باس تيكيتس

مساعدة

This is the consolidated privacy notice (hereinafter referred to as the "Privacy Policy" or the "Notice") for the various websites, applications, and other digital platforms of Axis of Startup for Information Systems Technology (hereinafter referred to as the "Digital Platforms"). This Notice is incorporated with reference to the Terms relating to the Digital Platforms. The general information that applies to all personal data processing activities relating to the digital platform is set out on the front of this notice document, and specific information about personal data processing activities we carry out on specific digital platforms is contained in the corresponding appendix at the back of this notice document.

Who are we and what do we do?

1.1 The Start Hub Company for Information Systems Technology (hereinafter referred to as “StartHub” or “we”, “us” or “our” or “the Company”) is the company or commercial entity registered with the Ministry of Commerce in the Kingdom of Saudi Arabia Saudi Arabia to provide commercial services related to recreational and tourism activities within the Kingdom.

1.2 The Company considers it important to protect your personal data and seeks to process it in accordance with the applicable data protection laws and regulations, mainly the temporary regulations of the National Data Management Office in the Kingdom of Saudi Arabia on the protection of personal data (hereinafter referred to as the “Temporary Regulations”) and other regulations and applicable data protection regulations (Temporary Regulations and other laws and regulations generally referred to in this document as the “Applicable Data Protection Regulation”).

1.3 For the purposes of the applicable data protection regime, StartHub is the controller (ie the party responsible for deciding how your personal data is to be processed) of, and responsible for, your personal data.

What is the purpose of this document?

2.1 StartHub respects your privacy and is committed to protecting your personal data. StartHub has adopted this Privacy Notice to inform you ("you") what personal data has been collected, used and processed in relation to you, and how you can anticipate what personal data is to be used and for what purpose. You should read this Privacy Notice so that you are aware of how and why this information is used and what your rights are under the applicable data protection regime.

2.2 This notice:

(a) It applies to any person who visits or uses the Digital Platforms.

(b) sets out the types of personal data we collect about you.

(d) indicates how long we keep your personal data.

(e) It explains how we share your personal data – when, why and with whom we do it.

(f) Clarifies your rights as the data subject.

(g) sets out the legal basis on which we have the use of your personal data.

(h) shows the effect of refusing to provide the requested personal data.

(i) It sets out the different rights and options available to you as the data subject when it comes to your personal data.

(j) Describes how we use automated decision-making and/or profiling – and when and why we do so.

2.3 The Digital Platforms are not intended for children under the age of eighteen and we do not knowingly collect personal data from children.

Compliance with data protection principles

We implement measures designed to comply with the applicable data protection regime, including measures designed to ensure that the personal data we hold about you:

(a) Used in a systematic, fair and transparent manner.

(b) It is collected only for valid purposes that we have clearly explained to you and is not used in any way inconsistent with those purposes.

(d) Accurate and constantly updated.

(e) They are not kept unless it is necessary for the purposes for which we have told you.

(f) It is kept securely.

(g) continue to use appropriate measures and records in a manner that allows us to demonstrate compliance with the applicable data protection regime.

Changes to this Privacy Notice

We may change/update this notice at any time in the future, at our sole discretion. Any changes will be effective immediately upon posting of the revised notice. If the changes are material, we will provide you with additional notice, for example through a banner on our website or by sending you an updated version of such notice in writing, including by electronic means as appropriate, unless you request a different form of delivery through the contact us form.

What personal data do we collect about you?

5.1 We collect your personal data for the purposes listed below in the Appendices.

5.2 “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors of physical identity or Physiological, genetic, mental, economic, cultural or social for that natural person.

5.3 In the interest of providing a complete picture, Personal Data does not include data that has been completely de-identified (eg completely anonymous data or aggregated data), however, it may still include pseudonymised data. Under the applicable data protection regime, there may be certain types of personal data that are more sensitive and that require A higher level of protection (hereinafter referred to as “Special Categories of Personal Data” and “Personal Data relating to Criminal Convictions”). Special categories of personal data may include: details about your racial or ethnic origin, religious or philosophical beliefs, information about your health, genetic and biometric data. Information about criminal convictions and offenses may also be considered sensitive and require this higher level of protection.

5.4 We do not typically collect or process special categories of personal data or personal data relating to criminal convictions. These categories of personal data may be considered more sensitive under the applicable data protection regime, and usually require more stringent security measures (technical and organizational measures) during the processing process. In the exceptional case in which we are obligated to collect and process that personal data, we will only collect it from you, and we will process it, in cases where the system allows it, such as when applying one of the statutory conditions for processing the special categories of personal data detailed in Appendix 2. As required under applicable data protection regulations, we obtain separate consent from you before processing special categories of your personal data.

5.5 We may also collect, use and share Aggregate Data (as defined in the applicable data protection system) for any purpose to the extent permitted by the applicable data protection system. Aggregated data may be obtained from your personal data but, in general, it is not considered personal data under the applicable data protection regime as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data in accordance with applicable data protection regulations for the purpose of calculating the percentage of users who access a particular digital platform feature. However, if we combine or link aggregate data with your personal data so that it can directly or indirectly identify you, we treat the collected data as personal data, which is used in accordance with this privacy notice.

What happens if you do not provide us with the personal data we request or ask us to stop processing your personal data?

If you do not provide us with the necessary personal data, or ask us not to process your personal data, we may not be able to perform the activities you expect from us (for example, provide information, goods or services to you) or we may be prevented from complying with our statutory obligations. In this case, we may have to refuse your request or not meet your expectations - in which case we will endeavor to inform you.

Where do we collect personal data about you from?

The following are the different sources from which we may collect personal data about you:

7.1 directly from you. This is personal data that you provide to us, for example by visiting our digital platforms or through direct communications with us, or through other direct interactions with us such as filling out any form on our digital platform, applying for our products or services, and applying for an opportunity To work with us on our Digital Platform, create an account on our Digital Platform, subscribe to our Service or our publications, request that we send you marketing, enter a contest or prize draw, promote or survey, provide feedback, or contact us by any means to submit Inquiry complaint etc.

7.2 from an agent / third party acting on your behalf.

7.3 from publicly available sources. We may use the following public sources:

(a) Social media.

(b) Events (eg conferences).

7.4 from providers of analytics, ad networks, search information, technical, payment (ie, third-party payment gateways) and delivery service providers.

7.5 Through any marketing communication where we may send to you, or through email messages we send or receive. You may opt out of receiving promotional emails from us at any time by following the instructions in the emails by clicking on the unsubscribe link or by emailing us at the email address specified in Section 19 below with the word “unsubscribe” in the subject field of E-mail. Please note that you cannot opt out of non-promotional emails, such as those relating to transactional relationships.

7.6 Through automated technologies or interactions. As you interact with our digital platform or download/install our application(s), we automatically collect technical data regarding your devices, browsing actions and patterns. We collect this personal data using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other digital platforms that use tracking technologies, including cookies. Please see our cookie policy for more details.

How and why do we use your personal data (the systemic basis for the processing of personal data, the purposes for which it is collected and processed)?

8.1 We want to provide you with the best possible user/customer experience while in our role as the Pass Tickets platform. In order to do this, we need to paint an accurate picture of your identity and your preferences, by incorporating the various types of personal data we have collected about you.

8.2 We use your personal data only when the system, including the applicable data protection system, allows us to do so. Under the applicable data protection regime, it may be Set the justification for the use of personal data on a number of systemic grounds (the systemic basis for processing). This means that we only collect personal data for specific, explicit and legitimate purposes, and we may only process personal data on any matter incompatible with those purposes in limited circumstances. We use your personal data only for the purposes for which we collected it, unless we reasonably believe we need to use it for another reason compatible with the original purpose. If we want to use your personal data for an unrelated purpose, we are obligated to notify you and explain the legal basis that allows us to do so.

8.3 We may use Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to form an opinion about what we think you may want or need or what may be of interest to you. This is how we decide which products, services and offers may be appropriate for you. You receive such marketing communications from us if you request information from us or purchase/receive goods or services from us and choose to receive such marketing communications. You can ask us, or our affiliates, for us to stop sending you marketing messages at any time – by logging into the digital platform and adjusting your marketing preferences, by following the unsubscribe links in any marketing message sent to you, or by contacting us at any time. (Opting out of receiving marketing communications does not affect any transaction- or service-related messages that we need to send to you in the course of a transaction or service.)

8.4 In short, we use your Personal Data to allow us to fulfill our contract with you, to provide you with the best possible customer experience in line with our legitimate interests, and to enable us to comply with all of our statutory obligations. The specific purposes for which we process your personal data, and the corresponding statutory basis for the processing, are set out in the Appendices. Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, where required or permitted by law.

How long do we keep your personal data?

9.1 We only retain your Personal Data as reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there is a potential for recourse in connection with our relationship with you.

9.2 We consider the quantity, nature and sensitivity of personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and legal or regulatory requirements , tax, accounting or other applicable requirements - to determine the appropriate period for the retention of personal data.

9.3 In some circumstances, we may anonymize your personal data so that it cannot be associated with you, in which case we may retain and use the information without further notice to you. Once you become our customer, user or employee (as applicable), we keep and destroy your personal data securely in accordance with applicable data protection regulations.

Who do we share your personal data with?

10.1 Our employees have access to your personal data to perform their own tasks. We may share your personal data with relevant third parties to perform our role as event ticket broker, in the context of evaluating, or reporting on, activities or our performance, as part of a reorganization of StartHub, to support system maintenance and data hosting, and for other operational reasons such Type.

10.2 We may also share your personal data with our service providers (known as “trusted third parties”) involved in providing information or services you have requested from us via our digital platforms for statutory purposes in order to help us operate our business. We rely on those trusted third parties for a range of our business operations and services. We have agreements in place with these service providers to protect the confidentiality of your personal data. We do not share your personal data with third parties for their marketing purposes, except with your specific consent.

10.3 If we share your personal data with trusted third parties, we:

(a) We only provide them with information necessary for their specific services/for their specific purpose.

(b) We enter into appropriate contractual arrangements designed to ensure that they are permitted to use your personal data only for the purposes strictly specified in our contract with them.

(d) When we stop using our trusted third party services, we ensure that any data they hold securely is deleted or put out of use.

10.4 In short, our trusted third parties include:

(a) Third party payment gateway service providers.

(b) suppliers/service providers (for example, couriers, e-commerce service providers, technicians for handling complaints or anti-fraud, IT companies and service providers who support our Digital Platform);

(d) Insurance (eg insurance brokers).

(e) direct marketing companies that assist us in our electronic communications with our customers.

(f) Outsourcing of certain work tasks. For example, we may use service centers that we outsource to perform tasks such as document and information management services, office support, technology and information technology services, word processing, transcription and translation services (we have agreements in place with such service providers to protect the confidentiality and security of information (including personal data) shared with them).

10.4.2 We may also share your personal data with vendors and other parties for analysis and advertising purposes. These parties may act as our providers, or, in certain contexts, make an independent decision about how we will process your personal data. These third parties may include:

(a) Social media channels (such as Instagram and Facebook), to show you interesting products as you browse the Internet, based on your acceptance of cookies on our digital platform (see our Cookie Policy) or your consent to direct marketing.

(b) data analytics/business insights, to help us ensure that your details are kept accurate and up-to-date.

10.5 We shall, from time to time, disclose your personal data to authorities, such as police, law enforcement, regulatory and/or governmental bodies, in connection with investigations or regulatory proceedings conducted anywhere in the world, if required by regulations or applicable regulations, or if we reasonably believe it is necessary to protect StartHub or other customers or the public. We will usually notify you before responding to such inquiries unless circumstances prevent us from doing so. We take your privacy into account and handle these requests on a case-by-case basis.

What happens if there is a change in the company?

If there is a change in StartHub company, or a share or all of the PassTickets platform is sold to a party other than StartHub. The new “successor” may use your personal data in the same manner as set out in this Privacy Notice and your personal data may be transferred to this new entity in accordance with the terms of this notice.

Do we transfer your data outside Saudi Arabia?

12.1 We usually use data centers located in different locations around the globe. Accordingly, if you are located outside the Kingdom of Saudi Arabia, we may transfer your personal data outside your country of residence. Where required by applicable data protection regulations, you can expect a similar degree of protection with respect to your personal data.

12.2 If you are subject to a jurisdiction that requires adequate levels of personal data protection, we may transfer your personal data to countries that are deemed to provide an appropriate level of protection for personal data in accordance with the applicable data protection regime. In the absence of an adequate resolution, any person to whom we transfer your personal data, outside of your jurisdiction, ensures that a similar degree of protection is provided for your personal data by ensuring that appropriate safeguards are in place. Appropriate safeguards may include:

(a) A legally binding and enforceable document between public authorities.

(b) Corporate Binding Rules (BCRs).

(d) Standard contractual clauses approved by the supervisory authority and approved by the local regulatory authority.

(e) An approved code of conduct.

(f) An approved accreditation mechanism.

We also obtain separate consent as required by applicable data protection regulations.

12.3 More information on how we protect your personal data in connection with transfers and/or requesting a copy of the Model Clauses can be obtained by contacting us through this form.

Do we make automated decisions about you?

StartHub does not carry out processing on the basis of automated decision making, including profile creation, but we will notify you in writing if this situation changes.

Analytics and Advertising

14.1 We use analytics services to help us understand how users access and use digital platforms. In addition, we work with agencies, advertising companies, ad networks, and other technology services to place ads on websites and other services. For example, we place ads across social media platforms that you may see on their platforms as well as on other websites and services.

14.2 As part of this process, we may incorporate cookies and tracking technologies into our digital platforms (including our website and emails) as well as into our advertisements displayed on other websites and services. Some of these tracking technologies may track your activities over time and the Services for the purposes of connecting the various devices you use, and delivering relevant advertisements and/or other content to you ("Interest-Based Advertising").

14.3 Further, the companies we work with to deliver targeted advertising to you must give you the option to opt out of receiving targeted advertising. To learn more about targeted advertising offered by these companies, and how to opt out of receiving certain targeted advertising from them, please visit: (i) https://www.aboutads.info/choices; and (ii) https://www.networkadvertising.org/choices. Opting out only means that selected Participants must stop serving you certain targeted advertising, but it does not mean that you will not receive any targeted content and/or advertising (eg in connection with other Participants' customers or from other technology services).

14.4 Please note that if you opt out using any of these methods, the opt-out will only apply to the specific browser or device from which you opted out. We are not responsible for the effectiveness of, or compliance with, any Opt-out options or programmes, or the accuracy of any third party statements regarding opt-out options or programmes.

14.5 See our Cookie Policy for more details on cookies and tracking technologies.

How do we secure your personal data?

15.1 We are required, under the applicable data protection regime, to implement appropriate technical and organizational security measures to ensure that your personal data is properly protected. These measures are designed to prevent loss, unauthorized use, access to, alteration or accidental disclosure of your personal data.

15.2 This is done in a manner that is tailored to the risks you face should your personal data be compromised. We implement measures designed to protect the personal data we hold and limit access to your personal data by those employees, agents, contractors and other third parties whose business needs access to that data. Some of these measures include putting in place access controls and restrictions based on mission and role as to who has access to your personal data, even within our organization. These controls are designed to ensure that your personal information is processed only on instructions and is subject to a duty of confidentiality.

15.3 All databases and file systems on the Internet are password protected, and are limited to authorized personnel only. We also log access to personal data by creating access logs. We have established a process of removing a customer from the customer list to ensure that once your data is no longer required for the stated purpose (and/or the regulatory basis in the supplements no longer applies), all access within StartHub is revoked.

15.4 Where Personal Data is stored electronically, we use cryptographic measures, as appropriate, to help ensure the security of that Personal Data. We may also, as appropriate, use pseudonyms to help secure your personal data, particularly when we include special categories of personal data. Furthermore, we may anonymize personal data, as appropriate, particularly in situations where we do not require proof of the identity of the person relating to that data and where the purposes of holding the personal data have lapsed but the data is of value to our business.

15.5 We have put in place organizational measures and procedures designed to deal with data security breaches and our employees are trained on the actions to be taken in the event of any security breach. This includes the person immediately contacted, who is responsible for carrying out the following investigation and who escalates the incident to the relevant supervisory authority and affected individuals, as appropriate. In any case, where required by applicable law, we will notify the supervisory authority and the data subject affected.

15.6 Further details of these procedures can be obtained by contacting us through this form.

What rights do you have in relation to the personal data we hold in relation to you?

16.1 You may be granted a number of rights when it comes to your personal data, under the applicable data protection regime, depending on the jurisdiction. More information and advice on your rights can be obtained by contacting us through this form.

Rights

what does that mean?

right of access

You have the right to access your personal data (if we process it), and certain other information (similar to that set out in this policy).

This is for the purpose of making you aware and able to check our use of your personal data in accordance with the Data Protection Regulation.

right to correct

You have the right to correct your personal data if it is inaccurate or incomplete.

Right to write off

Also known as the 'right to be forgotten', it simply allows you to request that your personal data be deleted or removed if there is no compelling reason for us to continue using it. This is not a general right to delete; There are exceptions.

Right to restrict processing

You have the right to “block” or prevent further use of your personal data. If processing is restricted, we may still store your personal data, but may not continue to use it. We maintain lists of people who have requested continued use of their personal data for the purpose of “blocking” them to ensure that the restriction is observed in the future.

Right to object to processing

You have the right to object to certain types of processing, including processing related to direct marketing (for example, if you do not wish to be kept informed of our news and marketing).

Right to file a complaint

You have the right to lodge a complaint about the way we handle or process your personal data with the relevant supervisory authority, in particular (place of residence, place of business or place of alleged infringement).

Right to withdraw consent

If you consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do, this does not mean that anything we have done with your consent up to that point is illegal). This includes your right to withdraw your consent to our use of your personal data for marketing purposes.

Right to data portability

The data subject has the right to receive the personal data relating to him, which he has provided to the controller, in a structured, commonly used and machine-readable form, and he has the right to transfer such data to another console without hindrance from the controller to whom the personal data was provided

16.2 We typically act on requests and provide Personal Data free of charge, but may charge a reasonable fee to cover our administrative costs for providing Personal Data to:

(a) Unfounded or excessive/repetitive requests.

(b) Other copies of the same data Personal.

Otherwise, we may refuse to act upon request in such circumstances.

16.3 Please consider your application responsibly before submitting it. We reply as soon as possible. Generally, this will be done within one month from the time we receive your request, but this may vary based on the nature of the request.

What may we need from you

17.1 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We will also contact you to ask for more information regarding your request to expedite our response.

17.2 We also need your contact details. We may communicate with you via email or social media. (If you prefer a particular method of communication, please let us know.

Third Party Links

Our digital platforms may include links to third-party websites, plug-ins and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control third party websites and are not responsible for their privacy statements. When you leave any of our digital platforms, we encourage you to read the privacy policy of each site you visit.

How can you contact us?

19.1 If you are not satisfied with the way we handle your personal data, or have other questions about the processing of your personal data, our Privacy Notice and our privacy practices, please contact us through this form [4].

19.2 You have the right, under the applicable data protection regime, to lodge a complaint with the relevant data protection authority. However, we do appreciate the opportunity to address your concerns prior to filing a complaint, so please contact us in the first place.

Annex 1 Categories of Personal Data

We may collect the following types of personal data about you in accordance with this Privacy Policy:

Type of personal data

details

a. identity data

First name, last name, username or similar identifier, marital status, dependents, job title, date of birth, gender, identification number (such as passport number or national identification number)

B. Contact Data

Billing address, delivery address, email address, phone numbers, and marketing and communications preferences

c. Demographic and profile data

Such as your general location, origin, age, preferences, interests, feedback and survey responses

Dr.. Transaction data

includes details about your receipt and payment of payments, payment card details, and other details of the products and services you have purchased from us].

e. Technical data

Include / [Internet Protocol (IP) address, your login data, browser type and version, time and location setting, browser plug-in types and versions, information collected through cookies, operating system and platform, and other technologies related to with the devices you use to access the digital platform].

And the. Usage data

It includes information about how you use our digital platforms, products, and services

g. Health Personal Data

vaccine status; information about disabilities that may be relevant to the services you request from us; and information about health insurance coverage that may be relevant to the services you request from us

h. Personal data related to criminal convictions or related security measures

Information about criminal convictions that may be relevant to the services you request from us

i. Personal data revealing racial or ethnic origin (such as passports or visas)

National origin information that may be relevant to the services you request from us

Annex 2 - Purposes and Systematic Basis of Treatment

Type of personal data

Processing purposes

Systemic basis of treatment

a. identity data

administer our service, accommodate new customers, determine visa eligibility, allow you to make inquiries, communicate with you, personalize content for you, for marketing/promotional purposes, conduct surveys, respond to complaints, locate you and improve our services.

When we have your consent to process, if required to perform a contract, or if necessary to pursue our legitimate interests including verifying the identity of Users, communicating with Users, to monitor, protect and enhance our Services and Platforms.

B. Contact Data

c. Demographic and profile data

Personalize content for you, locate you, conduct market research, conduct surveys, improve services to you, monitor customer accounts to prevent, investigate, and/or report fraud, terrorism, misrepresentation, security incidents or Offenses, according to applicable laws.

When we have obtained your consent to the processing, or if necessary To pursue our legitimate interests including verifying the identity of Users, communicating with Users, to monitor, protect, and promote our Services and Platforms.

Dr.. Transaction data

Manage our services and book tours with our partners or affiliates.

When we have obtained your consent to the processing.

e. Technical data

Ensure the proper functioning of our Platforms, personalize our content/platforms, locate you, improve the services provided, monitor web traffic and audience participation, and monitor, protect and promote our content, services and platforms.

And the. Usage data

g. Health-related personal data (special categories of personal data)

Complete your visa application or e-Visa through our Platform, and/or comply with statutory obligations as applicable (including disclosure in connection with any legal process or litigation).

Where we have your consent to the processing, or if necessary to pursue our legitimate interests including verifying the identity of Users, communicating with Users, to monitor, protect and enhance our Services and Platforms. In addition: if required for reasons of public interest in public health, such as to protect against serious transboundary threats to health, to comply with a statutory obligation, or if treatment is necessary for the purposes of preventive or occupational medicine.

h. Personal data related to criminal convictions or related security measures

if required to perform a task to be carried out in the public interest, exercise official authority vested in us, comply with a statutory obligation, prevent, investigate, and/or report fraud, terrorism, misrepresentation, security incidents or offences, In accordance with applicable laws.

i. Personal data revealing racial or ethnic origin (such as passports or visas)

Fulfill your visa or e-Visa application via our Platform and prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crimes, in accordance with applicable laws, or for compliance, regulatory and investigation purposes as applicable ( Including disclosure in connection with any legal process or lawsuit).