Privacy Policy (Tathkarti)
1. Introduction
Tathkarti (“we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy describes how we collect, use, store, share, and protect the personal information you provide through our website or services, and your rights under applicable laws (including the EU’s GDPR and Saudi Arabia’s PDPL).
By using our website or services, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree with this policy, please do not use our website or services.
2. Scope and Application
This Policy applies to:
All visitors, users, customers, and others who access or use our website and related services.
All personal data collected, processed, and stored by us in connection with those interactions.
3. Information We Collect
We may collect and process the following categories of personal data:
Personal Identifiers: name, email address, phone number, national ID / passport, date of birth, gender, nationality.
Account & Profile Data: username, password, profile settings, preferences.
Transaction & Booking Data: booking history, tickets, payments, billing addresses, transaction IDs, special requests.
Technical & Device Data: IP address, browser type and version, operating system, device identifiers, time zone, device settings.
Usage Data: pages visited, time spent, interactions, navigation paths, search terms, referring URLs.
Location Data: if enabled, geolocation information from device or IP-based location.
Marketing & Communication Data: your preferences, consents, survey responses, subscription settings.
Social Media Data: public profile, social interactions, information you post or provide through social integrations (if applicable).
We may collect data in the following ways:
Directly from You: when you submit forms, make bookings, contact us, subscribe, or otherwise provide information.
Automatically: via cookies, server logs, tracking technologies, analytics tools.
From Third Parties: such as payment gateways, analytics providers, ad networks, social media platforms, public databases.
4. Legal Bases for Processing (GDPR & PDPL)
We rely on the following legal bases:
Consent: when you have given explicit consent for specific purposes (e.g. marketing, cookies).
Performance of Contract: processing is necessary to fulfill our contractual obligations (e.g. to provide the service you requested).
Legal Obligation: to comply with applicable laws, regulation, or governmental requests.
Legitimate Interests: where our interests (or those of a third party) are valid and do not override your rights (e.g. fraud detection, system security, business improvements).
5. How We Use Your Information
We use personal data for these purposes:
Providing Services: processing bookings, delivering tickets, customer support, account management.
Payment & Billing: verifying and executing transactions, detecting payment fraud.
Personalization: tailoring content, recommendations, offers, and services to your preferences.
Communications: sending updates, newsletters, marketing (if you consent), service messages, responses to inquiries.
Analytics & Improvement: analyzing usage, trends, performance, user feedback to improve our service.
Security & Fraud Prevention: protecting against unauthorized access, misuse, and ensuring system integrity.
Legal Compliance & Disputes: to comply with legal obligations, resolve disputes, enforce policies, protect rights.
Business Transactions: in case of merger, acquisition, restructuring, your data may be transferred under appropriate safeguards.
6. Sharing & Disclosure of Data
We may share your data with:
Service Providers & Vendors: those who support our operations (e.g. payment processors, hosting, analytics, marketing).
Business Partners: event organizers, cinemas, fulfillment agents where needed to deliver service.
Government, Legal & Regulatory Bodies: when required by law, or to respond to lawful requests.
Third Parties in Corporate Transactions: in connection with mergers, acquisitions, or sale of assets, with appropriate legal safeguards.
With Your Consent: where you expressly permit sharing for specific purposes.
We do not sell your personal data.
7. Cross-Border / International Transfers
Your data may be transferred to, stored, or processed in countries other than your place of residence, which may have different data protection laws. Where this occurs, we ensure appropriate safeguards (e.g. Standard Contractual Clauses, binding corporate rules, or legal authorizations) to protect your data consistent with GDPR, PDPL, and other applicable laws.
8. Data Retention & Deletion
We will retain your personal data only as long as necessary to fulfill the purposes stated here, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we will securely delete or anonymize it so it can no longer identify you.
9. Data Security
We implement technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption (in transit and at rest), secure servers, access controls, firewalls, regular security audits, and employee training.
Despite our best efforts, no security measure is perfect. You should also take steps to protect your personal information (see Section 11 below).
10. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (if required by law), and notify you without undue delay if there is a high risk to you.
11. Your Rights
Depending on applicable law (GDPR, PDPL, etc.), you have rights regarding your personal data, including:
Right of Access: Request a copy of your data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): Delete your data under certain conditions.
Right to Restrict Processing: Limit how we use your data under certain conditions.
Right to Object: Object to processing, including for marketing.
Right to Data Portability: Receive your data in a machine-readable format and transfer it to another controller when feasible.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time (without affecting prior processing).
Right to Non-Discrimination (as applicable): You should not be penalized for exercising your privacy rights.
To exercise your rights, please contact us (see below). We may ask you to verify your identity before responding.
12. Cookies & Tracking Technologies
We use cookies and similar technologies (web beacons, tracking scripts) to help us provide, protect, and improve the experience. For details, refer to our Cookie Policy, which explains how cookies are used, how to consent or reject them, and how to change preferences.
13. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 16 without parental or guardian consent. If we learn that we have collected personal data of a child under 16 without consent, we will take steps to delete such data promptly.
14. Third‑Party Links & Embedded Content
Our website may include links or embedded content from third-party websites or services (e.g. social media, videos, ads). These third parties may collect or process data independently. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
15. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or services. When we do, we will post the updated version on our site with a new “Last Updated” date. We encourage you to revisit this page from time to time.
16. Contact & Data Protection Officer (DPO)
If you have questions or want to exercise your data rights, you can contact us:
Email: dpo@tathkarti.com
Address: Riyadh, Saudi Arabia]