Privacy Policy

Last updated: March 2026

1. Introduction

Majixa (Pvt) Ltd ("we," "us," or "our") operates this website and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or communicate with us. It applies to visitors globally, including those in the European Union (EU), the United Kingdom (UK), the United States, and Sri Lanka. We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and Sri Lanka's Personal Data Protection Act No. 9 of 2022 (PDPA) where relevant.

2. Information We Collect

Information you provide

When you contact us via our contact form or email, we may collect your name, email address, phone number, and any message or other information you choose to provide. When you make a payment through our website, we may collect billing details (such as name, email, phone, and billing address) necessary to process the transaction. Payment card or account details are not stored by us; they are collected and processed securely by our trusted third-party payment gateway(s) in accordance with their privacy and security practices. We may receive from the payment processor only the information needed to complete the transaction (e.g. transaction status, last four digits of a card, or payment reference).

Information collected automatically

When you visit our website, we may automatically collect certain technical and usage data, such as your IP address, browser type and version, device type, operating system, referring URL, pages viewed, and the date and time of your visit. This information helps us operate and improve our website and may be collected via cookies and similar technologies (see Section 5).

3. How We Use Your Information

We use the information we collect to:

  • Respond to your enquiries and provide customer support
  • Process payments and fulfill orders or services (payment details are handled by our payment gateway)
  • Operate, maintain, and improve our website and services
  • Send you relevant updates or marketing communications only if you have consented
  • Comply with legal obligations and protect our rights
  • Analyse usage patterns to improve user experience (where we use analytics)

We do not sell your personal data to third parties for marketing purposes.

4. Legal Basis for Processing (GDPR / PDPA)

Where required by law (e.g. in the EU, UK, or Sri Lanka), we process your personal data only on a lawful basis. This may include: (a) your consent, (b) performance of a contract or steps at your request before entering a contract, (c) our legitimate interests (e.g. operating our website, responding to enquiries, improving our services) where not overridden by your rights, or (d) compliance with a legal obligation.

5. Cookies and Similar Technologies

Our website may use cookies and similar technologies (e.g. local storage) to enable essential functionality, remember your preferences (such as theme choice), and to understand how the site is used. "Strictly necessary" cookies are required for the website to function and do not require your consent. Any analytics or non-essential cookies will be used only where we have a lawful basis and, where required, your consent. You can control or delete cookies through your browser settings; note that disabling certain cookies may affect site functionality.

6. Sharing and Disclosure

We may share your personal data with: (a) service providers who assist us in operating our website or business (e.g. hosting, email delivery), under strict confidentiality and data processing terms; (b) trusted third-party payment processors who process payments on our behalf—payment card and account details are handled directly by the payment processor and we do not store your full card details; (c) professional advisers (e.g. lawyers, accountants) when necessary; and (d) law enforcement or other authorities when required by law or to protect our rights. We do not sell or rent your personal data to third parties.

7. International Transfers

Your data may be processed in Sri Lanka and, where we use service providers abroad, in other countries. Where we transfer personal data from the EU, UK, or other jurisdictions with strict transfer rules, we ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) are in place as required by applicable law.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including to meet legal, regulatory, or accounting requirements. Contact form and enquiry data are typically retained for a limited period after we have responded to you, unless we have an ongoing business relationship or you have consented to longer retention. You may request erasure earlier where the law gives you that right.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include secure hosting, encryption where appropriate, and access controls. No method of transmission over the internet or electronic storage is completely secure; we cannot guarantee absolute security but we take your privacy seriously.

10. Your Rights

Depending on your location, you may have the right to: access your personal data; correct inaccurate data; request erasure ("right to be forgotten"); restrict or object to certain processing; data portability; withdraw consent where processing is based on consent; and lodge a complaint with a supervisory authority. In Sri Lanka, you may contact the Data Protection Authority. In the EU/UK, you may contact your local data protection authority. To exercise any of these rights, please contact us at the details below. We will respond within the timeframes required by applicable law (e.g. 30 days under GDPR).

11. Children's Privacy

Our website is not directed at children under 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and, where required by law, we will notify you of material changes (e.g. by email or a notice on our website). The "Last updated" date at the top indicates when the policy was last revised. Your continued use of our website after changes constitutes acceptance of the updated policy where permitted by law.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, or to exercise your rights, please contact us:

Majixa (Pvt) Ltd
Email: hello@majixa.com
Website: majixa.com

We will respond to your request as soon as practicable and in any event within the timeframe required by applicable law.