Skip to main content

    Privacy Policy

    Issued by CaribraConnect Technology Ltd, trading as TiketCaribbean | Last updated: 13th March 2026

    1. Introduction and Scope

    This Privacy Policy ("Policy") describes how TiketCaribbean, operated by CaribraConnect Technology Ltd ("TiketCaribbean," "we," "us," or "our"), collects, uses, stores, shares, and protects personal data when you access or use our online event ticketing marketplace ("Service").

    This Policy applies to all Users of the Service, including event attendees, event organisers, and any individuals who register an account, make a purchase, or contact our support team. By using the Service, you acknowledge that you have read and understood this Policy.

    CaribraConnect Technology Ltd is incorporated in the Republic of Trinidad and Tobago and is also registered in Scotland. TiketCaribbean operates as a global marketplace connecting event organisers and attendees, with a primary focus on Caribbean events and communities, and operations in the United Kingdom and internationally.

    This Policy is designed to meet the requirements of the Data Protection Act of Trinidad and Tobago and, in respect of users in the United Kingdom, the UK General Data Protection Regulation (UK GDPR) as retained in domestic law by the Data Protection Act 2018 (UK). We are in the process of registering with the Information Commissioner's Office (ICO) in connection with our UK operations. In respect of users in the European Union, we also apply the principles of the EU General Data Protection Regulation (EU GDPR).

    2. Definitions

    For the purposes of this Policy, the following definitions apply:

    • "Personal Data" means any information relating to an identified or identifiable natural person.
    • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
    • "Data Controller" means the entity that determines the purposes and means of processing Personal Data. CaribraConnect Technology Ltd is the Data Controller for Personal Data processed through the Service.
    • "Data Processor" means any third party that processes Personal Data on behalf of the Data Controller.
    • "Organiser" means any individual or entity that creates and manages event listings on the Service.
    • "Attendee" means any individual who purchases or attempts to purchase a ticket through the Service.
    • "User" means any individual accessing the Service, including Organisers, Attendees, and visitors.
    • "KYC" refers to Know Your Customer verification processes used to confirm the identity of Organisers.
    • "Payment Provider" means a licensed third-party payment processor used in connection with the Service, such as WiPay or Stripe.

    3. Categories of Personal Data Collected

    We may collect the following categories of Personal Data depending on how you interact with the Service:

    All Users

    • Full name
    • Email address
    • Phone number
    • IP address and approximate geographic location (country and city level only)
    • Device type, browser type, and operating system
    • Usage data, session logs, and interaction analytics
    • Authentication data (session tokens, OAuth tokens)
    • Communications submitted to customer support

    Attendees (Ticket Purchasers)

    • Billing name and billing address
    • Payment transaction references and receipts (provided by the Payment Provider)
    • Ticket order history and event attendance records

    Organisers

    • Business or individual contact details
    • Bank account or payout details (held by Payment Provider)
    • Government-issued identification documents (for KYC verification, where applicable)
    • Facial verification data (processed by a third-party KYC provider, where applicable)
    • Event listing information, including event description, images, and pricing

    Important: TiketCaribbean does not store full payment card numbers, CVV codes, or sensitive authentication data. All payment card data is collected and processed exclusively by the Payment Provider and is subject to their privacy policies and PCI-DSS compliance obligations.

    4. How Personal Data Is Collected

    We collect Personal Data through the following means:

    • Account registration: when you create an account, including via OAuth providers such as Google;
    • Event participation: when Attendees purchase tickets or Organisers create event listings;
    • Transactions: when payment is processed through a Payment Provider (transaction references only);
    • Customer support: when you submit queries, complaints, or feedback to our support team;
    • Automated technologies: cookies, local storage, analytics tools, and server logs as you interact with the Service;
    • Third-party sources: authentication providers (e.g. Google OAuth), KYC verification providers, and fraud prevention services;
    • IP geolocation: approximate country and city data derived from IP address at the time of registration for market analytics purposes. We do not store raw IP addresses for marketing purposes.

    5. Legal Basis for Processing

    We process Personal Data on the following legal bases:

    • Performance of a contract: processing necessary to provide the Service, including account creation, ticket purchase facilitation, and event management;
    • Legitimate interests: processing necessary for our legitimate business interests, such as fraud prevention, platform security, usage analytics, and service improvement, provided such interests are not overridden by your rights;
    • Consent: where you have freely given specific and informed consent, such as for marketing communications or non-essential analytics cookies;
    • Legal obligation: where processing is required to comply with applicable law, regulatory requirements, or court orders.

    Where we rely on consent as a legal basis, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

    6. How We Use Personal Data

    We use Personal Data for the following purposes:

    • To create and manage your account and authenticate your identity;
    • To facilitate ticket purchases, event listings, and payment processing;
    • To communicate essential information about your account, transactions, and the Service;
    • To process and facilitate Organiser payouts via the Payment Provider;
    • To conduct KYC verification for Organisers as required by our compliance obligations;
    • To detect, investigate, and prevent fraudulent activity, misuse, and security incidents;
    • To analyse usage patterns and improve the functionality and user experience of the Service;
    • To send marketing communications where you have opted in;
    • To respond to customer support queries and resolve disputes;
    • To comply with applicable legal and regulatory obligations;
    • To conduct internal reporting, business planning, and market analysis using aggregated and anonymised data.

    7. Data Sharing with Third Parties

    We do not sell, rent, or trade your Personal Data. We share Personal Data only in the following circumstances and with the following categories of recipients:

    • Payment Providers: WiPay, PowerTranz, or other licensed payment processors, for the purpose of processing transactions and facilitating Organiser payouts;
    • Hosting and Infrastructure Providers: cloud and database hosting services used to store and operate the Service (e.g. Supabase);
    • Authentication Providers: third-party OAuth services (e.g. Google) used for account login;
    • Email Service Providers: transactional and marketing email delivery providers (e.g. Zoho Mail);
    • Analytics Tools: usage analytics and performance monitoring services, where enabled;
    • KYC and Identity Verification Providers: third-party identity verification services used to verify Organiser identity where required;
    • Security and Fraud Prevention Services: CAPTCHA and bot protection services (e.g. Cloudflare Turnstile);
    • Legal and Regulatory Authorities: where required by law, court order, or regulatory obligation;
    • Professional Advisers: lawyers, auditors, or consultants bound by duties of confidentiality where necessary to protect our legal rights.

    All third-party Data Processors are required by contract to process Personal Data only on our instructions, to implement appropriate security measures, and to comply with applicable data protection law.

    8. International Data Transfers

    Your Personal Data may be transferred to, stored in, or processed in countries outside the Republic of Trinidad and Tobago, including countries where our hosting providers, payment processors, or other service providers operate.

    Where Personal Data is transferred to countries that do not provide an equivalent level of data protection, we implement appropriate safeguards to ensure your data remains protected, including:

    • Standard Contractual Clauses approved under applicable data protection law;
    • Data processing agreements with third-party processors that include binding data protection obligations;
    • Transfers to jurisdictions recognised as providing adequate data protection by relevant authorities.

    By using the Service, you acknowledge that your Personal Data may be processed internationally in accordance with this Policy.

    9. Data Retention

    We retain Personal Data for as long as is necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law or is otherwise justified by our legitimate interests. Factors we consider when determining retention periods include:

    • The duration of your relationship with TiketCaribbean and whether your account remains active;
    • Our legal obligations to retain records for taxation, regulatory, or compliance purposes;
    • The period necessary to resolve disputes, enforce agreements, or defend legal claims;
    • Industry best practice standards applicable to marketplace platforms.

    KYC verification data is retained only for as long as required by applicable anti-money laundering and identity verification obligations, and is deleted promptly thereafter. Upon account closure, we will delete or anonymise your Personal Data within a reasonable timeframe, subject to any legal retention obligations.

    Notification and Privacy Preference Data: Your notification and privacy preferences are stored as part of your user account and are retained for as long as your account remains active. Upon account deletion, all preference data is removed as part of the deletion process. Transactional email history may be retained separately for legal and compliance purposes for up to seven (7) years.

    10. Data Security

    We implement appropriate technical and organisational security measures to protect Personal Data from unauthorised access, loss, misuse, disclosure, alteration, or destruction. Our security measures include:

    • Encryption of data in transit using TLS/HTTPS protocols;
    • Encryption of sensitive data at rest;
    • Access controls limiting Personal Data access to authorised personnel only;
    • CAPTCHA and bot protection mechanisms to prevent automated abuse;
    • Regular review of security practices and third-party processor compliance;
    • Secure authentication mechanisms including multi-factor authentication where available.

    Notwithstanding the above, no method of transmission over the internet or electronic storage system is completely secure. We cannot guarantee absolute security of your Personal Data and you use the Service at your own risk in this regard.

    11. Your Rights

    Subject to applicable data protection law, you may have the following rights in relation to your Personal Data:

    • Right of Access: to obtain confirmation of whether we process your Personal Data and to receive a copy of it;
    • Right to Rectification: to request correction of inaccurate or incomplete Personal Data;
    • Right to Erasure: to request deletion of your Personal Data where it is no longer necessary for the purpose it was collected, or where you withdraw consent (subject to legal retention obligations);
    • Right to Restrict Processing: to request that we limit the processing of your Personal Data in certain circumstances;
    • Right to Data Portability: to receive your Personal Data in a structured, commonly used, and machine-readable format;
    • Right to Object: to object to processing based on legitimate interests or for direct marketing purposes;
    • Right to Withdraw Consent: where processing is based on consent, to withdraw that consent at any time.

    To exercise any of these rights, please contact us using the 'Contact Support' button in our footer. We will respond within the timeframe required by applicable law and may request verification of your identity before processing your request. We will not charge a fee for reasonable requests.

    If you are located in the United Kingdom and are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. If you are located in the European Union, you may complain to your relevant national data protection supervisory authority.

    12. Cookies and Tracking Technologies

    We use cookies and similar tracking technologies to operate, secure, and improve the Service. The categories of cookies we use are as follows:

    • Strictly Necessary Cookies: essential for the operation of the Service, including session management, authentication, and security functions (e.g. CSRF protection). These cannot be disabled without impairing core Service functionality.
    • Analytics Cookies: used to collect anonymised usage data to understand how Users interact with the Service and to make improvements (e.g. Google Analytics, where enabled). These are only set with your consent.
    • Security Cookies: used in connection with bot protection and fraud prevention tools (e.g. Cloudflare Turnstile).
    • Local Storage: used for rate limiting, session state, and temporary registration data on your device.

    You may manage your cookie preferences through your browser settings at any time. Disabling strictly necessary cookies may prevent you from accessing certain areas of the Service. Where required by law, we will seek your consent before setting non-essential cookies.

    13. Children's Data

    The Service is accessible to users aged thirteen (13) and over. Users between the ages of 13 and 18 must have the consent of a parent or legal guardian to use the Service and to enter into any transactions.

    We do not knowingly collect Personal Data from children under the age of 13 without verifiable parental consent. If we become aware that Personal Data has been collected from a child under 13 without appropriate consent, we will take prompt steps to delete that data from our systems.

    If you are a parent or guardian and believe your child has provided Personal Data to us without your consent, please contact us immediately using the 'Contact Support' button in our footer.

    14. Communications & Notifications

    We may contact you in the following ways depending on your preferences and the nature of the communication. You can manage all notification preferences at any time via Settings > Preferences.

    14.1 Transactional Communications (Email Notifications)

    We send you essential operational communications related to your account and activity on TiketCaribbean. These include:

    • Booking confirmations and ticket receipts;
    • Event reminders for events you have purchased tickets for;
    • Cancellation and refund notifications;
    • Password reset and email verification messages;
    • Account security alerts (e.g. suspicious login attempts, password changes);
    • Important account updates (e.g. changes to our terms of service).

    Legal Basis: Contractual necessity — these communications are required to fulfil the services you have requested.

    Your Control: You may toggle transactional email notifications via Settings > Preferences > Email Notifications. Certain critical security and account-related emails (e.g. password resets, verification codes) cannot be disabled.

    14.2 Push Notifications

    With your device or browser permission, we may send push notifications including:

    • Event reminders (e.g. 24 hours and 1 hour before an event);
    • Booking confirmations (immediate);
    • Organiser announcements from organisers you follow;
    • Event cancellation or change alerts;
    • New events from organisers you follow.

    Legal Basis: Consent — push notifications require your explicit permission at the operating system or browser level.

    Your Control: You may disable push notifications at any time via Settings > Preferences > Push Notifications, or through your device or browser settings.

    14.3 Marketing & Promotional Communications

    With your explicit consent, we may send you marketing and promotional emails including:

    • Weekly or monthly event newsletters;
    • Featured events and promotions in your area;
    • Discount codes and special offers;
    • Curated event recommendations based on your browsing and purchase history;
    • Platform updates and new feature announcements;
    • Seasonal event guides.

    Legal Basis: Consent — we will only send marketing emails if you have explicitly opted in (e.g. by selecting "I'd like to receive event recommendations and updates via email" during registration).

    Your Control: You may opt in or out of marketing emails at any time via Settings > Preferences > Marketing Emails, or by clicking the "Unsubscribe" link in any marketing email. Opting out does not affect transactional communications.

    Default: Marketing emails are disabled by default. You will not receive them unless you actively opt in.

    14.4 SMS / Text Notifications

    With your consent, we may send you SMS text messages including:

    • Event reminders via text message;
    • Ticket delivery via SMS.

    Legal Basis: Consent — SMS notifications require your explicit opt-in.

    Your Control: You may enable or disable SMS notifications via Settings > Preferences > SMS Notifications. Standard messaging rates from your carrier may apply.

    Default: SMS notifications are disabled by default.

    14.5 Event Update Notifications

    When you purchase tickets for an event, you may receive notifications about changes to that event, including:

    • Venue changes (new location or address);
    • Date and time changes (rescheduled events);
    • Event cancellations;
    • Important organiser updates about events you are attending.

    Legal Basis: Contractual necessity / Legitimate interest — these updates are directly related to services you have purchased.

    Your Control: You may toggle event update notifications via Settings > Preferences > Event Update Notifications.

    Default: Event update notifications are enabled by default.

    14.6 Organiser-Initiated Notifications

    Event organisers you follow may send announcements through the TiketCaribbean platform. These are delivered via our in-app notification feed and respect your push notification and email notification preferences.

    Your Control:

    • You may unfollow an organiser to stop receiving their notifications;
    • You may block an organiser's notifications without unfollowing;
    • Push and email delivery of organiser notifications respects your Push Notifications and Email Notifications settings.

    15. Privacy & Data Preferences

    You have granular control over how we use your data for personalisation and sharing purposes. All privacy preferences can be managed at any time via Settings > Privacy.

    15.1 Contact Sharing with Organisers

    You may choose whether to share your contact information (email address, phone number) with event organisers after purchasing tickets. Where enabled, your details will be shared solely for the purpose of event-related communications from that organiser.

    Your Control: Toggle via Settings > Privacy > Share Contact with Organisers.

    Default: Contact sharing is disabled by default. Organisers will not receive your personal contact details unless you explicitly enable this.

    15.2 Personalised Event Recommendations

    We may use your browsing history, purchase history, and event interests to generate personalised event recommendations on the platform, including "Recommended for you" sections and personalised homepage content. Data used includes pages viewed, events browsed, tickets purchased, and event categories of interest.

    Your Control: Toggle via Settings > Privacy > Allow Event Recommendations.

    Default: Event recommendations are enabled by default. You may disable this at any time, in which case you will see non-personalised content.

    15.3 Purchase History Visibility

    You may choose whether your event attendance and purchase history is visible on your public profile, including events attended, events planned, and any reviews or ratings you have submitted.

    Your Control: Toggle via Settings > Privacy > Show Purchase History.

    Default: Purchase history visibility is disabled by default. Your purchase history is private unless you choose to make it visible.

    15.4 Data Analytics & Platform Improvement

    With your consent, we may use your data to improve the TiketCaribbean platform. This includes anonymised usage data for product decisions, behaviour analytics via tools such as Google Analytics, participation in A/B testing, and aggregated de-identified data shared with partners for market research.

    Legal Basis: Consent (GDPR) / Legitimate interest (where applicable).

    Your Control: Toggle via Settings > Privacy > Share Data for Analytics.

    Default: Analytics data sharing is disabled by default. Enabling this helps us improve the platform but is entirely optional.

    15.5 Location-Based Event Discovery

    With your permission, we may use your location data to suggest nearby events and provide distance-based search results. We use your device's GPS or browser geolocation (when granted), or your registered country or region, for "Events near you" recommendations, distance calculations, and regional event filtering.

    Your Control: Toggle via Settings > Privacy > Allow Location-Based Events. You may also deny location access at the operating system or browser level.

    Default: Location-based events are enabled by default, subject to device-level permission.

    16. Default Notification & Privacy Settings

    The following table summarises the default state of each preference when a new account is created on TiketCaribbean:

    SettingDefaultRequires Consent
    Email Notifications (transactional)EnabledNo (contractual necessity)
    Push NotificationsEnabledYes (device-level)
    Marketing EmailsDisabledYes (explicit opt-in)
    SMS NotificationsDisabledYes (explicit opt-in)
    Event Update NotificationsEnabledNo (legitimate interest)
    Share Contact with OrganisersDisabledYes (explicit opt-in)
    Event RecommendationsEnabledNo (legitimate interest)
    Purchase History VisibilityDisabledYes (explicit opt-in)
    Analytics Data SharingDisabledYes (explicit opt-in)
    Location-Based EventsEnabledYes (device-level)

    Your notification and privacy preferences are stored as part of your user account and retained for as long as your account is active. Upon account deletion, all preference data is removed as part of that process. Transactional email history may be retained for legal and compliance purposes for up to seven (7) years.

    You have the right to access and modify any preference at any time — changes take effect immediately. You may also withdraw consent for marketing or analytics processing at any time, and request export or deletion of your preference data as part of a data subject request.

    17. Organiser Data and KYC Verification

    As a marketplace platform, TiketCaribbean may require Organisers to undergo identity verification (KYC) processes to comply with applicable anti-fraud and financial integrity requirements. KYC verification may involve the collection of:

    • Government-issued photographic identification documents;
    • Proof of address documentation;
    • Facial verification data, processed by a licensed third-party KYC provider.

    KYC data is processed exclusively for the purpose of identity verification and fraud prevention. TiketCaribbean uses third-party KYC providers bound by contractual data protection obligations. We do not retain KYC documentation beyond the period required for verification and any applicable legal retention obligation.

    Organisers who independently collect Personal Data from Attendees through the Service (for example, through custom event registration forms) assume independent data controller responsibilities for that data and must comply with applicable data protection laws.

    18. Data Breach Procedures

    In the event of a Personal Data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

    • Conduct an immediate internal investigation to assess the nature and scope of the breach;
    • Notify the relevant supervisory authority within the timeframe required by applicable law (72 hours under GDPR standards where applicable);
    • Notify affected individuals without undue delay where the breach poses a high risk to their rights and freedoms;
    • Document the breach, its effects, and the remedial measures taken.

    We maintain internal data breach response procedures and conduct regular reviews to minimise the likelihood and impact of security incidents.

    19. Cross-Border Compliance

    CaribraConnect Technology Ltd is incorporated in the Republic of Trinidad and Tobago and is also registered in Scotland. This Policy is designed in compliance with the Data Protection Act of Trinidad and Tobago and, for users in the United Kingdom, the UK GDPR and Data Protection Act 2018.

    For our United Kingdom operations, this Policy complies with the principles of the UK GDPR, including lawfulness, fairness and transparency of processing; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability. We also apply these principles in anticipation of further expansion into EU markets, where the EU GDPR would additionally apply.

    As a company registered in Scotland, we are directly subject to UK GDPR obligations. Where we are required to appoint an EU representative under EU GDPR obligations following commercial launch in EU territories, we will do so and update this Policy accordingly.

    20. Community Voices & User-Submitted Content Data

    This section describes how we process personal data in connection with the Community Voices feature, which allows Users to submit event listings, apply to become Community Voice contributors, and publish content on the platform.

    20.1 Data Collected Through Community Submissions

    When you submit an event listing or apply to become a Community Voice contributor, we collect the following additional categories of data:

    • Event Submissions: Event name, description, date, time, location (country, city, venue), category, event link URL, contact email, contact phone number (optional), price information, and cover image.
    • Community Voice Applications: Display name, email address, country, city, content type preferences, biographical information, sample work URL (optional), social media URL (optional), and motivation statement.
    • Published Content: Any articles, reviews, photographs, videos, or other media you submit for publication through the Community Voices programme.

    20.2 Legal Basis for Processing

    We process Community Voices data on the following legal bases:

    • Consent: You voluntarily submit information through the Community Voices feature and consent to its processing when you agree to the community guidelines at the point of submission.
    • Legitimate Interest: We have a legitimate interest in reviewing submissions for quality control, platform safety, and content moderation.
    • Contractual Necessity: Processing is necessary for the performance of the Terms of Service, which govern your use of the Community Voices feature.

    20.3 How This Data Is Used

    Community Voices data is used for the following purposes:

    • Reviewing and moderating submitted event listings and contributor applications;
    • Publishing approved content on the TiketCaribbean platform;
    • Communicating with you about the status of your submissions or applications;
    • Preventing fraud, spam, and abuse of the submission system;
    • Complying with legal obligations, including responding to takedown requests or intellectual property claims.

    20.4 Public Visibility

    Please be aware that approved Community Content — including your display name, submitted text, images, and associated metadata — will be publicly visible on the TiketCaribbean platform. Contact email addresses and phone numbers provided in event submissions are used internally for verification and moderation purposes, and will not be publicly displayed unless you explicitly include them in the event description.

    20.5 Data Retention for Community Content

    Approved Community Content is retained for as long as it remains published on the platform. Rejected or withdrawn submissions are retained for up to twelve (12) months for audit and dispute resolution purposes, after which they are permanently deleted. Community Voice applications (whether approved or rejected) are retained for up to twenty-four (24) months before deletion.

    20.6 Your Rights Regarding Community Content Data

    In addition to the general data rights set out in Section 11 of this Policy, you have the right to:

    • Request removal of published Community Content you have submitted;
    • Request deletion of your Community Voice application data;
    • Withdraw your consent for future use of submitted content (noting that this does not affect the lawfulness of processing prior to withdrawal).

    To exercise these rights, please contact us using the 'Contact Support' feature on our website.

    21. Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or the expansion of our services. The "Last Updated" date at the top of this page indicates when the Policy was most recently revised.

    Where changes are material, we will notify you by:

    • An in-app notification displayed when you next log in;
    • Email, if you have email notifications enabled;
    • A prominent notice on our website prior to the changes taking effect.

    Your continued use of the Service after changes become effective constitutes your acceptance of the updated Policy.

    We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

    22. Contact and Data Protection Enquiries

    If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your Personal Data, please contact us using the 'Contact Support' button in the footer of the website.

    For formal data protection correspondence, please address communications to:

    CaribraConnect Technology Ltd
    Republic of Trinidad and Tobago

    Office 2/3, 48 West George Street
    Glasgow, Scotland
    United Kingdom, G2 1BP

    Trading as TiketCaribbean

    CaribraConnect Technology Ltd is incorporated in the Republic of Trinidad and Tobago (Company Registration Number: C2025101100002) and is also registered in Scotland (Companies House Number: SC889839). UK Registered Office: 48 West George Street, Glasgow G2 1BP, United Kingdom. ICO Registration Number: [To be confirmed upon ICO registration].

    We are committed to resolving any concerns about your Personal Data promptly and in accordance with applicable law.