Privacy Policy

Tomi Tickets (hereinafter referred to as “the Company,” “we,” or “us”) respects and is committed to protecting your privacy and the security of your personal data. This Privacy Policy (“Policy”) is designed to explain how we collect, use, store, protect, and share your personal data. By using the Company’s website, services, registering an account, purchasing tickets, or participating in any promotional activities, you are deemed to have read and agreed to the contents of this Policy.

In the event of any conflict between this Policy and our Terms & Conditions (“T&C”), the T&C shall prevail, except for specific clauses in this Policy regarding personal data protection. We also heed and comply with the Macao Personal Data Protection Act and other applicable international or local regulations.

1. Collection and Purpose of Data

1. Legal and Contractual Basis
   We collect and process your personal data in accordance with the Macao Personal Data Protection Act and other applicable regulations, as well as based on your consent or other legal grounds required for fulfilling orders or contracts you enter into with us (e.g., tickets, itineraries, and related services).

2. Types of Data Collected

   • Contact Information: Such as name, phone number, email address, mailing address.
   • Payment Information: Such as credit card or other payment methods (we comply with PCI DSS and relevant security standards).
   • Account Information: Such as username, password, transaction history, stored balance (e.g. “Reward Wallet”), etc.
   • Marketing & Preference Information: Such as newsletter subscriptions, promotional activities, etc.
   • Other Interaction Data: Personal data you provide through online customer service, phone calls, emails, social media, or data generated during your interaction with our website (cookies, browsing history, IP address, device information, etc.).
     
     

3. Purposes of Use

   • Order Fulfillment and Service Provision: To process ticket orders, arrange delivery or e-tickets, and provide after-sales services.
   • Customer Relationship Management: To record and track customer orders, respond to inquiries, and provide support.
   • Marketing and Promotion: To send you promotional messages, newsletters, discount offers, or event invitations (you may opt out at any time).
   • Research and Analysis: For internal market analysis, statistical research, and product or service optimization.
   • Security and Risk Management: To detect and prevent fraud or unauthorized activities and enhance the security of our website and payment systems.
   • Legal Compliance: To comply with applicable laws, court orders, or government requests, and to enforce our legitimate rights as per the T&C.

2. Methods of Data Collection

1. Data Provided Voluntarily

   • Placing orders for products or services, participating in promotions or coupon redemptions.
   • Registering an account or receiving e-receipts.
   • Subscribing to newsletters or submitting comments/surveys.
   • Engaging with us on social media or participating in online contests or promotional activities.
   • Using our customer service channels (online chat, telephone, email, postal mail).
   • Filling out forms for transactions, recruitment, or other official documents.
   • Using (or accessing) facilities with CCTV cameras.
     
     

2. Data Collected Automatically

   • Domain names, IP addresses, cookies, traffic information auto-recorded by our servers.
   • Analysis of clickstream behavior during your visit, used for internal research and deleted or anonymized after analysis.
     
     

3. Third-Party Partners

   • To fulfill orders or deliver certain services, your personal data may be collected or shared with our partners (e.g., payment service providers, logistics companies, event organizers). These partners are also subject to their respective privacy policies and data protection rules.

3. Data Storage and Retention

1. Databases and Security
   Your personal data will be securely stored in our servers or in those of entrusted service providers. We implement multiple layers of security to prevent data loss, misuse, or unauthorized access.

2. Data Retention Principle
   Unless otherwise required by law or regulation, we will only retain your personal data for as long as needed to fulfill the purposes set forth in this Policy and will securely dispose of or anonymize the data once those purposes are achieved or the retention period expires.

4. Cookies and Other Tracking Technologies

1. Use of Cookies
   To ensure the proper functioning of the website and to optimize user experience, we may store small text files (cookies) on your browser. You can configure your browser to refuse or delete some or all cookies, but this may impact certain functionalities.

2. Third-Party Analytics
   We may use services like Google Analytics or other analytics tools to gather anonymous visitor statistics in order to improve our site and marketing effectiveness. These tools do not collect personally identifiable information.

5. Data Sharing and International Transfers

1. Sharing Recipients

   • Service Providers: Third-party vendors assisting us with operations, payment processing, logistics, advertising, and marketing, or customer service.
   • Business Partners: Event organizers, venues, ticket agents collaborating with us.
   • Legal or Government Requests: When required for compliance with the law or to protect the Company’s rights, we may disclose necessary personal data to judicial or governmental authorities.

2. International Transfers
   As we conduct business globally, your personal data may be transferred to countries with different levels of data protection. We will ensure compliance with the Macao Personal Data Protection Act and other applicable laws and adopt appropriate safeguards (such as standard contractual clauses or binding corporate rules).

6. Your Rights

1. Access, Correction, and Deletion
   You may contact our customer service or designated communication channels to access, update, correct, or request deletion of your personal data. Where permitted or required by law, we may refuse requests deemed unreasonable or repeated.

2. Restriction or Objection to Processing
   Where permitted by law, you may request a restriction or object to our processing of your personal data. However, we reserve the right to continue processing when necessary (e.g., fulfilling contracts, new orders, or for lawful compliance).

3. Withdrawal of Consent
   For data processing based on your consent, you have the right to withdraw your consent at any time; such withdrawal will not affect the lawfulness of any processing carried out before the withdrawal.

4. How to Exercise
   To exercise these rights, please contact us via the information provided under “Contact Us.” We will respond within a reasonable timeframe.

7. Data Security Measures

1. Technical Safeguards
   We employ SSL/TLS encryption, database access control, anti-malware scanning, regular vulnerability assessments, and security audits to prevent unauthorized access, use, or disclosure.

2. Organizational Controls
   We have an internal data protection policy in place, granting data access only to authorized personnel and contractors who are bound by confidentiality obligations.

3. Continuous Optimization
   We regularly update and strengthen our security protocols based on threat intelligence. If a suspected security incident is detected, we will promptly initiate internal response procedures and notify users and relevant authorities as required by law.

8. Third-Party Data Collection and External Links

1. Third-Party Privacy Policies
   In certain scenarios, third parties (such as payment providers, courier services, or other partners) may directly collect personal information from you. These third parties act as independent data controllers, and you should refer to their privacy policies and data protection practices before providing your data.

2. External Website Links
   Our site may contain links to other third-party websites or services. The Company does not control these sites or services. Once you click on a link and leave our website, their privacy policies and terms govern. We accept no responsibility for any third-party websites, their content, or conduct.

9. Protection of Minors

Our services are not intentionally directed at minors (as defined by local law). Minors should only use our website or services under the consent and supervision of a legal guardian. If a guardian discovers that a minor has submitted personal data without authorization, please contact us immediately, and we will take appropriate measures.

10. Contact Us

If you have any questions regarding this Policy, our website operations, or personal data protection matters, or if you believe we have not adhered to this Policy, please contact us:

• Phone: +853 65580672
• Email: [email protected]
• Address: Rua De Pequim No.174, Centro Comercial Kuong Fat 15B, Macau
• Business Registration Number: SO96677

We will respond promptly and address your inquiries or concerns.

11. Changes to This Policy

1. Right to Amend
   We reserve the right to amend this Policy at any time without prior notice. Please review it periodically to stay informed of any updates.
2. Publication and Effect
   Any updates to the Policy will be posted on our website. By continuing to use our website or services after any changes, you signify that you agree to and accept the revised policy.