Privacy Policy

Last Updated: 06 June 2026

This Privacy Policy explains how POTHAK.LK (PVT) LTD, operating through https://pothak.lk, collects, uses, stores, shares, and protects customer information when you visit our website, create an account, place an order, make a payment, or contact us.

By using Pothak.lk, you agree to the practices described in this Privacy Policy.

1. About POTHAK.LK (PVT) LTD

POTHAK.LK (PVT) LTD is an online bookstore in Sri Lanka. Through Pothak.lk, customers can browse and purchase books online, including Sinhala books, English books, novels, translations, children’s books, educational books, poems, bargain books, and other related products.

Our website allows customers to place orders online and receive delivery within Sri Lanka.

Business Information

Business Name: POTHAK.LK (PVT) LTD
Website: https://pothak.lk
Address: Ganemulla Road, Kadawatha, Sri Lanka
Phone: +94 726366000
Email: [email protected]

The contact details above are currently displayed on the official Pothak.lk contact page.

2. Information We Collect

We collect information that is necessary to provide our online bookstore services, process orders, arrange delivery, process payments, improve our website, and communicate with customers.

2.1 Personal Information

When you create an account, place an order, contact us, or use checkout, we may collect:

Customer name
Email address
Phone number
Billing address
Delivery address
Order details
Account username and password, if an account is created
Customer notes or special delivery instructions

2.2 Order Information

When you place an order on Pothak.lk, we collect details related to your purchase, including:

Products ordered
Quantity
Product price
Discounts or coupon usage
Delivery fee
Payment method
Payment status
Order status
Delivery status
Order history
Refund or return requests, if any

2.3 Payment Information

When you make an online payment, your payment is processed through a secure third-party payment gateway such as PayHere.

POTHAK.LK (PVT) LTD does not store your complete credit card number, debit card number, CVV, or online banking password on our website server.

PayHere states that it supports major cards, mobile wallets, and internet banking systems. PayHere also states that it is Central Bank approved, ISO/IEC 27001 certified, and works through PCI DSS compliant partner banks.

2.4 Technical Information

When you use our website, we may automatically collect certain technical information such as:

IP address
Browser type
Device type
Operating system
Pages visited
Date and time of visit
Cart activity
Login activity
Referral source
Website error logs
Security logs

This information helps us improve website performance, troubleshoot technical issues, prevent fraud, and protect the website from abuse.

2.5 Communication Information

When you contact us by phone, email, WhatsApp, social media, contact form, or any other method, we may collect and keep communication records to provide customer support and resolve order-related issues.

3. How We Use Your Information

We use customer information for the following purposes:

To create and manage customer accounts
To process and confirm orders
To arrange delivery
To contact customers regarding orders, payments, delivery, returns, or refunds
To provide customer support
To process online payments securely
To prevent fake orders, fraud, abuse, and unauthorized activity
To improve website speed, security, design, and user experience
To manage promotions, discounts, and offers
To send order-related emails, SMS, or notifications
To comply with legal, accounting, tax, and business record requirements

We may also use your information to send promotional messages about new arrivals, book offers, or special discounts. You may unsubscribe or request to stop receiving marketing messages at any time.

4. Legal Basis for Processing Information

We collect and use customer information because it is necessary for:

Processing and delivering customer orders
Completing payment and refund processes
Providing customer service
Complying with legal and accounting requirements
Protecting the security of our website and business
Improving our services
Marketing communication, where permitted or consented

5. Cookies and Similar Technologies

Pothak.lk may use cookies and similar technologies to improve website functionality and customer experience.

Cookies may be used for:

Keeping products in your cart
Keeping you logged into your account
Remembering website preferences
Improving checkout experience
Protecting the website from spam and fraud
Measuring website performance
Understanding how visitors use the website

You can disable cookies through your browser settings. However, some website features such as cart, login, and checkout may not work correctly if cookies are disabled.

6. Sharing Your Information

POTHAK.LK (PVT) LTD does not sell, rent, or trade customer personal information.

However, we may share necessary information with trusted third parties only when required to operate our business and provide services to customers.

These third parties may include:

Payment gateway providers such as PayHere
Courier and delivery partners
Website hosting providers
Email and SMS service providers
Customer support tools
Analytics and security service providers
Professional advisors such as accountants or legal consultants
Government, regulatory, or law enforcement authorities where required by law

Only the information required for the relevant service will be shared.

7. Payment Security

Online payments are handled through secure third-party payment gateways. When customers pay through PayHere, sensitive payment details are processed by PayHere and not stored by Pothak.lk.

PayHere says its checkout can redirect customers to the PayHere Payment Gateway to securely process the payment.

Although we take reasonable measures to protect customer data, no website, online payment system, or internet transmission can be guaranteed as 100% secure. Customers are responsible for keeping their account password and payment information safe.

8. Data Retention

We keep customer information only for as long as necessary for business, legal, tax, accounting, security, and customer support purposes.

Order records may be retained to:

Provide order history
Handle returns and refunds
Resolve disputes
Comply with accounting and tax obligations
Prevent fraud and fake orders
Improve customer support

If you request deletion of your personal information, we will review the request and delete information where legally and practically possible. Some order, payment, or accounting records may need to be retained for legal or business reasons.

9. Customer Rights

Customers may contact us to:

Request access to personal information we hold
Correct inaccurate information
Update account details
Request deletion of personal information where possible
Request information about how their data is used
Opt out of marketing communication
Raise a privacy-related complaint

Requests can be sent to [email protected].

10. Account Security

Customers who create an account are responsible for keeping their username and password confidential.

Please contact us immediately if you believe your account has been accessed without permission.

POTHAK.LK (PVT) LTD is not responsible for losses caused by customer failure to protect login details, except where required by law.

11. Children’s Privacy

Pothak.lk sells children’s books, but purchases and account creation should be completed by adults or with the permission of a parent or guardian.

We do not knowingly collect personal information from children without appropriate consent.

12. Third-Party Links

Our website may contain links to third-party websites, payment pages, social media pages, or services.

We are not responsible for the privacy practices, content, security, or policies of third-party websites. Customers should review the privacy policies of any third-party websites they visit.

13. Marketing Communication

We may send customers updates about new books, discounts, offers, or promotions through email, SMS, WhatsApp, or other communication methods where permitted.

Customers can request to stop receiving promotional communication at any time by contacting us.

Order-related messages, delivery updates, payment updates, and customer support messages are not considered marketing messages.

14. Changes to This Privacy Policy

POTHAK.LK (PVT) LTD may update this Privacy Policy from time to time.

Any changes will be published on this page with the updated date. Continued use of the website after updates means you accept the updated Privacy Policy.

15. Contact Us

For questions, requests, or complaints regarding this Privacy Policy, please contact:

POTHAK.LK (PVT) LTD
Ganemulla Road, Kadawatha, Sri Lanka
Phone: +94 726366000
Email: [email protected]
Website: https://pothak.lk