Privacy Policy

Last updated: 1 June 2026

1. About this policy

This Privacy Policy explains how Total Tech Solutions (Pvt) Ltd (Company No. PV 00349596), trading as “TotalTechSolutions” (“we”, “us”, “our”), collects, uses, shares, and protects your personal data when you use our storefront at totaltechsolutions.lk. Our registered office is at 162/33, Madampitiya Road, Colombo 15, 01500, Sri Lanka. We are the data controller responsible for your personal data and we process it in line with Sri Lanka's Personal Data Protection Act (PDPA) No. 9 of 2022.

2. What we collect

We collect personal data in the following ways:

  • Information you give us: name, email, phone, delivery address, and company name + address (for B2B orders).
  • Payment information:when you pay by card, your card details are entered directly on the secure payment page of our bank's Internet Payment Gateway. We receive only the outcome of the transaction (success / failure, a masked reference, and the amount). We never see or store your full card number, expiry, or CVV on our servers.
  • Information collected automatically: IP address, device + browser type, pages viewed, referring URLs, and basic usage analytics needed to operate and secure the site.
  • Information from third parties: confirmation of payment status from our payment gateway, and authentication metadata from Auth0 when you sign in.

3. Why we process it (lawful basis)

  • To perform our contract with you: fulfilling orders, processing payments, arranging delivery, issuing invoices.
  • To comply with legal obligations: tax records, consumer-protection obligations, fraud prevention.
  • For our legitimate interests: site security, customer support, product analytics, anti-fraud monitoring.
  • With your consent: marketing emails (only when you have ticked the opt-in box) and optional cookies (see our Cookie Policy).

4. Marketing emails

We will only send you marketing emails (new product announcements, promotions) when you have explicitly opted in, whether at checkout, in your account settings, or by subscribing to our newsletter. Every marketing email contains an unsubscribe link that revokes your consent immediately. Transactional emails (order confirmations, invoices, refund receipts, delivery notes) are sent regardless of your marketing preference because they relate directly to a service you have requested.

5. Who we share it with

We share personal data only with the service providers who help us run the storefront, and only the data they need to do their job:

  • Hatton National Bank PLC (HNB):our payment gateway provider, for processing card payments. Card details are handled on HNB's secure systems, not ours.
  • Auth0 (Okta, Inc.): for authentication and session management.
  • Amazon Web Services (AWS): for website hosting, storage of product and banner images (Amazon S3), and sending our transactional and marketing email (Amazon SES).
  • Google LLC: we use the Google Places API to display Google business reviews on our homepage.
  • Courier & delivery partners: for parcel delivery within Sri Lanka. We share only the name, address, and phone needed to complete the delivery.

We do not sell or rent your personal data to anyone. We only disclose data to law enforcement or regulators when legally required.

6. Where we process your data (international transfers)

Some of our service providers process data on servers located outside Sri Lanka. In particular, our website, image storage, and email are hosted in the AWS Asia Pacific (Mumbai) region (India), and our authentication provider (Auth0/Okta) and Google may process certain data in other countries. Where personal data is transferred outside Sri Lanka, we rely on providers that apply recognised security and contractual safeguards, consistent with the cross-border transfer requirements of the PDPA.

7. How long we keep it

We retain order records and related personal data for as long as needed to fulfil the order, support warranties, and meet tax and accounting obligations under Sri Lankan law (typically seven years after the transaction). Account profiles are retained for as long as your account is active; you can request closure at any time.

8. How we protect it

Data is encrypted in transit (TLS) and at rest by our hosting and email providers. Administrative access is limited to staff with a business need, gated by role-based authentication, and reviewed periodically. Card payment details are handled entirely by our bank's payment gateway and are never touched, transmitted, or stored by our own servers.

9. Your rights

Under the PDPA you have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate data, or completion of incomplete data;
  • request deletion of personal data we no longer need, subject to our legal retention obligations;
  • withdraw your consent for marketing emails at any time;
  • object to processing based on our legitimate interests;
  • lodge a complaint with the Data Protection Authority of Sri Lanka.

10. Children

The storefront is not intended for children under 18. We do not knowingly collect data about minors; if you believe a child has provided us with personal data, please contact us so we can remove it.

11. Changes to this policy

We may update this policy from time to time; the “last updated” date reflects the most recent revision. Material changes will be communicated by email to opted-in subscribers.

12. Contact us

For any privacy questions or to exercise the rights listed above, write to sales@totaltechsolutions.lk or call +94 71 851 4643. You can also write to us at Total Tech Solutions (Pvt) Ltd, 162/33, Madampitiya Road, Colombo 15, 01500, Sri Lanka.