Privacy Notice

Last revised: March 15, 2026

MuseuTicke (“we,” “our,” or “us”) is committed to safeguarding the privacy of every individual who interacts with our platform. This Privacy Notice explains in detail how we collect, process, store, and share personal data when you visit our website, use our mobile application, or purchase e-tickets through our services.

By accessing or using the MuseuTicke platform at museuticke.lat, you confirm that you have read and understood this Privacy Notice. If you disagree with any provision, please discontinue use of our services immediately and contact us to request deletion of any data we may hold.

1. Information We Collect

We collect and process the following categories of personal data, depending on how you interact with our platform:

• Identity Data: Full legal name, date of birth, nationality, and gender as provided during the ticket booking process.
• Contact Data: Email address, telephone number, and postal address used for account registration, communication, and e-ticket delivery.
• Transaction Data: Details about purchases, including museum names, ticket types, visit dates, prices paid, and payment method identifiers (we do not store full card numbers).
• Technical Data: IP address, browser type and version, operating system, device identifiers, time zone setting, referring URL, and pages viewed during your session.
• Usage Data: Information about how you navigate our website and app, including page view patterns, click-through rates, feature usage statistics, and search queries.
• Communication Data: Content of emails, live chat transcripts, and feedback form submissions exchanged between you and our support team.

2. Legal Basis for Processing

We process your personal data under the following legal bases recognized by UAE Federal Decree-Law No. 45 of 2021 (UAE Personal Data Protection Law) and, where applicable, the EU General Data Protection Regulation (GDPR):

• Contractual Necessity: Processing required to fulfill our obligations under the ticket purchase agreement, including e-ticket generation, delivery, and refund administration.
• Legitimate Interest: Processing necessary for fraud prevention, platform security, service improvement, and analytics, conducted only where our interests do not override your fundamental rights.
• Legal Obligation: Processing required to comply with applicable laws, including financial record-keeping requirements under UAE Commercial Companies Law and tax regulations.
• Consent: Where we rely on your consent — such as for marketing emails or non-essential cookies — you may withdraw consent at any time without affecting the lawfulness of prior processing.

3. How We Use Your Information

Your personal data is used for the following purposes:

• Processing and confirming museum ticket bookings and managing your booking history.
• Generating and delivering personalized e-tickets to your registered email address.
• Processing payments securely through our PCI-DSS Level 1 certified payment partners.
• Administering refund and cancellation requests in accordance with our published Cancellation Policy.
• Communicating service updates, booking confirmations, reminders, and security notifications.
• Improving our platform, user experience, and customer service through aggregated usage analytics.
• Detecting and preventing fraudulent transactions, account takeovers, and other security threats.
• Meeting our regulatory and legal obligations in the jurisdictions where we operate.

4. Data Sharing and Disclosure

We share personal data only with the following categories of recipients, and only to the extent necessary:

• Partner Museums: We share your name, email, and ticket information with the specific museum you are visiting to facilitate your entry.
• Payment Processors: We use industry-leading, PCI-DSS certified payment processors who handle your financial data under their own privacy policies.
• Cloud Infrastructure Providers: Our platform is hosted on enterprise-grade cloud infrastructure with data centres located in the UAE and EU, subject to strict data processing agreements.
• Legal and Regulatory Authorities: We may disclose data where required by law, court order, or governmental request.

We do not sell, rent, lease, or trade your personal data to third-party advertisers or data brokers under any circumstances.

5. Data Retention

We retain personal data for the minimum period necessary to fulfill the purposes described in this Notice. Booking records are retained for seven (7) years to comply with UAE financial record-keeping requirements. Account data is retained for the duration of your account plus twelve (12) months following deletion. Marketing consent records are retained for three (3) years from the date of last interaction. At the end of each retention period, data is securely deleted or irreversibly anonymized.

6. Your Rights

Depending on your jurisdiction, you may have the following rights concerning your personal data:

• The right to access a copy of the personal data we hold about you.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure (“right to be forgotten”) in certain circumstances.
• The right to restrict or object to processing.
• The right to data portability in a structured, commonly used, machine-readable format.
• The right to withdraw consent at any time.
• The right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at [email protected] or write to our Data Protection Officer at the address listed in Section 9 below.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze usage patterns, and remember your preferences. Essential cookies are required for the platform to operate and cannot be disabled. Analytics and preference cookies are placed only after receiving your explicit consent through our cookie banner. You may manage your cookie preferences at any time through your browser settings or our on-site cookie management tool.

8. Security Measures

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include TLS/SSL encryption for all data in transit, AES-256 encryption for data at rest, regular penetration testing by independent security firms, and strict access controls limiting employee access to personal data on a need-to-know basis.

9. Contact Information

For any questions, concerns, or requests regarding this Privacy Notice, please contact:

MuseuTicke Data Protection Team
Office 1201, Boulevard Plaza Tower 1
Sheikh Mohammed bin Rashid Boulevard
Downtown Dubai, UAE
Email: [email protected]
Phone: +971 4 321 8800