GDPR Compliance

Last updated: 7/11/2025

1. Introduction

Drops of Sri Lanka is committed to protecting the privacy and personal data of our customers and website visitors. This GDPR Compliance page outlines how we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

For the purposes of the GDPR, Drops of Sri Lanka is the data controller of your personal information. This means we determine the purposes and means of processing your personal data.

Our contact details for data protection matters are:

Email: hello@dropsofsrilanka.com

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent: When you have given us explicit consent to process your personal data for specific purposes.
  • Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: When processing is necessary to comply with a legal obligation to which we are subject.
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.

4. Data Processing Purposes

We process your personal data for the following purposes:

  • Order Processing: To process and fulfill your orders, manage your account, and provide customer support.
  • Communication: To communicate with you about your orders, products, services, and respond to your inquiries.
  • Marketing: To send you marketing communications about our products and services (only with your explicit consent).
  • Website Improvement: To analyze and improve our website functionality, user experience, and service quality.
  • Legal Compliance: To comply with legal obligations, including tax and accounting requirements.
  • Security: To protect our website and prevent fraud or unauthorized access.
  • Analytics: To understand how visitors use our website and improve our services.

5. Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time where we relied on your consent to process your personal data.

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided above.

6. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in our Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

7. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Switzerland and/or the EU and choose to provide information to us, please note that we transfer the information, including personal data, to Switzerland and/or the EU and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

8. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal data, transmission of personal data to and from our website is at your own risk.

9. Children's Privacy

Our website is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information from our servers.

10. Changes to This GDPR Compliance Statement

We may update our GDPR Compliance Statement from time to time. We will notify you of any changes by posting the new statement on this page and updating the "Last updated" date at the top of this page.

11. Contact Us

If you have any questions about this GDPR Compliance Statement, please contact us at:

Email: hello@dropsofsrilanka.com