1. Introduction

Golden Extreme Group (“Golden Extreme”, “we”, “us” or “our”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, transfer, store and protect personal data when you visit our website, submit an enquiry, apply to become a distributor or supplier, or otherwise interact with us.

We process personal data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”), its Executive Regulations, and the directions of the UAE Data Office, together with any other applicable laws of the United Arab Emirates.

Please read this Privacy Policy carefully. By providing us with your personal data or using our website, you acknowledge that you have read and understood this Policy.

2. Who We Are (Data Controller)

Golden Extreme Group is the “Controller” responsible for your personal data. We are a UAE-headquartered wholesaler and distributor of tyres, automotive batteries, wheels and related automotive products, established in 2014, with branches in Deira (Dubai) and Sharjah, UAE.

• Email: info@goldenextreme.com
• Telephone: +971 4 222 9799
• Address: Deira, Dubai & Sharjah, United Arab Emirates

For all privacy-related requests and questions, please use the contact details in Section 21.

3. Definitions

• Personal Data: any data relating to an identified natural person, or one who can be identified directly or indirectly, for example by name, email address, telephone number or identification number.
• Processing: any operation performed on personal data, such as collection, storage, use, sharing, transfer or deletion.
• Data Subject: the natural person whose personal data is processed.
• Controller: the entity that determines the purpose and means of processing personal data — in this case, Golden Extreme.
• Processor: a third party that processes personal data on behalf of, and under the instructions of, the Controller.
• UAE Data Office: the federal authority responsible for supervising the application of the PDPL.

4. Scope of This Policy

This Policy applies to personal data we collect through our website, contact and partnership forms, email, telephone and in-person interactions. It does not apply to third-party websites that may be linked from our site, which are governed by their own privacy policies (see Section 19).

5. Personal Data We Collect

• Enquiry and application data: your name, company name, country/region, email address, telephone number, and the content of your message, submitted through our contact, distributor or supplier forms.
• Business information: business type, product categories of interest, markets covered, order volumes, certifications and similar details you choose to share when applying to partner with us.

• Technical and usage data: such as IP address, browser type, device information, pages viewed, referring pages and approximate region, collected through cookies and analytics tools.

We do not intentionally collect special categories of personal data (such as health, religious or biometric data) through this website. Please do not submit such data to us.

6. How We Collect Personal Data

• Directly from you when you complete a form, email us, call us, or visit a branch.
• Automatically through cookies and similar technologies when you use our website.
• From third parties such as our analytics and IT service providers, where applicable.

7. Purposes of Processing

We process personal data for the following purposes:

• To respond to your enquiries and provide the information, products or services you request.
• To assess and process distributor and supplier partnership applications.
• To manage our relationship with you, including order processing and after-sales support.
• To operate, maintain, secure and improve our website and services.
• To send you relevant business communications where you have consented or where permitted by law.
• To comply with legal, regulatory and contractual obligations.
• To detect, prevent and address fraud, security incidents and misuse.

8. Legal Basis for Processing

Under the PDPL, we process personal data only where we have a lawful basis to do so. Depending on the situation, our legal basis may be:

• Consent: you have given clear, specific, informed and unambiguous consent for one or more specific purposes (for example, marketing communications).
• Performance of a contract: processing is necessary to take steps at your request before entering into, or to perform, a contract with you (for example, handling a partnership application or order).
• Legal obligation: processing is necessary to comply with a legal obligation to which we are subject.
• Legitimate interests: processing is necessary for our legitimate interests (such as securing our website or responding to enquiries), provided these are not overridden by your rights and freedoms.
• Other lawful bases: processing is necessary to protect the vital interests of a data subject, or to carry out a task in the public interest, as permitted under the PDPL.

9. Consent and Withdrawal of Consent

Where we rely on your consent, you may withdraw it at any time by contacting us using the details in Section 21. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal, and may mean we are unable to provide certain services or respond to certain requests.

10. Cookies and Analytics

Our website uses cookies and similar technologies to make the site work, remember your preferences, and understand how visitors use the site so we can improve it. We may use privacy-respecting analytics tools that record aggregated, non-identifying usage information.

You can control or disable cookies through your browser settings. Disabling some cookies may affect how the website functions.

11. Disclosure and Sharing of Personal Data

We do not sell your personal data. We may share personal data with:

• Service providers: trusted providers (Processors) who act on our behalf — for example, email delivery, website hosting and analytics providers — under written agreements that require them to protect your data and process it only on our instructions.
• Legal and regulatory bodies: authorities, regulators or courts where required by law or to protect our legal rights.
• Business transfers: a successor entity in the event of a merger, acquisition or reorganisation, subject to this Policy.

12. Cross-Border Transfers of Personal Data

Some of our service providers may store or process personal data outside the United Arab Emirates. Where we transfer personal data abroad, we do so in accordance with Articles 22 and 23 of the PDPL, by ensuring at least one of the following:

• the destination country or territory provides an adequate level of protection for personal data, as recognised by the UAE Data Office; or
• appropriate safeguards are in place (such as contractual clauses obliging the recipient to protect the data to PDPL standards); or
• you have given explicit consent to the transfer after being informed of the possible risks; or
• the transfer is otherwise permitted under the PDPL (for example, where necessary to perform a contract or establish or defend a legal claim).

13. Data Security

In line with Article 20 of the PDPL, we implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, alteration, disclosure, loss or destruction. These measures include access controls, secure transmission, spam and bot filtering on our forms, and limiting access to personal data to those who need it. No method of transmission over the internet is completely secure, however, and we cannot guarantee absolute security.

14. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, contractual or reporting requirements. When personal data is no longer needed, we securely delete or anonymise it.

15. Your Rights Under the PDPL

Subject to the conditions and exceptions in the PDPL, you have the following rights in respect of your personal data:

• Right to be informed: about how your personal data is collected and processed.
• Right of access: to obtain confirmation of, and a copy of, the personal data we hold about you.
• Right to rectification: to have inaccurate or incomplete personal data corrected or updated.
• Right to erasure: to request deletion of your personal data in certain circumstances.
• Right to restrict processing: to request that we limit the processing of your personal data in certain circumstances.
• Right to stop processing: to request that we stop processing your personal data, including for direct marketing.
• Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and to have it transferred to another controller where technically feasible.
• Right regarding automated processing: to object to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
• Right to complain: to lodge a complaint with the UAE Data Office (see Section 21).

16. How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 21. We may ask you to verify your identity before acting on a request. We will respond to legitimate requests within the timeframes required by the PDPL. Exercising these rights is free of charge, although we may charge a reasonable fee or decline to act on requests that are manifestly unfounded or excessive, as permitted by law.

17. Personal Data Breach Notification

In the event of a personal data breach that poses a risk to the privacy, confidentiality or security of your personal data, we will notify the UAE Data Office and, where required, affected data subjects in accordance with the PDPL. Our notification will describe the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address it.

18. Children’s Privacy

Our website and services are intended for businesses and adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us so we can delete it.

19. Third-Party Links

Our website may contain links to third-party websites (such as map services, social media and partner brands). We are not responsible for the privacy practices or content of those websites. We encourage you to review their privacy policies.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website, with the effective date shown at the top. Material changes will be communicated where appropriate.

21. Contact Us and Complaints

If you have any questions, requests or complaints about this Privacy Policy or how we handle your personal data, please contact us:

• Email: info@goldenextreme.com
• Telephone: +971 4 222 9799
• Post: Golden Extreme Group, Deira, Dubai & Sharjah, United Arab Emirates

If you are not satisfied with our response, you have the right to lodge a complaint with the UAE Data Office, the federal supervisory authority for personal data protection in the United Arab Emirates.

22. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its Executive Regulations.