PRIVACY & COOKIE POLICY

Effective date: 14 April 2025

Last updated: 14 April 2025

Version 1.0

1. Who We Are

Elon Hotels (Pvt) Ltd ("ElonHotels", "we", "us", or "our") is a private limited company incorporated and operating in Sri Lanka. We operate the online travel marketplace at elonhotels.com, where travellers can discover and book accommodation, villas, apartments, tours, and other travel-related services offered by third-party providers across Sri Lanka and beyond.

For the purposes of this Privacy Policy, Elon Hotels (Pvt) Ltd is the data controller of your personal information under the Personal Data Protection Act No. 9 of 2022 of Sri Lanka ("PDPA") and, where applicable, the General Data Protection Regulation ("GDPR") and other international data protection frameworks.

2. Important Notice - Marketplace Model

ElonHotels is an online marketplace. We do not own, operate, or manage any of the accommodation or travel services listed on our platform. All bookings are made directly with independent third-party providers (hotels, villa owners, guesthouses, tour operators, etc.). We facilitate the connection and process a service commission of 8% per confirmed booking.

While we take your privacy seriously, please be aware that accommodation providers you book with through our platform may also collect and process your personal data independently, subject to their own privacy policies. We encourage you to review the privacy practices of any provider before completing a booking.

3. Personal Data We Collect

3.1 Data You Provide Directly to Us

When you use ElonHotels - whether as a traveller, hotel partner, or general visitor - you may provide us with:

  • Identity & contact information: your full name, email address, phone number, and postal address
  • Booking & payment details: reservation information, travel dates, room preferences, and payment card or wallet details (processed securely by our payment partners)
  • Account credentials: username and encrypted password if you register for an account
  • Travel preferences: accommodation type, guest count, special requests (e.g., accessibility needs, dietary requirements), and saved destinations
  • Reviews & feedback: written reviews, star ratings, and photos you submit about properties you have stayed at
  • Communications: messages, queries, complaints, or other content you send to our customer support or business development teams

3.2 Data We Collect Automatically

When you visit or use our website or mobile application, we automatically collect certain technical and behavioural information:

  • Device & connection information: IP address, device type, operating system, browser type and version, and unique device identifiers
  • Usage data: pages you visit, search queries you enter, hotel listings you view, features you interact with, and session duration
  • Location data: approximate geographic location derived from your IP address, or precise GPS location if you grant permission through your device settings
  • Cookies & tracking technologies: data collected via cookies, web beacons, pixels, and similar technologies

3.3 Data We Receive from Third Parties

We may also receive information about you from:

  • Accommodation & travel partners: property owners or operators who share booking-related details with us to confirm or manage your reservation
  • Payment processors: payment service providers (such as PayHere or Stripe) who confirm transaction status and provide fraud-detection signals
  • Analytics & marketing partners: third-party tools that help us understand how users discover and use our platform (e.g., Google Analytics)
  • Social media platforms: if you choose to connect a social login or interact with our social media pages

4. How We Use Your Personal Data

  • Processing bookings: to confirm, manage, and fulfil your reservation with the relevant accommodation or tour provider
  • Account management: to create and maintain your user profile, booking history, and saved preferences on our platform
  • Payments: to facilitate secure payment processing and generate invoices or booking confirmations
  • Customer support: to respond to your enquiries, resolve disputes, and process refunds or cancellations
  • Personalisation: to tailor search results, recommendations, and promotional offers based on your travel history and preferences
  • Communications: to send booking confirmations, pre-arrival reminders, post-stay review requests, and promotional newsletters
  • Platform improvement: to analyse usage patterns, conduct A/B testing, identify bugs, and continuously improve the performance and features of our platform
  • Legal & compliance: to comply with applicable laws (including the PDPA, tax obligations, and anti-money laundering regulations)
  • Fraud prevention & security: to detect, investigate, and prevent fraudulent transactions, unauthorised access, and other harmful activities

5. Legal Basis for Processing

Under the Sri Lanka PDPA and, where applicable, the GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following legal grounds:

  • Performance of a contract: processing necessary to fulfil a booking you have made or to provide account services you have requested
  • Legitimate interests: processing for fraud prevention, platform security, service improvement, and direct marketing to existing customers
  • Legal obligation: processing required to comply with Sri Lankan law, regulatory requirements, or court orders
  • Consent: for optional activities such as marketing emails, the use of non-essential cookies, and the collection of precise location data

6. Sharing Your Personal Data

We do not sell your personal data to any third party. We share your information only in the following limited circumstances:

  • Accommodation & travel providers: we share your booking details (name, contact information, dates, and special requests) with the property or tour operator you have booked with
  • Payment service providers: your payment information is processed by PCI-DSS compliant payment gateways (PayHere, Stripe, or equivalent)
  • Technology & service providers: we engage trusted third-party vendors for hosting, email delivery, analytics, and customer support tools
  • Legal authorities: we may disclose your data when required to do so by law, court order, or a legitimate request from a competent regulatory authority
  • Business transfers: in the event of a merger, acquisition, or sale of business assets, your personal data may be transferred as part of that transaction

7. International Data Transfers

As an online platform serving both local and international travellers, some of your personal data may be transferred to, stored in, or processed in countries outside Sri Lanka. This may include countries where our cloud hosting providers or third-party service partners operate.

Where we transfer personal data internationally, we take appropriate steps to ensure your data is protected to a standard equivalent to that required by the PDPA and, where applicable, the GDPR. These steps may include entering into standard contractual clauses or ensuring the recipient country has been deemed to provide adequate data protection.

8. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are:

  • Active account data: retained for as long as your account remains active
  • Booking & transaction records: retained for a minimum of 7 years to comply with Sri Lankan tax and financial recordkeeping requirements
  • Customer support communications: retained for up to 3 years after the matter is resolved
  • Marketing data: retained until you withdraw consent or unsubscribe, whichever is earlier
  • Cookies & analytics data: retained in accordance with the individual cookie durations

9. Your Rights

Under the Personal Data Protection Act No. 9 of 2022 of Sri Lanka and applicable international law, you have the following rights regarding your personal data:

  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to request correction of any inaccurate or incomplete data
  • Right to erasure: to request deletion of your data where it is no longer necessary for its original purpose
  • Right to restriction: to request that we limit our processing of your data in certain circumstances
  • Right to data portability: to receive your data in a structured, machine-readable format
  • Right to object: to object to our processing of your data for direct marketing
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time

To exercise any of these rights, please contact us at info@elonhotels.com or call our hotline at +94 77 1717 627. We will respond to all verified requests within 30 days, in accordance with the PDPA.

10. Cookie Policy

Cookies are small text files placed on your device when you visit our website. We use cookies and similar technologies to make our platform work properly, remember your preferences, and help us understand how people use ElonHotels so we can keep improving it.

10.1 Types of Cookies We Use

CategoryPurposeExamplesDuration
Strictly NecessaryEssential for the website to function. Cannot be disabled.Session ID, CSRF token, authentication cookieSession / up to 1 year
FunctionalRemember your preferences such as language, currency, and search filtersLanguage preference, last search locationUp to 1 year
Analytics & PerformanceHelp us understand how visitors use our platform. Data is aggregated and anonymised.Google Analytics (_ga, _gid)Up to 2 years
Marketing & AdvertisingUsed to deliver relevant adverts and promotions. Only set with your consent.Google Ads, Meta Pixel, remarketing cookiesUp to 90 days

10.2 Managing Your Cookie Preferences

When you first visit ElonHotels, you will be presented with a cookie consent banner where you can accept all cookies or customise your preferences by category. Strictly necessary cookies cannot be disabled as they are essential for the site to function.

You can also manage or delete cookies directly through your browser settings at any time. Please note that disabling certain cookies may affect your experience on our platform.

10.3 Third-Party Cookies

Some cookies on our platform are placed by trusted third-party services such as Google Analytics, Google Maps, and payment gateways. These parties may use the data collected by their cookies for their own purposes in accordance with their own privacy policies. We do not control the cookies set by third parties.

11. Children's Privacy

ElonHotels is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at info@elonhotels.com and we will take steps to delete the information promptly.

12. Security

We take the security of your personal data seriously and have implemented a range of technical and organisational measures to protect it from unauthorised access, loss, or disclosure. These measures include:

  • HTTPS encryption across our entire platform
  • Secure, encrypted storage of passwords and sensitive data
  • JWT-based authentication and session management
  • Regular security vulnerability assessments and testing
  • Access controls limiting data access to authorised personnel only
  • Cloudflare CDN and DDoS protection

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continually review and improve our security practices to minimise risk. In the event of a personal data breach that is likely to affect your rights, we will notify you and the relevant authority as required by law.

13. Changes to This Policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Last Updated" date, and - where required - by sending a notification to your registered email address.

We encourage you to review this policy periodically. Your continued use of ElonHotels after any changes become effective constitutes your acceptance of the updated policy.

14. Contact & Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to get in touch with us:

Elon Hotels (Pvt) Ltd

Email: info@elonhotels.com

Phone: +94 77 1717 627

Website: https://elonhotels.com

Location: Sri Lanka

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Authority of Sri Lanka, established under the Personal Data Protection Act No. 9 of 2022. International users may also have the right to contact their local data protection supervisory authority.

logo

ElonHotels

Your trusted partner for discovering the best hotels and experiences across the beautiful island of Sri Lanka.

Quick Links

HotelsAbout UsContact

Support

Help CenterBooking PolicyCancellationPrivacy PolicyTerms of Service

Stay Updated

Get the latest deals and travel inspiration delivered to your inbox.

Call Us+94 111 112 34
Email Usinfo@elonhotels.com
Visit UsColombo, Sri Lanka