Legal

Privacy Policy

Last updated: 30 June 2026

Lanka Chemist ("we", "us", "our"), a registered pharmacy at No. 34, Galle Road, Dehiwala, Sri Lanka, is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share and safeguard your information when you visit our website or place an order with us. We handle personal data in line with the Personal Data Protection Act, No. 9 of 2022 and other applicable Sri Lankan law. By using our website, you agree to the practices described in this policy.

Information We Collect

  • Account & contact details you provide — name, email address, telephone number and delivery address.
  • Order information — the products you buy, order history, delivery and pickup details, and communications with us.
  • Prescription and health-related information — where you upload a prescription, the prescription image and related details you provide so our pharmacist can review your order. This is sensitive information and is handled with additional care (see "Prescriptions & Health Data" below).
  • Payment information — payments are processed securely by our third-party payment gateway. We do not collect or store your full card details on our systems. For bank-transfer orders, we receive the payment slip you upload.
  • Technical and usage information — collected automatically using cookies and similar technologies, such as your IP address, browser and device type, and how you interact with our website.

How We Use Your Information

  • To process, verify, fulfil and deliver your orders, and to confirm availability before dispatch;
  • To contact you about your order by phone, WhatsApp, email or notification;
  • To have our pharmacist review prescription orders;
  • To provide customer support and respond to your enquiries;
  • To operate, secure and improve our website and services;
  • To detect and prevent fraud and misuse;
  • To send you marketing communications only where you have opted in (see "Marketing"); and
  • To meet our legal, tax, accounting and regulatory obligations.

Prescriptions & Health Data

Prescription images and related health information are treated as sensitive personal data. They are stored in secure, private storage, are accessible only to authorised pharmacy staff through time-limited secure links, and are never made publicly accessible. We retain prescription records for the period required by applicable pharmacy and regulatory guidelines, and securely delete images that are no longer required.

How We Share Your Information

We do not sell or rent your personal information. We share it only as needed to run our business and serve your order:

  • Trusted service providers who help us operate — including our payment gateway (PayHere), website hosting, database, secure storage, authentication and email-delivery providers, website analytics providers, and our delivery/courier partners (to whom we provide the name, address and phone number needed to deliver your order). These providers are permitted to use your information only to provide their service to us.
  • Sign-in providers — if you choose to sign in using a third-party account (such as Google), we receive basic profile information from that provider.
  • Legal and regulatory authorities — where we are required to disclose information by law, or to protect our rights, safety or property.

Cookies & Tracking

We use cookies and similar technologies to keep your cart and session working, understand website traffic, and measure the performance of our advertising. You can disable cookies in your browser settings, but some features of the website may not work properly as a result.

Data Retention

We keep your personal information only for as long as necessary. Order records are retained for as long as your account is active and as required to meet our tax, accounting and legal obligations (generally up to 6 years). Prescription records are retained for the longer period required by applicable pharmacy guidelines. You may ask us to delete your account information at any time, subject to records we are legally required to keep.

Data Security

We apply appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure or destruction. However, no method of transmission or storage over the internet is completely secure, and we cannot guarantee absolute security.

Your Rights

Subject to applicable law, you may request to access, correct or delete your personal information, object to or restrict certain processing, and withdraw consent (including opting out of marketing) at any time. To exercise these rights, contact us using the details below. We may need to verify your identity before acting on a request.

Children

Our website and products are intended for customers aged 18 and over. We do not knowingly collect personal information from children.

Marketing

We will send promotional emails only if you have opted in. Every marketing email includes an unsubscribe link, and you can opt out at any time. Opting out of marketing does not stop essential service messages about your orders.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "last updated" date. Please review it periodically.

Contact Us

For any privacy question or data request:

Chat with us