Contact Us

Privacy Policy

Effective Date: May 14, 2025

This Privacy Policy describes how All Island Tours ("we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website Home - All Island Tours (the "Website"), use our services, or interact with us. We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner.

This policy is designed to comply with applicable data protection laws, including Sri Lanka's Personal Data Protection Act No. 9 of 2022 (PDPA) and, where applicable, the General Data Protection Regulation (GDPR) if you are a resident of the European Economic Area (EEA).

Who We Are

All Island Tours is a travel and tour operator based in Sri Lanka, offering various tour packages and travel-related services. Our contact details for any privacy-related queries are provided at the end of this policy.

What Information We Collect

  • Personal Identification Information: Your name, gender, date of birth, nationality, passport details or National Identity Card (NIC) number (where required for bookings or legal compliance).
  • Contact Information: Your email address, phone number, mailing address, and emergency contact details.
  • Booking and Travel Information: Details of tours and services you book with us, including travel dates, flight details (if provided), accommodation preferences, dietary requirements, health information (only if relevant to your travel arrangements and with your explicit consent), and other preferences related to your tour.
  • Payment Information: Credit/debit card details (card type, number, expiry date, security code) or other payment details required to process your bookings. This information is typically processed securely by our third-party payment processors.
  • Technical Information: IP address, browser type, operating system, device information, referral sources, pages visited, and time spent on our Website. This is often collected through cookies and similar technologies.
  • Communication Information: Records of your communications with us, including emails, chat logs, and phone call details (if applicable).
  • User-Generated Content: Reviews, testimonials, photos, or comments you voluntarily provide to us or post on our Website or social media channels.
  • Marketing Preferences: Your preferences for receiving marketing communications from us.

How We Collect Your Information

  • Directly from You: When you make a booking, fill out forms on our Website, communicate with us via email or phone, or provide information during your tour.
  • Automatically: When you browse our Website, we may collect technical information using cookies and other tracking technologies.
  • From Third Parties: Travel agents or booking platforms and service providers assisting us in our operations.

How We Use Your Information

We use your personal information for the following purposes:

To Provide and Manage Our Services:

  • To process1 your bookings, reservations, and payments.
  • To arrange and confirm your travel arrangements (e.g., with hotels, airlines, transport providers, guides).
  • To communicate with you about your bookings, itinerary, and any changes or updates.
  • To provide customer support and respond to your inquiries.

To Personalize Your Experience:

  • To understand your preferences and tailor our services and recommendations to you.

For Marketing and Promotional Purposes (with your consent where required):

  • To send you newsletters, special offers, and information about our tours and services that may interest you. You can opt-out of these communications at any time.

To Improve Our Website and Services:

  • To analyze website usage and trends to improve our Website's functionality, user experience, and content.
  • To conduct market research and gather feedback.

For Security and Legal Compliance:

  • To protect the security and integrity of our Website and business.
  • To prevent and detect fraud or other unauthorized activities.
  • To comply with our legal and regulatory obligations, including those under the PDPA and other applicable laws (e.g., requests from law enforcement or government authorities).
  • To resolve disputes and enforce our agreements.

Legal Basis for Processing Your Information

We will only collect and process your personal information where we have a legal basis to do so. The legal bases we rely on include:

Consent:

Where you have given us your explicit consent to process your personal information for a specific purpose (e.g., for sending marketing communications). You have the right to withdraw your consent at any time.

Contractual Necessity:

Where processing your personal information is necessary for the performance of a contract with you (e.g., to fulfill your tour booking).

Legal Obligation:

Where processing is necessary for us to comply with a legal or regulatory obligation (e.g., providing information to authorities).

Legitimate Interests:

Where processing is necessary for our legitimate interests (or those of a third party), provided that2 your fundamental rights and freedoms do not override those3 interests. This may include improving our services, marketing, or ensuring the security of our operations.

Sharing Your Information

We may share your personal information with the following categories of third parties:

Service Providers:4 Hotels, airlines, transport companies, tour guides, activity providers, and other partners who are involved in providing the services you have booked. We only share the information necessary for them to provide their respective services.

Payment Processors: Secure third-party payment gateways to process your payments.

Technology Providers: Companies that provide IT infrastructure, website hosting, analytics, and other technical services.

Marketing Partners: With your consent, we may share information with marketing agencies or platforms to help us with our promotional activities.

Legal and Regulatory Authorities: Government bodies, law enforcement agencies, or other authorities if required by law, court order, or to protect our legal rights.

Professional Advisors: Lawyers, auditors, and insurers, as necessary in the course of the professional services they provide to us.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of the transaction.

We will take steps to ensure that any third parties with whom we share your personal information are contractually obligated to protect it and use it only for the purposes for which it was disclosed. We do not sell your personal information to third parties.

International Data Transfers

If you are an EEA resident, please note that your personal information may be transferred to, stored, and processed in countries outside the EEA, including Sri Lanka, where our business is located and where our service providers may operate. These countries may have data protection laws that are different from those in your country of residence.

When we transfer your personal information outside the EEA, we will take appropriate safeguards to ensure that your information is protected in accordance with GDPR requirements. This may include using Standard Contractual Clauses approved by the European Commission or relying on an adequacy decision where applicable.

For data transfers involving public authorities in Sri Lanka, data will generally be processed within Sri Lanka unless permitted otherwise by the Data Protection Authority of Sri Lanka.

Data Security

We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Secure Sockets Layer (SSL) encryption for data transmitted over the internet.
  • Restricted access to personal information for our employees and contractors on a need-to-know basis.
  • Regular review of our security practices.
  • Secure storage of physical and electronic records.

While we strive to protect your personal information, please note that no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for establishing or defending legal claims. The retention period will vary depending on the type of information and the purposes for which it is used. Once the information is no longer needed, we will securely dispose of it.

Your Data Protection Rights

Depending on your location and applicable laws (such as PDPA and GDPR), you may have the following rights regarding your personal information:

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal information under certain circumstances (e.g., if the information is no longer necessary for the purposes for which it was collected or if you withdraw your consent).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances (e.g., if you contest the accuracy of the information).
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller, where technically feasible.
  • Right to Object to Processing: You have the right to object to the processing of your personal information under certain circumstances, particularly where we are relying on legitimate interests as our legal basis for processing or for direct marketing purposes.
  • Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information infringes applicable data protection laws. In Sri Lanka, this is the Data Protection Authority of Sri Lanka. If you are in the EEA, you can lodge a complaint with the data protection authority in your country of residence.

To exercise any of these rights, please contact us using the contact details provided below. We may need to verify your identity before responding to your request. We will respond to your request within the timeframes required by applicable law.

Cookie Policy

Our Website uses cookies and similar tracking technologies (such as web beacons and pixels) to enhance your Browse experience, analyze website traffic, and for marketing purposes.

What are Cookies?

Cookies are small text files that are stored on your computer or mobile device when you visit a website.27

How We Use Cookies:

  • Essential Cookies: Necessary for the Website to function properly (e.g., for user sessions, security).
  • Analytical/Performance Cookies: Help us understand how visitors use our Website, so we can improve it (e.g., Google Analytics).
  • Functionality Cookies: Remember your preferences and choices to provide a more personalized experience.
  • Marketing/Targeting Cookies: Used to deliver relevant advertisements to you and measure the effectiveness of our marketing campaigns.

Your Choices:

Most web browsers allow you to control cookies through their settings. You can usually set your browser to refuse cookies or to alert you when cookies are being sent. However, if28 you disable cookies, some parts of our Website may not function properly.29 For users in the EEA, we will request your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie30 consent banner or settings.

Children's Privacy

Our Website and services are not directed at children under the age of 16 (or a higher age threshold if stipulated by local law). We do not knowingly collect personal information from children without appropriate parental consent. If you believe that we31 may have collected personal information from a child without proper consent, please contact us immediately, and we will take steps to delete such information.32

Data Protection Officer and Management Program

In compliance with the Sri Lankan PDPA, All Island Tours is committed to implementing a Data Protection Management Program to ensure adherence to data protection principles and obligations. We may appoint a Data Protection Officer (DPO) if required by law or if deemed necessary for our operations. Contact details for privacy-related inquiries are provided below.

Unsolicited Messages

In accordance with the Sri Lankan PDPA, we will not send you unsolicited marketing messages unless you have given your express consent to receive them. You can manage your marketing preferences and withdraw your consent at any time by using the unsubscribe link in our emails or by contacting us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post any changes on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. For significant changes, we may also notify you through other means, such as by email or a notice on our Website.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at:

All Island Tours

119, 2nd Floor, Wilgoda Junction, Kurunegala

Email: [email protected]

Phone: +94 70 112 2900