Privacy Policy

1. Information We Collect

Golden Ark Reserve collects Personal Data in connection with website operation, inquiry handling, client onboarding, contractual engagement, compliance controls, and ongoing relationship management. Personal Data may also be collected in connection with bullion holding arrangements executed via licensed third-party operators and associated documentation outputs and recordkeeping.

The categories of Personal Data collected depend on the interaction type, the information requested, onboarding requirements, contractual scope, and applicable legal and compliance requirements.

1.1 Information You Provide Voluntarily

Golden Ark Reserve may collect Personal Data provided by a user or prospective client when submitting inquiries, requesting information, initiating onboarding, entering into contractual arrangements, or communicating through agreed channels. Information may include:

Contact and identification data: full name, business address, email address, telephone number, professional title, and affiliation.
Corporate data: legal entity name, registration details, jurisdiction of incorporation, business activities, ownership structure, and authorised representatives.
Verification and due diligence data: identification documents, proof of address, corporate formation documents, shareholder and director information, signatory evidence, and mandate documentation.
Beneficial ownership and control data: ultimate beneficial owners, directors, officers, and authorised signatories.
Compliance declarations: sanctions status, PEP declarations, source of funds and source of wealth information, and other confirmations required for AML/KYC and ongoing monitoring.
Instruction and recordkeeping data: reporting preferences, documentation preferences, and instruction-related communications connected to holding, release, transfer, or delivery coordination workflows where applicable.
Communications: emails, messages, and other correspondence submitted through agreed channels; call records where enabled and permitted by applicable law and internal controls.

Provision of certain Personal Data is required to complete onboarding, satisfy compliance controls, enter into contractual arrangements, or process instruction-related requests. Required data categories are determined by the onboarding scope and applicable compliance requirements.

1.2 Information Collected Automatically

When accessing the website or using online features, Golden Ark Reserve may collect technical and usage information through standard technologies and security logging. Information may include:

Technical identifiers: IP address, browser type and version, device type, operating system, language settings, and referring URLs.
Usage and interaction data: pages accessed, timestamps, navigation paths, session duration, and interaction events.
Log and security data: access logs, authentication events, error logs, and security monitoring records created for operational integrity, auditability, and fraud prevention.
Cookies and similar technologies: preferences, session management, analytics, and functionality data, as described in the Cookies section of this Policy.

This information supports secure operation, performance monitoring, incident response, and integrity controls.

1.3 Information from Third Parties

Golden Ark Reserve may obtain Personal Data from third parties to support onboarding, compliance controls, record verification, and operational administration. Sources may include:

Identity verification and screening providers: identity checks, sanctions and PEP screening outputs, risk assessments, and ongoing monitoring results.
Public and commercial registries: corporate registry extracts and publicly available information relevant to due diligence.
Risk intelligence and compliance databases: screening and monitoring datasets used for verification and risk controls.
Professional advisers and service providers: legal, accounting, audit, compliance, and consulting providers acting under engagement and confidentiality terms.
Technology and infrastructure providers: hosting, email, security, analytics, and CRM systems processing data under instructions and contractual safeguards.
Operational counterparties: counterparties and licensed third-party operators involved in instruction execution workflows where applicable, limited to the data required to process the relevant step.

Personal Data obtained from third parties may be verified and reconciled against information provided by the data subject to maintain accuracy and compliance integrity.

2. How We Use Personal Information (H2)

Golden Ark Reserve processes Personal Data for specified and legitimate purposes connected to website operation, inquiry handling, client onboarding, contractual engagement, compliance controls, and recordkeeping required for bullion holding workflows executed via licensed third-party operators.

Personal Data is processed to the extent necessary to perform agreed activities, apply compliance gates, maintain operational integrity, and produce documentation outputs and records associated with the relevant relationship or instruction.

2.1 Inquiry Handling and Pre-Contractual Communications (H3)

Personal Data is processed to receive and respond to inquiries, provide requested information, and assess whether a prospective client fits onboarding and eligibility criteria.

Personal Data is processed to communicate with prospective clients about required onboarding steps, required documents, and instruction handling channels.

2.2 Onboarding, Compliance Gates, and Relationship Administration (H3)

Personal Data is processed to execute onboarding and ongoing compliance controls that include AML/KYC, sanctions screening, beneficial ownership verification where applicable, and source of funds and source of wealth checks where applicable.

Personal Data is processed to record authorised signatories, mandates, and instruction validation rules used to validate instruction requests.

Personal Data is processed to maintain relationship records required for operational continuity, auditability, and lawful cooperation where required.

2.3 Contractual Performance and Recordkeeping for Bullion Holding Workflows (H3)

Personal Data is processed to enter into and perform contractual arrangements and to administer instruction handling and documentation outputs connected to bullion holding workflows executed via licensed third-party operators.

Personal Data is processed to maintain operational record sets that may include allocation-related records, instruction logs, reporting preferences, and evidence outputs issued through agreed channels.

Personal Data is processed to coordinate instruction-related steps for release, transfer, or delivery workflows where applicable, subject to validated authorisation and applicable operational cut-offs.

Personal Data is processed to confirm completion status of contractual payment confirmation steps associated with an instruction or transaction where applicable.

2.4 Security, Integrity Controls, and Fraud Prevention (H3)

Personal Data is processed to operate security controls, access management, logging, and audit trails required to protect systems and prevent unauthorised activity.

Personal Data is processed to detect and investigate misuse, fraud, and unauthorised access attempts and to maintain incident response capabilities.

2.5 Analytics, Performance Monitoring, and Service Quality Controls (H3)

Personal Data is processed to monitor website performance, diagnose technical issues, and improve reliability and security controls.

Analytics are executed on aggregated or de-identified data where feasible.

Personal Data may be included in analytics inputs where required for security monitoring, abuse prevention, and operational integrity controls.

2.6 Communications, Notices, and Legal Process Handling (H3)

Personal Data is processed to send contractual and operational notices, compliance notices, policy updates, and administrative communications through agreed channels.

Personal Data is processed to establish, exercise, or defend legal claims and to respond to lawful requests from courts, regulators, law enforcement agencies, or other competent authorities, including tax authorities, where disclosure is required or permitted by applicable law.

Marketing communications are processed only where a lawful basis applies and where required consent or opt-out mechanisms are applied under applicable law.

3. Legal Basis for Processing

Golden Ark Reserve processes Personal Data only where a valid legal basis applies under the data protection laws relevant to the processing activity and the data subject.

The legal basis applied depends on the relationship stage (inquiry, onboarding, contractual engagement, ongoing administration) and the processing purpose (compliance gates, security controls, recordkeeping, lawful requests).

3.1 Contract Performance and Pre-Contractual Measures

Personal Data is processed where processing is necessary to take steps at the request of a data subject prior to entering into a contract or to perform a contract, including:

assessing inquiries and providing requested information required to progress onboarding;
executing onboarding workflows and recording authorised signatories and instruction mandates;
administering contractual engagement and operational administration connected to bullion holding workflows executed via licensed third-party operators;
producing and delivering documentation outputs and record sets through agreed channels;
processing instruction-related communications and status confirmations, including payment confirmation steps associated with an instruction or transaction where applicable.

Where specific Personal Data categories are required to execute these activities, processing scope is defined by onboarding requirements, contractual scope, and the applicable compliance controls.

3.2 Legal Obligations

Personal Data is processed where processing is necessary to comply with legal obligations applicable to the Operating Entity and its compliance framework, including:

AML/KYC controls, sanctions screening, beneficial ownership verification, and ongoing monitoring obligations;
statutory recordkeeping, auditability requirements, and retention obligations applicable to compliance and contractual records;
cooperation with competent authorities where disclosure is required or permitted by applicable law, including lawful requests connected to financial crime prevention, sanctions enforcement, tax administration, customs, or court process.

Processing performed under this basis is applied using proportionality and purpose limitation controls and is recorded through internal logs and compliance records.

3.3 Legitimate Interests

Personal Data is processed where necessary for legitimate interests connected to secure operation and governance, including:

operating, maintaining, and securing websites, systems, and Reporting Channels;
preventing abuse, fraud, and unauthorised access;
maintaining audit trails, integrity controls, and incident response capabilities;
performing operational quality controls, internal analytics, and service reliability monitoring;
managing operational, counterparty, and compliance risks;
establishing, exercising, or defending legal claims.

When legitimate interests are used as a basis, Golden Ark Reserve applies safeguards aligned with data minimisation, access restriction, and proportionality to protect data subject rights.

Personal Data is processed on the basis of consent where required by applicable law, including:

non-essential cookies and tracking technologies;
marketing communications or comparable outreach activities where consent is required;
optional data processing features that require an affirmative choice.

Consent management is implemented through consent capture, consent withdrawal handling, and processing scope adjustments based on the consent status recorded for the relevant channel or mechanism.

3.5 Vital Interests and Public Interest

Personal Data may be processed where necessary to protect vital interests of a data subject or another person, or where processing is carried out in the public interest under applicable law, including processing connected to prevention, detection, or investigation of financial crime.

3.6 Multi-Jurisdictional Application

The legal bases described in this section are applied in accordance with the data protection regime applicable to the relevant processing activity, which may depend on the data subject location, the processing location, and the service provider location.

Where local laws impose additional conditions, notice requirements, or processing restrictions, Golden Ark Reserve applies those requirements to the extent applicable to the relevant activity.

4. Data Retention

Golden Ark Reserve retains Personal Data for periods that support the stated processing purposes, contractual administration, compliance controls, recordkeeping obligations, and lawful cooperation requirements, including retention required for AML/KYC and auditability.

Retention periods are determined by reference to the data category, the processing purpose, applicable statutory and regulatory requirements, contractual obligations, and limitation periods connected to legal claims.

Retention continues where Personal Data remains required for compliance controls, recordkeeping, or lawful request handling under applicable law and internal retention controls.

4.1 Retention by Category of Data

Personal Data submitted through website forms, inbound inquiries, or general communications is retained for the period required to respond, manage follow-up communications, maintain internal records, and support security and abuse-prevention controls.

Personal Data relating to clients, authorised representatives, and contractual counterparties is retained for the duration of the contractual relationship and for an additional period thereafter to support contractual administration, dispute handling, accounting, audit, and recordkeeping obligations.

Personal Data collected for identity verification, AML/KYC, sanctions screening, beneficial ownership verification, and ongoing monitoring is retained for the period required by applicable AML and financial crime prevention recordkeeping obligations, which may extend beyond termination of the client relationship.

Personal Data and records connected to instruction handling, documentation outputs, evidence outputs, and operational logs are retained for the period required to support instruction traceability, auditability, compliance controls, and legal claims handling.

Correspondence, support requests, and operational communications are retained for a period that supports service quality, incident handling, audit trails, and legal or compliance needs connected to the relevant interaction.

Technical logs, access records, and security monitoring data are retained for periods that support system integrity, security monitoring, incident investigation, and auditability, subject to operational requirements and applicable legal obligations.

4.2 Criteria for Determining Retention Periods

Retention periods are determined using criteria that include applicable statutory and regulatory requirements, contractual administration requirements, limitation periods connected to legal claims, and operational requirements connected to security, auditability, and risk management.

Retention periods reflect the nature, sensitivity, and volume of the Personal Data and the purpose served by the retained records, including compliance gating, investigation support, and evidence integrity.

Retention periods may be extended where a legal hold, investigation, audit, dispute, or lawful request requires preservation of relevant records.

4.3 Secure Disposal and Anonymisation

Upon expiry of the applicable retention period, Personal Data is disposed of through secure deletion, anonymisation, or access restriction measures aligned with the security framework and applicable legal requirements.

Disposal processes are executed using controls intended to prevent unauthorised access, disclosure, or recovery, including access revocation, secure deletion procedures, and controlled destruction of physical records where applicable.

Golden Ark Reserve discloses and transfers Personal Data only where necessary to fulfil the purposes described in this Policy, to execute onboarding and compliance controls, to administer contractual engagement, to support documentation outputs and recordkeeping, and to comply with lawful requests.

Data sharing is limited by purpose limitation and data minimisation controls, and access is restricted to authorised personnel and service providers on a need-to-know basis.

5.1 Categories of Recipients

Personal Data may be shared with the following categories of recipients, where applicable to the relevant interaction, onboarding scope, contractual engagement, or instruction workflow:

Licensed third-party operators
Personal Data may be shared with licensed third-party vault operators and licensed logistics or transport providers where such sharing is necessary to execute holding, release, transfer, or delivery workflows and to obtain operator-issued records connected to those workflows.

Compliance and screening providers
Personal Data may be shared with third-party providers supporting identity verification, AML/KYC processing, sanctions and PEP screening, ongoing monitoring, and risk assessment outputs required for onboarding and ongoing compliance controls.

Banks and payment-related counterparties (where applicable)
Personal Data may be shared with banks, payment service providers, or payment route counterparties where necessary to issue invoices, confirm receipt of funds, process refunds where applicable, and maintain payment-related audit records aligned with contractual payment obligations.

Professional advisers
Personal Data may be shared with legal, accounting, audit, compliance, and consulting professionals acting under engagement and confidentiality terms, where such processing is required for governance, auditability, dispute handling, or compliance obligations.

Technology and infrastructure providers
Personal Data may be shared with hosting, security, email, communications, analytics, and customer relationship management providers that process data under contractual safeguards and documented instructions.

Counterparties and operational participants (where applicable)
Personal Data may be shared with transaction counterparties or operational participants where required to execute a specific contractual step, verify a specific record, or complete an instruction workflow, limited to the data required for that step.

Authorities and competent bodies
Personal Data may be disclosed to courts, regulators, supervisory authorities, law enforcement agencies, customs authorities, and tax authorities where disclosure is required or permitted by applicable law or valid legal process.

5.2 Purpose Limitation, Access Controls, and Data Minimisation

Recipients are authorised to process Personal Data only for specified purposes consistent with this Policy and the relevant contractual or legal requirements.

Golden Ark Reserve applies access controls that restrict Personal Data to authorised personnel and approved service providers with role-based access and least-privilege permissions.

Personal Data shared with a recipient is limited to the minimum necessary categories and fields required to execute the relevant purpose.

Golden Ark Reserve applies confidentiality obligations and contractual safeguards to service providers that process Personal Data on instructions.

5.3 International Data Transfers

Personal Data may be transferred to, stored in, or accessed from jurisdictions outside the data subject’s country of residence due to the geographic distribution of service providers, operational participants, compliance screening providers, and reporting channels.

International transfers may occur in connection with onboarding and screening workflows, hosting and security operations, cross-border communications, and instruction workflows involving licensed third-party operators.

International transfers may also occur where an authority request requires disclosure or where records must be preserved or produced under applicable legal process.

5.4 Safeguards for Cross-Border Transfers

Where international transfers occur, Golden Ark Reserve implements safeguards designed to maintain confidentiality, integrity, and availability of Personal Data.

Safeguards may include contractual protections, including data processing agreements and transfer mechanisms such as standard contractual clauses or equivalent instruments where required by applicable law.

Safeguards may also include technical and organisational controls such as encryption in transit where supported, access restrictions, audit logging, segregation of duties, and security monitoring.

Transfer risk assessments and supplementary measures are applied where required by applicable law or where the transfer context requires additional protection.

5.5 Disclosure Required by Law and Lawful Requests

Golden Ark Reserve may disclose Personal Data where required or permitted by applicable law, court order, regulator request, law enforcement request, customs process, or tax administration process.

Disclosure scope is limited to the data required to respond to the request, subject to legal constraints and proportionality controls.

Where permitted, Golden Ark Reserve may notify affected data subjects of a lawful request, and notification timing is governed by legal restrictions applicable to the relevant request.

5.6 No Sale of Personal Data

Golden Ark Reserve does not sell Personal Data.

Personal Data is shared only for the purposes described in this Policy and under governance, contractual, compliance, and legal constraints.

5.7 Corporate Transactions

In the event of a merger, reorganisation, acquisition, financing, asset sale, or similar corporate transaction, Personal Data may be disclosed or transferred as part of due diligence or transaction execution, subject to confidentiality obligations and applicable data protection requirements.

Transaction-related disclosures are limited to what is necessary for the transaction purpose and are subject to access controls and confidentiality safeguards.

5.8 Ongoing Oversight of Recipients

Golden Ark Reserve maintains oversight of service providers and recipients through contractual terms, documented instructions, and security and compliance governance.

Data sharing arrangements are reviewed periodically to maintain alignment with applicable laws, operational requirements, and risk controls.

6. Cookies and Tracking Technologies

Golden Ark Reserve uses cookies and similar technologies to operate, secure, and improve website functionality and to understand how users interact with website pages and forms.

Cookies are small text files placed on a user’s device when a website is accessed. Similar technologies may include pixels, web beacons, local storage, and server-side logging mechanisms.

6.1 Types of Cookies and Technologies Used

Cookies and related technologies may be used in the following categories, subject to website configuration and applicable law:

Strictly necessary cookies
Strictly necessary cookies support core website functionality and security, including page rendering, navigation, session management, form submission, fraud prevention controls, and security protections. Strictly necessary cookies are used to maintain website integrity and to support secure operations.

Functional cookies
Functional cookies support user preference retention, including language preference, basic form input retention where enabled, and user experience consistency across sessions where configured.

Analytics and performance cookies
Analytics and performance technologies collect usage information such as page interactions, navigation flows, session duration, and aggregated activity patterns. Analytics outputs support performance monitoring, diagnostics, and service quality improvements. Where required by applicable law, analytics cookies are used only after consent is recorded through a consent mechanism.

Security and anti-abuse technologies
Security-related technologies may include server-side logging, web application firewall telemetry, and automated threat detection systems used to prevent abuse, monitor integrity, and maintain audit trails for incident response. Security technologies may process technical identifiers and interaction metadata in support of system protection.

6.2 Legal Basis for the Use of Cookies

The legal basis for cookie use depends on cookie category and applicable law.

Strictly necessary cookies are used to support secure operation and core functionality and are processed under legitimate interests in operating and securing the website.

Functional and analytics cookies are processed on the basis of consent where consent is required under applicable law.

Security logging and anti-abuse telemetry are processed under legitimate interests and, where applicable, legal obligations connected to system security and fraud prevention.

Users can manage cookies through browser settings, including viewing stored cookies, deleting cookies, and blocking cookies on a site-wide or per-site basis.

Disabling certain cookies may affect website functionality, form submission reliability, and session management.

Where required by applicable law, Golden Ark Reserve provides a consent mechanism that enables users to accept or refuse non-essential cookies, and to withdraw consent through the same mechanism.

Withdrawal of consent affects future processing and does not affect processing executed before consent withdrawal.

6.4 Third-Party Cookies and Embedded Content

Website pages may include embedded content, integrations, or third-party services that set their own cookies or tracking technologies under their own policies.

Golden Ark Reserve does not control third-party cookies and encourages users to review the privacy policies of third-party providers used in embedded content or integrations.

Third-party services may process technical identifiers and interaction metadata when the embedded content is loaded.

6.5 Do Not Track Signals

Some browsers transmit “Do Not Track” signals. Website responses to such signals depend on the availability of a recognised technical standard.

Where a universally accepted standard is not implemented, Do Not Track browser settings may not be recognised by the website systems.

6.6 Changes to Cookies and Technologies

Cookies and tracking technologies used by the website may change as website features, vendors, security requirements, and legal requirements evolve.

Material changes are reflected through updates to this Policy and, where required, through updated consent notices.

7. Data Security

Golden Ark Reserve implements technical and organisational measures designed to protect Personal Data against unauthorised access, unlawful processing, accidental loss, destruction, alteration, and unauthorised disclosure.

Security measures are applied in proportion to the nature of the data, the processing purpose, the processing context, and the risk profile of the activity.

7.1 Security Controls

Security controls may include access controls and authentication designed to restrict access to Personal Data to authorised personnel only.

Security controls may include role-based access and least-privilege permissions aligned with operational responsibilities.

Security controls may include encryption or equivalent protections for data in transit and, where applicable, for stored data based on system configuration and risk assessment.

Security controls may include network security measures, monitoring controls, and segregation of environments where applicable to protect operational systems.

Security controls may include logging and audit trails that record access events, authentication events, system errors, and security-relevant events to support auditability and incident response.

Security controls may include vulnerability management, patching, and maintenance procedures to reduce technical risk exposure.

7.2 Organisational Measures and Confidentiality

Golden Ark Reserve maintains internal policies and procedures governing Personal Data handling and access approvals.

Confidentiality obligations apply to employees, contractors, and authorised representatives with access to Personal Data.

Training and awareness measures may be applied to support security governance and handling standards.

Access to Personal Data is restricted to individuals who require access for legitimate operational, contractual, compliance, or legal purposes.

7.3 Third-Party Security

Where Personal Data is processed by third-party service providers, Golden Ark Reserve applies contractual safeguards and documented instructions intended to ensure appropriate security standards.

Third-party providers are assessed through governance measures that may include due diligence, security reviews, and periodic oversight aligned with the provider role and processing risk.

Third-party providers are authorised to process Personal Data only for the purposes defined in contractual arrangements and documented instructions.

7.4 Personal Data Breach Management

Golden Ark Reserve maintains procedures designed to identify, assess, contain, and remediate personal data breaches.

Breach response procedures include incident triage, impact assessment, and remediation actions intended to reduce risk to data subjects and to restore system integrity.

Where required by applicable law, Golden Ark Reserve provides notifications to competent authorities and affected individuals within required timeframes, subject to applicable legal constraints.

Incident response records are maintained for auditability and governance and may include incident classification, remediation steps, and corrective action controls.

7.5 Residual Risk

Transmission of information over the internet and storage in networked systems carries inherent risk.

Golden Ark Reserve applies reasonable controls to reduce risk, and absolute security cannot be represented as guaranteed.

8. Your Rights

Data subjects may have rights in relation to Personal Data under applicable data protection laws. The availability and scope of rights depend on the data subject’s jurisdiction, the processing context, and the legal basis applied.

Golden Ark Reserve facilitates the exercise of applicable rights through the contact mechanism stated in this Policy, subject to lawful limitations and verification controls.

8.1 Rights Commonly Available Under Data Protection Regimes

Where applicable law provides these rights, a data subject may have the right to request:

Access to Personal Data and information about processing purposes, categories of data, recipients, and retention periods.

Rectification of inaccurate Personal Data and completion of incomplete Personal Data.

Erasure of Personal Data where processing is no longer necessary for the stated purpose or where processing is otherwise unlawful, subject to lawful retention obligations.

Restriction of processing in circumstances where data accuracy is contested, processing is unlawful, or processing is no longer required for the stated purpose but is required for legal claims.

Data portability for Personal Data provided by the data subject, where processing is based on consent or contract and carried out by automated means, subject to applicable law.

Objection to processing based on legitimate interests, subject to lawful grounds and overriding compliance obligations.

Withdrawal of consent where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal.

Complaint submission to a competent supervisory authority in the data subject’s jurisdiction.

8.2 Limitations and Lawful Restrictions

A request may be limited or declined where processing or retention is required to comply with legal obligations, including AML/KYC, sanctions screening, ongoing monitoring, statutory recordkeeping, and auditability requirements.

A request may be limited or declined where processing is necessary to establish, exercise, or defend legal claims, to respond to lawful requests, to protect the rights and freedoms of others, or to maintain system security and integrity.

Erasure and objection rights may be restricted where retention is required by law or where processing supports fraud prevention, incident investigation, or compliance gating.

8.3 Verification of Requests

Golden Ark Reserve applies identity verification before responding to a rights request to prevent unauthorised access or disclosure.

Where a request is made by an authorised representative, Golden Ark Reserve may require evidence of authority and identity verification for both the representative and the data subject.

8.4 Response Timeframes

Golden Ark Reserve responds to valid requests within the timeframes required by applicable law.

Response timelines may be extended where permitted by law due to request complexity, request volume, or the need to verify identity or locate records across systems.

8.5 Submitting a Request

A request should specify the right being exercised and provide sufficient information to enable identity verification and location of the relevant records.

Requests are submitted using the contact details stated in the contact section of this Policy.

9. Third-Party Links

The website may contain links to third-party websites, platforms, or resources that are not operated or controlled by Golden Ark Reserve.

Links are provided for informational or convenience purposes and do not constitute endorsement, approval, or verification of third-party content, services, or practices.

Golden Ark Reserve does not control third-party websites and does not assume responsibility for third-party content, privacy practices, data processing activities, security measures, or terms of use.

A user accesses third-party websites at the user’s own discretion and subject to the third party’s applicable terms and policies.

Personal Data provided by a user to a third-party website is collected and processed by that third party under its own privacy policy.

This Policy does not apply to third-party websites and services.

10. Children’s Privacy

The website and related services are not directed to individuals under the age of eighteen (18) or such other age as defined as a minor under applicable law.

Golden Ark Reserve does not knowingly collect, process, or maintain Personal Data relating to children.

Where Personal Data relating to a minor is identified, and processing does not have a valid legal basis under applicable law, appropriate steps are taken to restrict processing and to delete or remediate the data in accordance with legal requirements.

If a parent or legal guardian becomes aware that a minor has submitted Personal Data through the website or communication channels, the parent or legal guardian may contact Golden Ark Reserve using the contact details provided in this Policy.

Identity verification may be required before any action is taken in response to such a request.

Access to services that require onboarding, contractual engagement, or compliance verification is restricted to persons who meet eligibility requirements under applicable law and internal compliance controls.

11. Updates to This Policy

Golden Ark Reserve may update or amend this Privacy Policy to reflect changes in business operations, legal requirements, regulatory guidance, security standards, technological developments, or data processing practices.

The version number and effective date displayed at the beginning of this Policy identify the currently applicable version.

Material updates that affect processing purposes, legal bases, data sharing practices, international transfer mechanisms, or data subject rights are implemented in accordance with applicable legal requirements.

Where required by law, notice of material changes is provided through appropriate channels, which may include website notices, direct communications, or updated consent mechanisms.

Continued use of the website or continued interaction following publication of an updated Policy constitutes acknowledgment of the updated Policy to the extent permitted by applicable law.

Where a change requires renewed consent under applicable law, processing dependent on consent is executed only after valid consent is recorded under the updated terms.

Archived versions of prior policies may be retained for recordkeeping and audit purposes where required by compliance controls or legal obligations.

12. Contact Information

Golden Ark Reserve processes Personal Data under the responsibility of Golden Ark General Trading (FZC) LLC, established in Sohar Free Zone, Sultanate of Oman.

Requests, inquiries, and communications relating to this Privacy Policy or the processing of Personal Data may be submitted using the contact details provided below.

Data Controller:
Golden Ark General Trading (FZC) LLC
Operating under the trade name Golden Ark Reserve

Registered Jurisdiction:
Sultanate of Oman

Registered Address:
Office 327, Block 3900, P.O. Box 123
Sohar Free Zone, Sohar 322
Sultanate of Oman

Email (Privacy and Data Protection):
privacy@goldenarkreserve.com

Telephone:
+968 9353 1214

Requests relating to Personal Data should specify the nature of the request and include sufficient information to enable identity verification and identification of the relevant records.

Where a request is submitted by an authorised representative, evidence of authority may be required before the request is processed.

Golden Ark Reserve responds to privacy-related inquiries and requests in accordance with applicable data protection laws and within the timeframes prescribed by such laws, subject to permitted extensions for complex or high-volume requests.