Privacy Policy

Who we are

This Privacy Policy explains how BOOK@ ("we", "us", "our") handles personal data when you use the bookat.net website, applications, and related services (the "Service"). The data controller is BOOK@, Office 304, Floor 3, Khalaf and Ishtay Building, Al-Madina Al-Monawara Street, Amman, Hashemite Kingdom of Jordan. For any privacy question you may contact us at info@bookat.net or on +962 79 2666603.

Information we collect

We collect the following categories of information:

• Account information: your name, email address, phone number, password (hashed), and a billing address if you provide one.
• Transaction data: order amount, currency, payment gateway used, transaction reference, and card metadata limited to brand and the last four digits. We do not store the full card number, expiry, or CVV.
• Usage data: IP address, browser type and version, device type, operating system, referring page, pages viewed on our Service, and the date and time of access.
• Cookies and similar technologies: as described in our Cookie Policy.
• Content you submit: event listings and details if you are an organizer, support tickets, profile photo, and any other content you upload.

How we use your data

We process personal data for the following purposes:

• To create and operate your account and provide the Service.
• To process and fulfil orders for tickets, courses, and shop deliveries, including issuing receipts and tickets.
• To send transactional communications such as order confirmations, ticket emails, password resets, and replies to your support requests.
• To detect, prevent, and investigate fraud, abuse, and violations of our Terms.
• To maintain the security and integrity of the Service.
• To improve the Service, including product analytics and debugging.
• To send marketing communications only where you have opted in. Every marketing email contains an unsubscribe link.

Legal bases for processing

We rely on the following legal bases:

• Performance of a contract for account creation, order processing, and delivery of tickets, courses, and goods.
• Legitimate interests for fraud prevention, security, and product improvement, balanced against your interests and rights.
• Consent for marketing communications and for non-essential cookies. You may withdraw consent at any time.
• Legal obligation for tax, accounting, and other obligations under Jordanian law.

Who we share data with

We do not sell personal data. We share data with:

• Payment processors: PayTabs and Stripe, which receive the information needed to process your payment. Card data is captured by the processor and is not stored by us.
• Event organizers: when you buy a ticket to an event, the organizer receives the data needed to deliver the ticket and to scan it at the gate, such as your name, order reference, and ticket type.
• Hosting and infrastructure providers that store data on our behalf under processor agreements.
• Authorities when we are compelled to disclose under a valid legal process under Jordanian law.
• Successors in a merger, acquisition, or sale of assets, in which case the new entity will be bound by this policy until it is updated.

International transfers

Our infrastructure is primarily located in the region. Stripe may transit and process data outside Jordan to complete card transactions. PayTabs operates regionally. Where data leaves Jordan we rely on processors that maintain industry-standard safeguards, including PCI-DSS certification for payment data.

Data retention

We retain account data while your account is active. If you ask us to delete your account, we will action the request within 30 days. We will retain only what Jordanian law requires us to keep, in particular financial records used for tax and accounting purposes, which may be retained for up to ten years. Anonymized analytics may be retained without time limit.

Your rights

Subject to applicable law you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your account and associated data.
• Receive a copy of your account data in a portable format.
• Withdraw consent for marketing or non-essential cookies at any time.

To exercise any of these rights, write to info@bookat.net from the email address on the account. We may ask you to verify your identity before we action the request.

Security

We use TLS encryption for data in transit. Payment data is handled by PCI-DSS certified processors. Access to production systems is restricted on a least-privilege basis and authentication is required for administrative access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Children

The Service is not directed to children under 16. You must be at least 16 years old to create an account. If you believe a child has provided us with personal data, contact us and we will delete it.

Cookies

We use a small number of essential cookies to operate the site and remember your preferences, and analytics cookies only if enabled. For details and choices see our Cookie Policy.

Changes to this policy

We may revise this Privacy Policy from time to time. The revised version takes effect when posted. If a change is material we will notify you by a notice on the site or by email to the address on your account.

Contact

For questions about this Privacy Policy, write to info@bookat.net or to BOOK@, Office 304, Floor 3, Khalaf and Ishtay Building, Al-Madina Al-Monawara Street, Amman, Jordan.