01273 306049 Visit Sri Lanka Tours, The service like no other 034 2291530
VSLT is committed to protecting and respecting your privacy when you use our services.
What personal data we collect from you when you use our website,
Information we may collect from you
We may collect and process information about you when you: buy our produce or service
We collect information such as your contact details, name, telephone, and email address, you postal address, payment and refund details. We may require additional details for some services,
How we use your information
We will only use the information you provide as permitted by Data Protection Law. This depends on how you contact us, use our services, the consent you have given, our legitimate interests, or legal obligations we may have.
Our Legitimate Interests
Running our business in a safe and responsibly manner
We may use information held about you in the following ways:
To provide you with the service and products we offer on our website
To provide you with details of our services and information about travelling in Sri Lanka.
To run our services and improve them.
To comply with our legal obligations to customers, as well as legal obligations
For your safety and security.
For fraud and crime prevention.
To enhance your experience of our website,
Sharing or disclosing your information
We will only share or disclose your information as set out in this Policy or in accordance with Data Protection Law and will obtain your consent where we are required to do so.
We will collect your information when you visit, Our Website and made any purchases
This section shows the information we collect when you use our website. Before providing us with your details, please read the following important information regarding:
We will only use the information that we collect about you lawfully, in accordance with the Data Protection Law.
The details you provide about yourself and any other information which identifies you (‘Personal Information’) is held by us on this website (the "Site") for operational purposes only
When you register with us to buy a ticket, book taxi or tour packages or any other product or services we provide.
We may use information that you provide to alert you to our own products and services. We may contact you regarding site changes or changes to the products or services that you use.
If you buy a ticket online with us, we will record your personal details and send you a confirmation email. Your personal data will be used principally to communicate with you with reference to your request.
We encrypt your financial information using SSL (Secure Sockets Layer) technology so that no one else can access your credit card details as they travel through the Internet. SSL is certified by Verisign and is recognised as a secure way to pay on-line. As you may be aware, no data transmission over the Internet can be entirely secure. We will always use reasonable endeavours to protect the personal information you provide to us but we cannot guarantee the security of your information and the use of our facilities (e.g. email) is at your own risk. If you have any questions about paying for your ticket through the Site, please contact us.
Customer Relations Data
We collect your information and comments when you contact us by letter, email, web form or phone or social media.
Personal details we hold
We may hold your name, address, email address, phone number, social media name, ticket details, our correspondence with you, the compensation claims you have made and payment made by us, proof of journey or other supporting information you may provide.
To ensure that we carry have an accurate record of dealings between us (and for training purposes) we may, in certain circumstances, record or monitor telephone calls, however you will always be told when this happens. How we use your personal data
We may also share information with other Train Operating Companies in Sri Lanka for the purpose of fraud prevention. We will only do this where there is a formal data sharing agreement is in place, or where an ad hoc request is received this will be dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with Data Protection Law.
Where we store your Personal Information
The information that we collect from you will only be stored in the European Economic Area.
We use a range of technical and organisational measures to safeguard access to and use of, your personal information and to ensure it retains its integrity and availability. These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training.
Ask for a copy of your personal data
You are entitled to request a copy of the personal information we hold about you.
Please contact us
We may need to ask for some further information, such as checking who you are. To help us deal with your request more efficiently.
Please let us know if you want to receive the information electronically.
We aim to get the information to you without undue delay and within 30 days. If we have any trouble with this timeframe we will let you know within 30 days and explain what the problem is. Sometimes we may hold information that we don’t have to provide, for example it would prejudice a police investigation or contains someone else’s personal data.
In most cases we provide the copy of your data to you for free. We have set out some information about when it might not be free, or provided below.
Deletion – right to be forgotten
You can request deletion or removal of personal information in some circumstances, such as when there is no compelling reason for its continued processing.
We will provide a response to you without undue delay and within 30 days, confirming whether/what personal data we have deleted and/or explaining why we don’t agree that some data does not need to be deleted.
You also have a right to request that no further processing takes place in relation to some grounds of processing, such as for direct marketing. We will respond to your request without undue delay and within 30 days, confirming the action we will or won’t take.
Where you have provided us with personal data and the reasons we are processing it are based on consent or our contract with you, and the processing is automated, you have a right to ask for that information be provided to you or another data controller in a structured, commonly used and machine-readable format. The right may be restricted if it is not practical for us to provide the information in this way or it adversely the rights of others.
If we are able to provide your personal data in this way, we will do so in 30 days or we will let you know within 30 days if we require more time or there are any issues with carrying out the request.
If you are not happy with the way in which we deal with your data or have dealt with a rights request, then please let us know. Our Data Protection Manager is the first point of contact for dealing with Rights Requests and complaints, and they are assisted by Customer Relations. If you are not satisfied with the way in which they have handled your complaint or rights request then
If you are not satisfied with their response you can complain to the ICO. Its contact details are:
Information Commissioner's Office
How long we keep your personal data for
We have policies and procedures in place to make sure we do not keep your personal data any longer than required to meet our legal and other obligations.
We generally retain personal data for around 1- 3 months after the legal limitation periods in which claims can be brought or industry recommended periods. We also retain information if we are under a legal or regulatory requirement to do so.