providing credit to you or recovering from you amounts that you owe under any contract you have with us;
- With any business partner, investor, assignee, or transferee (actual or prospective) in connection with, or during negotiations of, or to facilitate any business asset transactions (which may extend to any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company, or any change of management of our Mall);
- with our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
- with any other party at your consent or at your direction or whom you authorise us to disclose your personal data to; and
- otherwise as permitted or required by applicable laws and regulations.
We may also disclose aggregate or de-identified data that is not personally identifiable with third parties, including our commercial and strategic partners.
Overseas Transfers of Your Personal Data
Your personal data will be transferred to, and stored at, Sri Lanka and India. It will also be accessed and processed by our personnel and the personnel of our partners, affiliates and third party service providers who operates within Sri Lanka or outside Sri Lanka. Your personal data will only be transferred to locations outside of Sri Lanka where we are satisfied that adequate or comparable levels of protection are in place to protect personal data held in that jurisdiction, and (where we are required to do so) with your consent.
From time to time, we would like to use your name, email address, mobile phone number, and other relevant contact information to send you either via emails, SMS messages or push notifications, information that we think may be of interest to you, including about our products and services, news about our Rewards Programme membership (if you become a member of the Rewards Programme), satisfaction surveys, events, offers and promotions, but we can only do so with your consent.
We would also like to share (for gain) such data with the Participating Retailers you visit and with selected third party entities, so that they may send you information, news updates, special events, offers and promotions as regards their products and services, including technology, fashion, food and beverage, kids, luxury, sports and fitness, music, arts and culture, but we will not use your personal data for direct marketing without your consent.
You may opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in the marketing communications or contacting us in accordance with the section “Your Rights and Contact Us” below. If you opt out of these communications, we may still send you non-promotional communications, such as those about the Rewards Programme members’ communications, unless we are prohibited from doing so by law.
Retention of Personal Data
Our Commitment to Data Security
We have in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws.
We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
Children and Minors
Our Site is not directed at minors under the age of 18. If you are a minor under the age of 18, you may only use our Site and services with the permission of your parent or guardian. If you believe we have collected information about a minor under the age of 18, please contact us so that we may take appropriate steps.
Third Party Sites
Your Rights and Contact Us
You may be entitled to access, rectify, erase, limit the use or transfer the personal data we hold of you. Whenever reasonably possible and required, we will strive to grant these rights within one (1) month or within a reasonable time. You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time. You may in certain circumstances ask us to delete your personal data, in which case, to the extent permissible by law, we will take reasonable steps to delete or re-identify your personal data. Please note that we may not be able to continue providing services to you if you entirely withdraw your consent or ask us to delete your personal data entirely, and this may also result in the termination of any agreements with us.
If you would like us to update the data we maintain about you and your preferences, if you wish to withdraw your consent to receiving direct marketing communications from us, or if you have any questions or complaints about how we handle your personal data, please contact us by email at firstname.lastname@example.org.
Last Updated: 8 October 2019