Privacy Policy
Effective date: 02/10/2025
Who we are
Ticketezzy is operated by TICKETEZZY FOR EXHIBITIONS SPORT & RECREATIONAL EVENTS TICKETS SELLING L.L.C (Trade License 1483640), a company registered in Dubai, United Arab Emirates (the “Company”, “Ticketezzy”, “we”, “us”, “our”). Registered office: Business Bay, Dubai, United Arab Emirates. Contact: info@book.elegantewesternwear.com
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our websites, create an account, purchase tickets, join our WhatsApp community, or interact with us in any other way (together, the “Services”). It also explains your privacy rights and how the law protects you.
Region-ready: This policy is written to align with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), and includes sections addressing the EU/UK GDPR and California CCPA/CPRA for applicable users. If any local law requires stricter protection, we will apply the stricter rule.
We collect information in three ways: (a) directly from you, (b) automatically via cookies/SDKs, and (c) from third parties.
Identity & contact data – name, email, mobile number, postal address, nationality, date of birth.
Account credentials – username, hashed password, security tokens.
Event & purchase data – events selected, ticket category, quantity, coupon codes, order IDs, check‑in/QR scan logs, seat/table selections.
KYC/verification data (where required) – government ID (e.g., Emirates ID/passport), selfie/liveness check, proof of address, age‑verification outcomes.
Communications – messages you send us (email, WhatsApp, webchat), reviews, support requests, dispute or refund information.
Marketing preferences – newsletter opt‑ins, WhatsApp/SMS consent, categories of interests.
Professional/Vendor data – for organizers/venues/vendors: commercial license details, VAT/TRN, bank account/IBAN (payouts), responsible persons, contracts.
Technical data – IP address, device IDs, browser type, OS, language, referring/exit pages, time stamps, error logs.
Usage data – pages viewed, clicks, scrolling, heatmaps, session duration, purchase funnel steps, attribution source/UTM parameters.
Cookies & pixels – analytics (e.g., Google Analytics), advertising pixels (e.g., Meta, Google Ads, TikTok), and fraud‑prevention signals.
Payment processors (e.g., Stripe) – tokenized payment confirmations, chargeback and risk responses; we do not store full card numbers or CVV.
Authentication/social sign‑in – information you allow via Apple/Google/Facebook sign‑in.
Marketing & data partners – audience segments, hashed identifiers for ad matching, campaign performance data.
Event partners/organizers – data we receive to fulfill an event (e.g., guest lists, access rules) or to resolve service issues.
Create/manage your account; process orders and payments; generate tickets/QR codes; enable entry and re‑entry logic; provide customer support; send transactional communications (order confirmations, updates, service notices).
Legal bases: PDPL Article 4(1) (contract), GDPR Art. 6(1)(b), legitimate interests for service quality.
Identity verification, age‑restricted events, payment and platform fraud detection, chargeback defense, compliance with law enforcement requests and applicable regulations (e.g., DTCM rules when applicable).
Legal bases: legal obligation; legitimate interests in platform security.
Analytics, debugging, A/B testing, forecasting, capacity planning.
Legal bases: legitimate interests; consent where cookies are not strictly necessary.
Send offers and news about Ticketezzy and selected partners/events; operate referral/loyalty programs; match hashed identifiers with ad platforms (e.g., Meta, Google) for custom audiences; measure campaign performance; provide organizer- or category‑specific suggestions.
Legal bases: consent where required (e.g., email/SMS/WhatsApp in some jurisdictions); legitimate interests for marketing to existing customers. You may opt out at any time.
Share relevant attendee data with the event organizer/venue/vendor so they can run the event (entry, security, seating), manage post‑event services (lost & found, refunds), and send their marketing if you consent or where permitted.
Controller roles: Ticketezzy acts as controller for the platform and as independent controller or processor for specific organizer workflows. Organizers/venues are typically independent controllers for the data they receive. See Section 6.
We use first‑party and third‑party cookies, pixels and SDKs to:
remember your preferences and keep you signed in;
analyze site/app performance and improve the checkout funnel;
deliver and measure advertising, including cross‑device and interest‑based ads.
Where required, we will ask for your consent via a cookie banner. You can change preferences at any time via Cookie Settings in the footer. Disabling certain cookies may impact site functionality. We honor Global Privacy Control (GPC) signals where legally required.
Only if strictly necessary and permitted (e.g., disability accommodation requests, age/ID verification). We do not infer political opinions, religion, or health unless you voluntarily provide information for event access needs. Sensitive data is protected with enhanced safeguards and is never used for advertising.
We share personal data only as needed for the purposes above:
Service providers / processors
Payments: Stripe (card tokenization, SCA, chargeback handling).
Infrastructure & hosting: managed cloud/hosting providers and content delivery networks.
Email/SMS/WhatsApp & marketing automation: e.g., Mailchimp/MailPoet, WhatsApp Business providers, push notification vendors.
Analytics & advertising: Google Analytics, Meta Platforms, Google Ads, TikTok Ads, and similar ad tech partners (including hashed audience matching).
Fraud & security: anti‑fraud tools, DDoS/WAF vendors, bot detection.
Event organizers/venues/vendors
We share the minimum attendee data required to run the event: name, email, ticket type/tier, quantity, order/QR ID, check‑in status, seating/table allocations, and special access flags. Organizers may contact you about the event, and—where permitted or with your consent—for marketing. Organizers must process your data in line with applicable law and their own privacy policies.
Business transfers and legal
If we undergo a merger, acquisition, financing, or asset sale, your data may be transferred. We also disclose data to comply with legal obligations, protect rights, prevent fraud or abuse, and respond to lawful requests by public authorities.
We do not sell personal data for money. For California users, some ad‑tech practices may be considered “sharing” for cross‑context behavioral advertising—see Section 11.
For purchases on Ticketezzy, we act as the data controller for platform operations. When we provide attendee lists and check‑in tools to the event organizer/venue/vendor, they generally act as an independent controller for their own purposes (e.g., event operations, incident handling, their marketing). You may need to contact the organizer directly to exercise rights regarding their independent processing.
Where Ticketezzy processes data strictly on behalf of an organizer (e.g., white‑label operations), we act as a processor under a data processing agreement.
We operate globally. Your data may be transferred to and processed in countries outside your country of residence (including the UAE, EEA/UK, and the United States). We implement appropriate safeguards, such as standard contractual clauses and contractual commitments requiring recipients to protect your data. For UAE PDPL, cross‑border transfers are made in accordance with Articles 22–23 and any related regulations.
We keep personal data only as long as necessary for the purposes described, including to comply with accounting, tax, and legal obligations, resolve disputes, and enforce agreements. Typical periods:
Account data: while your account is active and for up to 24 months after last activity, unless you request deletion earlier (unless we must retain for legal reasons).
Transaction/order data: up to 7 years for financial and audit requirements.
KYC/verification: retention aligned with regulatory requirements (typically 2–5 years from the event or account closure, depending on law).
Marketing preferences and suppression lists: retained indefinitely to honor opt‑out choices.
Logs & security events: typically 12–24 months.
We apply technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, role‑based permissions, least‑privilege access, regular backups, vulnerability management, and employee confidentiality commitments. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
Marketing opt‑out: You may unsubscribe from emails via the footer link, reply STOP to SMS/WhatsApp, or update preferences in your account. You can also email info@book.elegantewesternwear.com.
Cookie controls: Use the Cookie Settings tool and your browser/device controls. We honor GPC where required.
You may request to access, correct, erase, restrict, object to processing, or port your data, and to withdraw consent at any time. You may also lodge a complaint with the UAE Data Office.
If GDPR applies to you, you have the rights listed above plus the right to complain to your local supervisory authority. If required by law, we will appoint an EU/UK representative; details will be published on our website once available.
California residents have the right to know, delete, correct, and opt‑out of sale/share of personal information, and to limit use of sensitive personal information. We do not sell data for money, but we may share identifiers and internet/activity information with advertising partners for cross‑context behavioral advertising. You can exercise rights via “Do Not Sell or Share My Personal Information” and by enabling GPC. We will not discriminate against you for exercising your rights.
Categories collected (CCPA): identifiers, personal records, commercial information, internet/activity data, geolocation (approximate), inferences for marketing segments, and—only when necessary—government ID for KYC. Sources are you, your devices, payment processors, organizers, and ad/analytics partners. Business purposes include auditing, security, short‑term transient use, debugging, service provision, internal R&D, and quality control.
By joining our WhatsApp community or opting in to SMS/WhatsApp updates, you consent to receive messages about events, tickets, promotions, and service announcements. Message frequency varies. Message/data rates may apply. You can opt out at any time by replying STOP (or using the group’s Leave function). Messaging is provided via third‑party platforms whose own privacy terms apply.
Our Services are not directed to children under 18 (or the age required by local law for specific events). We do not knowingly collect personal data from children without appropriate consent. If you believe a child has provided data to us, contact info@book.elegantewesternwear.com to request deletion.
We may use limited automated processing for fraud detection, risk scoring, queue management, and marketing segmentation. These processes do not produce legal or similarly significant effects on you. You can contact us to request human review where applicable by law.
Our Services may include links or integrations with third‑party websites and plugins (e.g., payment pages, social media logins, mapping/seat selection tools). We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing data.
We may update this Policy from time to time. If changes are material, we will notify you by posting the updated Policy and, where appropriate, by email or in‑product notice. The “Effective date” at the top indicates the latest revision.
Email: info@book.elegantewesternwear.com
Postal: Ticketezzy LLC, Business Bay, Dubai, United Arab Emirates (please reference “Privacy Request”).
When contacting us, please provide your name, the email/phone associated with your account or order, your country of residence, and the right you wish to exercise.
When you purchase a ticket to an event hosted by an organizer or venue, Ticketezzy will share your name, contact details, ticket information, QR/check‑in status, and seating/table selections with that organizer/venue so they can operate the event. The organizer/venue may also contact you about the event or related services, and—if you opt in or where permitted—send you marketing communications. Organizers/venues are responsible for their own compliance with data protection laws and must provide their own privacy notice.