- Your cart is empty
- Continue shopping
Privacy Policy
Last Updated: 2025-10-14
1. Introduction
Golden Aquaria (Pvt) Ltd (“we”, “us”, “our”) is committed to protecting your privacy and ensuring you have a positive experience when using our website goldenaquaria.lk (the “Site”) and when you purchase our products or services. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data, and your rights in relation to it.
By using our Site or providing us your personal data, you accept and consent to the practices described in this policy.
2. Legal Basis & Applicable Law
- This policy is governed by and intended to align with the Personal Data Protection Act, No. 9 of 2022 (PDPA) of Sri Lanka.
- Parts of the PDPA have come into effect, and further provisions will be phased in.
- We also comply with any applicable Sri Lankan laws, including the Electronic Transactions Act, No. 19 of 2006 and relevant consumer protection regulations.
3. What Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples / Details | Purpose |
|---|---|---|
| Identity / Profile Data | Full name, username, date of birth (if asked) | To identify you and maintain your account |
| Contact Data | Address, email address, phone number, billing & shipping address | To communicate with you, process orders, deliver items |
| Transaction Data | Order history, payment method, invoices, refunds | To process your purchases, refunds, record-keeping |
| Technical / Usage Data | IP address, device type, browser type, pages visited, referring site, logs | To analyze usage, improve the Site, detect fraud |
| Marketing & Communications Data | Preferences, opt-in status, responses to promotions | To send you promotional offers (if you consent) |
| Other Data | Any other information you choose to provide (e.g. in support inquiries, reviews) | To respond to your requests, provide better service |
We do not collect or process “sensitive personal data” (such as health information, religious beliefs, biometric data) unless you explicitly provide it and consent.
4. How We Use Your Data
We use your personal data for the following purposes (and only when lawful under PDPA principles, such as consent, contract performance, legitimate interest, legal compliance):
- To fulfill orders – process your purchase, delivery, billing, refunds, and order support.
- To communicate – send you order confirmations, shipping notifications, service messages, and respond to inquiries.
- To improve our services – analyze usage patterns to optimize the Site, fix bugs, improve product offerings.
- To marketing & promotions – send you newsletters, offers, subject to your opt-in/opt-out choices.
- To comply with legal obligations – e.g. tax, audit, consumer protection laws.
- To prevent fraud & enforce our rights – detect and prevent abuse, security incidents, unauthorized transactions.
5. Cookies & Tracking Technologies
We use cookies, web beacons, local storage, and similar technologies to collect usage and technical data. These help us:
- Recognize your device or browser
- Remember preferences
- Understand Site usage and statistics
- Offer relevant content and advertisements
You may disable or block cookies via your browser settings; however, doing so may impair certain functionalities of our Site.
6. Data Sharing & Disclosure
We do not sell, rent, or lease your personal data to third parties. However, we may share your data in the following cases:
- Service providers / contractors: e.g. payment gateways, delivery & logistics partners, IT hosting, analytics providers. They will only have access to data necessary to perform their tasks, and they are contractually obliged to safeguard that data.
- Legal or regulatory authorities: when required by law, court order, or governmental authority.
- Business transfers: in the event of a merger, acquisition, reorganization, or sale of our business (or its assets), with appropriate safeguards in place.
- Consent-based sharing: when you explicitly consent for us to share your data with third parties for specific purposes (e.g. marketing partners).
If data is transferred outside Sri Lanka, we will ensure an adequate level of protection (via contractual clauses or other safeguards) in compliance with applicable PDPA obligations.
7. Data Retention
We will retain your personal data only as long as necessary for the purposes for which it was collected (such as fulfilling contracts, providing our services, handling disputes) and to comply with our legal obligations (e.g. tax, accounting). After that, data will be securely deleted or anonymized.
8. Security
We implement reasonable technical and organizational security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These include encryption (e.g. SSL/TLS), access controls, firewalls, regular security audits, and restricting access to only those employees or systems that need it.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant regulatory authority (e.g. the Data Protection Authority of Sri Lanka) as required by law.
9. Your Rights
Under the PDPA, you (the “data subject”) have certain rights with respect to your personal data, subject to legal limitations. These include:
- Right of access – you can request a copy of the personal data we hold about you.
- Right of rectification – you can request correction of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) – under certain conditions, you can request deletion of your data.
- Right to restrict processing – you may request that we limit the processing of your data.
- Right to object – in certain cases, you may object to processing (e.g. for direct marketing).
- Right to data portability – you can request your data in a structured, commonly used, machine-readable format to transfer to another controller.
- Right to withdraw consent – any time, if our processing is based on your consent.
To exercise these rights, you may contact us using the contact details given below. We will respond within the time frames required by PDPA (generally 1 month, extendable by 2 additional months in complex cases), unless a valid exception applies.
We may refuse or limit requests in certain circumstances (e.g. conflicting legal obligations, preserving the rights of others, technical constraints).
10. Children
Our Site is intended for users who are at least 18 years old (or the age of majority in their jurisdiction). We do **not knowingly collect personal data from minors. If we become aware that we have collected data of a minor without parental consent, we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will post the revised version on this page with a new “Last Updated” date. We encourage you to review this page periodically. Continued use of our Site after changes constitutes your acceptance of the revised policy.