Promotions
  • Room Offers
  • Dining Offers
  • Wedding Offers
Business Traveller Offer Business Traveller Offer Luxury Suite Offer Luxury Suite Offer Romantic Escapes: Honeymoon Bliss at The Kingsbury Romantic Escapes: Honeymoon Bliss at The Kingsbury Family Getaway at The Kingsbury Family Getaway at The Kingsbury
Family Meal – Indulgence Family Meal – Indulgence Up to 30% off on Dining at the Kingsbury with HSBC, HNB, People's Bank & DFCC Credit Cards Up to 30% off on Dining at the Kingsbury with HSBC, HNB, People's Bank & DFCC Credit Cards
Honeymoon at Amaya Resorts & Spas Honeymoon at Amaya Resorts & Spas Weddings at the Oval Weddings at the Oval
book your stay
Visit The Kingsbury, Colombo for a memorable, convenient and luxurious stay in the heart of Colombo. Your preferred five-star accommodation in the city
Check Availability
Best rate
Guaranteed

ARE YOU TRAVELLING FOR BUSINESS?

Save an additional 15% on your stay and enjoy a host of benefits.

Get Offer

Privacy Policy

1. Overview

The Kingsbury PLC is committed to protecting the personal information of all guests, website visitors, and partners. This Privacy Policy outlines how we collect, use, store, share, and protect your personal data across all interactions — whether through our website, in person at our resorts, via phone or email communication, or through third-party channels.

We recognize the importance of maintaining your privacy and upholding the trust you place in us when you choose our hospitality services. In accordance with global best practices and local laws (including Sri Lanka’s Personal Data Protection Act No. 9 of 2022), this Policy is designed to ensure transparency, accountability, and compliance in all our data handling practices.

This Privacy Policy applies to all properties and brands under “The Kingsbury PLC”. It covers information collected both online and offline, including through our websites, reservations, marketing activities, guest services, and partner platforms.

2. Data Covered by This Policy

This Privacy Policy covers all personal data that “The Kingsbury PLC” collects and processes about its guests, customers, website users, partners, vendors, and other stakeholders. This includes:

  • Personal identifiers: Name, address, email, phone number, nationality, passport number, and other contact details
  • Reservation and transaction data: Booking details, room preferences, travel dates, special requests, payment methods, billing history
  • Demographic information: Age, gender, marital status, date of birth
  • Guest stay data: Amenities used, services requested, feedback given, itemized bills, incident reports, and preferences
  • Digital activity: IP address, device identifiers, location data, browser type, time spent on site, cookies, interaction logs
  • Communications: Emails, messages, feedback forms, surveys, and any correspondence
  • Loyalty or membership data (if applicable): Program details, redemption history, and status

3. How and Where We Collect Your Data

We collect personal data in a number of ways depending on how you interact with us. These include:

A. Directly from You

  • When you make a booking through our website, phone, or email
  • When you check in or check out at a property
  • When you fill out feedback forms, surveys, or participate in promotions
  • When you subscribe to newsletters or engage with us via social media

B. Automatically

  • Through cookies and web tracking technologies when visiting our websites
  • Through Wi-Fi usage at our properties (where applicable)
  • Via call recordings for customer service quality assurance

C. From Third Parties

  • Booking platforms (e.g., Agoda, Booking.com)
  • Travel agents and tour operators
  • Corporate clients for group bookings or events
  • Payment gateways or financial institutions
  • Marketing service providers and analytics vendors

4. Legal Basis for Processing Your Data

We only process your personal data when we have a lawful basis to do so under applicable data protection regulations. The legal bases may include:

  • Consent – when you submit your information you consent toward any marketing activities that may be carried out by the hotel.
  • Contractual Necessity – to fulfill a reservation or provide requested services
  • Legal Obligations – for record-keeping, financial compliance, tax reporting, or responding to lawful requests from authorities
  • Legitimate Interests – to improve services, enhance guest experience, prevent fraud, or analyze operations
  • Vital Interests – in emergencies or medical incidents requiring your data to be used to protect life or health

5. With Whom We Share Your Data

We take care to only share your personal data when it is necessary, and always under secure, legally binding conditions. We may share your information with:

  • Third-party service providers – for booking engines, payment gateways, customer surveys, marketing automation, or loyalty programs
  • Law enforcement or government authorities – if required to comply with a legal obligation or court order
  • Affiliates and subsidiaries – within “The Kingsbury PLC” for centralized operations, reporting, or guest service continuity
  • Business partners – such as travel agents or event organizers when a shared service is offered to you
  • Auditors, lawyers, or consultants – to fulfill our regulatory or contractual obligations
  • All third parties are required to handle your data in accordance with applicable privacy laws and confidentiality agreements.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Retention periods may vary depending on:

  • Legal requirements for tax, accounting, and auditing purposes
  • Duration of your relationship with “The Kingsbury PLC” (e.g., loyalty membership, frequent guest)
  • Whether you have opted into or out of receiving marketing communications
  • Our legitimate interest in keeping historical records for guest service improvements or legal defense
  • After the applicable retention period expires, we securely delete, anonymize, or destroy the data.

7. Cookies and Marketing Technologies

Our websites use cookies and similar tracking technologies to enhance your browsing experience, enable core functionality, and improve our marketing efforts. These technologies may:

  • Remember your preferences and previous interactions
  • Measure and analyze website performance and usage
  • Deliver targeted advertisements or retarget content based on your interests

You can manage your cookie preferences through your browser settings. However, disabling some cookies may affect the website’s functionality. For more information, refer to our Cookie Policy (if published separately).

8. Your Privacy Rights & Choices

Depending on your jurisdiction, you may have the following rights:

  • Access – to know what personal data we hold about you
  • Rectification – to correct inaccurate or incomplete data
  • Erasure – to request deletion of your data (“right to be forgotten”)
  • Restriction – to limit how we process your data
  • Objection – to object to specific processing (e.g., direct marketing)
  • Portability – to obtain a copy of your data in a machine-readable format
  • Withdraw Consent – where you previously gave us permission (e.g., newsletters)

You may exercise these rights by contacting our Data Protection Officer. We will respond within the timeframes required by applicable law.

9. Children’s Privacy

We do not knowingly collect personal information from children under the age of 16 without verified parental consent. If we discover that such data has been collected unintentionally, we will promptly delete it unless required for legal or safety reasons.

Parents or guardians who believe that their child may have submitted personal information can contact us to review or delete such data.

10. Security of Your Data

We implement technical and organizational safeguards to protect your data from unauthorized access, loss, misuse, or alteration. These include:

  • Encryption of sensitive data during transmission and storage
  • Access controls and authentication procedures
  • Physical security measures at data centers
  • Regular security assessments and staff training

While no system can be guaranteed 100% secure, we follow industry best practices to minimize risk and respond swiftly in the event of a suspected breach.

11. International Data Transfers

We may transfer your personal data to countries outside your residence for operational reasons. These transfers will only occur:

  • To countries deemed to have adequate data protection laws
  • Under appropriate safeguards such as Standard Contractual Clauses (SCCs)
  • With your explicit consent where required

All international transfers are made in accordance with data protection legislation to ensure your data remains protected.

12. Policy Updates & Revisions

We may update this Privacy Policy periodically to reflect legal changes, service updates, or privacy best practices. The revised policy will be posted on our website with a new effective date.

In the event of material changes, we will notify you via prominent notices or email (where appropriate). Your continued use of our services after an update indicates your acceptance of the revised policy.

13. Contact Us

For privacy-related queries, data access requests, or to exercise your rights, please contact:

The Kingsbury PLC
48, Janadhipathi Mawatha,
Colombo 01, Sri Lanka.

14. Additional Provisions

This Privacy Policy is governed by the laws of Sri Lanka. In case of conflict between translated versions, the English version shall prevail.

Third-party websites accessed via our services operate under their own policies. We encourage you to review them before submitting data.

By using our services, you agree to the terms outlined in this Privacy Policy.