Your cart is currently empty!.
You may check out all the available products and buy some in the shop.
Continue ShoppingPrivacy Policy
Last updated: April 2026
1. Introduction
Welcome to Canova (“we”, “our”, “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website at canova.lk and make purchases from us.
Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.
2. Who We Are
Canova is an online cosmetics and skincare retailer based in Sri Lanka, offering a curated range of beauty, skincare, hair care, body care, fragrance, and wellness products for women, men, and families.
Business name: Canova Website: canova.lk Country of operation: Sri Lanka Contact email: privacy@canova.lk Contact phone: [Your phone number]
3. Information We Collect
We collect information you provide directly to us and information collected automatically when you use our website.
3.1 Information You Provide
- Account information β your full name, email address, password, and date of birth when you create an account
- Order information β your billing address, delivery address, phone number, and payment details when you place an order
- Profile information β your skin type preferences, gender selection, and product preferences if you complete our Skin Quiz or update your profile
- Communication information β messages, enquiries, and feedback you send us via contact forms, email, WhatsApp, or live chat
- Newsletter subscription β your email address and communication preferences when you subscribe to our mailing list
- Review information β your name, rating, and written review content if you submit a product review
3.2 Information Collected Automatically
When you browse our website, we automatically collect:
- Device information β your device type, operating system, browser type and version
- Usage data β pages visited, time spent on pages, links clicked, products viewed and added to cart
- IP address β your internet protocol address and approximate location derived from it
- Cookie data β data stored via cookies and similar tracking technologies (see Section 8)
- Referral data β the website or platform that referred you to canova.lk
3.3 Information From Third Parties
We may receive information about you from:
- Payment processors β Koko, Mintpay, Visa, Mastercard, and bank transfer services when you complete a transaction
- Social media platforms β if you connect your account or interact with our social media pages
- Analytics providers β aggregated and anonymised data from Google Analytics and similar services
4. How We Use Your Information
We use your personal information for the following purposes:
4.1 To Process Your Orders
- Process and fulfil your purchases
- Send order confirmations, shipping notifications, and delivery updates
- Handle returns, refunds, and exchanges
- Communicate with you about your order status
4.2 To Manage Your Account
- Create and maintain your customer account
- Save your addresses and order history for faster checkout
- Remember your skin type preferences and product recommendations
- Allow you to manage your wishlist and saved items
4.3 To Personalise Your Experience
- Show product recommendations based on your skin type selection
- Display content and offers relevant to your browsing and purchase history
- Personalise your Skin Quiz results and routine suggestions
- Remember your gender and category preferences across sessions
4.4 To Communicate With You
- Respond to your customer service enquiries and complaints
- Send you order-related transactional emails and SMS messages
- Send you marketing emails and promotional offers if you have opted in
- Notify you of back-in-stock products on your wishlist
- Share our beauty blog, skincare tips, and educational content
4.5 To Improve Our Website and Services
- Analyse how customers use our website to improve navigation and design
- Monitor and fix technical errors and bugs
- Test new features and category structures
- Understand which products, skin types, and categories perform best
4.6 To Process Payments Securely
- Verify your payment information with our payment partners
- Detect and prevent fraudulent transactions
- Comply with financial and legal obligations
4.7 To Meet Legal Obligations
- Comply with applicable Sri Lankan laws and regulations
- Respond to lawful requests from government or regulatory authorities
- Enforce our Terms and Conditions and other agreements
5. Legal Basis for Processing
We process your personal data on the following legal grounds:
- Contract performance β processing is necessary to fulfil your order and deliver our services to you
- Legitimate interests β we have a legitimate business interest in improving our website, preventing fraud, and understanding our customers, provided this does not override your rights
- Consent β where you have given us clear consent, for example to receive marketing emails or accept non-essential cookies
- Legal obligation β where we are required to process your data to comply with Sri Lankan law
6. How We Share Your Information
We do not sell your personal data to third parties. We share your information only in the following circumstances:
6.1 Delivery and Logistics Partners
We share your name, phone number, and delivery address with our courier and logistics partners to fulfil your order. These partners are contractually obligated to use your data only for delivery purposes.
6.2 Payment Processors
We share necessary transaction data with our payment partners β including Koko, Mintpay, Visa, and Mastercard β to securely process your payments. We do not store your full card details on our servers.
6.3 Technology and Platform Providers
We use third-party services to operate our website, including:
- WooCommerce / WordPress β our e-commerce platform
- Google Analytics β website analytics
- Mailchimp or equivalent β email marketing platform
- Meta (Facebook / Instagram) β advertising and social login
- WhatsApp Business β customer communication
These providers access your data only to perform services on our behalf and are bound by data processing agreements.
6.4 Legal and Regulatory Authorities
We may disclose your information to law enforcement, courts, or government agencies if required by law or to protect the rights, property, or safety of Canova, our customers, or the public.
6.5 Business Transfers
If Canova is acquired, merged, or sold, your personal data may be transferred to the new owner as part of that transaction. We will notify you of any such change.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until you delete your account, plus 12 months |
| Order and transaction records | 7 years (for legal and financial compliance) |
| Marketing preferences | Until you unsubscribe or withdraw consent |
| Customer service communications | 3 years from last interaction |
| Cookie and analytics data | As defined by each cookie (see Section 8) |
| Payment transaction records | 7 years (financial regulatory requirement) |
When data is no longer needed, we securely delete or anonymise it.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your experience.
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help us remember your preferences, keep you logged in, and understand how you use our site.
8.2 Types of Cookies We Use
Essential cookies β required for the website to function. These include your shopping cart, login session, and checkout process. You cannot opt out of these.
Preference cookies β remember your settings such as your skin type selection, gender preference, language, and previously viewed products.
Analytics cookies β help us understand how visitors use our site, which pages are most popular, and where visitors come from. We use Google Analytics for this purpose.
Marketing cookies β used to show you relevant advertisements on social media and other websites based on your browsing behaviour on canova.lk. These include Meta Pixel and Google Ads cookies.
8.3 Managing Cookies
You can control and delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of marketing cookies at any time via our cookie consent banner.
9. Your Rights
As a customer of Canova, you have the following rights regarding your personal data:
Right to access β you can request a copy of the personal data we hold about you at any time.
Right to correction β you can ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to deletion β you can request that we delete your personal data, subject to legal retention requirements.
Right to withdraw consent β where we rely on your consent to process your data (for example, for marketing emails), you can withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to opt out of marketing β you can unsubscribe from our marketing emails at any time by clicking the unsubscribe link in any email, or by contacting us directly.
Right to data portability β you can request your personal data in a structured, commonly used format.
Right to lodge a complaint β if you believe we have handled your data unlawfully, you have the right to lodge a complaint with the relevant authority in Sri Lanka.
To exercise any of these rights, please contact us at privacy@canova.lk. We will respond within 30 days.
10. Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:
- SSL encryption β all data transmitted between your browser and our website is encrypted using SSL/TLS technology
- Secure payment processing β we do not store full card details on our servers; payments are handled by PCI-DSS compliant payment processors
- Access controls β access to customer data is restricted to authorised staff only, on a need-to-know basis
- Regular security reviews β we regularly review our systems and processes for vulnerabilities
However, no method of transmission over the internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
11. Children’s Privacy
Our website is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. Our Mother & Baby product category is intended for adult parents and caregivers purchasing on behalf of their children.
If you believe a child under 13 has provided us with personal data, please contact us at privacy@canova.lk and we will promptly delete it.
12. Third-Party Links
Our website may contain links to third-party websites, social media platforms, and brand pages. This Privacy Policy applies only to canova.lk. We are not responsible for the privacy practices of any third-party websites and encourage you to read their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Display a notice on our website homepage
- Send an email notification to registered customers where the changes are significant
We encourage you to review this policy periodically. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:
Email: privacy@canova.lk WhatsApp: [Your WhatsApp number] Address: [Your registered business address], Sri Lanka Website: canova.lk
We aim to respond to all privacy-related enquiries within 5 business days.
This Privacy Policy was written for Canova, an online cosmetics and skincare retailer operating in Sri Lanka. It is intended as a practical working policy and should be reviewed by a qualified legal professional before publication to ensure full compliance with applicable Sri Lankan data protection and consumer protection laws.