Back to Home

Privacy Policy

Last updated: 24 April 2026

At Kornex, we respect your privacy and are committed to handling personal data responsibly and in accordance with applicable law. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our website, mobile applications, and related services.

Who We Are

Kornex is an online platform that facilitates customer interaction with participating merchants, including table bookings, food orders, and related services.

For the purposes of applicable data protection law, Kornex may act as a data controller or processor, depending on the nature of the service and the relevant data processing activity.

Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly

• full name
• phone number
• email address
• booking and order details

Payment information

Payment information required to complete a transaction may be collected and processed by our third-party payment service providers. Kornex does not store full card details unless expressly stated and lawfully permitted.

Information collected automatically

When you use our website or app, we may automatically collect:

• IP address
• browser type and version
• device type and operating system
• language, time zone, and approximate location data
• usage logs
• cookies and similar tracking information
• pages viewed, clicks, and session activity

How We Use Your Personal Data

We may use your personal data for the following purposes:

• to create and manage your account;
• to process bookings and orders;
• to communicate confirmations, updates, reminders, and service notices;
• to provide customer support;
• to verify transactions and prevent fraud or misuse;
• to improve platform performance, usability, and service quality;
• to comply with legal and regulatory obligations;
• to investigate disputes, complaints, or security incidents; and
• where permitted by law, to send promotions, offers, or marketing communications.

Where required by law, we will rely on an appropriate lawful basis for processing personal data.

Sharing of Personal Data

We may share personal data only where reasonably necessary, including with:

• participating merchants, to fulfil bookings and orders;
• payment service providers;
• cloud hosting, technology, analytics, and support service providers;
• professional advisers, auditors, insurers, and legal representatives;
• regulators, law enforcement, courts, or government authorities, where required by law; and
• affiliated entities, where necessary for internal administration and service delivery.

We do not sell your personal data to any third parties.

Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

• account administration;
• transaction records;
• legal, tax, audit, and compliance obligations;
• dispute resolution; and
• fraud prevention and enforcement.

When personal data is no longer required, we will delete, anonymize, or securely destroy it, subject to applicable legal obligations.

Data Security

We implement reasonable technical and organizational safeguards to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no online system can be guaranteed to be completely secure, and therefore we cannot warrant absolute security of data transmitted over the internet.

Your Rights

Subject to applicable law, you may have the right to request access to, correction of, objection to, restriction of, or deletion of your personal data, and to withdraw consent where processing is based on consent. Rights under Sri Lanka's Personal Data Protection Act depend on the circumstances and the role Kornex plays in the relevant processing activity.

To exercise a privacy-related request, please contact us using the contact details published on our website.

Third-Party Links and Services

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices, terms, or content of those third parties.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Where required, we will post the revised version on this page with an updated effective date. Your continued use of the services after such update will be subject to the revised Privacy Policy to the extent permitted by law.

Contact Us

If you have any questions, complaints, or requests relating to this Privacy Policy or our handling of personal data, please contact us through the contact details provided on our website.

---

Business Privacy & Data Policy

Last updated: 24 April 2026

Data Roles

• Kornex: Platform operator and data controller
• Business: Independent data controller for its services
• Both parties shall comply with applicable data protection laws

Data Usage by Business

The Business must use personal data strictly for booking/order fulfilment and customer service. It does not retain data longer than necessary and not use data for unsolicited marketing without valid consent. Have the responsibility to maintain records of data processing where required.

Security Obligations

The Business must implement:

• Appropriate technical safeguards (encryption, access controls)
• Organizational safeguards (staff training, confidentiality obligations)
• Measures to prevent unauthorized access, disclosure, or loss

Breach Notification

The Business must notify Kornex without undue delay in case of:

• Data breaches
• Unauthorized access
• Security incidents affecting customer data
• The Business must cooperate in investigation and mitigation

Cross-Border Data

If data is transferred outside Sri Lanka, the Business must ensure:

• Adequate safeguards and security measures
• Compliance with applicable data protection laws
• That recipients provide equivalent levels of data protection