Introduction
CareCompanion (Private) Limited (“CareCompanion”, “we”, “our”, “us”) is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, disclose, store, and safeguard personal data in accordance with:
- The Personal Data Protection Act, No. 9 of 2022 (Sri Lanka)
- Applicable digital and consumer protection laws of Sri Lanka
By using our website or services, you agree to the practices described in this Privacy Policy.
Definitions
For the purpose of this Policy:
- Personal Data means any information relating to an identified or identifiable individual.
- Sensitive Personal Data includes health information, medical history, or data requiring enhanced protection under Sri Lankan law.
- Processing includes collection, recording, storage, use, disclosure, or deletion of data.
- Data Subject refers to the individual whose data is processed.
Categories of Personal Data We Collect
We may collect the following categories of data:
3.1 Identity Information
- Full name
- National ID or passport (where necessary)
- Date of birth
3.2 Contact Information
- Phone number
- Email address
- Residential address
3.3 Health-Related Information (Sensitive Data)
- Mobility limitations
- Medical conditions (where voluntarily disclosed)
- Medication reminders
- Emergency contact information
3.4 Booking & Service Data
- Appointment details
- Hospital/clinic information
- Transportation requirements
- Service history
3.5 Digital Data
- IP address
- Browser type
- Device information
- Cookies and usage analytics
How We Collect Personal Data
We collect personal data through:
- Website booking forms
- WhatsApp and phone communications
- Email correspondence
- In-person interactions
- Service agreements
- Cookies and website tracking technologies
We may also receive data from authorized family members or legal guardians.
Legal Basis for Processing (Under Sri Lanka PDPA 2022)
We process personal data based on one or more of the following lawful grounds:
- Consent of the Data Subject
- Performance of a service contract
- Compliance with legal obligations
- Protection of vital interests (e.g., emergency situations)
- Legitimate business interests, where not overridden by rights of the Data Subject
Sensitive health data is processed only:
- With explicit consent
- Or where legally required
Purpose of Data Processing
We process personal data for:
- Service delivery
- Appointment coordination
- Client communication
- Safety management
- Billing and payment processing
- Regulatory compliance
- Quality control and training
- Fraud prevention
- Website performance analytics
We do not use personal data for unrelated purposes without consent.
Data Sharing and Disclosure
We do not sell personal data.
We may share personal data with:
- Hospitals or clinics (with client authorization)
- Transportation providers (if required for service delivery)
- Payment processors
- IT and hosting service providers
- Legal authorities when required by law
All third parties are required to maintain confidentiality and adequate data protection safeguards.
Cross-Border Data Transfers
If personal data is transferred outside Sri Lanka (e.g., cloud hosting services), we ensure:
- Adequate data protection standards
- Contractual safeguards
- Compliance with Sri Lanka PDPA requirements
Data Retention
We retain personal data only for as long as necessary for:
- Service fulfillment
- Legal compliance
- Accounting and audit requirements
- Dispute resolution
When data is no longer required, it will be securely deleted or anonymized.
Data Security
CareCompanion implements appropriate technical and organizational measures, including:
- Secure servers
- Restricted access controls
- Password protection
- Staff confidentiality agreements
- Encrypted communications where feasible
However, no system can guarantee 100% security.
Cookies and Website Tracking
Our website may use:
- Essential cookies
- Analytics cookies
- Functional cookies
Cookies help:
- Improve website performance
- Remember preferences
- Analyze traffic patterns
Users may manage cookies via browser settings.
Your Rights Under Sri Lanka PDPA 2022
As a Data Subject, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion (where legally permissible)
- Withdraw consent
- Object to certain types of processing
- Request restriction of processing
- Lodge a complaint with the Data Protection Authority of Sri Lanka
Requests must be submitted in writing to the contact details below.
We may require identity verification before processing requests.
Children’s Data
CareCompanion does not knowingly collect data directly from minors without consent of a legal guardian.
Where services involve minors, data is processed under guardian authorization.
Marketing Communications
We may send:
- Service updates
- Promotional communications
Users may opt out at any time by:
- Clicking “unsubscribe”
- Contacting us directly
We do not conduct unsolicited marketing without lawful basis.
Automated Decision-Making
CareCompanion does not use fully automated decision-making systems that produce legal or significant effects on individuals.
Data Breach Notification
In the event of a data breach that poses a risk to individuals:
- We will take immediate containment action
- Notify relevant authorities where required under Sri Lanka PDPA
- Inform affected individuals if necessary
Third-Party Websites
Our website may contain links to third-party websites.
We are not responsible for their privacy practices. Users should review their respective privacy policies.
Changes to This Privacy Policy
We may update this Privacy Policy periodically.
Updated versions will be published on our website with a revised effective date.
Continued use of our services constitutes acceptance of updates.
Contact and Data Protection Inquiries
For privacy-related inquiries, requests, or complaints:
CareCompanion
14, Holy Emmanuel Church Lane, Moratuwa, Sri Lanka. 10400
+94 74 344 7676
info@carecompanion.lk
You may also contact the Data Protection Authority of Sri Lanka where applicable.