Privacy Policy

At Hotel Bamiyan(“Hotel”), the privacy and confidentiality of user information is important, and we are committed to maintaining the privacy and security of your user information. We may update this Hotel privacy policy from time to time, so please check here frequently. Our Hotel will not disclose identifiable user information to any third party without consent.

Our Hotel is committed to safeguarding your privacy while visiting the Hotel website, namely,, (hereinafter all identified URLs are collectively referred to as the “Site”). Our goal is to provide you with an Internet experience that delivers the information, resources, and services that are most relevant to you. To achieve this goal, part of the operation of the site includes the gathering of certain types of information about site users.

Because we understand that your privacy is important, we wish to explain the types of information we gather and the way in which we use it. This Privacy Policy applies to the Site.

This Privacy Policy covers two types of information gathered at the Site, Personal Information and Aggregated Data. The term “Personal Information” refers to data you voluntarily provide in connection with use of the Site that identifies you and/or the company on whose behalf you are accessing and using the site. Personal Information includes data submitted in connection with our services, such as your name, e-mail address, phone number, company affiliation, physical address, and/or certain other Personal Information. The term “Aggregated Data” refers to general information regarding visitors and users of the site that relates to use of the website, including traffic patterns, number of visits to certain pages, visits from other web sites or to third-party web sites linked to the website, use of particular services and interest in services, information or features of the site, or other parties made available through or found at the Site.


The Hotel processes Personal Information or other data about you when you interact with our Hotel, visit our Site, or use our Services. The information we may process depends upon your interaction with us. We take the utmost care to ensure that the Personal Information we obtain from you is not used in a way that you may be unaware of or not agreeable to. You may wish to submit an information request about our Hotel, participate in one of our promotions, make a reservation, or subscribe to our e-mail or postal mail lists. In response, we may ask for information such as your name, email, and postal address. In the event you opt to provide us with this information, we will only use it for the purpose specified by you at the bottom of the information gathering form.


Contact you after you’ve submitted a website form

Plan and purchase Hotel accommodations

Enter your email in our promotions or sweepstakes

Send marketing communications or surveys to you

Respond to your questions or suggestions

Improve the quality of your visit to our site

All forms will provide an opt-out button to allow you to choose not to participate in Hotel lists and future online marketing. In deciding whether or not to join such lists, please note that they are only used for Hotel purposes or in joint promotions with a Hotel partner. We do not sell, rent, or share any of your personal information with any other party including any third-party joint promoters, nor use it for unapproved commercial purposes. You may request to be removed from our marketing lists at any time. All emails distributed to our marketing lists will contain easy, online access to unsubscribe.


Hotel may collect and use Personal Information that you submit on the Site in any manner that is consistent with uses stated in this Privacy Policy or disclosed elsewhere at the Site at the point you submit such Personal Information. At the time you submit Personal Information or make a request, the intended use of the information you submit will be apparent in the context in which you submit it and/or because the Site states the intended purpose. By submitting Personal Information at the Site, you are giving your consent and permission for any use that is consistent with uses stated in this Privacy Policy or disclosed elsewhere at the Site at the point you submit such Personal Information, and such consent will be presumed by the Hotel, unless you state otherwise at the time you submit the Personal Information. Please do not request any such communications on behalf of an individual or company if you are not authorized to make the request.


If you decide to make an online reservation on the Site, you will be linked to the brand website and a third-party booking engine. The Booking Engine is provided by a third party and is governed by its privacy practices. View their Privacy Policy here.


We would like our Site visitors to feel confident about using the Site to plan and purchase their accommodations, so our Hotel is committed to protecting the information we collect. Our Hotel has implemented a security program to keep information that is stored in our systems protected from unauthorized access.

Our Site is hosted in a secure environment. The Site servers/systems are configured with data encryption, or scrambling, technologies, and industry-standard firewalls. When you enter personal information during the reservation process, or during a customer email sign-up, your data is protected by Secure Socket Layer (SSL) technology to ensure safe transmission.


The Hotel will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. We have enacted a data retention and deletion policy in order to ensure that Personal Information is only stored for as long as necessary for their purpose.

Our data retention and deletion policy takes account of the principle that Personal Information should be retained for limited periods even after the storage purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise, or defense of legal claims and in rendering the administration of retention and deletion periods practicable. We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.

Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data falls under several different deletion periods, the longest will apply:

We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which falls into any of the categories identified herein below. Otherwise customer data will be deleted after expiry of 1 year.

For compliance with the statutory retention period for commercial letters and tax documents, we will retain correspondence, invoices, and other booking documentation for 7 years.

We will retain contract-related data and documents for 7 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.

If the term “erasure” or “deletion” is used in this Privacy Statement, we reserve the right to anonymize the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.

Anonymized data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymized data is not subject to the GDPR and is not the subject of this Privacy Statement.

The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide Hotel services to you

Whether there is a legal obligation to which we are subject (for example, specific laws require us to keep records of your transactions for a certain period of time)

Whether retention is advisable considering our legal position (for example, for statutes of limitations, litigation, or regulatory investigations)


To the extent required by applicable law, you may be able to request that we inform you about the Personal Information we maintain about you, withdraw your consent for certain data processing activity, or request that we update, correct, delete, and/or stop processing your Personal Information. If you would like to review, correct, update, suppress, restrict or delete the Personal Information that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Information, you may contact or by mail at:

Hotel Bamiyan

223, Rajapihilla Mawatha,

Kandy, Sri Lanka

For your protection, we only fulfill requests for the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request. In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database, or other limitations you would like to put on our use of your Personal Information. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services to which you are accustomed.

Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (for example, when you make a purchase or reservation, or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase, reservation, or promotion). There may also be residual data that will remain within our databases and other records, which will not be removed.


If, after permitting use of your Personal Information, you later decide that you no longer want the Hotel to include you on its mailing list or otherwise contact you or use your Personal Information in the manner disclosed in this Privacy Policy or at the Site, simply click on the “Unsubscribe” button at the bottom of our email communication to you or send an email to with the words “E-Mail Removal Request” in the subject line. Please include your name and email address in the body of the email.

Please note that opting out of marketing emails may limit your access to certain offers, benefits, and features. Also, if you opt-out of receiving certain marketing emails, that opt-out may not apply to other communications that you may continue to receive from us, such as customer service messages, messages about your account or reservations with us, and emails responding to your communications with us or requests for information that we receive from you. Requests to opt-out of receiving future marketing emails from us can take up to ten business days to be effective.


The Hotel is interested in improving the Site and may develop and offer new features and services. We monitor Aggregated Data regarding use of the Site for marketing purposes and to study, improve, and promote the use of the Site. In connection with such purposes, the Hotel may share Aggregated Data with third parties collectively and in an anonymous way. Disclosure of Aggregated Data does not reveal Personal Information about individual Site users in any way that identifies who they are or how to contact them.

The Hotel has two exceptions to the limits of the use of Personal Information:

Hotel may monitor and, when we believe in good faith that disclosure is required, disclose information to protect the security, property, assets and/or rights of Hotel from unauthorized use, or misuse, of the Site or anything found at the Site.

Hotel may disclose information when required by law; however, only to the extent necessary and in a manner that seeks to maintain the privacy of the individual.

If you provide us with Personal Information via the user account or the Contact Forms for a purpose beyond the use of the Site or respective web service, such as sending us an offer or product information, we will also store and process this data for this purpose.


We do not knowingly collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not allow your children to submit personal information without your permission.


Use of the Site signifies your consent, as well as the consent of the company for whom you use the Site and whose information you submit (if any) to this online Privacy Policy, including the collection and use of information by Hotel, as described in this statement, and also signifies agreement to the terms of use for the Site. Continued access and use of the Site without acceptance of the terms of this Privacy Policy relieves Hotel from responsibility to the user.


You as the data subject have certain rights with regard to your Personal Information, which we will explain to you below. As stated above and below, if you would like to review, correct, update, suppress, restrict or delete the Personal Information that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Information, you may contact  or by mail at:

Hotel Bamiyan,

223, Rajapihilla Mawatha

Kandy, Sri Lanka

For your protection, we only fulfill requests for the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before fulfilling your request.

Right of Access and Information – You have the right, where the statutory requirements are met, to request from us at any time, at no cost, confirmation as to whether Personal Information relating to you is being processed, a copy of this data, and comprehensive information on this personal data. This right extends in particular, without limitation, to the purposes of processing, the categories of Personal Information being processed, the recipients, the storage period and the origin of the data.

Right to Rectification – You have the right to request us to rectify incorrect and incomplete Personal Information concerning you without delay, where the statutory requirements are met.

Right to be Forgotten – You have the right to demand from us the immediate deletion of Personal Information concerning you, where the statutory requirements are met, if, among other reasons, their storage is no longer necessary or unlawful, if you withdraw your consent on which their storage was based, if you have validly objected to their storage in accordance with below Sections, if we are obligated to delete them for any other reason or if the data were collected as part of a web service.  If we have made the data public, in addition to deletion of the data, we must also inform other controllers in such cases that you have requested the deletion of this data and all references thereto, insofar as this is reasonable in view of the available technology and the implementation costs. The above obligation does not apply in certain exceptional cases, in particular storage for the purpose of establishing, exercising or defending legal claims.

Right to Restriction of Processing – You have the right to request us, where the statutory requirements are met, to restrict the processing of personal data relating to you, for example if you dispute their accuracy, the storage is no longer necessary or is unlawful and you still do not wish to have it deleted or if you have filed an objection to the processing (see below) as long as it has not yet been established whether our legitimate reasons outweigh yours.

Right to Data Portability  – If automated processing of Personal Information occurs solely on the basis of your consent or to fulfil a contract with you or to implement pre-contractual measures, you have the right to require us, subject to statutory requirements, to make available the Personal Information in relation to yourself that you have provided to you or to a third party you designate, if this is technically feasible, in a structured, current and machine-readable format and not to impede its transfer to a third party.

Right of Objection – You have the right to require us, where the statutory requirements are met, to no longer process Personal Information relating to you which we process for the performance of a task which is in the public interest or for the protection of our legitimate interests or those of a third party, if you object to such processing for reasons which arise from your particular situation. In this case we must desist from further processing unless there are compelling grounds for processing which outweigh your interests or the processing is carried out for the establishment, exercise or defense of legal claims.

Right of Objection to Direct Marketing – You can object to the further processing of your Personal Information for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.

Automated Decisions – We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).

Guarantees – To the extent that we indicate in this Privacy Policy that guarantees have been agreed to provide an adequate level of protection, you may request copies of the relevant documents from our designated representative within the EU.

Consents – If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection as described above). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider).

Right to Lodge a Complaint – You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for our representative (See above).


The Hotel reserves the right to change this hotel Privacy Policy at any time; notice of changes will be published on this page. Changes will always be prospective, not retroactive.

You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our representative in the European Union also. You may be required to identify yourself to us as a data subject to exercise your rights.

If you have questions about the Hotel’s privacy policy, please contact us via email, at: