Privacy Policy

Last Updated: February 2026

Effective Date: February 1st, 2026

This Privacy Policy explains how Olaya collects, uses, stores, shares, and protects your personal data when you use our website and services. By creating an account or using the website, you agree to the practices described in this Policy.

1. Introduction

Olaya operates an online clothing business serving customers within Sri Lanka. We are committed to protecting your privacy and handling personal data responsibly in accordance with Sri Lanka’s Personal Data Protection Act, No. 9 of 2022.

If you do not agree with this Privacy Policy, please do not use the website.

2. Who We Are

  • Business Name: Olaya
  • Operating Location: Colombo, Sri Lanka
  • Contact Email: hello@olaya.com.lk

Olaya is not currently a registered business entity.

3. Personal Data We Collect

We may collect the following categories of personal data:

Account Information:

  • Full name
  • Email address
  • Password (stored in encrypted/hashed form)

Order and Transaction Data:

  • Billing and delivery address
  • Order history
  • Payment status and transaction references

Payment Data:

  • Payment is processed by PayHere
  • We do not store full card numbers or banking credentials

Technical and Usage Data:

  • IP address
  • Device type and browser information
  • Log data, timestamps, and usage patterns

Marketing Data:

  • Email preferences
  • Interaction with marketing emails

4. How We Collect Personal Data

We collect personal data when you:

  • Create an account
  • Place an order
  • Make a payment
  • Subscribe to marketing communications
  • Interact with the website

Some technical data may be collected automatically through cookies or similar technologies.

5. Purpose of Processing

We process personal data for the following purposes:

  • Creating and managing user accounts
  • Processing orders and payments
  • Delivering products
  • Providing customer support
  • Sending transactional emails
  • Sending marketing and promotional communications
  • Fraud prevention and security
  • Improving website functionality and performance
  • Legal and regulatory compliance

6. Legal Basis for Processing

Personal data is processed based on one or more of the following legal grounds:

  • Performance of a contract
  • User consent
  • Compliance with legal obligations
  • Legitimate business interests, where not overridden by your rights

7. Marketing Communications

By creating an account, you consent to receive marketing emails from Olaya. You may opt out of marketing communications at any time using the unsubscribe link provided in emails.

Opting out of marketing emails does not affect transactional communications related to orders or account activity.

8. Data Sharing and Third Parties

We may share personal data with trusted third party service providers strictly for operational purposes, including:

  • PayHere: payment processing
  • Netlify: frontend hosting
  • Wispbyte: backend infrastructure and data storage
  • Courier and logistics partners for delivery

These parties are only given access to the data necessary to perform their services and are expected to protect your data.

We do not sell personal data to third parties.

9. International Data Transfers

Personal data may be stored or processed on servers located outside Sri Lanka due to the infrastructure of our service providers. Where this occurs, we take reasonable steps to ensure adequate data protection safeguards are in place.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, including legal, accounting, and operational requirements.

When personal data is no longer required, it is securely deleted or anonymized.

11. Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

However, no online system is completely secure, and we cannot guarantee absolute security.

12. Your Rights

Under Sri Lankan data protection law, you may have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Withdraw consent for processing
  • Object to certain types of processing
  • Request deletion of data, subject to legal obligations

Requests can be made by contacting hello@olaya.com.lk.

13. Cookies and Tracking

The website may use cookies or similar technologies to enhance user experience, analyze usage, and improve performance.

You may control cookies through your browser settings. Disabling cookies may affect website functionality.

14. Children’s Privacy

There is no age restriction for using this website. However, if you believe a minor has provided personal data without appropriate understanding or consent, please contact us and we will take reasonable steps to address the issue.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on the website with an updated effective date. Continued use of the website constitutes acceptance of the revised Policy.

16. Contact

For questions, concerns, or data requests, contact: hello@olaya.com.lk