Privacy Policy

Effective Date: 20 March 2026  ·  MyFees (Pvt) Ltd

About Us

MyFees (Pvt) Ltd ("MyFees", "we", "our", or "us") is an educational payments technology company that provides digital payment infrastructure, integration, and management solutions for educational institutions and their stakeholders. In the context of data protection, MyFees assumes the role of both "controller" and "processor" in a limited capacity.

About This Privacy Policy

This Privacy Policy describes how MyFees collects, uses, processes, stores, and shares your personal data in connection with the products and services we offer, including our website and mobile applications (collectively, the "Service").

By registering for, accessing, or using the Service, you acknowledge that you have read and understood this Privacy Policy, and you consent to the collection, use, processing, and storage of your information as described herein. This Policy applies to all users of the Service, including customers and website visitors.

This Privacy Policy is governed by and complies with the Sri Lankan Personal Data Protection Act No. 09 of 2022 (PDPA) and any applicable amendments or regulations issued thereunder.

Information We Collect

We collect personal data in several ways, as described below.

Information You Provide Directly

We collect information that you provide when you register for a MyFees account, submit an application, use our services, or correspond with us. This may include your full name, date of birth, residential address, telephone number, email address, and transaction records. Your username and, where you choose to disclose it, your real name, will be published publicly on the Service.

Information from Third Parties

If you access the Service through a third-party connection or login — for example, through a social media account — that third party may pass certain information to us about your use of its service. This information may include a user identifier, an access token, and any information you have permitted the third party to share. We recommend that you review the privacy settings of any third-party service before linking it to your MyFees account. You may unlink a third-party account from the Service by adjusting your settings on the third-party service.

Technical and Usage Data

We automatically collect certain technical data when you access or use the Service, which may include:

  • Log file data — web request details, Internet Protocol (IP) address, browser type, referring and exit pages, URLs, number of clicks, and interaction data with links on the Service.
  • Device identifiers — when you access the Service through a mobile device, we may collect and store a universally unique identifier (UUID) or similar device identifier to assist with authentication and navigation.
  • Location data — when you access the Service through a mobile device, we may collect GPS coordinates or similar location information, primarily to support location-based features of the Service.
  • Analytics data — we collect aggregate usage data using internal tools or third-party analytics services to measure traffic, monitor usage patterns, and improve the Service. This data is processed in aggregate form and cannot reasonably be used to identify any individual user.
  • Clear gifs and web beacons — small tracking objects used to monitor online usage patterns and to track which service-related emails are opened and which links are followed.
  • Connection data — information about how your device connects to the Service.

How We Use Your Information

MyFees processes your personal data strictly for the following purposes.

Service Delivery and Operations

  • Providing you with IT solutions, payment infrastructure, and related services.
  • Processing payments, managing transaction records, and performing reconciliations.
  • Verifying and authenticating user identity.
  • Managing and maintaining your ongoing customer relationship with us.
  • Personalising your experience and enabling smooth navigation of the Service.

Legal, Regulatory, and Compliance Obligations

  • Complying with applicable laws and regulatory requirements, including those issued by the Central Bank of Sri Lanka, the Credit Information Bureau (CRIB), and Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) frameworks.
  • Conducting risk assessments, internal audits, and regulatory reporting.
  • Fraud prevention and security management.

Internal Business Functions

  • Supporting internal operations, strategic planning, and service improvement through data analytics.
  • Diagnosing and resolving technical problems.
  • Monitoring aggregate metrics such as total visitors, traffic trends, and demographic patterns.

Communications

  • Sending service-related communications, including account verification, transaction confirmations and reminders, billing updates, and security notices. You may not opt out of service-related communications.
  • Sending marketing communications, newsletters, promotional offers, and service updates where you have provided consent. You may withdraw this consent and opt out at any time.

Legal Basis for Processing

The primary legal basis for MyFees' processing of personal data collected from customers is contractual necessity — such processing is required to provide our products and services as agreed. Where processing is not strictly necessary for contractual performance, we rely on one or more of the following bases:

  • Legal obligation — where processing is required to comply with applicable laws or regulatory requirements.
  • Legitimate interests — where processing supports a legitimate business interest of MyFees (such as fraud prevention or sharing with credit information providers) and such interest is not overridden by your rights and interests.
  • Consent — where you have provided explicit, informed consent, for example for marketing communications. You may withdraw consent at any time.

Sharing Your Information

MyFees will not sell, rent, or otherwise disclose your personal data to third parties outside of MyFees and its group companies (including any parent company, subsidiaries, and affiliates) without your consent, except as set out below.

Trusted Service Providers and Business Partners

We may share your information with third-party service providers who assist us in operating the Service and delivering our products — for example, cloud hosting providers, payment processors. Such third parties are granted limited access to your information only as reasonably necessary and are required to comply with this Privacy Policy or a similar privacy policy.

Regulatory and Statutory Authorities

Your data may be shared with regulatory authorities, law enforcement agencies, or statutory bodies where we are required to do so by law, court order, or subpoena, or where we reasonably believe such disclosure is necessary to comply with the law, enforce our Terms of Use, or protect the rights, property, or safety of MyFees, our users, or others.

Internal Departments and Group Companies

Personal data may be shared within MyFees and its group companies for internal administration, compliance, and support purposes.

Change of Control

In the event that MyFees is acquired, merged, or undergoes any similar corporate restructuring — including divestitures, dissolutions, reorganisations, or liquidations — your personal data may be among the assets transferred as part of that transaction.

Aggregate and Anonymised Data

We may share service-type information — including data obtained through cookies, log files, device identifiers, and analytics tools — in aggregate or anonymised form with third-party business partners. Such data cannot reasonably be used to identify any individual.

User Content

Any content you voluntarily post to the Service becomes publicly visible and may not be removable, as copies may remain viewable in cached or archived pages, on third-party sites that have republished such content, or where other users have copied or saved it. If you do not wish for content to be publicly available, please do not post it to the Service.

Cookies & Tracking Technologies

When you visit the Service, we may place one or more cookies on your device — small text files containing a string of alphanumeric characters — that uniquely identify your browser, enable faster login, and enhance your navigation experience. Cookies may also convey information to us about how you use the Service, including the pages you view and the links you click.

  • Persistent cookies remain on your device after you close your browser and may be used on subsequent visits to the Service. They can be removed by following your browser's instructions.
  • Session cookies are temporary and are deleted automatically when you close your browser.

You may configure your browser to refuse all cookies or to alert you when a cookie is being placed. Please note that disabling cookies may affect the availability of certain features of the Service. For full details, please refer to our Cookie Policy.

How We Store & Protect Your Information

Security Measures

MyFees takes the security of your information seriously and applies commercially reasonable technical and organisational safeguards to preserve the integrity and security of all personal data collected through the Service. To protect your account, we take reasonable steps — including requiring a unique password — to verify your identity before granting access. You are responsible for maintaining the secrecy of your password and account credentials, and for controlling access to communications from MyFees at all times.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, MyFees cannot guarantee the absolute security of data transmitted to or from the Service. Your privacy may also be affected by changes to the functionality of third-party services you choose to connect to your MyFees account. MyFees is not responsible for the security measures of any third party.

Security Incidents

In the event of a security breach affecting personal data under our control, MyFees will take reasonable steps to investigate the situation and, where required by applicable law, notify those individuals whose information may have been compromised.

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, and thereafter as required to satisfy applicable legal, regulatory, audit, and compliance obligations. Once the applicable retention period has expired, your personal data will be securely deleted or anonymised.

Children's Privacy

MyFees does not knowingly collect or solicit personal information from any individual under the age of 13, nor does it knowingly permit such persons to register as users of the Service. The Service and its content are not directed at children under the age of 13. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take immediate steps to delete that information from our systems.

Third-Party Websites & Services

The Service may contain links to or integrations with third-party websites and services. This Privacy Policy does not apply to those third-party platforms, and MyFees is not responsible for their data practices. When you navigate to a third-party website via a link on the Service, your activity on that website is governed by that third party's own privacy policy. We encourage you to review the privacy policies of any third-party sites you visit.

Third-party services embedded within the Service — such as advertising partners, video providers, or analytics tools — may independently collect information about you, including your IP address, through their own tracking technologies. MyFees does not control, and is not responsible for, the data practices of such third parties.

Your Rights Under the PDPA

Under the Sri Lankan Personal Data Protection Act No. 09 of 2022, you have the following rights in respect of your personal data.

Right Description
Right to Access Request a copy of the personal data we hold about you.
Right to Correct Request correction of inaccurate or incomplete personal data.
Right to Erasure Request the deletion of your personal data.
Right to Restrict Request that we restrict the processing of your personal data in certain circumstances.
Right to Object Object to the processing of your personal data based on legitimate interests.
Right to Withdraw Consent Withdraw consent for processing at any time, including for marketing communications.

To exercise any of these rights, please contact our Data Protection Officer using the details provided in the section below.

Changes to This Privacy Policy

This Privacy Policy is reviewed annually and may be amended from time to time at our discretion to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this Policy periodically to remain informed about how we protect your information.

Contact Us

If you wish to exercise your rights under the PDPA, have questions about this Privacy Policy, or have a complaint relating to how we handle your personal data, please contact our Data Protection Officer using the details below.

Company MyFees.lk - Convenienza solutions (pvt) ltd
Data Protection Officer support@myfees.lk
Telephone +94 114 345 888
Website www.myfees.lk

Copyright © 2020 Convenienza Solutions (PVT) LTD. | All rights reserved.

Privacy Policy
Terms & Conditions
About us
Contact Us