Privacy Policy

Last updated: April 2026

Effective date of PDPO compliance: January 2026

This Privacy Policy explains how CNTA Company (“we”, “us”, “CNTA”) collects, uses, stores, and protects your personal data. It applies to all users of cnta.company – whether you’re buying tickets or listing events.

We are committed to complying with the Personal Data Protection Order 2025 (PDPO) of Brunei Darussalam, enforced by the Authority for Info-communications Technology Industry (AITI).

1. Who We Are

CNTA Company

Registered in Brunei Darussalam

Email: policies@cnta.company

We are the data controller for personal data collected through cnta.company.

2. What Data We Collect and Why

We only collect data we actually need. Here’s exactly what we collect and why:

DataWhy We Collect It
Full nameTo issue tickets and verify identity at events
Email addressTo send your ticket, booking confirmation, and event updates
Phone numberTo contact you about urgent event changes
Payment informationProcessed by our licensed payment gateway providers – we do not store full card details
Event booking historyTo manage your orders and provide customer support
Device and browser data (via cookies)To make the website work properly

We do not collect other sensitive personal data (e.g. religion, health, race) and we do not intentionally collect data from children underaged children without parental consent.

3. Legal Basis for Processing

We process your data because:

  • It is necessary to fulfil our contract with you (delivering your ticket and managing your booking), or
  • We have a legitimate interest in operating and improving our platform, or
  • You have given explicit consent where required (e.g. marketing communications)

4. How We Use Your Data

We use your data to:

  • Process your ticket purchase and send you your digital ticket
  • Send you booking confirmations and event reminders
  • Handle support requests
  • Comply with our legal obligations under Brunei law
  • Improve our platform and user experience (aggregated, anonymised analytics only)

We will not:

  • Sell your data to any third party
  • Use your data for advertising or marketing beyond CNTA’s own events (unless you opt in)
  • Share your data internationally unless required by law or to fulfil your booking

5. Who We Share Your Data With

We share limited data with:

  • Event organisers — we provide them with the attendee list (name, email, ticket information) for events you have booked. This is necessary to allow entry to the event.
  • Payment processors — your payment data is handled by our licensed payment gateway. They process transactions under their own privacy policies.
  • Regulatory authorities — if required by Brunei law (e.g. AITI, BDCB, FIU, or law enforcement with lawful authority).

We do not share your data with any other third parties without your explicit consent.

6. How Long We Keep Your Data

Data TypeRetention Period
Booking and transaction records7 years (required for tax and financial compliance under Brunei law)
Account informationUntil you request deletion or close your account
Support and complaint records3 years
Analytics data (anonymised)Indefinitely (as it cannot identify you)

When retention periods expire, we securely delete or anonymise your data.

7. Your Rights Under PDPO 2025

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — ask us to correct inaccurate or incomplete data
  • Deletion — request that we delete your data (subject to our legal retention obligations)
  • Withdrawal of consent — where we rely on consent to process your data, you can withdraw it at any time
  • Data portability — request your data in a commonly used format

To exercise any of these rights, email us at policies@cnta.company. We will respond within 30 days.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS) across our website
  • Restricted access to personal data within our team
  • Secure handling of payment data through licensed processors only

We do not store full payment card details on our servers.

9. Data Breach Notification

In the event of a data breach that may affect your personal data, we will:

  • Contain and assess the breach as quickly as possible
  • Notify AITI as required under the PDPO 2025 if the breach is notifiable
  • Notify affected users where required by law or where we determine it is in your interests to do so

10. Cookies

Our website uses cookies to:

  • Keep you logged in during a session
  • Remember your cart
  • Measure site traffic (anonymised analytics)

You can disable cookies in your browser settings, though some parts of the site may not work properly if you do.

11. Transfer of Data Outside Brunei

If your data is processed by any third-party service (such as our payment processor or email delivery service) that operates outside Brunei Darussalam, we ensure appropriate safeguards are in place as required under PDPO 2025.

12. Changes to This Policy

We may update this policy when our practices change or when the law requires it. We will post the updated policy on this page with a new “Last updated” date. For significant changes, we will notify you by email.

13. Contact Us

For any privacy-related questions, requests, or complaints:

Email: policies@cnta.company
Subject line: Privacy Enquiry

If you are not satisfied with our response, you have the right to lodge a complaint with AITI as the responsible authority under PDPO 2025.

CNTA Company is registered in Brunei Darussalam.

This policy complies with the Personal Data Protection Order 2025 (S 1/2025).

Join Waitlist We will inform you if we open up more tickets for this event.