privacy Policies

At Hayleys Travels – Spirit of Sri Lanka, your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you engage with us as an inbound traveller planning to explore Sri Lanka.
By interacting with our website or our team, you agree to the terms outlined in this policy

What We Collect

We collect the following types of personal information when you reach out to us or book travel services within Sri Lanka:

  • Full Name
  • Contact Number
  • Email Address
  • Country of Residence
  • Nationality
  • Travel dates and
  • preferences
  • Age of travellers
  • Special requirements (e.g, dietary, mobility)
  • Payment-related details (handled securely)
  • Any footage captured or recorded by our surveillance camera (CCTV) system
  • Any recordings of calls placed by you to our Customer Care Centres
  • Any other relevant information required to design your Sri Lankan experience

We may also collect non-personal data such as IP addresses, browser type, and site usage to improve your digital experience.

Why We Collect Your Information

We use your personal data to:

  • Respond to travel enquiries and send customised itineraries.
  • Arrange local accommodation, transport, and excursions within Sri Lanka.
  • Ensure smooth communication before and during your journey.
  • Provide assistance, support, and relevant recommendations.
  • Inform you about updates, improvements, and benefits related to our products and services.
  • Share our latest promotions, campaigns, and special offers (if you have opted in to receive such communications).
  • Send important service-related messages regarding your subscription or account.
  • Fulfill our legal, contractual, and regulatory responsibilities, and safeguard or enforce our corresponding rights.
  • Contact you via phone, SMS, email, digital channels, or social media with information about products and services offered by our group companies, affiliates, or selected third parties that may be of interest to you. (You can choose to unsubscribe at any time.)
  • Address any complaints, queries, or concerns related to your account.
  • Manage and process debt recovery efforts when necessary.
  • Confirm your identity when needed—for example, if you forget your password or security credentials—to ensure your data remains protected from unauthorized access.
  • Analyze your usage patterns to understand your preferences and improve our products and services accordingly.
  • Carry out any other purposes that are legitimate and necessary for our business operations.

Your information helps us deliver personalised, safe, and memorable travel in Sri Lanka.

Digital Marketing & CRM Tools

To enhance your experience and stay connected, we may use your data to:

  • Send you updates, deals, or inspiration related to Sri Lankan tourism
  • Show you targeted ads via Google Ads, Meta (Facebook & Instagram), and LinkedIn
  • Track engagement through analytics tools (e.g., Google Analytics, Meta Pixel)
  • Manage and personalise email communications via our CRM system, Brevo

Brevo stores your contact data securely and allows us to manage communications in compliance with data protection regulations. You may unsubscribe from marketing emails at any time.

Who We Share Your Data With

We only share your personal information with:

  • Trusted Sri Lankan hotels, guides, and experience providers.
  • Local transport services (e.g., car rentals, domestic flights, excursions.)
  • Payment processors, for secure transaction handling.
  • Brevo CRM, to manage and deliver our email marketing communications.
  • Companies within our group, including subsidiaries and affiliated entities.
  • Third parties, where disclosure is necessary or appropriate to protect our legal rights, ensure your safety, investigate fraudulent activity, or respond to lawful requests from authorities.
  • Our authorized service providers.
  • Government authorities, regulatory bodies, or tax agencies, where disclosure is required to meet legal or regulatory obligations or as otherwise allowed under applicable law.
  • Our marketing partners, where you have provided consent or not opted out, for promotional and advertising purposes.
  • Third-party entities for conducting credit assessments or fraud prevention checks.
  • Payment processing partners, including those verifying your personal or financial details as necessary.
  • External parties conducting analytics to understand your interaction with our products and services.
  • Third-party researchers supporting product and service development initiatives.
  • Our appointed agents, dealers, or representatives.
  • In the event of a business transaction such as a merger, acquisition, joint venture, restructuring, or sale of assets or shares (including situations like bankruptcy), we may disclose or transfer your personal data to relevant third parties (e.g, potential buyers or their advisors) where such disclosure is necessary for the transaction and is in our legitimate interest.
  • We take reasonable steps, consistent with industry best practices, to ensure that all recipients of your personal data maintain its confidentiality and integrity and do not use it for unauthorized purposes.
  • Additionally, some service providers may collect your personal data directly—for example, when you are redirected to their websites, mobile apps, or platforms while accessing our services.
  • We strongly recommend reviewing the privacy notices of such third-party providers, as we do not control, and are not responsible for, the content, privacy practices, or policies of any third-party service provider, to the fullest extent permitted by law.

All partners are bound by confidentiality agreements and use your data solely for the purpose of delivering your chosen services.
We never sell or misuse your data.

Data Protection & Security

Your data is stored securely with access limited to authorised personnel only. We use encryption, firewalls, and other security measures to safeguard your information from unauthorised access or misuse.

Data Retention

We retain your personal data:

HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

  • We will retain your personal data only for as long as such data is necessary for the purposes it was collected for. The retention period for personal data may also be affected by the requirements of applicable laws or a legitimate business requirement. In all cases such personal data may be held for a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose).
  • Once personal data surpasses its retention period and if there is no valid reason to retain such personal data, the personal data will be securely disposed of.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA? We may collect and store your personal data in electronic or physical form, depending on the requirement. Such personal data may be stored at our (and third party premises) within IT Systems (e.g. external cloud storage, internal or third-party management systems, e-mails, databases, hard drives etc.), and physical warehouses etc. We endeavour, where practicable, to process your personal data in a safe environment by preventing any unauthorized or unlawful processing of personal data or accidental disclosure, loss or destruction of, or damage to, such personal data. We have implemented various physical, technical and administrative security measures to protect your personal data and our network from unauthorized access. Some of these measures include:
  1. encryption of personal data;
  2. strict adherence to privacy and security practices;
  3. periodic security assessment and reviews to upgrade our practices; and
  4. restriction of access to such personal data to personnel who have a need to know such personal data.
The security of your personal data is important to us but remember that no method of transmission over the Internet, securing while processing, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Your Rights

You have the right to:

  • Access, correct, or update your personal information.
  • Request deletion of your data.
  • Withdraw consent for marketing communicationsAsk questions or raise concerns about how we use your information.

We are committed to protecting your privacy and ensuring the accuracy of your personal data. We take reasonable steps to keep your information current and correct. If you become aware of any inaccuracies in your personal data, please notify us in writing using the contact details provided below. We will make the necessary corrections within a reasonable time, subject to applicable laws and regulations.

Upon request, and where feasible, we will provide you with access to the personal data we hold about you within a reasonable timeframe and at a reasonable cost.

If you no longer wish to receive communications from us, you may opt out at any time by contacting us through the methods listed below. Please note that this opt-out does not apply to essential service or product-related messages, which you may continue to receive unless you cancel the relevant subscription.

Consequences of Not Providing Your Personal Data
In certain circumstances, we may require specific personal data from you. If you choose not to provide such information, the following consequences may apply:

  • We may be unable to process your application or provide the requested products and/or services.
  • We may not be able to respond to your queries or service requests.
  • Your access to certain features on our website, apps, or digital platforms may be restricted.
  • You may not receive updates on promotions, services, products, or upcoming launches.
  • You may miss out on invitations to promotional events or campaigns.
  • Our ability to effectively communicate with you may be impacted.
  • We may be unable to enter into or continue contracts with you or third parties.
  • It may result in non-compliance with applicable laws or regulations that require the collection of such personal data.

By Submitting Your Personal Data to Us, You Confirm That:

  • You have read, understood, and agreed to the terms of this Privacy Notice, including the collection, use, processing, disclosure, and transfer of your personal data as described.
  • The information you provide is true, complete, and accurate to the best of your knowledge, and you have not intentionally withheld any relevant details.

Reach us at:
info@hayleystravels.com

Cookies and Tracking

We use cookies and tracking tools to:

  • Improve site functionality
  • Understand how users interact with our website
  • Enable remarketing to showcase Sri Lankan travel offers to interested users

You can control cookie preferences via your browser or opt out of ad tracking through tools like Google Ad Settings or Facebook Ad Preferences.

Updates to the Privacy Notice

We may revise, amend, or update this Privacy Notice at our sole discretion. The latest version will supersede all previous versions and will include an updated version number and effective date. While we are not obligated to notify you of such changes individually, we encourage you to review this Privacy Notice periodically to remain informed of any updates. By continuing to use our services after changes are made, you are deemed to have accepted the updated terms.

Contact Us

Have questions about your privacy or how your data is handled?

Contact us at:
info@hayleystravels.com
www.srilankawithhayleys.com

Hayleys Travels Pvt Ltd,  No.400, Deans Road, Colobmo 10, Sri Lanka
+94 11223344 | info@hayleystravels.com
Facebook Youtube Instagram Linkedin