Pending legal review.This page contains boilerplate drafted from common Sri Lankan e-commerce practice and is published while we wait for the client's lawyer to sign it off. Treat the wording below as a working draft, not legal advice.

Privacy Policy

Last updated: 25 May 2026

1. About this policy

This Privacy Policy explains how TotalTechSolutions (“we”) collects, uses, shares, and protects your personal data when you use our storefront at totaltechsolutions.lk. We process your data in line with Sri Lanka's Personal Data Protection Act (PDPA) No. 9 of 2022.

2. What we collect

We collect personal data in the following ways:

  • Information you give us — name, email, phone, delivery address, company name and address (for B2B orders), and payment details processed by our payment provider.
  • Information collected automatically — IP address, device + browser type, pages viewed, referring URLs, and basic usage analytics needed to operate and secure the site.
  • Information from third parties — confirmation of payment status from PayHere, and authentication metadata from Auth0 when you sign in via a social provider.

3. Why we process it (lawful basis)

  • To perform our contract with you — fulfilling orders, processing payments, arranging delivery, issuing invoices.
  • To comply with legal obligations — tax records, consumer-protection obligations, fraud prevention.
  • For our legitimate interests — site security, customer support, product analytics, anti-fraud monitoring.
  • With your consent — marketing emails (only when you have ticked the opt-in box), optional cookies (see Cookie Policy).

4. Marketing emails

We will only send you marketing emails (new product announcements, promotions) when you have explicitly opted in — at checkout, in your account settings, or by subscribing to our newsletter. Every marketing email contains an unsubscribe link that revokes your consent immediately. Transactional emails (order confirmations, invoices, refund receipts, delivery notes) are sent regardless of your marketing preference because they relate directly to a service you have requested.

5. Who we share it with

We share personal data only with parties who help us run the storefront:

  • PayHere— for card and wallet payment processing.
  • Auth0(Okta, Inc.) — for authentication and session management.
  • Resend— for transactional and marketing email delivery.
  • Amazon Web Services— for hosting product and banner images.
  • Vercel— for hosting the website.
  • Couriers— for parcel delivery in Sri Lanka. We share only the data they need to complete the delivery.

We do not sell or rent your personal data to anyone. We only disclose data to law enforcement when legally required.

6. How long we keep it

We retain order records and related personal data for as long as needed to fulfil the order, support warranties, and meet tax and accounting obligations under Sri Lankan law (typically seven years after the transaction). Account profiles are retained for as long as your account is active; you can request closure at any time.

7. How we protect it

Data is encrypted in transit (TLS) and at rest by our hosting and email partners. Administrative access is limited to staff with a business need, gated by role-based authentication, and reviewed periodically. Payment details are handled by PayHere and never touched by our servers.

8. Your rights

Under the PDPA you have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate data, or completion of incomplete data;
  • request deletion of personal data we no longer need, subject to our legal retention obligations;
  • withdraw your consent for marketing emails at any time;
  • object to processing based on our legitimate interests;
  • lodge a complaint with the Sri Lanka Data Protection Authority.

9. Children

The storefront is not intended for children under 18. We do not knowingly collect data about minors; if you believe a child has provided us with personal data, please contact us so we can remove it.

10. Changes to this policy

We may update this policy from time to time; the “last updated” date reflects the most recent revision. Material changes will be communicated by email to opted-in subscribers.

11. Contact us

Write to sales@totaltechsolutions.lk for any privacy questions or to exercise the rights listed above.