1. Introduction

• Purpose: This Privacy Policy outlines how the Website Operator ("we," "us," or "our") collects, uses, and protects your personal data in relation to the magiya.lk website. We are committed to ensuring the privacy and security of your information and complying with applicable data protection laws.
• Scope: This Privacy Policy applies to all personal data processed by the Website Operator through the magiya.lk website, mobile applications, and other services offered on the magiya.lk domain. This policy covers personal data of customers, employees, and other stakeholders who interact with magiya.lk.
• Definitions:
  • 🔹Personal Data: Means any information relating to an identified or identifiable natural person.
  • 🔹Processing: Means any operation or set of operations performed on personal data.
  • 🔹Data Subject: Means the individual to whom personal data relates.
  • 🔹Controller: Means the entity that determines the purposes and means of the processing of personal data. In this case, the controller is the Website Operator.
  • 🔹Processor: Means the entity that processes personal data on behalf of the controller.

2. Legal and Regulatory Framework

• The Website Operator and magiya.lk comply with the following data protection laws and regulations:
• 🔹GDPR (General Data Protection Regulation).
• 🔹CCPA/CPRA (California Consumer Privacy Act/California Privacy Rights Act).
• 🔹PIPEDA (Personal Information Protection and Electronic Documents Act).
• 🔹PDPA (Personal Data Protection Act) - The relevant PDPA for the operating region.
• 🔹And any other relevant regional or national data protection laws.

3. Data Collection

• Types of Personal Data Collected: We collect the following categories of personal data through magiya.lk:
  • 🔹Contact information (name, email address, postal address, phone number).
  • 🔹Demographic information (age, gender, location).
  • 🔹Financial information (payment card details, bank account information) - If applicable to magiya.lk's services.
  • 🔹Usage data (IP address, browsing history, device information, cookies).
  • 🔹Health information (if applicable to the services provided through magiya.lk).
  • 🔹Biometric data (if applicable to the services provided through magiya.lk).
  • 🔹User-generated content (reviews, comments, feedback, forum posts - if these features are available on magiya.lk).
• Sources of Personal Data: We collect personal data from the following sources on magiya.lk:
  • 🔹Directly from you when you provide information through forms, account creation, purchases, and other interactions with our services on magiya.lk.
  • 🔹Automatically through the use of cookies, website analytics tools, and similar technologies when you interact with magiya.lk.
  • 🔹From third parties, such as service providers, partners, and public sources, but only when we have a lawful basis to do so.

4. Data Processing Purposes

• We process personal data for the following purposes in relation to magiya.lk:
  • 🔹Providing and improving our services: To deliver the products, services, and functionalities you request on magiya.lk, and to enhance and optimize our offerings on magiya.lk. Lawful basis: Contractual necessity, Legitimate interests.
  • 🔹Processing transactions: To process your orders, payments, and refunds for purchases made through magiya.lk. Lawful basis: Contractual necessity, Legal obligation.
  • 🔹Communicating with you: To respond to your inquiries, provide customer support, and send you important notices and updates related to your use of magiya.lk. Lawful basis: Contractual necessity, Legitimate interests.
  • 🔹Marketing and advertising: To send you promotional materials and offers related to magiya.lk, but only with your consent where required by law. Lawful basis: Consent, Legitimate interests.
  • 🔹Personalizing user experience: To tailor our content and recommendations to your preferences and interests on magiya.lk. Lawful basis: Legitimate interests, Consent.
  • 🔹Analytics and research: To analyze data to improve our services, understand user behavior, and conduct market research related to magiya.lk. Lawful basis: Legitimate interests.
  • 🔹Security and fraud prevention: To protect the security and integrity of our systems and to detect and prevent fraud on magiya.lk. Lawful basis: Legal obligation, Legitimate interests.
  • 🔹Complying with legal obligations: To comply with applicable laws, regulations, and legal processes. Lawful basis: Legal obligation.

5. Data Minimization and Retention

• Data Minimization: We collect and process only the personal data that is necessary for the purposes outlined in this Privacy Policy. We take steps to ensure that irrelevant or excessive data is not collected through magiya.lk.
• Data Retention: We retain personal data for as long as necessary to fulfill the purposes for which it was collected, and as required by applicable laws and regulations. The retention period may vary depending on the type of data and the purpose of processing. We consider the following factors when determining data retention periods:
  • 🔹The purpose(s) for which the data was collected
  • 🔹Legal and regulatory requirements
  • 🔹The duration of your relationship with the Website Operator and magiya.lk.
  • 🔹Any applicable statutes of limitations.
• We have policies and procedures in place for the secure disposal or deletion of personal data that is no longer needed.

6. Data Security

• We have implemented technical and organizational security measures to protect personal data collected through magiya.lk from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
  • 🔹Encryption of data in transit and at rest using industry-standard encryption technologies.
  • 🔹Access controls, including role-based access and the principle of least privilege, to restrict access to personal data to authorized personnel only.
  • 🔹Firewalls and intrusion detection systems to protect our systems from unauthorized access.
  • 🔹Regular security assessments and vulnerability testing to identify and address potential security risks.
  • 🔹Employee training on data security best practices and compliance with this Privacy Policy.
  • 🔹An incident response plan to address data breaches, including procedures for notification, containment, and remediation.

7. Data Sharing and Disclosure

• We may share personal data collected through magiya.lk with the following categories of recipients:
  • 🔹Service providers: We share data with third-party service providers who assist us in providing our services, such as payment processors, hosting providers, and analytics providers. We have contracts with these providers to ensure they protect your data.
  • 🔹Business partners: We may share data with business partners to offer you joint products or services through magiya.lk, but only with your consent where required.
  • 🔹Affiliates: We may share data with our affiliates within our corporate group for internal business purposes, subject to this Privacy Policy.
  • 🔹Legal authorities: We may disclose data to legal authorities if required by law, such as to comply with a subpoena or court order.
• We do not sell your personal data to third parties.
• If we transfer personal data internationally, we will ensure that appropriate safeguards are in place, such as:
  • 🔹Transferring data to countries that have been deemed to provide an adequate level of protection by relevant authorities.
  • 🔹Using standard contractual clauses approved by relevant authorities, which provide contractual protections for the data.
  • 🔹Relying on other lawful transfer mechanisms as permitted by applicable law.

8. User Rights

• You have the following rights with respect to your personal data collected through magiya.lk:
  • 🔹Right to access: You have the right to request access to the personal data we hold about you.
  • 🔹Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • 🔹Right to erasure ("right to be forgotten"): You have the right to request that we delete your personal data under certain circumstances.
  • 🔹Right to restriction of processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
  • 🔹Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • 🔹Right to object: You have the right to object to the processing of your personal data under certain circumstances, including for direct marketing purposes.
  • 🔹Right to withdraw consent: If we process your data based on your consent, you have the right to withdraw that consent at any time.
• To exercise your rights, please contact us using the contact information provided in Section 13. We will respond to your request in accordance with applicable law.

9. Cookies and Tracking Technologies

• We use cookies and similar tracking technologies on magiya.lk to improve your experience, analyze usage, and for marketing purposes.
  • 🔹Essential cookies: These cookies are necessary for the operation of magiya.lk and enable you to use its essential features.
  • 🔹Analytics cookies: These cookies help us understand how visitors use magiya.lk, so we can improve our services.
  • 🔹Marketing cookies: These cookies are used to deliver targeted advertisements and promotional materials to you based on your interests on magiya.lk.
• You can manage your cookie preferences through your browser settings or through magiya.lk's cookie consent tool. Please note that disabling certain cookies may affect your ability to use some features of our services.

10. Privacy by Design and Default

• We are committed to implementing privacy by design and privacy by default principles. This means that:
  • 🔹We integrate privacy considerations into the design of our systems and processes from the outset for magiya.lk.
  • 🔹We configure default settings to maximize privacy, so that users' personal data is protected by default on magiya.lk.

11. Accountability and Governance

• 🔹Responsibilities: The Website Operator has designated a Data Protection Officer (DPO) or equivalent individual who is responsible for overseeing our privacy program and ensuring compliance with this Privacy Policy and applicable data protection laws.
• 🔹Policies and Procedures: We have established and maintain comprehensive privacy policies and procedures to govern the collection, use, and protection of personal data related to magiya.lk.
• 🔹Training: All employees receive regular training on data privacy and security to ensure they understand their responsibilities in protecting personal data.
• 🔹Audits: We conduct regular internal and external audits of our privacy practices to monitor compliance and identify areas for improvement.
• 🔹Data Protection Impact Assessments (DPIAs): We conduct DPIAs for any processing activities related to magiya.lk that are likely to result in a high risk to the rights and freedoms of individuals, in accordance with applicable law.

12. Changes to the Privacy Policy

• 🔹We may update this Privacy Policy from time to time to reflect changes in our practices or changes in applicable law. We will notify you of any material changes by posting the updated policy on magiya.lk and/or by other means, such as email. Your continued use of magiya.lk after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.