Privacy Policy

This website, www.arabiers.lk, is owned and operated by Arabiers Private Limited, trading as Arabiers Holidays Sri Lanka. We are a licensed inbound and outbound travel agency based in Colombo, founded in 2017.

For the purposes of data protection law, Arabiers Private Limited is the data controller responsible for your personal data. Our registration details are:

We also operate offices in the United Arab Emirates, the United Kingdom, India and South Africa, and we may handle your data across these locations as part of delivering your booking.

This policy covers personal data we collect through our website, by email, telephone, WhatsApp or messaging apps, in person at our offices, and through any of our booking, visa or enquiry forms. It applies whether you are a Sri Lankan resident travelling abroad, a visitor planning a trip to Sri Lanka, or someone simply browsing our pages.

We process personal data in line with the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka (as amended by the Personal Data Protection (Amendment) Act, No. 22 of 2025). Where we serve travellers in the United Kingdom and the European Union, we also apply the relevant standards of the UK and EU General Data Protection Regulation.

Information you give us

When you make an enquiry, request a quote, book a package, or apply for a visa through us, you may provide:

• Your name, date of birth, gender and nationality
• Contact details such as your address, email and phone number
• Passport and travel document details, and copies of supporting documents needed for visas and bookings
• Travel preferences, dietary needs, accessibility requirements and trip details
• Details of others you are travelling with or booking on behalf of
• Payment information needed to take a deposit or settle a booking

Some of this — for example, passport scans or health and accessibility details — is treated as sensitive personal data and is handled with extra care.

Information we collect automatically

When you visit our website, we may collect technical information such as your IP address, browser type, device details, the pages you view and how you arrived at the site. We collect this through cookies and similar tools, including Google Tag Manager and analytics services, as described in section 6.

Information from other sources

We may receive information about you from travel partners, hotels, airlines, visa processing centres, payment providers, and from publicly available sources where you have made details public, such as a review you have posted.

We use your personal data to:

• Respond to your enquiries and prepare quotations and itineraries
• Process and manage your bookings, visas, transfers and travel insurance
• Confirm reservations with hotels, airlines, transport providers and visa authorities
• Take payments and keep accounting and tax records
• Send booking confirmations, travel documents and service updates
• Provide customer support before, during and after your trip
• Improve our website, services and customer experience
• Send you offers and travel ideas, where you have agreed to receive them
• Meet our legal, regulatory and licensing obligations
• Detect and prevent fraud and protect the security of our systems

We only process your personal data where the law allows. Depending on the situation, we rely on one or more of the following grounds:

• Performance of a contract — to arrange and deliver the travel services you have booked.
• Consent — for marketing messages and for any sensitive data we process, which you can withdraw at any time.
• Legal obligation — to comply with tax, licensing, immigration and other legal requirements.
• Legitimate interests — to run and improve our business, keep our services secure and prevent fraud, in a way that does not override your rights.

Our website uses cookies and similar technologies to make the site work, to remember your preferences, and to understand how visitors use our pages so we can improve them. We use analytics and tag management tools, including Google Tag Manager, for this purpose.

You can control or delete cookies through your browser settings, and you can decline non-essential cookies where we ask for your choice. Turning off some cookies may affect how parts of the site work. Full details are set out in our Cookie Policy.

We do not sell your personal data. We share it only where it is needed to provide your travel services or where we are required to by law. This may include:

• Travel suppliers — hotels, airlines, transport and tour providers, and insurers, so they can fulfil your booking.
• Visa and immigration authorities — embassies, consulates and visa processing centres, to support your applications.
• Payment providers — our payment processors, who handle card and online payments securely.
• Our group offices — Arabiers offices in the UAE, UK, India and South Africa, where they are involved in your trip.
• Service providers — trusted partners who support our website, IT, communications and customer service, under confidentiality terms.
• Authorities and advisers — regulators, auditors, legal advisers or courts, where the law requires or permits it.

Because travel is international, your data may be sent to suppliers, authorities and Arabiers offices in other countries to complete your booking. When we transfer personal data outside Sri Lanka, we take steps required under the Personal Data Protection Act to keep it protected, including putting appropriate safeguards in place with the parties who receive it.

Payments are handled through secure, established payment providers. We do not store full card numbers on our own systems. Card payments are processed over encrypted connections by our payment partners, who maintain their own security standards for handling payment data.

We keep your personal data only for as long as we need it for the purposes set out in this policy. Booking and financial records are kept for the period required by Sri Lankan tax, accounting and licensing rules. Enquiry and marketing data is kept until it is no longer needed or until you ask us to remove it. When data is no longer required, we delete it or make it anonymous.

We use technical and organisational measures to keep your information safe, including secure connections, access controls, and limiting access to staff who need it to do their work. While no system can be guaranteed to be completely secure, we work to protect your data and to respond quickly if a problem arises.

Under the Personal Data Protection Act No. 9 of 2022, and equivalent rights for travellers in the UK and EU, you may:

• Ask for a copy of the personal data we hold about you
• Ask us to correct data that is wrong or out of date
• Ask us to delete your data, where there is no legal reason for us to keep it
• Object to or ask us to limit how we use your data in certain situations
• Withdraw your consent at any time, where we relied on consent
• Ask to receive certain data in a portable format

To exercise any of these rights, contact us using the details in section 17. We will respond within the time allowed by law. There is normally no charge, and we may ask you to confirm your identity first.

We will only send you marketing messages where you have agreed to receive them. You can opt out at any time by using the unsubscribe link in our emails, replying to ask us to stop, or contacting us directly. Opting out of marketing does not stop service messages about a booking you have made.

Our website and services are intended for adults. We collect data about children only as part of a family or group booking made by a parent, guardian or responsible adult, and only the details needed to arrange travel for them.

Our website may link to other sites, such as hotels, airlines, review platforms or social media. We are not responsible for how those sites handle your data. We encourage you to read their privacy policies before sharing information with them.

We may update this policy from time to time to reflect changes in our services or the law. When we do, we will revise the "last updated" date at the top of this page. We encourage you to review this page from time to time.