Privacy Policy
Effective: 11 May 2026
Nilmani Ceylon Tours is committed to protecting your personal data in line with the General Data Protection Regulation (GDPR), Sri Lanka's Personal Data Protection Act (PDPA), and other applicable privacy laws.
Who We Are
Nilmani Ceylon Tours is a private tour operator based in Seeduwa, Sri Lanka, operated by Roshan Jayasuriya. We provide personalised private tours and driver-guide services throughout Sri Lanka.
Contact: nilmaniceylontours@gmail.com
Information We Collect
Because we arrange personalised tours for international travellers, we may collect the following categories of personal data:
| Data Type | Examples | Why We Collect It |
|---|---|---|
| Contact details | Full name, email, phone, nationality | To communicate and confirm bookings |
| Travel details | Dates, destinations, group size, preferences | To plan and customise your tour |
| Identity details | Passport number, copy of passport | Required by hotels, authorities, or for emergency use |
| Health & emergency | Dietary needs, allergies, medical conditions, emergency contact | To ensure safety and proper arrangements during tours |
| Payment details | Billing name, transaction ID from PayPal | To verify payment via our third-party processor |
| Website data | IP address, browser type, cookies via Google Analytics & Meta Pixel | To analyse traffic and improve marketing |
| Communication | Messages, reviews, feedback | To provide support and improve services |
You provide sensitive data such as passport details and health information voluntarily and only when necessary for your trip.
How We Use Your Information
We use your personal data to:
- Arrange tours with licensed guides, hotels, and transport providers
- Share necessary details with partners to fulfil your itinerary
- Redirect you to PayPal to complete secure payments
- Send booking information, travel updates, and safety instructions
- Send newsletters and promotions if you opt in — unsubscribe anytime via the link in our emails
- Run Google Analytics and Meta Pixel to measure site performance and ad effectiveness
- Comply with Sri Lankan tax, tourism, and legal obligations
What your data is used for
- Providing a quote
- Discussing travel arrangements
- Sending you the requested information
- Sending e-marketing or relevant information (with consent)
- Booking your tour
- Asking for feedback on our services
- Notifying you of any changes or amendments to your booking
- Notifying you in case of emergencies
- Providing a seamless service and up-to-date information
- Keeping you updated on new products and services from Nilmani Ceylon Tours
We never sell or rent your data to third parties.
International Data Transfers
Your data is primarily stored in Sri Lanka but may be transferred to PayPal, Google, Meta, or other service providers in the US, EU, or other countries.
We use GDPR-compliant contracts (Standard Contractual Clauses) and other appropriate safeguards for these international transfers.
Legal Basis for Processing
Under GDPR and PDPA, we process your data on the following legal bases:
- Contract: To deliver the tour you booked
- Legal obligation: Sri Lankan tax and tourism regulations
- Consent: For marketing emails and non-essential cookies
- Legitimate interest: Website security, analytics, and fraud prevention
Data Retention
- Booking and passport info: 7 years for legal and tax purposes
- Health and emergency info: Deleted within 30 days after tour completion unless you request otherwise
- Marketing data: Until you unsubscribe
- Analytics data: 26 months, then anonymised
Your Rights
Under GDPR, PDPA, and similar laws, you have the following rights regarding your personal data:
- Access
- Request a copy of all personal data we hold about you.
- Correct
- Ask us to fix inaccurate or incomplete data.
- Delete
- Request erasure of your data where no legal obligation to retain it exists.
- Object
- Object to processing based on legitimate interests.
- Portability
- Receive your data in a machine-readable format.
- Withdraw consent
- Withdraw consent for marketing or non-essential cookies at any time.
To exercise any right, contact us at nilmaniceylontours@gmail.com. We respond within 30 days.
Data Security
We use SSL encryption, access controls, and secure storage to protect your data. PayPal handles all card transactions directly — we do not store full card numbers on our systems.
Sensitive fields (phone numbers, passport details) are encrypted at rest using AES-256-GCM. Our servers are protected by firewalls and automated security patches.
No system is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet.
Children's Privacy
We do not knowingly collect personal data from children under 16 without verifiable parental consent. Tours that include minors must be booked by a parent or legal guardian.
If you believe we have inadvertently collected data from a child under 16, please contact us immediately at nilmaniceylontours@gmail.com and we will delete it promptly.
Updates & Contact
We may update this policy as laws or services change. When we do, we will post the new version on this page with a revised effective date. Continued use of our site after changes constitutes acceptance.
For privacy queries, data access requests, or complaints:
Get in touch
Nilmani Ceylon Tours · Seeduwa, Sri Lanka
nilmaniceylontours@gmail.comIf you are in the EU/UK and believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority.