Privacy Policy
How we collect, use, protect, and manage your personal information
Last updated: March 2025
Legal Framework and Data Governance
Law forms the base of trust. Someone's TICKET operates under the jurisdiction of the United Arab Emirates. Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data governs the processing of personal data. Regulatory direction from the Dubai Electronic Security Center also applies. Operations reflect statutory duty and commercial responsibility in equal measure.
A ticket carries more than entry. It carries identity, transaction history, and traceable access. Data practice must reflect that weight.
1. Scope of Information Collection
Data is entered into the system for a defined operational purpose. Accumulation never stands as an objective. Utility drives collection.
Direct Identifiers
Account creation and ticket purchase require a legal name, verified email address, and mobile number. Those identifiers link a person to a specific event entry. Identity connects to a unique ticket code and transaction record.
Financial Records
Payment passes through encrypted banking gateways. Someone's TICKET records transaction date, transaction amount, currency, and event reference. Full credit card numbers remain with the payment processor. Tokenized references confirm that a financial exchange occurred.
Technical Verification Data
Fraud harms event access and market fairness. System logs include IP addresses, browser signatures, device identifiers, and session data. Automated bulk purchasing attempts trigger internal alerts. Human participation remains the objective of every sale.
Location Data
Explicit user consent activates optional proximity tools. Proximity data may trigger ticket reminders or venue directions. Device settings allow withdrawal of such consent at any moment.
2. Grounds for Data Processing
Processing is based on lawful grounds defined under UAE regulations—commercial necessity and regulatory duty shape that processing.
Contractual Basis
Ticket purchase forms a binding agreement between the buyer and the event organizer. Identity verification enables entry. Payment confirmation validates access. Processing supports the execution of that agreement.
Regulatory Duty
Event licensing and taxation fall under the authority of the relevant UAE departments. Government bodies such as the Department of Economy and Tourism in Dubai and the Department of Culture and Tourism in Abu Dhabi may receive required reporting data. Reporting includes ticket volume, revenue totals, and tax figures where applicable.
Fraud Monitoring
Account activity analysis identifies unusual purchasing behavior. High-volume attempts within seconds trigger system intervention. Protective action preserves fairness for legitimate buyers.
Organizer Coordination
Event organizers receive attendee lists for operational management. Guest check-in, VIP management, and emergency planning depend on accurate attendee data. Data transfer remains limited to the event-specific scope.
3. Individual Rights Under UAE Law
Personal data ownership belongs to the individual. Someone's TICKET maintains custodial responsibility.
Right to Information
Users may request an explanation of data usage practices. Transparent response remains available upon request.
Right of Access
Users may obtain a structured digital copy of personal data stored in active databases. Identity verification precedes data release.
Right of Correction
Updated contact details reduce friction at event entry. Account holders may modify personal information within account settings.
Right of Erasure
Account deletion requests trigger the removal of identifiable information from active systems. Under UAE law, financial and commercial retention obligations may require the preservation of archives for audit periods defined by statute.
Right of Objection
Users may object to non-essential processing activities. Core ticket delivery requirements remain necessary for event participation.
4. Third-Party Transfers and Cross-Border Movement
Operational continuity may require interaction with external service providers.
Payment Processors
Local and international payment gateways process transactions in AED and other supported currencies. Data shared with processors is limited to what is required for authorization.
Cloud Infrastructure
Data storage occurs on servers located within the UAE or jurisdictions recognized under PDPL as offering equivalent data safeguards. Hosting partners operate under contractual data protection clauses.
Legal Disclosure
Court orders or formal regulatory mandates may require disclosure of specific records. Disclosure follows documented verification of authority. Marketing firms do not receive user lists for resale.
5. System Safeguards
Digital perimeter strength reflects event gate discipline. Database architecture includes layered encryption protocols for stored data and transmitted data. Cryptographic standards protect identifiers and transaction references.
Access privileges follow role-based limitations. Personnel gain entry to data only when the job scope requires it. Internal logging records administrative activity.
Periodic vulnerability assessments test system resilience. Internal teams review findings and address identified weaknesses. Incident response plans define escalation procedures.
Data compromise triggers formal notification to the UAE Data Office and affected individuals within statutory timelines. Communication includes the scope of breach and remedial actions.
6. Retention Framework
Data lifespan is determined by legal and operational necessity.
Event Records
Attendance logs remain available for dispute resolution and reporting for a defined post-event period. After that period, records move to restricted archives.
Financial Archives
UAE tax regulations require the retention of transactions for a minimum of 5 years. Archived financial data remains isolated from active operational systems.
Data Disposal and Anonymization
Retention expiry initiates deletion or anonymization. Anonymized datasets remove personal identifiers. Internal statistical review may use anonymized records for market analysis.
8. Policy Revision
Legal standards evolve within the UAE regulatory landscape. Technical infrastructure advances over time. Policy review occurs when statutory updates or operational adjustments require revision. Updated effective dates appear at the bottom of the policy page.
Continued use of Someone's TICKET signals acceptance of current terms.
A ticket opens a door. Data opens that ticket. Stewardship of that data carries legal weight and commercial consequence. Someone's TICKET treats it accordingly.