Privacy Notice

Diesel & Motor Engineering PLC (hereinafter “DIMO”) is a company duly incorporated under the laws of Sri Lanka, bearing company registration number PQ 146, with its registered office located at No. 65, Jethawana Road, Colombo 14, Sri Lanka. DIMO operates across various sectors, including but not limited to automotive, engineering solutions, building technologies, power and energy, agriculture and retail.

For the purpose of this Notice, “DIMO” encompasses Diesel & Motor Engineering PLC and any company directly or indirectly owned and/or controlled by DIMO that you interact with or have a business relationship with, collectively known as the “DIMO Group”. Find out more about the DIMO Group at https://www.dimolanka.com/about-us/our-subsidiaries.

1. OUR PRIVACY COMMITMENT

1.1. An Overview, Purpose and our Enduring Commitment to Safeguarding Your Privacy

At DIMO, your privacy is a cornerstone of our operations. We understand the importance of handling your Personal Data responsibly and in full compliance with the Personal Data Protection Act No. 9 of 2022 (PDPA).

This Privacy Notice (“Notice”) sets out the basis on which DIMO (“we”, “us”, or “our”) collects, uses, processes, and discloses your Personal Data when you interact with us, including through our services, products, websites, applications, and other platforms.

We act as the Data Controller for all Personal Data relating to our customers, investors, employees, service providers, principals and third-party contractors, as well as any other Personal Data processed in connection with our business operations. As the Data Controller, we are responsible for determining the purposes and means of processing such data, in accordance with applicable data protection laws.

1.2. Essential Information You Should Be Aware Of

We are deeply committed to maintaining a robust and transparent framework for protecting your personal data and we want to assure you that any Personal Data we collect about you will be handled with the utmost care and diligence.

This Privacy Notice is designed to clearly inform you about:

• a. How we safeguard your Personal Data: This includes when you use any of our services, apply for a career with us, enter into a contract, visit our websites, or interact with us through various channels like phone calls, emails, mobile applications, letters and our social media platforms.
• b. Your privacy rights: We will explain the rights you have regarding your Personal Data and how you can exercise them.
• c. The legal protections in place: We will outline how applicable laws, specifically the Personal Data Protection Act No. 9 of 2022 (PDPA) of Sri Lanka, safeguard your data.

By accepting the terms of this Privacy Notice, engaging in a contract with us, and/or continuing to use our services, you confirm that you have read, understood, and agreed to this Privacy Notice.

Our website, is designed and intended for use by adults and we do not knowingly collect any information from minors unless it’s given to us by their parents or guardians.

It’s really important that you read this Privacy Notice alongside any other privacy or fair processing notices we might give you when we’re collecting or using your Personal Data.

If you are a child under the age of 18 years, you should review the terms of this Privacy Notice with your parent or guardian. We may sometimes use your personal data to carry out age verification checks and enforce any such age restrictions.

This ensures you have a complete understanding of why and how we’re using your information and accept the terms herein.

Your provision of personal data is voluntary; however, declining to provide it may prevent us from delivering certain products or services, ensuring high-quality service, or addressing your queries.

We only use your Personal Data for the specific purpose we collected it for. If we require to use it for a different purpose, we’ll make sure that new purpose is compatible with the original one. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so and where relevant obtain your prior consent.

1.3. Your Responsibility to Provide Accurate and Updated Information

Maintaining accurate, valid, and up-to-date Personal Data is essential. You are responsible for ensuring that the Personal Data you provide to us is accurate, complete, and up to date. We kindly request that you inform us immediately of any changes to your Personal Data throughout the duration of your relationship with us, to help us ensure the continued accuracy of our records.

1.4. Your Obligation to Secure Your Personal Devices

You are solely responsible for maintaining the security of any personal devices used to communicate with DIMO or to transmit Personal Data to us. While we implement appropriate security measures, no transmission of data over the internet is entirely secure. Accordingly, you must ensure that all devices used for such purposes are properly secured against cyber threats, unauthorized access, and other security risks. You are therefore responsible for safeguarding your Personal Data and account credentials and for verifying the authenticity of any communication claiming to originate from DIMO.

1.5. Obtaining Lawful Consent When Sharing Others’ Information

Where you provide DIMO with Personal Data relating to another individual, you confirm and warrant that you have obtained the informed and specific consent of such individual to share their Personal Data with us. This includes ensuring that the individual has been fully informed of the terms of this Privacy Notice and the purposes for which their Personal Data will be processed and they have accepted the same. You also undertake to ensure that any such third-party Personal Data is accurate, complete, and up to date and does not contain any false, misleading, or misrepresented information.

1.6. Caution Regarding External Websites, Plug-ins, Applications and Third-Party Links

This website or any link document provided by us may contain links to third-party websites, plug-ins, or applications that are not owned, operated, or controlled by DIMO. Accessing such third-party platforms may allow those parties to collect or process your Personal Data under their own privacy policies and terms of service. DIMO has no control and assumes no responsibility for the privacy practices, content, or security standards of such third-party websites or services. We strongly encourage you to review and understand the privacy notices of all external websites before providing any Personal Data. Your use of such third-party services is at your own risk, and DIMO disclaims all liability in this regard.

2. PERSONAL DATA COLLECTION

2.1. Types of Data We Collect About You

We may collect or receive the categories of personal information listed below, which may depend on the products or services you may use, as well as your device and account settings. Not all categories of personal information will be collected or received about every individual.

These data can be categorized as follows:

• a. Basic Personal Identifiers, such as name, telephone number, residential or billing address, email address, government-issued identifiers (e.g., national identification/passport numbers, driver’s license numbers, etc), and signatures.
• b. Device and Online Identifiers, such as account login information, MAC address, IP address, cookie IDs, mobile ad IDs, and social media information.
• c. Internet and Other Network Activity Information, such as information about your browsing or search activity as well as your interactions with our websites, mobile applications, emails, social media platforms or advertisements (for example keystroke patterns which help us determine if it is you or a bot who is interacting with us).
• d. Commercial Information, such as purchase and transaction history information (such as products or services you have purchased, rented, or returned), details about products associated with services you receive from or through us (e.g., car make, model, year, odometer reading, and Vehicle Identification Number when you visit our Service Centers), product / service reviews, travel and vacation information, and sweepstakes and contest entries.
• e. Communications, such as the content of emails, WhatsApp or text messages, interactions with our sales teams or our bot (AI assistant chatbot), or other communications, call logs, and calendar information, where DIMO is a party to the exchange.
• f. Demographic Information, such as age, gender, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information, family health, number of children, number of cars owned, and software or virtual assets owned.
• g. Financial Information, such as credit or debit card numbers, and financial account numbers.
• h. Biometric Information, such as voice prints, imagery of the iris or retina, face geometry, and palm prints or fingerprints.
• i. Geolocation, such as data about the location of your device, which may be imprecise (i.e., inferred from your device’s IP address). If you provide your consent, this data may be precise.
• j. Sensory Information, such as audio, visual information, and other sensory information such as photographs and audio and video recordings.
• k. Background Information, such as background checks and criminal convictions.
• l. Inferences, such as individual preferences and characteristics. This may include inferences drawn from and related to shopping patterns and behaviours, intelligence, interests, and aptitudes.
• m. Marketing and Communications Data: This includes your preferences in receiving marketing from us and our third parties, as well as your communication preferences.
• n. Surveillance and Monitoring- use of CCTV Systems: For the safety and security of our customers, patrons, employees, service providers, and business partners, we may operate CCTV systems across our premises. This includes monitoring behaviour within our facilities. Where relevant, CCTV footage may be used to assist investigations into potential or actual criminal, fraudulent, or related incidents. We may also share such footage with law enforcement and/or judicial authorities to support investigations, proceedings, or other legal actions.

2.2. Consequences of Withholding, Inaccurately Providing, or Falsifying Personal Data

Where the collection of Personal Data is mandated by law, required under the terms of a contract with you, stipulated by our website’s terms and conditions, or necessary to furnish further information regarding the provision of any of our services, your failure to provide such Personal Data when requested may impede our ability to proceed with your requirements, including the performance of or entry into any contract with you. In such circumstances, we reserve the right to notify you and to cancel or refuse the acceptance of the services you seek.

Furthermore, should we have reason to believe that any Personal Data provided by you is false, inaccurate, constitutes a misstatement of fact, a misrepresentation, an act of identity theft, a violation of any third-party right, or a similar circumstance, we reserve the right to refuse any services you require, terminate any existing contract, and, where relevant, report the matter to the appropriate regulatory authorities.

2.3. How Your Personal Data is Collected

We use various methods to collect Personal Data from and about you:

a. Direct Interactions.

You (or a person or agent acting on your behalf) may provide us with Personal Data by corresponding with us via post, phone, email, directly through our website, social media platforms, or otherwise. Our data collection spans both offline and online platforms. Offline sources include our Consumer Engagement Centres, branch offices, show rooms, direct marketing campaigns, sweepstakes, surveys and contests. Online, we collect data through our websites, applications, and branded pages on third-party platforms. When you engage with us, we may ask for your Personal Data to better serve your needs.

We may obtain your personal information from another company within our DIMO Group companies, using it consistently with this Privacy Notice. We might also combine your data with other information to continually enhance our products, services, content, and advertising efforts.

Some DIMO brands may also collect “special categories of personal data” about you. please see the relevant section below for more details on how we handle this.

b. Automated Technologies or Interactions (This Website and Mobile Applications).

As you interact with our websites or mobile applications, social media platforms, we automatically collect Technical Data about your equipment, browse actions, and patterns using cookies, server logs, and similar technologies. We may also receive Technical Data if you visit other websites employing our cookies. Our mobile applications may access mobile device information to enhance service delivery. Collected from Another Solution or Asset. – When you speak to customer service we collect your personal information using call recording technology in accordance with applicable law.

c. Third Parties or Publicly Available Sources:

We may receive Personal Data about you from various third parties and public sources, including:

• a. Analytics providers (e.g., Google-based analytics providers) within and/or outside Sri Lanka.
• b. Advertising networks within and/or outside Sri Lanka.
• c. Search information providers within or outside Sri Lanka.
• d. Trusted partnerships with third parties and DIMO accounts on third-party platforms (e.g., “like” functionality on Facebook, +1 functionality on Google+).
• e. Information about interactions with our advertising to measure relevance and success.
• f. Third-party data enrichment providers who may provide insights about the Personal Data we hold.

2.4. Collection of “Special Categories of Personal Data”

“Special categories of personal data” can be categorised as data relating to race, ethnicity, religion, health, sexual orientation, genetic data, or biometric data, and receives additional protection under the law.

We limit the circumstances under which we collect and process these special categories of Personal Data. For instance, DIMO may collect data related to your health to provide tailored advertisements and relevant promotions. DIMO processes such Personal Data only when you have provided explicit consent. In some instances, your request for services or products may imply or suggest your religion, health, or other special categories of Personal Data without direct collection.

We will only process special categories of Personal Data where we can satisfy an additional condition for doing so. Accordingly, we may use one of the following additional conditions for processing special categories of Personal Data, where consent is not the appropriate basis:

• a. The processing is necessary to respond to an emergency that threatens your life, health, or safety or that of another natural person.
• b. The processing relates to Personal Data which you have manifestly made public.
• c. The processing is necessary for the establishment, exercise, or defense of legal claims.
• d. The processing is otherwise expressly permitted under relevant laws or regulations of Sri Lanka.

3. HOW WE PROTECT CHILDREN’S PRIVACY

We recognize the importance of taking extra precautions to protect the privacy and safety of children using DIMO products and services.

Most of DIMO’s websites and services are designed and intended for use by adults. Where one of our websites or services is intended for use by a younger audience, we will obtain consent from a parent or a person who has parental authority or has been appointed as a legal guardian before collecting Personal Data relating to a child below the age of eighteen (18) years, as required by applicable laws and regulations in Sri Lanka. The age at which consent is necessary may vary by country.

If you are a child under the age where parental consent is required in your country, you should review the terms of this Privacy Notice with a parent or legal guardian to ensure your understanding and acceptance. If we discover that we have collected Personal Data from a child without the necessary consent, we will delete that Personal Data as soon as practical. Access to certain parts of DIMO’s websites and/or eligibility to receive prizes, samples, or other rewards are generally limited to users over a specified age. We may use your Personal Data to carry out age verification checks and enforce such age restrictions.

4. USE OF YOUR PERSONAL DATA BY DIMO

DIMO collects, processes, and discloses your personal data for specific and limited purposes only. For example, we may use your data to process your payments, handle complaints, develop and improve our products, services, and communication methods, and enhance the functionality of our websites. We also provide personalized products, communications, targeted advertising, and product recommendations based on your information.

We also may create profiles by analyzing your online surfing, searching, and purchasing behavior, as well as your interactions with our brand communications. This involves building segments (groups with common characteristics) and placing your personal data into one or more of these segments.

Additionally, DIMO may processes your personal data using automated means. An automated decision is one made entirely by automatic processes, without human involvement in the decision-making related to your personal data.

4.1. Purposes for Data Collection and Processing

We collect and process your personal data for a variety of essential reasons, ensuring we can provide you with the best possible service, improve our offerings, and operate our business effectively. These purposes include:

• Processing Transactions and Service Delivery: We use your data to process your payments when you purchase our products, provide you with order status updates, fulfill your orders and transactions, and offer comprehensive customer service. This also includes verifying your information, processing payments, and providing any associated financing or similar services.
• Responding to Your Communications: We process your inquiries, complaints and requests to provide accurate and timely answers, ensuring you get the support you need.
• Product and Service Improvement & Development: Your data helps us continuously develop and improve our products, services, communication methods, and the functionality of our websites. This includes undertaking activities to verify or maintain the quality or safety of our services or devices, as well as improving, upgrading, or enhancing them for example, by training our AI systems.
• Contests and Promotions: We use your data for the administration of competitions or promotions you’ve entered.
• Information and Subscriptions: We manage your registration and/or subscription to our newsletters, advertisements or other communications, ensuring you receive the information you’ve opted for.
• Business Operations and Analytics: This covers managing our everyday business needs related to your participation in contests, sweepstakes, promotional activities, or requests. It also includes conducting business analysis, such as analytics and projections, to identify areas for operational improvement.
• Identity Verification and Security: We authenticate the identity of individuals who contact us by telephone, electronic means, or otherwise. This is crucial for helping to ensure security and integrity and prevent fraud.
• Internal Training and Quality Assurance: We use data for internal training and quality assurance purposes, making sure our team operates at its best.
• Consumer Insights and Personalization: We analyze your data to understand and assess your interests, wants, and changing needs. This allows us to improve our website, current products and services, and develop new ones. Crucially, this enables us to provide personalized products, communications, and targeted advertising, as well as relevant product recommendations. This also covers short-term, transient use, such as non-personalized advertising shown during your current interaction with us.
• Advertising and Marketing: We perform and provide comprehensive advertising and marketing services, including targeted advertising, to connect you with relevant DIMO offerings.
• Auditing and Monitoring: We conduct auditing and monitoring of transactions and engagement, which includes counting ad impressions to unique visitors, verifying the positioning and quality of ad impressions, and auditing compliance.
• Debugging and Error Resolution: We use data for debugging to identify and repair errors in our systems and services.
• Research and Development: This involves undertaking internal research for technological development and demonstration.
• Fulfilling Legal Obligations: We process your data to meet our legal functions or obligations under laws of Sri Lanka.

When we collect your personal data for other purposes, we will inform you before or at the time of collection.

4.2. Legal Basis for Processing Your Data

Where appropriate, we will ask for your consent to process your personal data. If you have given consent for processing activities, you have the right to withdraw your consent at any time.

In some cases, we rely on legitimate interest (of ours or a third party) for processing your personal data. A legitimate interest could exist, for example, when you sign up for a loyalty scheme with one of our brands and we use the personal data collected to conduct data analytics to improve our products or services. This ground will only be used when it’s necessary to achieve a legitimate interest, such as optimizing a service, and does not outweigh your rights as an individual. We assure you that if legitimate interest is used as a ground for processing your personal data, we will keep a record of this, and you have the right to ask for this information.

We also process your personal data to perform a contract to which you are a party or to take steps at your request prior to entering into a contract with you. For instance, we need to process your personal data to deliver a product or service you bought.

Furthermore, we process your personal data when we have a legal obligation (e.g., tax or social security obligations) to do so as per Sri Lanka law. For example, a court order or summons may require us to process personal data for a particular purpose, or we may be compelled to process personal data to report suspicious transactions under local anti-money laundering rules.

In some instances, we may have to process your personal data to respond to an emergency that threatens the life, health, or safety of you or another person.

We also process your personal data where it is necessary for the performance of a task carried out in the public interest.

4.3. Profiling

DIMO may use your personal data to build profiles. We may create these profiles by analysing your online surfing, searching, and buying behaviour, as well as your interactions with our brand communications. This involves building segments (creating groups that have certain common characteristics) and placing your personal data in one or more segments.

These segments are used by DIMO to personalize our website and communications to you (such as showing relevant content when you visit our site or in a newsletter), and to display relevant offers and advertisements from DIMO brands on DIMO sites and via third-party websites. The segments can also be used for third-party campaigns on DIMO sites. DIMO profiles your data where you have provided consent for us to do so by opting in; for example, by accepting the setting of cookies on your browser online or signing up for email newsletters from one of our brands.

You can withdraw your consent to prevent your personal data from being used this way at any time using the manage cookies section of our Cookie Notice or by unsubscribing to the use of your email address if you have logged into one of our websites or signed up for any marketing newsletters.

By way of example, with your consent, DIMO collects personal data from:

• Our websites, regarding what you view and how you interact with our content.
• Our digital display advertising that we serve to you on social platforms and other publisher’s websites.
• Forms you fill in online or otherwise and send to us about your interests.
• We also track the products you buy when you click on one of our display adverts and go on to purchase something from a selection of our retail partners.
• If you have asked to receive emails or SMS communications from us, we track whether you open, read, or click on the content to see what interests you. This helps us provide more content that we believe you’re likely to enjoy.
• We use this data to profile your likes and dislikes.

Based on this profile information, we may also provide you with advertising (if you have asked us to do so) that we think you will like and want to see as you view content from us or from our network of publishers that we advertise with. Sometimes, with your consent, we may use your current location to serve advertising to you that relates to promotions or events happening nearby that we think you might be interested in.

We also use information you have provided to selected third-parties and consented to be shared, such as your age, sex, life stage, lifestyle, and wider interests. This helps us identify people we think will have similar interests to you and who we believe will be interested in similar advertising.

4.4. Artificial Intelligence Experiences

We may provide Artificial Intelligence (AI) powered applications or experiences such as Chatbots and virtual tools to you (“AI Tools”). For AI powered applications and Bots we will communicate to you that you are interacting with Artificial Intelligence and not a human. Many of these AI Tools will not require you to enter Personal Data. However, in the event that we may collect Personal Data through such AI Tools in accordance with the Privacy Notice. We may share your personal data with the providers of these AI tools for the limited purpose of providing the app/experience to you.

5. RESPONSIBLE DATA DISCLOSURE: WHO WE DISCLOSE TO AND WHY.

At DIMO, we understand the importance of your personal data. We may share all categories of personal information described in this Privacy Notice with certain categories of third parties, but only for specific and legitimate purposes as outlined below. In circumstances other than those described, and where required by applicable Sri Lankan law, we will provide specific notice or ask for your explicit consent.

5.1. Within Our DIMO Group of Companies

As part of a larger business group, DIMO may disclose your personal data with other entities within our corporate family. This sharing is done for purposes consistent with this Privacy Notice, allowing for a more integrated and efficient service across our related operations.

5.2. Other Companies and External Partners

We work with various external entities to operate our business, deliver services, and enhance your experience. We may disclose personal data to the following categories of organizations:

• Vendors for Business Operations: We share your personal data with third-party vendors who perform services on our behalf. These vendors are crucial for our day-to-day operations and include, but are not limited to:
   
  • Shipping and logistics providers
  • Billing and refund processing companies
  • Payment card processors
  • Companies that help us improve our products and services
  • Cloud hosting or website operating providers
  • Data analysis and customer service providers
  • Sponsors or other third parties involved in administering our promotions

   
  These vendors only have access to the personal data necessary to perform their functions and are contractually prohibited from using it for other purposes. They must process this personal data in accordance with this Privacy Notice, subject to appropriate safeguards, and only as permitted by the Personal Data Protection Act No. 9 of 2022 of Sri Lanka (the “PDPA”).

• Marketplace and Direct-to-Customer Partners: We collaborate with companies that provide products or services directly to you, whether through a DIMO Marketplace (if applicable) or through co-branded and other promotional activities. When we share your personal data with these partners, they are specifically prohibited from using it for any purpose other than making their products or services available to you. For co-branded programs, DIMO may receive compensation for the co-branded activity.
• Advertising, Marketing, and Related Technology Partners: We work with various partners to market our products to you and to provide advertising services to other companies. This includes:
   
  • Advertisers: Companies that place ads through our advertising services. They may use pixels or cookies in their ads to collect information to help them understand how you respond to their ads.
  • Publishers: Companies that operate websites you visit (e.g., online news sites). We share personal data with publishers to help us serve ads to you on their websites and to help us understand ad performance.
  • Social Media Platforms: We share personal data with social media platforms to help us serve relevant ads to you on those platforms.
  • Advertising Technology Providers: Companies that use cookies, pixels, beacons, and similar technologies to tailor the ads you see. These include ad servers, advertising agencies, technology vendors supporting media buying and selling, and research firms. For more information about your choices related to interest-based advertising, please refer to the “How Can You Set Your Preferences?” section of this Privacy Notice.
  • Data Technology Vendors: Technology providers that help us manage and automate the use of collected data (including personal data), such as those automating advertising services or managing identity.
  • Measurement and Analytics Vendors: Companies that provide aggregate reporting on our website performance, the effectiveness of our advertising campaigns, services (e.g., Google Analytics) and research.

 

• DIMO Suppliers and Other Third Parties: To enhance customer experiences, we may offer insights and related services to companies, including our suppliers who provide us with products and services. These insights are derived by combining information, such as shopping history from many customers, in a way that does not directly identify you. DIMO may receive payment for these insights.

5.3. Legal Requirements and Protection of Our Company and Others

We may disclose your personal data when required by law or legal process, or when we genuinely believe it is necessary to protect the safety, property, or rights of individuals or DIMO. Examples include:

• Complying with Legal Obligations: To fulfill a legal obligation as per Sri Lankan law, such as responding to a court order, search warrant, or other valid legal inquiry.
• Governmental Investigations: At the request of governmental authorities conducting an investigation.
• Fraud and Security: To detect and protect against fraud, financial risk, or any technical or security vulnerabilities. This also includes assisting with fraud prevention and potential criminal activity.
• Emergency Situations: To respond to an emergency threatening the life, health, or safety of individuals.
• Protecting Rights and Property: To verify or enforce our “Terms of Use” or other applicable policies, or to protect the rights, property, safety, or security of third parties, visitors to DIMO’s websites, DIMO, or the public.
• Alleged Breaches: Responding to a court or other investigative body in the case of an alleged breach of an agreement or violation of law.

5.4. Business Transfers

Should DIMO plan to merge, sell, or reorganize its business, your personal data, along with personal data of other DIMO customers, may be disclosed as part of the business arrangement. This may also include transfers of personal data made as a part of insolvency or bankruptcy proceedings. In such transactions, your personal data is generally one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless you consent otherwise). If another entity acquires DIMO, our businesses, or substantially all or part of our assets, or assets related to DIMO’s websites, your personal data will be disclosed to such entity as part of the due diligence process and will be transferred to such entity as one of the transferred assets. We will use reasonable measures to help ensure your information is handled in accordance with this Privacy Notice.

6. AUTOMATED DECISION-MAKING

In some instances, DIMO processes your personal data using automated means. An automated decision is a decision made solely by automatic means, where no humans are involved in the decision-making process related to your personal data.

We will not generally make decisions based solely on automated processing. If we do, we will notify you and provide you with clear information about our decision to rely solely on automated processing and our lawful basis for doing so.

However, this right to request a review of an automated decision does not exist if the automated processing is necessary for entering into or performing a contract with you, when you have given your consent, if authorized by any written law of Sri Lanka to which we are subject, or where the Data Protection Authority of Sri Lanka has authorized such processing.

7. COOKIES

This website uses cookies and other tracking technologies to understand how you interact with our site and to enhance your experience when searching for our services.

7.1. What are cookies?

Simply put, cookies are small text files, often containing letters and numbers, that are sent to your computer or device when you visit websites and use online services. If your web browser is set to accept them, these cookies are stored on your computer’s hard drive. They allow our website, and sometimes other websites, to remember your preferences and to personalize content for you.

7.2. Your Choices:

You have control over cookies. You can adjust your browser settings to refuse all or some browser cookies, or to alert you when websites attempt to set or access cookies. However, please be aware that if you disable or refuse cookies, some parts of this website may become inaccessible or might not function properly.

For more detailed information about the specific cookies we use, please refer to our dedicated Cookie Policy.

8. YOUR DATA RIGHTS UNDER APPLICABLE PRIVACY LAWS

8.1. Your Data Protection Rights

At DIMO, when we process your personal data, you have several important rights regarding how that data is handled. You can exercise these rights at any point, and we’ve outlined them below:

• The Right to Be Informed: You have the right to receive clear, transparent, and easily understandable information about how we use your personal data and what your rights are. This Privacy Notice serves to provide you with that information.
• The Right to Access, Rectification, and Completion: You have the right to access your personal data, and to request that we correct or complete any inaccurate or incomplete information we hold about you at any time.
• The Right to Erasure : Under specific circumstances, you can ask us to delete your data. If you wish to have your personal data deleted, please let us know. We’ll take reasonable steps to respond to your request in line with legal requirements. If the personal data we collected is no longer needed for any purpose, and we’re not legally required to keep it, we’ll do our best to delete, destroy, or permanently de-identify it.
• The Right to Restrict Processing: In certain limited situations, you have the right to request that we restrict the processing of your personal data. This might apply, for example, if we’re legally required to maintain your data for evidentiary purposes under Sri Lankan law or due to a court order, even if you’ve requested rectification.
• The Right to Object: Under specific circumstances, you have the right to object to the further processing of your personal data.
• The Right to Lodge a Complaint with the Data Protection Authority: You have the right to file a complaint directly with the Data Protection Authority of Sri Lanka if you have concerns about how we process your personal data.
• The Right to Withdraw Consent: If you’ve given us your consent to process your personal data (meaning we rely on your consent as the legal basis), you have the right to withdraw that consent at any time. Please note that withdrawing consent doesn’t make any processing we’ve done with your consent up to that point unlawful.
• Rights Related to Automated Decision-Making: In certain circumstances, you have the right to request a review of a decision we’ve made that’s based solely on automated processing, especially if it has or is likely to have a significant and lasting impact on your rights and freedoms.

8.2. How to Exercise Your Rights

You can exercise any of these rights by sending a request via email as stated in 12. below or by submitting a request through the “Contact Us” form on our websites.

Please note that we may charge a reasonable administrative fee for any requests we consider unreasonable or excessive, or for any additional copies of your Personal Data that you may request.

9. DATA SECURITY MEASURES AND RISK MITIGATION

We make every effort to protect your personal data from misuse, interference, loss, unauthorized access, modification, or disclosure. Our measures include implementing appropriate access controls, investing in the necessary Information Security Capabilities to protect our IT environments, and ensuring we encrypt, pseudonymize, and anonymize personal data whenever possible. Access to your personal data is restricted to our employees and agents on a need-to-know basis. When third parties process your data, they are subject to strict contractual confidentiality obligations.

10. DATA RETENTION: HOW LONG WE STORE YOUR INFORMATION

DIMO will keep your personal data only for as long as necessary to fulfill the purpose for which it was collected. For instance, if you make an online purchase with DIMO, we’ll retain the related data to complete our contract with you. After that, we’ll hold onto it for a period that allows us to address any complaints, questions, concerns, or legal actions related to your purchase. Your data might also be retained to continuously enhance your experience with us and ensure you receive any loyalty rewards you’re entitled to. For targeting purposes, we keep identifiable data for the shortest time possible, after which we take steps to permanently delete it. We regularly review the personal data we hold and will securely delete it, or in some cases anonymize it, once there’s no longer a legal, business, or consumer need for its retention.

11. CROSS-BORDER DATA TRANSFERS AND SAFEGUARDS

As a company that may operate with international partners or utilize global IT infrastructure, DIMO may share personal data with entities located outside of Sri Lanka for the purposes described in this Privacy Notice.

Any such international transfer will only occur:

• To a country prescribed by the Data Protection Authority of Sri Lanka pursuant to an adequacy decision.
• If to a country not so prescribed, only when we are satisfied that:
   
  • We can comply with our mandatory obligations under the PDPA, regardless of the transfer.
  • We have executed an appropriate instrument as prescribed by the Data Protection Authority of Sri Lanka with the recipient of data in such country.
  • As otherwise permitted by the PDPA.

 

12. UPDATES TO THIS PRIVACY POLICY: HOW WE KEEP YOU INFORMED

We will update this Privacy Notice when necessary to reflect the changes in our services, data protection practices or legal obligations. Any significant changes will be notified by posting the updated notice on our website or by contacting you directly through registered channels.

When such an update takes place we will revise the “last updated” date at the bottom of this Notice.

In addition to this Privacy Notice, specific campaigns or promotions may be governed by supplementary privacy terms or notices. We advise you to review these additional terms or notices thoroughly prior to participating in any such campaigns or promotions, as your participation will necessitate compliance with them. All supplementary privacy terms or notices will be made clearly accessible to you.

13. CONTACTING US: FOR INQUIRIES, FEEDBACK, OR COMPLAINTS

If you have any questions or concerns about DIMO’s Privacy Notice, our data processing practices, or if you wish to update your data, make a complaint regarding a potential breach of local privacy laws, please reach out.

You can contact our Data Protection Officer, via email at [email protected].

Alternatively, you can submit inquiries or complaints through the following channels:

• Call : 0112449797
• SMS/WhatsApp:
• Website: Submit a request through the “Contact Us” form on our websites.

14. CLARIFICATION OF KEY TERMINOLOGIES

• “Personal Data”: Any information relating to an identified or identifiable natural person (‘Data Subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• “Processing”: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• “Data Controller”: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
• “Data Processor”: A natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Controller.
• “Data Subject”: The identifiable natural person to whom Personal Data relates.
• “PDPA”: Refers to the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka.

PUBLISHED DATE: JULY 2025