Discover the privacy policy

Introduction

Welcome to the Privacy Policy of Quadrate Tech Solutions Private Limited (QTS). QTS is a company registered in Sri Lanka with the company and the registered office is at Kolonnawa, Colombo, Sri Lanka.

Your privacy is important to us and we want to assure you that that the Personal Data we collect about you will be treated with care. This Privacy Policy will inform you about how we look after your Personal Data when you avail the services of SriLankan through various means such as visiting our website, purchasing a ticket through our website or the Global Contact Centre, from one of our offices or agents, and tell you about your privacy rights and how the law protects you.

This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below. Alternatively you can download a pdf version of the policy here. By continuing to avail SLA’s services, you agree that you have read, understood and agreed to this Privacy Policy.

This Privacy Policy uses a number of definitions which are set out below:

Comply with a legal or regulatory obligation: processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Legitimate Interest  the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of Contract: processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Personal Data:  any information which identifies an individual or information relating to an individual who can be identified (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data does not include anonymous data or data that has had the identity of an individual permanently removed.

Processing or Process:  any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Special Categories of Personal Data: any data which reveals details about sensitive issues such as an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health or genetic and biometric data.

Personal Data

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together follows:

  • Identity Data  includes first name, middle name, last name, maiden name, username or similar identifier, marital status, title, date of birth, gender, emails from your passport or other identification documents, and Frequent Flyer Programme membership number.

  • Booking Data   includes travel details, flight numbers, itinerary, seat and meal preferences, any reservations made for value-added services, and information about your travel companions.

  • Contact Data  includes e-mail address, telephone, mobile number, postal address and fax number.

  • Financial Data  includes credit and debit card information, including your card number, expiry date, cardholder’s name, billing address, and other billing information.

  • Transaction Data  includes details about payments from you other details of services you have purchased from us.

  • Technical Data  includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Profile Data   includes your username and password, Frequent Flyer Programme membership number, bookings made by you, your interests, service preferences, places of visit, feedback and survey responses.

  • Usage Data  includes information about how you use this website and services.

  • Marketing and Communications Data  includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Aggregated Data

When you visit this website or use any SriLankan mobile applications, we may also collect, use, store and share aggregated, anonymised statistical or demographic data (Aggregated Data)). Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as it cannot directly or indirectly reveal your identity.

Aggregated Data may include the time and length of your visit to this website, the pages you have visited on this website, as well as details of the website you visited immediately prior to visiting this website. We may also record the name of your internet service provider. We use this information only to measure site activity and to develop ideas for improving our services.

For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

Special Categories of Personal Data

It is a necessary part of our business to collect certain types of Special Categories of Personal Data about you. For example, we need to collect data about your state of health if you inform us about that you are pregnant, have a medical condition which requires special equipment, or when you make a request for mobility assistance. Making certain meal choices will also involve the collection of data about your religious beliefs or state of health, for example if you inform us that you require a Halal or diabetic meal.

We treat our obligations to protect Special Categories of Personal Data very seriously and we will always ask your express consent to collect, process or transfer such data for specified purposes each time you provide it to us.

Personal Data relating to minor passengers

In certain circumstances, we may need to collect, process or transfer Personal Data relating to minor passengers (i.e. children under the age of 16), for example where a flight booking is made in respect of a minor passenger. This is necessary for us to pursue our legitimate interest in running our business and to perform the contract of carriage.

We will only use Personal Data relating to minor passengers for the specified purposes set out in paragraph 6 and with the express consent of the person who has parental responsibility for the minor passenger. Minor passengers have the same rights as any other passenger regarding their Personal Data which are set out in paragraph 11.

If you fail to provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you, or we are required that information mandatorily to provide the services your are looking for and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In these circumstances, we have the right to cancel or refuse to accept the services you are looking for, but we will notify you if this is the case at the time.

We may have to share your Personal Data with the parties set out below for the purposes set out in paragraphs 5 and 6 above

Internal Third Parties

Other companies in the Group, outstations, branches and offices based in Sri Lanka and other countries who are acting as joint controllers or processors.

External Third Parties

  • Service providers, contractors, and agents acting as processors based who provide providing services such as hotels, insurance packages, duty free items on board, call centres, data processing and analytics, marketing and research, limousine services, distribution, revenue optimization, payment, and other services to SriLankan in connection with the operations of the business of SriLankan Airlines’ Group.

  • Business partners of SriLankan such as code-share partners, sea and land transport service providers, and members of any airline alliance in which SriLankan is a member.

  • With partners of the Frequent Flyer Programme of SriLankan.

  • With the frequent flyer programmes of operators of other partner airlines.

  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • With Internet payment gateway service providers, banks, credit/debit card companies, and other financial services providers.

  • With any law enforcement authority or governmental institution for security, customs, immigration, or any other investigative purpose.

  • Regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.

  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.