1) Who we are

Jayathissa Lanka Enterprises (PVT) LTD (“Company”, “we”, “our”, “us”) operates the website https://admin.jcc.lk (“Site”) and related services.

2) Information we collect

Information you provide

• Account details (name, email, phone, business info).
• Orders, deposits, or service requests; uploaded files and messages.
• Support inquiries and feedback.

Information collected automatically

• IP address, browser/OS info, device identifiers, referral URLs, pages viewed, and approximate location (via IP).
• Cookie, pixel, and local-storage identifiers; session timing and errors for security and performance.

Information from third parties

• Payment gateways and banks (e.g., reference numbers, success/failure status, fraud checks).
• SMS/email providers (delivery status, bounce/spam reports).
• Analytics services (aggregated usage metrics).

3) Cookies

We use cookies and similar technologies to operate and improve the Site. You can control cookies in your browser. Disabling some cookies may affect functionality.

WordPress cookies. If you leave a comment, you may opt-in to saving your name, email and website in cookies for convenience (1 year). If you visit the login page, we set a temporary cookie to test for cookie acceptance (deleted when you close the browser). When you log in, we set cookies to save your login and screen choices (login: 2 days; screen: 1 year). Selecting “Remember Me” keeps you logged in for 2 weeks. Logging out removes login cookies. Editing or publishing a post will set an additional cookie with the post ID (expires in 1 day).

4) Comments

When visitors leave comments, we collect the data shown in the form, and also the visitor’s IP address and browser user-agent string to help spam detection. An anonymized hash of your email may be sent to Gravatar to check if you use the service. See Gravatar’s policy: automattic.com/privacy. After approval, your profile picture is public in the context of your comment.

5) Media

If you upload images, avoid uploading images that include embedded location data (EXIF GPS). Visitors can download and extract location data from images on the site.

6) Embedded content from other sites

Articles may include embedded content (e.g., videos, images, widgets). Embedded content from other websites behaves the same as if you visited those sites directly. Those sites may collect data, use cookies, embed third-party tracking, and monitor your interaction with the embedded content, including if you are logged in to that site.

7) Payments & IPG

We may process payments using Sri Lankan and international payment gateways and banks (e.g., PayHere, WebXPay, major card networks, and local banks). We do not store full card numbers on our servers. Payment providers act as independent controllers or processors of your payment data and may conduct fraud checks. We receive only limited information needed to record your transaction (e.g., token, last 4 digits, time, amount, status, reference IDs).

8) Communications (SMS, WhatsApp, Email)

We may send transactional messages (e.g., OTPs, order updates, cashier deposits) by email, SMS, or WhatsApp using service providers (for example, Text.lk / equivalent, WhatsApp Business API providers, or email platforms). Promotional messages are sent only with appropriate consent and include an opt-out.

9) Analytics & logs

We may use privacy-conscious analytics and server logs to understand usage and improve reliability. Data is aggregated where possible. IP addresses may be briefly processed for security and geolocation at the city/country level.

10) Legal bases for processing

Where applicable (e.g., under GDPR), we rely on one or more legal bases:

• Contract – to provide requested services or fulfill an order.
• Legitimate interests – to secure, improve, and market our services proportionately.
• Consent – where required for optional cookies or marketing; you can withdraw consent at any time.
• Legal obligation – to comply with applicable laws, tax, and regulatory requirements.

11) How long we retain your data

• Comments and metadata are retained indefinitely to recognize and approve follow-ups automatically.
• User accounts (if any): profile information persists until you delete it or the account is closed, subject to legal obligations.
• Transaction/financial records are kept for the period required by Sri Lankan law (typically 7–10 years).
• Logs & analytics are kept for the shortest period necessary for security and operations.

12) Your rights

Depending on your location, you may have rights to access, correct, update, port, object to, or delete your personal data, and to withdraw consent. To exercise rights, contact us using the details below. We may need to verify your identity before acting on a request.

13) Security

We implement administrative, technical, and physical safeguards (e.g., TLS encryption in transit, access controls, regular updates). No method of transmission or storage is 100% secure; we work to continuously improve our protections.

14) Children’s data

Our services are not directed to children under the age of 13 (or the age defined by local law). If you believe a child has provided personal data, please contact us to remove it.

15) International data transfers

Your data may be processed in countries outside Sri Lanka where our service providers operate. Where required, we use appropriate safeguards (such as contractual protections) to protect your information.

16) Who we share your data with

• Payment processors & banks for payments, refunds, chargebacks, and fraud prevention.
• Hosting, analytics, and communication providers to run the Site and deliver messages.
• Professional advisers (legal, accounting) under confidentiality.
• Authorities when required by law or to protect rights and safety.

Password resets: if you request a password reset, your IP address may be included in the reset email.

17) Contact us

For questions or privacy requests, contact:

18) Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Effective date” above and, where appropriate, notify you by email or an in-app notice. Continued use of the Site after changes means you accept the updated policy.