Privacy Policy
Last updated: May 2026
1. Introduction
Data Controller: Codzix (Pvt) Ltd
This Privacy Policy explains how bookmydoctor.lk collects, uses, stores, and protects personal data in accordance with the Personal Data Protection Act No. 9 of 2022 of the Democratic Socialist Republic of Sri Lanka. This policy applies to all users of the platform. By using the platform, you consent to the data practices described in this policy.
2. Data We Collect
We collect the following personal data to provide our services:
- Account Information: Mobile phone number, full name, age, sex, and home address.
- Booking Information: Booking history, reason for visit, and optional patient notes.
- Payment Information: Payment transaction references generated by our payment gateway. We do not collect or store payment card data.
- Usage Data: IP address, device type, login timestamps, and platform actions for security and analytics.
3. How We Use Your Data
Your data is used for the following purposes:
- To create and manage your account.
- To facilitate medical appointment bookings and deliver booking confirmations via SMS and email.
- To verify your identity at the healthcare facility.
- To prevent fraud and enhance platform security.
- To analyze platform usage for continuous improvement.
4. Data Sharing
We share your data only when necessary to deliver our services:
- Service Providers: Patient name, age, and booking details are shared exclusively with the healthcare facility where the booking is made. They are prohibited from using this data for any other purpose.
- Payment Gateway: Your phone number and email are shared with Genie (powered by Dialog Finance) solely for payment processing and receipt delivery.
- Communication Providers: Your phone number and email are shared with our SMS and email gateways for OTPs and booking notifications.
We never sell your personal data to advertisers or third parties.
5. Data Storage & Security
Your data is encrypted in transit using industry-standard HTTPS protocols and encrypted at rest on our secure servers. All payment card transactions are handled exclusively by Genie, and no sensitive card details are ever stored on our platform's servers. We implement strict access controls and regular security audits to protect your information.
6. Data Retention
We retain your data only as long as necessary:
- Patient Accounts: 3 years from your last login.
- Booking & Payment Records: 7 years, as required by Sri Lankan financial and legal compliance laws.
- OTP Codes: Automatically deleted after 5 minutes.
7. Your Rights
Under Sri Lanka's Personal Data Protection Act No. 9 of 2022, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Objection: Object to the processing of your data for purposes beyond essential service delivery.
- Withdraw Consent: Withdraw your consent at any time (this does not affect the lawfulness of processing before withdrawal).
8. Cookies & Analytics
We use essential cookies necessary for the platform to function, such as maintaining your logged-in session securely. We also use analytics cookies to understand how users interact with our platform, allowing us to improve the user experience. You may disable cookies in your browser settings, but doing so may prevent you from using essential platform features.
9. Changes to Policy
We may update this Privacy Policy periodically to reflect changes in our features or legal requirements. Material changes will be communicated to users via SMS or email at least 7 days before taking effect. Continued use of the platform after changes take effect constitutes your acceptance.
10. Contact
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Email: hello@codzix.com
Company: Codzix (Pvt) Ltd