Privacy Policy
Last updated: May 2025
Ceylon Curry Pot (“we”, “us”, “our”) operates the website ceyloncurrypot.lk and processes online food orders. This Privacy Policy explains what personal information we collect when you use our site or place an order, how we use it, and your rights under Sri Lanka’s Personal Data Protection Act No. 9 of 2022 (“PDPA”).
Information We Collect
When you place an order or contact us, we may collect:
- Full name
- Phone number
- Email address
- Delivery address
- Order details (items, quantities, special instructions)
- Payment confirmation data (we do not store card numbers — see Section 4)
We also automatically collect standard server logs (IP address, browser type, pages visited) for security and analytics. We do not use tracking cookies for advertising.
How We Use Your Information
We use your personal data to:
- Process and fulfil your food order
- Contact you about your order status (SMS / phone call / email)
- Calculate and collect payment
- Prevent fraud and ensure platform security
- Improve our menu and service based on aggregate feedback
- Comply with legal obligations under Sri Lankan law
The lawful basis for processing is contract performance — we need your information to deliver the service you requested.
Sharing Your Information
We only share your data with third parties where necessary to fulfil your order:
PayHere (Private) Limited
Our payment processor. Your name, phone, email, and order amount are transmitted to PayHere to process your card or wallet payment. PayHere is regulated by the Central Bank of Sri Lanka under PSD Direction No. 1 of 2018. View their policies at payhere.lk/legal and payhere.lk/privacy.
Our Delivery Partners
Your name, phone number, and delivery address are shared with our delivery riders solely for the purpose of completing your delivery.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
Payment Security
All online payments are processed by PayHere. We never receive, store, or have access to your full card number, CVV, or PIN. PayHere operates under PCI-DSS compliant infrastructure. Your financial data is protected by PayHere’s own security measures.
Cash on Delivery orders involve no digital payment processing on our end beyond recording the order total.
Data Retention
Order records (including your contact and delivery information) are retained for a minimum of 5 years to comply with Sri Lankan commercial and tax law requirements. You may request deletion of your personal data at any time subject to these legal retention obligations.
Your Rights Under the PDPA
Under Sri Lanka’s Personal Data Protection Act No. 9 of 2022, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data (subject to legal retention requirements)
- Object to processing of your data
- Withdraw consent where processing is based on consent
- Lodge a complaint with the Data Protection Authority of Sri Lanka
To exercise any of these rights, contact us at ceyloncurrypot.lk@gmail.com.
Cookies
Our website uses only essential cookies required for the site to function (session management, cart state). We do not use advertising or tracking cookies, and we do not share cookie data with third parties.
Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of our site after changes constitutes acceptance of the updated policy.
Contact Us
For any privacy-related questions or to exercise your rights:
Ceylon Curry Pot
Liberty Plaza I Food Court, Colombo, Sri Lanka