PRIVACY POLICY

1. Terms and Definitions

• Personal data: means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Special categories of personal data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
• Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• Processor: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
• International transfer: means the transmission of personal data to the territory of a foreign country or region, a public authority of a foreign state, foreign individual, or foreign legal entity.

2. Legal Grounds to Processing of Personal Data

We will process your personal data only where there are legal grounds to do so. Those grounds include the following:

• Consent:You have provided your consent to the processing of your personal data.
• Legal situations: The processing of your personal data is required or authorized by applicable laws, or relates to suspected unlawful activity, serious misconduct, legal proceedings, or law enforcement.
• Reasonable expectations: The processing of your personal data is necessary for the purposes of our legitimate interests. We believe that our processing of your personal data is within our legitimate interests and within your reasonable expectations in a number of situations, including but not limited to:
  • To help us understand our customers better and provide improved, more relevant services to them;
  • To ensure that our Services run smoothly;
  • To help us keep our systems secure and prevent unauthorized access or cyber-attacks.

3. Information We Collect

• Contact information (such as name, address, city, state and postal code, email address, and Mobile number).
• Vehicle information (such as vehicle identification number (VIN), make, model, model year, servicing dealer, date of purchase or lease, and service history)
• Vehicle performance data (such as engine and transmission performance, vehicle camera images, and airbag deployment conditions or crash or near-crash information about how a vehicle's system performed)
• Non-credit-related marketing profile information (such as when you plan to purchase or lease; the vehicle in which you're interested)
• Relationships you have with [Your Company Name] in addition to the purchase and servicing of your vehicle incentive eligibility verification information.
• Payment and SMS gateway information (such as name, address, phone number, email address, order details, billing address, gift details, Location, ID/Iqama, License expiry details)
• Finance information (such as salary certificate, bank statement, gosi certificate)

4. Purposes of Processing of Personal Data

We will process your personal data to fulfill the following purposes:

5. Ways of Processing of Personal Data

We will carry out the following operations on your personal data: collection, recording, systematization, accumulation, storage, alteration (update, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, and deletion (destruction) of personal data.

We will not take any decisions involving the use of algorithms or profiling that significantly affect you.

We are required to ensure such processing is subject to suitable safeguards, including reasonable steps to ensure personal data is accurate, complete, up-to-date, and relevant, and your rights to access and correct personal data about you.

6. How We Protect and Store Your Personal Data

We will take security measures to protect your information, including but not limited to administrative, technical, and physical measures. However, please note that although we have implemented these measures, there is no security measure that can guarantee the absolute safety and security of your information. If you believe that your log-in credentials have been compromised, please contact us at once.

When you use our services, the personal data you share may be visible to other users and in some cases search engines and the public and can be read, collected, used, and retained by those other parties. You are responsible for the personal data you choose to share or submit in these instances. It is your responsibility to make sure that your personal data is accurate.

Data Security Measures:

• Ensuring the security of the premises where the information systems used to process personal data are located. Such security shall prevent any uncontrolled access to such premises by persons having no rights to access such premises.
• Using technical means to protect the information including but not limited to encryption and anonymization techniques.
• Approving the list of persons who are authorized to access the information systems where the personal data are processed.
• Assessing the effectiveness of measures taken to ensure the security of personal data.
• Detecting instances of unauthorized access to personal data and taking appropriate measures to mitigate the effects of such unauthorized access.
• Taking all practicable measures to restore personal data which have been modified or destroyed as a result of unauthorized access.
• Establishing rules for access to personal data being processed in our information systems and recording all processing actions performed on personal data contained in our information systems.

The personal data collected about you will be stored in the data centre of AWS server located locally in the Middle East.

We process your personal data for as long as is necessary to fulfill the purpose of its processing. We will terminate the processing of your personal data if you withdraw your consent unless we are entitled (or obliged) to continue processing your personal data on other legal grounds.

When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems, unless the personal data is required to be stored for longer periods (e.g. for archiving purposes in the public interest, or for scientific or historical research purposes). While we will endeavor to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example, if it is waiting to be overwritten. For our purposes, such data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

7. How We Share, Transfer, and Publicly Disclose Your Personal Data

1. We may share your personal information:
2. in order to comply with applicable laws or regulations;
3. in order to comply with a court order, subpoena, or another legal process.
4. in response to a request by a government authority, law enforcement agency, or similar body (whether situated in your jurisdiction or elsewhere)
5. where we believe it is reasonably necessary to comply with applicable laws or regulations;
6. in order to enforce the translation services and service enhancements.

In accordance with legal requirements, legal procedures, litigation, and/or requests from public agencies and government agencies, we may need to disclose your personal information. If the disclosure is necessary or appropriate for national security, law enforcement, or other matters of public importance, we may also disclose information about you. In order to enforce our terms or protect our business, rights, assets, or services, or to protect users, or if the disclosure is reasonably necessary for the following purposes (detecting, preventing, and resolving fraud, unauthorized use of the services, violations of our terms or policies, or other harmful or illegal activities), we may also disclose information about you.

We will only publicly disclose your personal information under the following circumstances:

1. Where we have obtained your explicit consent;
2. Public disclosure based on law or reasonable grounds: including laws and regulations, legal procedures, litigation, or at the request of the competent government departments.

8. Your Rights

Being a data subject, you have rights with respect to your personal data in accordance with applicable laws. You may exercise your rights by contacting us via customerservice@Geelyksa.com or calling 920000525.

Your rights include:

• Right to know: the purposes, categories, processing procedures, and complaint channels.
• Right to access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion where processing is no longer lawful or necessary.
• Right to withdraw consent: withdraw consent at any time with future effect.

We may require identity verification before processing your request and will respond within the timeframe required by applicable data protection laws.

9. Minor’s Privacy

We do not allow minors to register directly on our platform. If you are a minor as defined by applicable law, please use our services only with the consent of a parent or legal guardian.

If we discover that personal data of a minor has been collected without verified parental consent, we will delete such data as soon as reasonably possible.

10. International Transfer

As our services operate through global infrastructure, your personal data may be transferred to jurisdictions outside your country with your consent.

Where such transfers occur, we ensure appropriate safeguards are in place, including storage on AWS servers located in the Middle East and the application of technical and organizational protections.

11. Cookies

We use cookies and similar technologies to improve functionality, analyze usage, and enhance user experience. Cookies help remember preferences such as language and settings.

We may also use email tracking technologies (such as web beacons) to measure the effectiveness of our communications and understand user engagement.

12. Notification Regarding Updates

We may update this Privacy Policy periodically due to changes in business, technology, or legal requirements. Material updates will be communicated via our website or other appropriate channels. Continued use of our services constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or the way we handle your personal data which have not been answered in this Privacy Policy, you may call [Your Contact Number] or email us at [Your Contact Email]. We will reply to you within 30 days. You can also contact us by writing to this address: