Privacy Policy

Treehouse Midigama

Last updated: [2026/02/08]

Treehouse Midigama ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

1. Data Controller

The data controller responsible for your personal data is:

Treehouse Midigama

Midigama, Sri Lanka

Email: treehousemidigama@gmail.com

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data

  • Full name
  • Email address
  • Phone number
  • Nationality / country of residence

Booking & Stay Information

  • Check-in and check-out dates
  • Number of guests
  • Room or villa type
  • Special requests or preferences

Payment-Related Data

  • Payment status and transaction references

(We do not store card details; payments are handled by secure third-party providers)

Technical & Usage Data

  • IP address
  • Device and browser information
  • Website interaction data via analytics tools

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contractual necessity - to manage bookings and provide accommodation services
  • Consent - when you submit inquiries or agree to communications
  • Legitimate interest - to improve services, prevent fraud, and manage operations
  • Legal obligation - to comply with local laws, tax, or regulatory requirements

4. How We Use Your Data

Your data is used to:

  • Process and manage reservations
  • Communicate before, during, and after your stay
  • Provide customer support and guest services
  • Improve our website and guest experience
  • Meet legal and operational obligations

5. Data Sharing & Third Parties

We do not sell your personal data.

Your data may be shared only with:

  • Booking platforms (e.g., Booking.com, Airbnb)
  • Payment processors
  • IT, email, or analytics service providers
  • Authorities where legally required

All third parties are required to process data securely and lawfully.

6. International Data Transfers

Some service providers may process data outside Sri Lanka or the EU. Where applicable, we ensure appropriate safeguards are in place.

7. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill booking and accommodation purposes
  • Comply with legal, tax, or accounting requirements

Data is securely deleted or anonymized thereafter.

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Withdraw consent at any time
  • Lodge a complaint with a data protection authority

Requests can be made via email.

9. Cookies & Analytics

We use cookies for essential website functionality and basic analytics. You may disable cookies via browser settings, though some features may be affected.

10. Children's Data

We do not knowingly collect personal data from children under 16. Any such data will be removed upon request.

11. Policy Updates

This policy may be updated periodically. Changes will be posted on this page with a revised date.