Book now
Book your stay
Best Rate Guaranteed
    logo

    Privacy Policy

    Introduction

    Mahaweli Reach Hotels PLC (“MRH”, “we”, “us”, “our”) respects your privacy and is committed to protecting the privacy, confidentiality and security of the personal data you provide to us or that we collect about you when you use our website www.mahaweli.com or our mobile application and other online products and services (“Site”), when you contact guest services, or when you otherwise interact with us. We are aware of our responsibilities to protect your personal data and comply with applicable privacy and data protection laws.

    This Privacy Policy explains the manner in which your personal data is used. This Privacy Policy gives effect to our commitment to protect your personal data. Your use of the Site will constitute your agreement with the terms of this Privacy Policy.

    Please contact us if you have any queries in respect of this Privacy Policy.

    Data Protection Officer
    Mahaweli Reach Hotels PLC
    35; P.B.A. Weerakoon Mawatha
    Kandy

    Fax: +94 81 2232068
    Email: dpo@mahaweli.com

    Types of Personal Data We Collect

    We may collect the following types of personal data (including where applicable sensitive personal data)

    • Personal Information: such as your full name and contact information, passport and visa information;
    • Accommodation Information: such as guest stay information, date of arrival and departure, goods and services purchased, special requests made, your service preferences;
    • Payment Information: your credit card, mobile payment and other payment details;
    • Loyalty and Rewards programs: your membership information, account details, any frequent flyer or travel partner programme affiliation;
    • Feedback: your reviews, feedback and opinions about our hotel, programmes and services;
    • Security systems: information collected through the use of closed circuit television systems and other security systems; and
      any other personal data you choose to provide to us.
    • Technical Information: such as IP Address, Geographic data, browser and computer system, operating system and application version, language settings, pages viewed and mobile network information

    We limit the information collected in respect of children under 18 years of age. Any information should be provided by an adult. We kindly request that parents ensure that children do not send us any Personal Data without parental consent and if such information has been sent, please let us know and we will delete such information.

    When Information May Be Collected

    Personal data may be requested or generated in different circumstances including but not limited to the following:

    • Reservations and purchasing activities such as room or table reservations, check –in and check-out, payment, submission of complaints or requests.
    • Through Marketing and communication activities such as participation in promotional offers, surveys and competitions, social media and SMS campaigns, newsletter subscription, loyalty program registration or feedback forms.
    • Information Collected From Other Sources: third party service providers such as tour operators, online reservation systems, marketing partners or other third parties such as information provided by your travel agent, airline, credit card and others
    • Internet activities such as social media platforms, questionnaires etc;
    • Information Collected by Cookies and Other Tracking Technologies: we and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Site and your experience, see which areas and features of our Site are popular and count visits. Web beacons are electronic images that may be used in our services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see our Cookies Policy.

    Where you provide personal data of third parties (for example, names and contact details of your family members in connection with bookings or family memberships), you confirm that you have their consent to provide their personal data to us. We recommend you show them this Privacy Policy.

    How the Personal Data collected is used:

    We use your Personal Data for the following purposes:

    • Performing our contractual and customer service obligations: management of reservations and your stay at our property, catering to your requests, facilitating your use of services and performing contractual obligations such as credit card payments etc;
    • Improvement of our services: for the assessment and improvement of our product and services and the development of our operations;
    • Personalisation of our services and communications: to perform legitimate commercial interests including to personalize content and tailor our digital customer experience and offerings, understand customers’ requirements to develop targeted marketing campaigns, a newsletter and promotions;
    • Recruitment of staff or interns;
    • Compliance purposes: to fulfill statutory and fiscal compliance obligations.

    If you do not provide certain information to us, we will be unable to provide you with our products and services. In cases where providing personal information is optional we will make it clear.

    Disclosure of Personal Data

    • between and among a limited group of MRH affiliates and with the appropriate person within our company as are relevant for the above purposes including but not limited to hotel staff, IT departments and marketing services and to facilitate the operation of our business;
    • with third-party payment processors, payment service providers, IT and marketing support service providers and other consultants, vendors and service providers who need access to such information to carry out work or provide services on our behalf or who help us to provide the Site to you whether such consultants are based in Sri Lanka or in other jurisdictions;
    • with anyone involved in the process of making your travel arrangements (e.g. travel agents, group travel organisers and your employer) in order to fulfill contractual obligations;
    • with any law enforcement authorities, courts of law, Government or regulatory bodies (in whatever jurisdiction), or otherwise in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, court order or legal process;
    • with our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
    • with any other party at your consent or at your direction; and otherwise as permitted or required by applicable laws and regulations.

    Retention of Data

    • Reasonable business needs: for as long as we provide goods and services to you, for managing our business relationship with you or managing our operations, and /or
    • Reasonable statutory periods: such as prescriptive periods set out by law or for as long as we need to comply with fiscal and legal obligations;
    • Other retention periods in line with legal and regulatory guidance and requirements.

    Security of Personal Data

    We have implemented the necessary technical and organizational measures, in compliance with legal requirements with the aim of protecting the Personal Data, ensuring confidentiality in accordance with the principles set out in this policy.

    Whenever information is requested on credit cards, this communication is made via secure SSL (Secure Sockets Layer) lines, when you are using a browser which allows SSL, such as Microsoft Internet Explorer or Google Chrome.

    We cannot guarantee that our Site will function faultless and without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

    Third Party Sites

    The Site may contain links to other websites, apps, content, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal information to these sites.

    Personal Data Rights

    Under certain circumstances you are entitled to the following rights:

    • right of access to the personal data we hold about you: please note that this is not an absolute right and the interests of other individuals may restrict your right of access.
    • right of rectification of any inaccurate information held by us about you
    • right to erasure: you may have the right to obtain erasure of information held by us
    • right to restrict data processing: in the event you request a restriction on the manner in which your data is processed, such data will only be used for limited purposes
    • right to object: you could object on grounds relating to your particular circumstance to the processing of data by us and we can be required to no longer process your data
    • your personal right to data portability: you have the right to receive the data provided by you to us in a structured, commonly used, machine readable format and you have the right to transmit that data to another entity without hindrance from us.

    Whenever a request is made, we will strive to grant these rights as quickly as possible. You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time. Even when you opt out in respect of these services we may still contact you for transactional or informational purposes.

    You may in certain circumstances ask us to delete your personal data. However, we may not be able to continue providing services to you if you entirely withdraw your consent or ask us to delete your personal data entirely.

    To make these requests, or if you have any questions or complaints about how we handle your personal data, or would like us to update the data we maintain about you and your preferences, please contact our data protection officer by email at dpo@mahaweli.com or by post at 35; P.B.A. Weerakoon Mawatha, Kandy, Sri Lanka

    Changes to the Privacy Policy

    We may modify this Privacy Policy from time to time. Any changes to this Privacy Policy will be posted to the Site so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Policy whenever you access the Site or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. Updated versions of this Privacy Policy will include the date of the revision at the end of this Privacy Policy so that you are able to check when the Privacy Policy was last amended. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Site. Use of the Site following such changes constitutes your acceptance of the revised Privacy Policy then in effect. If we make any material changes we will notify of same by means of a notice on this Site prior to the changes becoming effective.

    Miscellaneous

    This Privacy Policy is governed by and shall be construed in accordance with the laws of Sri Lanka.

    This Privacy Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.

    Last Updated: March 2019

    Cookies Policy

    We use and allow third parties to use essential and non- essential cookies, online tracking tools, web beacons and similar technologies (collectively “Cookies”) on our website. Cookies are small text files placed on a user’s device (computer, mobile phone or tablet) when he or she visits the website. Cookies allow the website to recognize the user’s device.

    We employ cookies to improve site performance and to enhance the user experience. Cookies help us to understand the relevance, usefulness, interest, volume and frequency of visits to our online content and determine the best way of presenting the information which is truly relevant to our customers. They allow us to understand how you got to our website (internet search, a recommendation from another site, advertisement etc;) and how you navigate through the website’s pages. Cookies also enable us to see your preferences such as the language you use. However they do not collect any type of Personal Data or any other information which allows a user to be identified individually.

    Cookies that we use can be stored either permanently or temporarily on your computer, mobile phone or tablet. The permanent cookies allow it to identify a new visit by the same user, helping us to understand which new content is relevant to that user. This information is analyzed as a whole in order to improve the content and services provided.

    The website also uses temporary cookies which only remain active while the user is on the website. These cookies allow us to understand how a user navigates between pages and identify opportunities for improvement.

    All browsers allow users to configure access by cookies or block them. If you wish to block cookies please visit www.allaboutcookies.org (in English, French and Spanish).

    If you want more information about our ad service provider and its cookies, including information about how to opt out of these technologies, you may visit http://optout.aboutads.info In addition, users may prevent Google’s collection of data generated by your use of the website (including your IP address) by downloading and installing a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl-en.

    In addition, a guide to online privacy has been produced by the internet advertising industry which can be found at:

    We may change this Cookies Policy from time to time by posting the updated version of the policy on our Site. Please check this Site periodically to be informed of any changes.