Privacy Policy
Effective Date: 2025.07.27
Last Updated: 2025.07.27
At RibbonIt we value your privacy. This Privacy Policy explains how we collect, use, and protect your personal information under:
- The Personal Data Protection Act, No. 9 of 2022 (Sri Lanka)
- The General Data Protection Regulation (GDPR) (for users in the EU/EEA)
1. What Do We Do With Your Information
When you purchase from our store, we collect personal information such as:
- Your name
- Address
- Email address
- Phone number
- Payment information (via secure third-party gateways)
When you browse our website, we automatically collect your IP address, browser, and device information to optimize your shopping experience.
If you opt in, we may send marketing emails about our store, new products, and updates. You can unsubscribe anytime.
2. Legal Basis for Processing (GDPR & PDPA)
We process your personal data based on:
| Legal Basis | Purpose |
|---|---|
| Consent | Marketing communications and cookies |
| Contract | Order fulfillment and customer service |
| Legal Obligation | Compliance with tax, consumer, and fraud laws |
| Legitimate Interest | Security, analytics, and service improvement |
You may withdraw your consent at any time by contacting us.
3. Consent
When you provide personal information to complete a transaction or delivery, we assume your consent to collect and use it for that purpose. If we need it for anything else (e.g., marketing), we will ask for your explicit permission.
To withdraw consent, email us at [your email].
4. Your Rights Under GDPR & PDPA
You have the right to:
- Access your data
- Correct inaccurate or outdated data
- Delete your data (the “right to be forgotten”)
- Restrict or object to certain uses of your data
- Withdraw consent at any time
- Data portability (receive a copy in a standard format)
- File a complaint with the Data Protection Authority (Sri Lanka or EU)
To exercise your rights, contact us at [team@ribbonitgift.com].
5. Disclosure
We may disclose your personal information:
- To comply with legal obligations
- To protect our rights or enforce our terms
- In case of business transfer or acquisition
We will never sell or rent your personal data.
6. Payment Security
We use secure payment gateways including all of which meet global standards:
We do not store your credit card details. All transactions are encrypted via Extended Validation SSL (EV SSL).
7. Third-Party Services
Third-party providers (e.g., payment processors, couriers) access your data only to the extent needed to perform their services. We recommend reading their privacy policies as they may operate under different jurisdictional laws.
Once you leave our site or are redirected to a third-party platform, this Privacy Policy no longer applies.
8. Cookies and Trackin
We do not currently use tracking tools like Google Analytics or Facebook Pixel. If we decide to implement these tools in the future, we will:
Under GDPR, non-essential cookies require your consent. You can also manage cookies via your browser settings.
9. Data Security
We follow industry best practices, including:
- SSL encryption
- Secure data storage
- Access control on customer information
- Encrypted communication with payment gateways
Despite our efforts, no online system is 100% secure.
10. Age of Consen
By using this site, you confirm that you are:
- At least the age of majority in your location, or
- You have given consent for any minor dependents to use this site
12. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy. Changes take effect once posted. If significant updates occur, we will notify you via email or on our website.
13. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy:
📧 Email: [team@ribbonitgift.com]
📍 Address: 177 A/1 Kaduwella Road, Thalangama North, Koswatta, Battaramulla, Sri Lanka