Privacy Policy

Last updated: March 07, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Company (referred to as either "the Company", "We", "Us" or "Our" in this Privacy Policy) refers to Klevis Gjergji PF, Rruga e Kavajes, Pallati 223, Shkalla 3, Kati 4, Apartamenti 23, Tirana, Albania.

  For the purposes of the GDPR, the Company is the Data Controller.

• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

• Country refers to Albania.

• Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

• Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.

• Do Not Track (DNT) is a concept promoted by US regulatory authorities for the Internet industry to develop a mechanism allowing internet users to control the tracking of their online activities across websites.

• GDPR refers to the EU General Data Protection Regulation.

• Paddle refers to Paddle.com Market Limited, the Merchant of Record that processes all payments made through the Service on Our behalf.

• Personal Data (or "Personal Information") is any information that relates to an identified or identifiable individual. For the purposes of GDPR, this means any information relating to You such as a name, identification number, location data, or online identifier. We use "Personal Data" and "Personal Information" interchangeably unless a law uses a specific term.

• Service refers to the Website.

• Service Provider means any natural or legal person who processes data on behalf of the Company, including third-party companies employed to facilitate or improve the Service. For the purposes of GDPR, Service Providers are considered Data Processors.

• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

• Website refers to TicketArena, accessible from https://ticketarena.al/.

• You means the individual accessing or using the Service. Under GDPR, You can be referred to as the Data Subject or the User.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

When purchasing a ticket through Our Service, We ask You to provide Your email address so that We can deliver Your PDF ticket. We do not require You to create an account or provide any other personal information directly to Us. Additional billing information (such as name and payment card details) is collected directly by Paddle at checkout and governed by their privacy policy.

Usage Data

Usage Data is collected automatically when using the Service and may include information such as Your IP address, browser type and version, the pages You visit, the time and date of Your visit, time spent on those pages, and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. The technologies We use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs or pixel tags) that permit the Company to count users who have visited those pages or opened an email, and for other related website statistics.

Where required by law, we use non-essential cookies only with Your consent. You can withdraw or change Your consent at any time through Your browser or device settings.

We use both Session and Persistent Cookies for the following purposes:

• Necessary / Essential Cookies — Session Cookies administered by Us. These are essential to provide the Service and enable You to use its features.

• Cookie Acceptance Cookies — Persistent Cookies administered by Us. These identify if users have accepted the use of cookies on the Website.

• Functionality Cookies — Persistent Cookies administered by Us. These allow Us to remember choices You make, such as language preference, to provide a more personalised experience.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To deliver your ticket: Your email address is used solely to send You the PDF ticket for the event You purchased.
• To provide and maintain our Service, including monitoring usage and improving performance.
• To contact You regarding Your purchase, including any updates related to the event (e.g., cancellation or postponement notices).
• To manage Your requests: To respond to and manage any requests or support queries You send Us.
• For business transfers: We may use Your Personal Data in connection with a merger, acquisition, or sale of all or part of Our assets.
• For analytics and improvement: To analyse usage trends and improve Our Service, products, and marketing.

We may share Your Personal Data in the following situations:

• With Service Providers: We share Your email address with Resend to deliver Your ticket. We share payment-related data with Paddle to process Your transaction.
• For business transfers: We may transfer Your Personal Data in connection with a merger, acquisition, or sale of Company assets.
• With Your consent: We may disclose Your Personal Data for any other purpose with Your explicit consent.
• For legal compliance: We may disclose Your data where required by law or in response to valid requests by public authorities.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We apply the following retention periods:

• Purchase and Transaction Data (email address, ticket records): retained for up to 24 months after the event date to handle post-purchase support and resolve disputes. Transaction records are retained for up to 10 years to comply with tax and financial regulations.

• Customer Support Data (support emails and correspondence): up to 24 months from the date of resolution.

• Usage Data (analytics, IP addresses, server logs): up to 24 months from the date of collection.

• Marketing Data: retained until You unsubscribe or up to 24 months from your last engagement, whichever comes first.

We may retain Personal Data beyond the above periods where required by legal obligation, to establish or defend legal claims, or due to technical backup limitations. When retention periods expire, We securely delete or anonymize Personal Data.

Transfer of Your Personal Data

Your information may be transferred to and maintained on computers located outside Your country where data protection laws may differ. Where required by applicable law, We ensure international transfers of Personal Data are subject to appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs). No transfer will take place unless adequate controls are in place to protect the security of Your data.

Delete Your Personal Data

You have the right to request that We delete the Personal Data We hold about You. You may contact Us at any time to request access to, correction of, or deletion of Your Personal Data. Please note that We may need to retain certain information where We have a legal obligation to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data becomes subject to a different Privacy Policy.

Law Enforcement

The Company may be required to disclose Your Personal Data in response to valid requests by public authorities (e.g. a court or government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation, protect the rights or property of the Company, prevent wrongdoing in connection with the Service, or protect the safety of users or the public.

Security of Your Personal Data

The security of Your Personal Data is important to Us. While We strive to use commercially reasonable means to protect it, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Detailed Information on the Processing of Your Personal Data

Email Delivery

We use Resend to deliver Your PDF ticket to the email address You provide at checkout.

• Resend — Privacy Policy: https://resend.com/legal/privacy-policy

Payments

All payments are processed by Paddle.com Market Limited, who acts as Merchant of Record. We do not store or have access to Your payment card details. Paddle adheres to PCI-DSS standards for the secure handling of payment information.

• Paddle — Privacy Policy: https://www.paddle.com/legal/privacy

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

• Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
• Performance of a contract: Processing is necessary to fulfil the ticket purchase agreement with You.
• Legal obligations: Processing is necessary for compliance with a legal obligation to which the Company is subject.
• Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by the Company, where not overridden by Your rights.

International Transfer of Personal Data

We may transfer, store, and process Personal Data in countries outside the EEA and UK. Where We transfer Personal Data to countries without an adequate level of protection, We rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs). You may contact Us to request further information about the safeguards We use.

Your Rights under the GDPR

If You are within the EU, You have the right to:

• Request access to the Personal Data We hold about You.
• Request correction of any incomplete or inaccurate information.
• Request erasure of Your Personal Data when there is no good reason for Us to continue processing it.
• Object to processing where We rely on legitimate interests as our legal basis.
• Request restriction of processing in certain circumstances.
• Request data portability in a structured, machine-readable format.
• Withdraw Your consent at any time where processing is based on consent.

To exercise any of these rights, please contact Us. We generally respond within one month. You also have the right to complain to Your local data protection authority in the EEA.

Children's Privacy

Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under 16. If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us and We will take steps to remove that information.

Links to Other Websites

Our Service may contain links to third-party websites not operated by Us. We have no control over and assume no responsibility for the content or privacy practices of any third-party sites. We strongly advise You to review the Privacy Policy of every site You visit.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Where changes are material, We will notify You via email or a prominent notice on Our Service prior to the change becoming effective.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: info@ticketarena.al
• By phone: +355 68 600 7787
• By visiting: https://ticketarena.al/