Legal
At Ed-Et Tours, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, enquire about tours, or book travel with us.
We are committed to transparency and compliance with data protection principles including the EU General Data Protection Regulation (GDPR). By using our services, you consent to the collection and use of information as described below.
Personal Data You Provide
| Category | Examples |
|---|---|
| Identifiers | Name, email address, phone number, physical address |
| Travel Documents | Passport details, nationality, date of birth, ETA/visa information |
| Payment Information | Credit card details (processed securely via gateway), billing address |
| Preferences | Dietary requirements, accessibility needs, interests, special requests |
| Emergency Contacts | Name, relationship, phone number of emergency contact |
Automatically Collected Data
We use your data only for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Processing and confirming bookings | Contractual necessity |
| Communicating about your trip | Contractual necessity |
| Arranging hotels, transport, guides | Contractual necessity |
| Legal compliance (tax records, SLTDA reporting) | Legal obligation |
| Sending marketing newsletters | Consent (opt-in only) |
| Website improvement analytics | Legitimate interest |
| Fraud prevention and security | Legitimate interest |
Your information is shared only with parties necessary to deliver your tour experience:
| Recipient | Purpose |
|---|---|
| Hotels & Lodges | To guarantee room reservations |
| Transport Providers | To arrange private drivers and vehicles |
| Activity Suppliers | Safari operators, guide services, cooking classes |
| Airports & Airlines | Flight connections (if booked through us) |
| Government Authorities | Visa processing, immigration requirements (where legally required) |
| Payment Processors | Secure transaction handling (PCI-DSS compliant) |
All third parties are contractually obligated to maintain confidentiality and implement adequate security measures.
As a Sri Lankan company, some of your data may be stored on servers located in Sri Lanka. If you are from the European Economic Area (EEA), United Kingdom, or other regions with strict data protection laws, we ensure:
You may request details of specific transfer mechanisms by contacting us.
We implement industry-standard security measures to protect your information:
| Measure | Description |
|---|---|
| SSL Encryption | All website forms use HTTPS encryption |
| Access Controls | Limited staff access on a need-to-know basis |
| Secure Storage | Password-protected databases with regular backups |
| Payment Security | Third-party gateways — no card storage on our servers |
| Regular Audits | Security reviews conducted periodically |
Despite our best efforts, no internet transmission is 100% secure. Please ensure you use strong passwords and secure networks when sharing sensitive information.
Depending on your location, you may have the following rights regarding your personal data:
| Right | What It Means |
|---|---|
| Right to Access | Request a copy of all personal data we hold about you |
| Right to Rectification | Correct inaccurate or incomplete information |
| Right to Erasure | Request deletion of your data ("Right to be Forgotten") |
| Right to Restrict Processing | Ask us to limit how we use your data |
| Right to Data Portability | Receive your data in a machine-readable format |
| Right to Object | Opt out of certain processing (e.g., marketing) |
| Right to Withdraw Consent | Cancel any consent previously given |
To exercise any of these rights, please contact us at edettours@pm.me. We will respond within 30 days. Some rights may be limited by legal obligations (e.g., tax record retention).
Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Website functionality, session management | Session |
| Analytics | Understand visitor behaviour (Google Analytics) | 2 years |
| Preference | Remember language, region settings | 1 year |
| Marketing | Track ad effectiveness (if opted-in) | 1 year |
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.
| Data Type | Retention Period |
|---|---|
| Booking Records | 7 years (legal/tax requirement in Sri Lanka) |
| Marketing Contacts | Until you unsubscribe or after 2 years of inactivity |
| Website Analytics | As per third-party provider policies (typically 14–26 months) |
| Enquiries Not Booked | 12 months, then anonymized or deleted |
Upon expiration, data is securely deleted or anonymized.
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it promptly. Minors must travel with parental or guardian consent and supervision.
Our website may contain links to external sites (airlines, hotels, attractions). We are not responsible for the privacy practices or content of those sites. Please review their policies independently.
We may update this Privacy Policy periodically to reflect changes in laws, technology, or business practices. The updated version will be posted on this page with a revised "Last Updated" date. Continued use of our services after changes constitutes acceptance.
Data Protection Officer: Ed-Et Tours (Pvt) Ltd
Email: edettours@pm.me
Address: 8A, Kirimandala Mawatha, Nawala, Sri Jayawardenapura 10100, Sri Lanka
Phone: +94 11 241 9779