Privacy Policy

ANUSHKA DAHANAYAKE (PVT) LTD (PV 00303673), incorporated under the Companies Act No. 7 of 2007, is the data controller for personal information collected through https://anushkadahanayake.com and related services.

Privacy enquiries: [email protected]

• Personal Data Protection Act No. 9 of 2022 (Sri Lanka)
• Electronic Transactions Act No. 19 of 2006 (Sri Lanka)
• EU General Data Protection Regulation (GDPR) — where applicable to EEA data subjects
• Other applicable local laws in the user's jurisdiction

We may collect the following categories of personal data:

• Identity & contact: name, email, company, phone (if provided)
• Account data: login credentials, role, session identifiers
• Transaction data: invoices, payment references, billing details
• Communication data: messages sent via contact forms or support
• Technical data: IP address, browser type, device, pages visited
• Analytics data: usage events, conversions, referral sources
• Marketing preferences: newsletter subscriptions (with consent where required)

• Provide and operate the Platform and contracted services
• Respond to inquiries, proposals, and support requests
• Process payments, invoices, and subscriptions
• Authenticate users and enforce role-based access
• Improve security, performance, and user experience
• Send service-related communications
• Send marketing communications where permitted by law and consent
• Comply with legal, regulatory, and tax obligations

Depending on context, we process data based on:

• Contractual necessity (delivering agreed services)
• Legitimate interests (security, analytics, business operations)
• Consent (marketing, non-essential cookies where required)
• Legal obligation (record-keeping, lawful requests)

We do not sell personal data. We may share data with trusted processors solely to operate the Platform, including:

• Hosting providers (e.g. Hostinger Cloud)
• CDN and security providers (e.g. Cloudflare)
• Payment processors (e.g. Stripe, PayHere)
• Email service providers (e.g. Resend, SendGrid)
• Analytics providers (e.g. Google Analytics, Microsoft Clarity)
• Professional advisers where legally required

Processors are bound by contractual obligations to protect data and use it only for specified purposes.

Where data is transferred outside Sri Lanka, we implement appropriate safeguards such as contractual clauses, processor due diligence, and security controls consistent with the Personal Data Protection Act No. 9 of 2022 and, where applicable, GDPR Chapter V requirements.

We retain personal data only as long as necessary for the purposes described, contractual obligations, and legal requirements. See our Data Protection & Governance Policy for retention schedules.

Subject to applicable law, you may have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion or restriction of processing
• Object to certain processing
• Withdraw consent where processing is consent-based
• Request data portability (where applicable)
• Lodge a complaint with a supervisory authority

To exercise rights, contact [email protected]. We will respond within reasonable timeframes required by law.

We use cookies and similar technologies as described in our Cookie Policy.

We implement technical and organisational measures including access controls, encrypted connections (HTTPS), secure authentication, and monitoring. No method of transmission is 100% secure; we cannot guarantee absolute security.

Our Platform is not directed at children under 16. We do not knowingly collect personal data from children. Contact us if you believe we have collected such data.

We may update this Privacy Policy periodically. The "Last updated" date will reflect changes. Material updates may be communicated where required by law.