Privacy Policy

Section 1: Our Commitment to Your Privacy

Medizone (Pvt) Ltd., the operator of Medizone.lk (“we,” “us,” “our”), is the “Data Controller” for your personal information. We are deeply committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with Sri Lanka’s Personal Data Protection Act (PDPA), No. 9 of 2022.

Section 2: The Data We Collect

We collect information to provide and improve our services. The types of data we collect are:

2.1. Personal Data You Provide to Us:

* Account Information: Your name, email address, telephone number, and delivery address when you create an account.

* Order Information: Details of the Over-The-Counter (OTC) products you purchase.

* Communication Data: Any information you provide when you contact our customer service team.

2.2. Special Category Personal Data (Health Data):

* This includes the digital image of a medical prescription and any health-related information contained within it, which you voluntarily upload when using our “Prescription Support Service.” This data is subject to the highest level of protection as detailed in Section 4.

2.3. Data We Collect Automatically:

* Usage Data: Information about how you access and use our Website, such as your IP address, browser type, pages visited, and the time and date of your visit.

* Cookies: We use cookies to enhance your browsing experience. For more details, please see our Cookie Policy.

Section 3: How and Why We Use Your Data (Our Lawful Basis)

We only process your personal data when we have a valid legal reason to do so under the PDPA. The table below outlines our processing activities and the lawful basis for each.

Table 2: Summary of Data Processing Activities

Processing Activity	Data Categories Used	Lawful Basis under the PDPA
Creating and managing your user account	Account Information	Necessary for the Performance of a Contract with you.
Processing and delivering your OTC product orders	Account Information, Order Information	Necessary for the Performance of a Contract with you.
Responding to your “Prescription Support Service” inquiry	Account Information, Special Category Personal Data (Health Data from prescription)	Your Explicit Consent, which you provide at the time of upload.
Responding to customer service queries	Account Information, Communication Data	Necessary for our Legitimate Interests (to provide quality customer service) and for the Performance of a Contract.
Improving our website and services	Usage Data, Cookies	Necessary for our Legitimate Interests (to improve our business and user experience).
Sending you marketing communications about our OTC products and offers	Account Information (Email)	Your Consent (if you opt-in) or our Legitimate Interests (for existing customers, with an easy opt-out).

Section 4: Handling Your Health Information (Prescription Uploads)

We recognize that the health information on your prescription is extremely sensitive. As “Special Category Personal Data” under the PDPA, it receives special protection:

Explicit Consent: We will only process this data after you have given your clear and affirmative consent at the point of upload.
Strict Purpose Limitation: This data is used only to allow a registered pharmacist to respond to your inquiry. It is never used for marketing, profiling, or any other purpose.
Strict Access Control: Access to your uploaded prescription is restricted to the registered pharmacists on duty who are bound by professional confidentiality. It is not accessible to other staff.
Secure Storage: Your health data is encrypted and stored securely.
Defined Retention Period: As stated in our Prescription Support Policy, we will permanently delete the digital copy of your prescription from our active systems within 72 hours of your inquiry being resolved.

Section 5: Who We Share Your Data With

We do not sell your personal data. We only share it with trusted partners to provide our services:

Courier Services: We share your name, address, and phone number with our third-party courier partner to deliver your orders.
Payment Processors: We share transaction information with secure payment gateways to process your payments.
IT Service Providers: We may share data with vendors who provide services such as website hosting and maintenance.
Important Note: Your Special Category Personal Data (uploaded prescription) is never shared with any external third party.

Section 6: Your Rights Under the PDPA

As a data subject in Sri Lanka, you have the following rights regarding your personal data [3]:

The Right to Access: You can request a copy of the personal data we hold about you.
The Right to Rectification: You can request to correct any information you believe is inaccurate.
The Right to Erasure: You can request that we delete your personal data, under certain conditions.
The Right to Withdraw Consent: You can withdraw your consent at any time where we rely on consent to process your data.
The Right to Object to Processing: You can object to our processing of your personal data, under certain conditions.

To exercise any of these rights, please contact our Data Protection Officer using the details in Section 8. We will respond to your request within 21 working days, as required by the Act.

Section 7: Data Security and Retention

We implement appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, or destruction. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.

Section 8: Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer (DPO):

Data Protection Officer, Medizone (Pvt) Ltd.
Email: hello@medizone.lk
Address: Medizone (Pvt) Ltd, 692 B Galle Rd, Moratuwa 10400

You also have the right to lodge a complaint with the Data Protection Authority of Sri Lanka.

Easy Glide Water-Based Personal Lubricant for Silky Smooth Sensation | Medizone.lk

Smart Pregnancy Test Strip for Reliable & Quick Home Testing | Medizone.lk

Fair & Pink Glow Cream with SPF 30 for Radiant, Even-Toned Skin | Buy Online in Sri Lanka (30g)

BeZinc Capsules with B-Complex, Vitamin C, Folic Acid & High-Potency Zinc (10 Caps)

Vidafast Nutritional Supplement for Weight Management & Meal Replacement (400g)

Dermoteen Whitening Cream with SPF 30 for Glowing, Fair & Radiant Teenage Skin | Buy in Sri Lanka (20ml)