Privacy Policy

This policy explains how the Family Health Bureau ("FHB") handles personal information collected through this website (fhb.health.gov.lk). It applies to every visitor, regardless of whether you submit a form, subscribe to updates, or simply browse.

We comply with the Personal Data Protection Act No. 9 of 2022 of Sri Lanka and follow the data-handling principles set by the Ministry of Health.

We collect only the information needed to deliver the services you ask for:

• Contact-form submissions — your name, email address, phone number (optional), and message.
• Newsletter subscriptions — only your email address.
• Server-side technical logs — your anonymised IP address, browser type, and pages viewed, retained for security monitoring.
• Aggregate, anonymous usage analytics via Google Analytics 4 (with IP anonymisation enabled).

We do NOT collect: payment information, health records, identity documents, biometric data, or browsing data from other websites.

Your information is used only to:

• Respond to your enquiries through the contact form.
• Send circulars, guidelines and health updates to newsletter subscribers (you can unsubscribe at any time).
• Improve site usability through aggregated, anonymous analytics.
• Comply with legal and regulatory obligations under Sri Lankan law.

We do not use your data for marketing, profiling, automated decision-making, or any purpose unrelated to FHB's public-health mandate.

Personal information is stored on government-managed servers within Sri Lanka. All data is transmitted over encrypted HTTPS connections and is encrypted at rest where supported. Access is limited to authorised FHB staff on a need-to-know basis, with activity logged for audit.

We follow the Information and Communication Technology Agency (ICTA) baseline security standards for government websites.

We retain personal data only as long as needed for the purpose collected:

• Contact-form submissions — 24 months from the date of submission, then permanently deleted unless an active enquiry requires longer retention.
• Newsletter subscriptions — until you unsubscribe.
• Server logs — 12 months for security forensics.
• Analytics data — 14 months (Google Analytics default).

We do NOT sell, rent, or trade personal information. We share data only:

• Within the Ministry of Health where official correspondence requires it.
• With Google Analytics (aggregated, anonymised — no personally identifiable information).
• When required by law, court order, or to protect the safety of users and the public.

We do not share data with advertisers, third-party marketers, or commercial partners.

Under the Personal Data Protection Act, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or outdated information.
• Request deletion of your data (subject to legal retention rules and public-interest exceptions).
• Withdraw consent for processing at any time.
• Lodge a complaint with the Data Protection Authority of Sri Lanka if you believe your rights have been violated.

To exercise any of these rights, email dmch@fhb.health.gov.lk with the subject "Privacy Request". We will respond within 30 days.

This site uses a small number of cookies, all of which serve a specific function:

• Session cookie — essential for site operation; expires when you close your browser.
• Language preference cookie — remembers your EN / SI / TA choice across visits.
• Analytics cookie — anonymised, optional; you can decline this in your browser settings.

We do NOT use advertising cookies, social-media trackers, or third-party data brokers.

We may update this policy from time to time. Material changes will be announced on this page with a revised "last updated" date below. We encourage you to review the policy periodically.

Last updated: 24 May 2026.

Questions? Contact us at dmch@fhb.health.gov.lk or write to: Family Health Bureau, No. 231, De Saram Place, Colombo 10, Sri Lanka.