Privacy Policy

Effective Date: October 2025

At Online Sri Lanka ETA (referred to as "we," "us," or "our"), operating at onlinevisasrilanka.com, we are dedicated to protecting your privacy and personal data. This Privacy Policy details our practices for collecting, using, and processing information provided by you when engaging with our website and services.

Your use of our website, and particularly your initiation of payment for our professional services, signifies your acceptance of this Privacy Policy and our Terms and Conditions.

Definition of Personal Data

For the purposes of this policy, personal data encompasses any information that directly or indirectly identifies you. This includes, but is not limited to, contact details such as your full name, date and place of birth, email address, postal address, and passport details, as well as usage data like your IP address or website browse activity.

Data Controller Information

Online Sri Lanka ETA, as specified in our Terms and Conditions, acts as the data controller responsible for personal information gathered through your website interactions, ETA application submissions, and customer service engagements.

Scope of Policy Application

This Privacy Policy applies to all personal data we collect, use, and process from you as a user of our website and/or a customer.

Our website may feature links to third-party websites. Please be aware that we do not operate these external sites, and therefore, we assume no responsibility for their content or data privacy practices.

Personal Data Collection Methods

We collect personal data through the following interactions:

• Direct Interactions: Information is collected when you complete forms on our website (e.g., ETA application forms, contact forms) or communicate with our Customer Support team via chat, email (info@onlinevisasrilanka.com), or telephone.
• Automated Technologies: We may automatically gather data such as your IP address and browsing behavior using cookies.
• Payment Information: Your payment details are securely transmitted to our certified payment service providers for transaction authorization. We do not store or access your complete credit or debit card information.

You are responsible for ensuring the accuracy and completeness of the personal data you submit. We are not liable for issues arising from inaccurate or fraudulent information provided by you.

Purposes of Personal Data Processing

Your personal data is processed for the following objectives:

• Service Delivery: To provide our professional assistance services for your ETA application, including verifying application accuracy.
• Application Communication: To send you timely updates regarding your ETA application status and notification of its approval or denial.
• Inquiry Management: To efficiently address your information requests, claims, or queries regarding our services.
• Administrative Functions: For internal processing, payment verification (fraud control), accounting, and billing.
• Legal Compliance: To fulfill our legal obligations and respond to legitimate requests from authorities.
• Service Enhancement: To improve your user experience on our website and enhance our services by analyzing website navigation behavior.

Legal Basis for Data Processing

We process your personal data on the following legal bases:

• Contractual Necessity: To fulfill our contractual obligations to you, which involves verifying and submitting your ETA application and responding to your inquiries.
• Consent: Where you have provided explicit consent for specific data processing activities.
• Legal Obligation: To comply with our legal duties.
• Legitimate Interests: Our legitimate interests include verifying payments, resolving claims, optimizing user experience, enhancing service quality, and preventing fraud.

Data Retention Period

We retain your personal data only for the duration necessary to fulfill the purposes for which it was collected. Subsequently, your data will be securely archived for any mandatory legal or claims-related retention periods before being securely deleted.

Data Sharing Practices

Your personal data may be shared under the following circumstances:

• Government Authorities: Shared with the Government of Sri Lanka, as they are the competent authority for approving or denying ETA applications.
• Payment Service Providers: Shared with our payment providers to process transactions and conduct fraud controls.
• Technology Service Providers: Shared with third-party providers who host our information systems or offer us technological support.
• Legal and Regulatory Compliance: Shared to comply with our legal obligations when required by authorities.

Data Security Measures

Your personal data is securely stored within our information systems. We have implemented robust technical and organizational measures to ensure the confidentiality and integrity of your data, protecting it against unauthorized processing and accidental loss or damage.

Your Data Protection Rights

You have rights concerning your personal data, including the rights to access, rectify, erase, and restrict processing. You can exercise these rights by submitting a written request via email to info@onlinevisasrilanka.com.

We will respond to your data protection rights request within one (1) month, though this period may be extended if necessary. Should you believe your rights have not been adequately addressed, you have the right to lodge a complaint with the corresponding Supervisory Authority.