Introduction 

Please read this Privacy Notice carefully before using the Website. 

This Privacy Notice (hereinafter "Privacy Notice") constitutes an agreement between PERFECT PHYGITAL EVENTS L.L.C., a company registered in accordance with the laws of the United Arab Emirates, holding license no. 1404535 (hereinafter the "Perfect Phygital Events", "We", "Us" or "Our"), and a capable natural person (hereinafter "Data Subject", "You", or "Your") who interacts with Our Services, including purchasing Tickets or attending Events, concerning Your Personal Data Processing.

This Privacy Notice explains how We Process Your Personal Data when You visit Our Website, purchase Tickets, participate in Events, or otherwise engage with Our Services. 

If You do not agree with this Privacy Notice, You are expressly PROHIBITED from accessing and using Our Website and Services. 

This Privacy Notice is an integral part of Our Terms and Conditions.

The main part

1. Terminology

• Consent. A clear positive statement or action which indicates in a specific and unambiguous manner that the Data Subject authorizes the Controller to Process their Personal Data. This Consent is provided explicitly when You access the Website, purchase Tickets, or attend Our Events, thereby confirming that You have read, understood, and agreed to be bound by the terms of this Privacy Notice

• Controller. An establishment or natural person that has the Personal Data, and by virtue of its activity, determines, whether individually or jointly with other persons or establishments, the method and criteria for Processing such Personal Data and the purpose of Processing it.

• Co-Controller. A natural or legal person who determines the purposes and means of Processing with the Controller.

• Data Protection Authority. A government agency that protects data subjects from unlawful processing. The UAE Data Office acts as the UAE Data Protection Authority.

• Data Subject. You, as a natural person whose Personal Data is processed by the Controller.

• Personal Data. Any data related to a specific natural person or related to a natural person that can be identified directly or indirectly by linking the data, through the use of identification elements such as his/her name, voice, image, identification number, his/her electronic identifier, his/her geographical location, or by one or more physical, physiological, economic, cultural or social characteristics.

• Data Breach. A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to Personal Data.

• Processing. Any operation or set of operations performed on Personal Data using any electronic means. This includes collecting, storing, recording, organizing, adapting, modifying, circulating, altering, retrieving, exchanging, sharing, using, characterizing and disclosing Personal Data by broadcasting, transmitting, distributing, making available, coordinating, merging, restricting, blocking, erasing or destroying it or creating forms thereof. 

• Automated Processing. Processing carried out using an electronic program or system that operates in an automated and automatic manner, either independently without any human intervention or partially independently with limited human supervision and intervention.

• Processor. An establishment or natural person that processes Personal Data on behalf of the Controller.

• Profiling. Any form of Automated Processing of Personal Data that involves the use of Personal Data to assess certain personal aspects related to a natural person, in particular, to analyse or predict aspects related to that natural person's work, economic status, health, personal preferences, interests, reliability, behaviour, location or movement.

• Third Party. Any person other than the Data Subject, the Controller or Processor and the Data Protection Authority to which the Controller or Processor transfers Personal Data.

• Data Protection Officer. A natural or legal person appointed by the Controller that undertakes the tasks of ascertaining the extent to which the entity to which it belongs complies with the controls, requirements, procedures and rules for Processing Personal Data.

  
  

Other terms used in this Privacy Notice, but not defined, have their meanings set out in Our Terms and Conditions.

2. Information about the Controller

The Controller for the purposes of Processing of the Personal Data under this Privacy Notice is the Perfect Phygital Events.

3. Personal Data

This section describes what Personal Data of Data Subjects the Perfect Phygital Events is Processing. Personal Data may be collected based on the information You provide and automatically when You use Our Website or Services. 

Perfect Phygital Events may collect the following information about You for the following purposes:

Identification data:

• Full name of the Data Subject: Collected to personalize Your experience, manage Ticket purchases, and verify access to Events.

  
  

• Email: Used for communication, Ticket confirmation, Event updates, and customer support.

  
  

• Telegram Username: Collected to facilitate communication through the Telegram platform.

  
  

Event Participation Data:

• Event Preferences and Interests: Collected to recommend suitable Events and tailor marketing communications.

  
  

• Attendance Records: Details of the Events You attend, including the Ticket purchased and entry validation data.

  
  

• Recordings and Media: Audio, video, and photographic recordings of Events, which may include Your image, voice, or likeness.

  
  

Interests and Preferences:

• Areas of Interest: Collected to understand Your needs and match You with suitable services.

  
  

• Commentary: Allows You to provide additional details or context regarding Your interest in Our services.

  
  

Data on the use of the Website:

• Activity data: The actions of the Data Subject on the Website are recorded, including:

  • Start and end time of the session, clicks, and page views.

  • Number of visits: Total visits and unique visitors.

  • Pages viewed: Information about pages visited, average time spent on each page, and total pages viewed per session.

  • Time on Website: Average time spent on the Website and individual pages.

  • Traffic sources: Tracking where Data Subjects came from (organic search, social media, direct visits, referrals).

  • Data Subjects actions: Registrations, button clicks, form submissions, video views, and other interactions with site content.

  • Geolocation: Information about the city and country of the visitor.

  • Device data: Information about device type, operating system, and browser used.

  • Bounce rate: Percentage of Data Subjects who leave the site after viewing only one page.

  • Conversions: tracked to measure engagement.

    
    

Data for advertising and marketing:

• Information about referrals: Collected to analyse the effectiveness of marketing campaigns.

• Data about Data Subjects preferences: Collected to customize targeted advertising, including personalized marketing and retargeting.

  
  

Data on interaction with support:

• Technical support requests: Any information provided by the Data Subject in connection with the use of the Website and directed to Perfect Phygital Events representatives for technical support.

  
  

Perfect Phygital Events does not use:

• Personal Data of children. We do not knowingly Process the Personal Data of people under the age of 18.

• Profiling: Automatic decisions. We do not use profiling to Process the Data Subjects.

• Sale of Personal Data: We do not sell Personal Data of the Data Subjects.

  
  

4. Sources of data collection

   
   

Directly from Data Subjects: The primary source of data collection is the Data Subjects themselves when they submit information through the Website, fill out forms or communicate with Our support team.

Automatically when using the Website: We automatically collect data about the Data Subject's activity on the Website.

Other sources: In some cases, we may receive Personal Data of the Data Subjects from Third Parties, such as payment service providers or marketing partners with whom we have previously interacted to provide our Services to such Data Subjects.

• Basis for Processing of Personal Data

Perfect Phygital Events is Processing Personal Data on the following legal bases:

• Consent: Where the Data Subject has given explicit Consent to Process their Personal Data.

• Performance of a contract: When Processing is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the request of the Data Subject prior to the conclusion of such a contract.

• Legal obligations: When Processing is necessary to comply with legal obligations imposed on the Perfect Phygital Events.

• Protection of Interests: When Processing is necessary to protect Your interests, such as ensuring Your safety and safeguarding Your rights when using the Premises or Website.

• Public Interest: Processing is necessary to protect public interest, including ensuring the safety and security of the Premises and complying with applicable laws and regulations.

We use Your Personal Data to operate Our Website properly and provide Our Services.

5. Processors and Co-Controllers 

   
   

Processors. Perfect Phygital Events may engage third-party companies to act as Processors of Your Personal Data. These Processors provide services such as hosting, payment processing, technical support, analytics and other operations necessary for the operation of Our Website and the provision of the Services.

Co-Controllers. In some cases, Perfect Phygital Events may work with organisations or companies that jointly determine the purposes and means of Processing Personal Data with Us. In such cases, we act as Co-Controllers with these organisations.

Cross-border data transfers. The Perfect Phygital Events may transfer Personal Data outside the UAE to countries with adequate data protection laws or under agreements requiring compliance with UAE protection standards. Transfers may also occur with the Data Subject's Consent or when necessary for contractual or legal obligations under such agreements and/or laws.

Ensuring data protection. Perfect Phygital Events takes all necessary technical and organisational measures to ensure the safety of Personal Data transferred to Processors or Co-Controllers. We regularly conduct security assessments and monitor compliance with data protection policies.

List of Processors. The following Processors may Process Personal Data:

• Google: Using Google Analytics for data analytics and activity tracking; using Google Sheets for data organisation and management. Location: USA. Data protection: Google Privacy Policy.

• Notion Labs: Using Notion for data storage and task management. Location: USA. Data protection: Notion Privacy Policy.

• UltaHost: Using UltraHost for web hosting and server management. Location: USA/UAE. Data protection: UltraHost Privacy Policy.

• Filament Essential Services: Using Filament for Data Subject interaction and content management. Location: USA. Data protection: Filament Privacy Policy.

• Sentry: Website performance monitoring and error tracking. Location: USA. Data protection: Sentry Privacy Policy.

• Automattic: Using their product WordPress for Website hosting and content management. Location: USA. Data protection: Automattic Privacy Policy.
  
  

Perfect Phygital Events reserves the right to transfer the Personal Data of the Data Subject to other Processors when necessary to provide Services and operate the Website.

List of Co-Controllers. The following Co-Controllers may determine the purposes and means of Processing Personal Data with Us:

DAOS BUSINESS CENTER L.L.C: To coordinate and manage events hosted at the DAOS BUSINESS CENTER L.L.C premises. Location: UAE. Data protection: Data sharing agreements, restricted access, encrypted data transfer.

Meta: Using Meta Ads for targeted advertising and retargeting campaigns. Location: USA. Data protection: Meta Privacy Policy.

6. Advertising and marketing

   
   

Consent to receive marketing materials. Perfect Phygital Events may send You marketing communications, promotional materials and information about Our Services if we have Your Consent. You have the right to grant or withdraw Your Consent to receive such materials at any time.

Personalised advertising. Perfect Phygital Events may use Your Personal Data to customise and personalise marketing materials according to Your preferences and interests. This includes:

• Analyzing Your interactions with Our Website and other information that helps Us offer You relevant content.

• Using Personal Data to tailor advertising, including targeted advertising on platforms like Facebook.

  
  

Right to opt-out. You have the right to withdraw from receiving marketing communications at any time by contacting Us using the contact details provided in section XIV. Contact information of this Privacy Notice. Withdrawal of Your Consent to receive marketing communications does not affect the Processing of Personal Data that was carried out prior to the withdrawal of Consent.

Retargeting. Perfect Phygital Events may use retargeting technologies to show You ads on third-party websites based on Your activity on Our Website. This may involve the use of Cookies and other technologies that collect information about Your online activities.

Marketing Platforms. Perfect Phygital Events may partner with Third Parties that are doing business as marketing platforms, such as social media or advertising networks, to deliver targeted advertising to You. These platforms may collect and use Your Personal Data in accordance with their privacy policies.

Analysing marketing effectiveness. The Perfect Phygital Events may use Your Personal Data to analyze the effectiveness of Our marketing campaigns, including:

• Measuring the success of Our advertising.

• Identifying Our audience and improving Our marketing strategies.

• Tracking Data Subjects' actions to refine campaign performance and reach.

  
  

7. Processing time of Personal Data

Perfect Phygital Events retains Personal Data only for the period necessary to fulfil the purposes for which it was collected or as required by applicable law, unless You withdraw Your Consent or exercise Your right to object to Processing as provided in Section XI. Data Subject’s rights enforcement of this document. Upon expiry of this period, the data will be deleted or anonymised unless otherwise required by law.

Personal Data shall be Processed in a form that allows for the identification of the Data Subject for no longer than it is necessary for the legitimate purposes for which such Personal Data was collected or is being Processed.

8. Transfer of Personal Data

   
   

General rules. We may transfer Your Personal Data to Processors, Co-Controllers and Third Parties on a lawful basis, by court order or by decision of a governmental authority under their respective request. 

Cross-border data transfers. Perfect Phygital Events may transfer Personal Data outside of the UAE in the following cases:

• To states or provinces that have legislation addressing Personal Data protection. This includes the most significant provisions, measures, controls, stipulations and rules related to the protection of the privacy and confidentiality of the Data Subject's Personal Data and their ability to exercise their legal rights, as well as having a judicial or regulatory authority imposing appropriate measures against the Controller or the Processor.

  
  

• To states or provinces to which the Personal Data is transferred and which have bilateral or multilateral agreements related to the protection of Personal Data concluded with the UAE.

  
  

Ensuring security. Perfect Phygital Events takes all necessary technical and organisational measures to ensure the protection of Personal Data during its transmission, including data encryption, use of secure communication channels and compliance with confidentiality requirements.

9. Data Subject’s rights

   
   

Right to Receive Information. The Data Subject has the right, by submitting a request to the Controller without any consideration, to obtain the following information:

• Types of Personal Data: The types of Your Personal Data that are being Processed.

• Purposes of Processing: The purposes for which Your Personal Data is Processed.

• Automated Decisions: Information about any decisions made based on Automated Processing, including Profiling.

• Data Sharing: The sectors or establishments with whom Your Personal Data will be shared, both inside and outside the UAE.

• Data Storage: The controls and standards governing the storage and retention periods of Your Personal Data.

• Procedures for Data Correction and Erasure: Information on how You can request correction, erasure, restriction of Processing, or objection to Your Personal Data.

• Cross-Border Data Protection: Protection measures for cross-border Processing in accordance with Articles (22) and (23) of the Federal Decree by Law Concerning the Protection of Personal Data.

• Data Breach Actions: Actions to be taken in the event of a Data Breach, especially if there is a direct and serious threat to the privacy and confidentiality of Your Personal Data.

• Complaint Submission: How to submit complaints to the Data Protection Authority.

  
  

Right to request transfer of Personal Data. The Data Subject has the right to receive their Personal Data, which has been provided to the Controller for Processing, in an orderly and machine-readable format when Processing is based on the Data Subject's Consent or necessary for the implementation of a contractual obligation and is carried out by automated means.

The Data Subject has the right to request the transfer of their Personal Data to another Controller whenever it is technically feasible.

Right to Rectification. The Data Subject has the right to request the correction of inaccurate or incomplete Personal Data held by the Controller.

Right to Erasure ("right to be forgotten"). The Data Subject has the right to request the deletion of Personal Data in the following cases:

• The Personal Data is no longer necessary for the purposes for which it was collected.

• The Data Subject withdraws their Consent, and there is no other legal ground for Processing.

• The Data Subject objects to the Processing, and there are no legitimate grounds for continuing the Processing.

• The Personal Data is being Processed unlawfully, and the deletion is necessary to comply with the applicable legislation.

  
  

Right to Restrict Processing. The Data Subject has the right to restrict the Processing of their Personal Data in the following situations:

• When the Data Subject contests the accuracy of the Personal Data, allowing time for the Controller to verify its accuracy.

• When the Processing is unlawful, but the Data Subject opposes erasure and requests restriction instead.

• When the Controller no longer needs the Personal Data for Processing, but the Data Subject requires it to establish, exercise, or defend legal claims.

  
  

Right to Object to Processing. The Data Subject has the right to object to the Processing of their Personal Data in the following cases:

• If the Processing is intended for direct marketing purposes, including profiling related to direct marketing.

• If the Processing is for conducting statistical surveys, unless it serves the public interest.

• If the Processing violates the Personal Data Processing Controls measures stipulated in Article (5) of the Federal Decree by Law Concerning the Protection of Personal Data.

  
  

Right to Prevent Automated Decision-Making. The Data Subject has the right to object to any decision based solely on Automated Processing, including Profiling, that significantly affects them, unless:

• Automated Processing is necessary for a contract between the Data Subject and the Controller.

• The Data Subject has given explicit Consent.

• Automated Processing is required by other applicable laws.

  
  

10. Data Subject’s rights enforcement

Procedure. You can enforce Your rights regarding Your Personal Data by contacting Us via means provided for in Section XIV. Contact information of this Privacy Notice.

Types of Requests. Using the Data Subject Request Form, You can make requests related to any rights provided for in Section X. Data Subject’s rights of this Privacy Notice.

Response Time. Upon receipt of Your request, We will acknowledge it and respond within 30 calendar days. In some cases, mainly if Your request is complex, We may extend this period by up to 60 calendar days. If an extension is necessary, We will notify You of the reason and the expected timeframe within the first 30 calendar days.

Costs. You can exercise Your rights free of charge. However, if Your request is manifestly unfounded or excessive due to its repetitive nature, or in other cases specified in the Federal Decree by Law Concerning the Protection of Personal Data, We may refuse to act on the request.

Identity Verification. To protect Your Personal Data, We may ask for additional information to verify Your identity before answering Your request. This is to ensure that Your Personal Data is not disclosed to unauthorized parties.

11. Protection of Personal Data

    
    

Technical security measures. Perfect Phygital Events implements state-of-the-art technical measures to ensure the security of Personal Data processed on Our Website. This includes data encryption, the use of secure data transfer protocols (SSL/TLS), multi-factor authentication for account access, and continuous network monitoring for threats.

Organisational security measures. Perfect Phygital Events has organisational measures in place to ensure confidentiality and data protection, such as restricting access to data to only those employees who need it to perform their duties, conducting regular cybersecurity training for staff, and developing data protection policies and procedures.

Data Minimization and Purpose Limitation. Perfect Phygital Events applies appropriate technical and organizational measures to ensure that the Processing of Personal Data is limited to the purpose for which it is intended.

Internal audits and risk assessments. Perfect Phygital Events conducts regular internal audits and risk assessments to ensure that Our data protection processes comply with legal requirements and best practices. Any identified threats or vulnerabilities are addressed immediately.

Notifications. In the event of a Data Breach, the Perfect Phygital Events has a clearly defined action plan, which includes immediate notification of the affected Data Subjects and relevant regulatory authorities, as well as measures to minimise the consequences of the breach.

12. Data Breach Notification

    
    

Response Team. If the Data Breach is detected, a team consisting of specialists, including external specialists, and the management of the Perfect Phygital Events will be established. The team will deal with eliminating Data Breach and/or minimizing any consequences. One of the authorized group members shall alert the Data Protection Authority about the Data Breach and, if necessary or required, the affected Data Subjects.

Notification of Personal Data Protection Authorities. We will notify the relevant Data Protection Authority within the period established by law after we become aware of a Data Breach and provide the following information:

• A description of the nature of the Data Breach, its form, causes, approximate number and records;

• Name and contact details of the Data Protection Officer;

• Potential and expected effects of the Data Breach;

• Corrective measures and actions taken or suggested by Us to confront the Data Breach and reduce its negative impacts;

•  Documents of the Data Breach and corrective actions taken by Us;

• Any other requirements required by the Data Protection Authority.

  
  

Notification of Data Subjects. If a Data Breach may lead to a violation of Your privacy and confidentiality, we will notify You of the Data Breach within the period established by law  and provide the following information:

• The nature of the Data Breach;

• Name and contact details of the responsible person from whom more information can be obtained; 

• Description of the possible consequences of the Data Breach;

• A description of the measures we have taken or proposed to take to address the Data Breach;

• Recommendations and tips to help the Data Subject reduce the risks of the Data Breach.

  
  

13. Contact information

    
    

Our contacts. You can contact Us with any questions regarding Your personal data, enforce Your Data Subject’s rights, or file a complaint by emailing Us at info@daoshub.xyz. 

Our Co-Controller's contacts. You can send an enquiry or submit a complaint to Our Co-Controllers using the available means of communication on their websites.

The Data Protection Authorities. You can send Us a request regarding Your Personal Data or file a complaint with the Data Protection Authority. The timing and procedure for responding depends on the internal policies of the Data Protection Authority.

14. Other conditions

Effective Date. This version of the Privacy Notice is effective as of the specified above date of entry into force.

Changes. We may change this Privacy Notice from time to time without Your Consent. The new version comes into force from the moment it is published on the Website.

Assignment. You cannot transfer or give away Your rights and responsibilities under this Privacy Notice without Our permission. If You try to do so, it will be invalid. We can assign Our rights and responsibilities under this Privacy Notice to other parties without asking for Your permission but with proper notification via Our Website, e-mail or other means of communication with You.

Applicable law. This Privacy Notice shall be governed and construed in accordance with the law of the Emirate of Dubai and the Federal Laws of the UAE. The relevant court of the UAE shall resolve all disputes arising in connection with this Privacy Notice or its interpretations.

Severability. If any provision of this Privacy Notice is held invalid or unenforceable, that provision will be deemed severable, and the remaining provisions will continue in full force and effect. The invalid or unenforceable provision will be replaced by a valid and enforceable provision that accomplishes the same purpose as the original provision to the extent possible.

Language. This Privacy Notice may be available in several languages for Your convenience. In case of any discrepancies between versions in different languages, the English version shall prevail.