chatcart-logo
Login

Privacy Policy

Effective Date: June 01, 2025 | Last Updated: June 01, 2025

This Data Protection Notice ("Notice") outlines how Hyper Commerce (Private) Limited ("we", "us", or "our") processes personal data of users of the ChatCart platform, in accordance with the Personal Data Protection Act, No. 9 of 2022 ("PDPA") of Sri Lanka. This Notice applies to personal data in our possession or control, including personal data held by third parties processing data on our behalf.

PERSONAL DATA

As used in this Notice:

  • "Customer" means an individual who (a) has contacted us or used ChatCart to enquire about or use any service provided by us, including IPG integrations and delivery partner integrations, or (b) has entered into a contract with us for the provision of such services.
  • "Personal data" means data relating to an identified or identifiable natural person ("data subject"), whether true or not, in accordance with the PDPA.

Examples of personal data we may collect include: name, address, email address, telephone number, business name, WhatsApp ID, transaction details, and related financial information.

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

We will only collect personal data:

  • With your consent (or your authorised representative's consent), after notifying you of the purpose of collection;
  • Where necessary for the performance of our services (including IPG and delivery partner integrations); or
  • As otherwise permitted or required under the PDPA or other applicable laws.

We collect and use your personal data for purposes including but not limited to:

  • Delivering and improving ChatCart services;
  • Facilitating integrations with third-party IPG (internet payment gateway) services and delivery partners;
  • Verifying identity and authorising transactions;
  • Responding to enquiries and handling support;
  • Processing billing and payments;
  • Complying with applicable legal and regulatory requirements;
  • Preventing fraud and misuse;
  • Performing network analysis to ensure system integrity;
  • Any other incidental purposes related to the above.

We may disclose your personal data to:

  • Third-party service providers, IPG providers, and delivery partners necessary to provide ChatCart services;
  • Law enforcement, government agencies, or regulators where required under law.

LEGITIMATE INTERESTS

In line with Section 5 of the PDPA and applicable exceptions, we may process your personal data for our legitimate interests, such as:

  • Fraud detection and prevention;
  • Detection of misuse of services;
  • Network analysis to prevent fraud and financial crime;
  • Performing credit and risk analysis.

These purposes remain applicable even if you cease using our services, for a reasonable retention period.

WITHDRAWING CONSENT

You may withdraw consent by contacting our Data Protection Officer (DPO) (details below). We may require up to twenty (20) business days to process your request.

Please note that withdrawal of consent may impact our ability to provide services to you. Withdrawal does not affect any prior lawful processing or continued processing where required under law.

ACCESS TO AND CORRECTION OF PERSONAL DATA

You may request:

  • Access to your personal data;
  • Corrections to ensure accuracy;
  • Erasure of your data under applicable rights in the PDPA.

Requests should be made in writing to our DPO. Reasonable fees may apply for access requests. We will generally respond within twenty (20) business days.

PROTECTION OF PERSONAL DATA

We adopt reasonable technical and organisational measures (e.g., encryption, access controls) to protect personal data against unauthorised access, loss, or misuse.

While we strive to safeguard your data, no method of electronic transmission or storage is fully secure.

RETENTION OF PERSONAL DATA

We retain personal data only as long as necessary for service provision, legal compliance, or legitimate business needs. Once no longer needed, data is securely deleted.

CROSS-BORDER DATA TRANSFERS

If we transfer data outside Sri Lanka (e.g., where third-party cloud services or IPGs are hosted abroad), we ensure compliance with applicable PDPA safeguards, including:

  • Transfers to jurisdictions deemed adequate by Sri Lanka's Data Protection Authority; or
  • Contractual and technical safeguards where necessary; or
  • Consent from the data subject after informing them of any potential risks.

MARKETING AND SOLICITED MESSAGES

In line with Section 27 of the PDPA, we may send marketing or service-related messages through electronic means (such as WhatsApp or SMS) only where consent is obtained.

You may opt out of such messages at any time using provided instructions.

DATA PROTECTION OFFICER

For questions, feedback, or requests regarding this Notice or your personal data, you may contact:

Data Protection Officer

Hyper Commerce (Private) Limited

Tel: +94785408888

Email: prabath@chatcart.app

CHANGES TO THIS NOTICE

We may update this Notice from time to time. Updates will be posted on our website with the effective date. Continued use of ChatCart services constitutes acceptance of the updated Notice.