PRIVACY
POLICY
Golden Wave Cargo LLC (“GWC“, “we“, “our“, or “us“) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit goldenwavecargo.com, use our freight and logistics services, or interact with us in any way. By using our services, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services and contact us to request data deletion.
OVERVIEW & SCOPE
This policy applies to all personal data processed by Golden Wave Cargo LLC, a company registered in Dubai, United Arab Emirates under Trade License No. 123456, with registered address at Cargo Village, Dubai International Airport, Dubai, UAE.
This policy covers data collected through our:
- Website: goldenwavecargo.com and all subdomains
- Customer Portal: Shipment tracking, booking, and account management systems
- Services: Air freight, ocean freight, ground transport, customs brokerage, and warehousing
- Communications: Email, phone, WhatsApp, and live chat interactions
- Marketing: Newsletters, event registrations, and GWC Insights subscriptions
We comply with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), the EU General Data Protection Regulation (GDPR) where applicable to EU data subjects, and any other applicable data protection laws in jurisdictions where we operate.
INFORMATION WE COLLECT
We collect only the personal data necessary to provide our logistics services and improve your experience. The categories of data we collect are:
Personal Identification Data
- Identity: Full name, date of birth, passport or ID number (for customs purposes)
- Contact: Email address, phone number, WhatsApp number, mailing address
- Business: Company name, trade license number, VAT/Tax ID, job title
Shipment & Transaction Data
- Cargo Details: Description, weight, dimensions, commodity type, HS codes
- Route Information: Origin, destination, port of entry/exit, delivery address
- Financial: Invoice amounts, payment records, bank details for refunds (not stored in full)
- Documents: Commercial invoices, packing lists, certificates of origin, bills of lading
Technical & Usage Data
| Data Type | What We Collect | Purpose |
|---|---|---|
| IP Address | Your device’s internet address | Security, fraud prevention, analytics |
| Browser/Device | Browser type, OS, device model | Site optimisation, compatibility |
| Usage Data | Pages visited, time on site, links clicked | Service improvement, UX analysis |
| Location Data | Approximate location from IP | Regional content, compliance |
| Cookies | Session IDs, preferences, analytics tokens | See Section 5 |
Data We Do NOT Collect
We do not collect or store full payment card numbers, CVV codes, racial or ethnic origin, political opinions, religious beliefs, biometric data, or health information unless legally required for specific regulated cargo categories.
HOW WE USE YOUR DATA
We process your personal data only on a lawful basis. The purposes and legal bases for our processing activities are:
| Purpose | Legal Basis | Details |
|---|---|---|
| Service Delivery | Contract | Booking, tracking, customs clearance, delivery coordination |
| Customer Support | Contract / Legitimate Interest | Responding to queries, resolving disputes, account management |
| Legal Compliance | Legal Obligation | Customs declarations, export controls, anti-money laundering, OFAC/sanctions screening |
| Invoicing & Payments | Contract | Generating invoices, processing payments, VAT reporting |
| Safety & Security | Legitimate Interest | Fraud prevention, cargo security, access control to our facilities |
| Marketing & Insights | Consent | Newsletters, GWC Insights, service updates (opt-in only — manage preferences) |
| Analytics & Improvement | Legitimate Interest | Website analytics, service performance tracking, UX improvement |
We will never sell your personal data to third parties. We do not use your data for automated decision-making that produces significant legal effects without human review. You can opt out of marketing communications at any time via the unsubscribe link in any email or by contacting our DPO.
SHARING YOUR DATA
We share your personal data only as necessary to deliver our services, meet legal obligations, or with your explicit consent. We never sell your data. Recipients of your data include:
- Airline & Carrier Partners: Emirates SkyCargo, Cathay Pacific Cargo, Lufthansa Cargo, Qatar Airways Cargo, and other partners — necessary for freight booking and manifests. See our Network page for the full list.
- Customs & Government Authorities: UAE Federal Customs Authority, destination country customs agencies, OFAC, and other regulatory bodies — legally required for all international shipments.
- Ground Transport Partners: Last-mile delivery and trucking partners to whom we transfer shipment and delivery address data.
- Technology Service Providers: Cloud infrastructure (AWS/Azure), CRM, shipment tracking, and IT support providers — all bound by data processing agreements (DPAs).
- Payment Processors: Our PCI-DSS compliant payment gateway processes card transactions. We do not store full card data.
- Professional Advisors: Legal counsel, auditors, and insurers — under strict confidentiality obligations.
- Business Transfers: In the event of a merger, acquisition, or sale, data may transfer to the successor entity — you will be notified in advance.
All third-party data processors are contractually bound to process data only on our instructions, maintain appropriate security, and not use data for their own purposes.
COOKIES & TRACKING
Our website uses cookies and similar tracking technologies to ensure core functionality, analyse usage, and (with your consent) deliver personalised content. Manage your preferences below:
Cookie Details
| Cookie Name | Provider | Type | Expires |
|---|---|---|---|
| gwc_session | Golden Wave Cargo | Essential | Session |
| gwc_pref | Golden Wave Cargo | Preference | 12 months |
| _ga, _ga_* | Google Analytics 4 | Analytics | 13 months |
| _gcl_au | Google Ads | Marketing | 3 months |
| li_sugr | LinkedIn Insight | Marketing | 90 days |
| _fbp | Meta Pixel | Marketing | 3 months |
DATA RETENTION
We retain personal data only as long as necessary for the purposes it was collected, or as required by applicable law. Our standard retention periods are:
| Data Category | Retention Period | Reason |
|---|---|---|
| Customer Account Data | Duration of relationship + 5 years | Contract, legal claims |
| Shipment Records & Documents | 7 years | UAE Commercial Transactions Law, customs audit |
| Financial Records / Invoices | 7 years | UAE VAT Law, tax audits |
| Customs Declarations | 10 years | UAE Federal Customs Authority requirement |
| Website Analytics Data | 26 months | Google Analytics default, anonymised |
| Marketing Consent Records | Until withdrawal + 3 years | Proof of consent |
| CCTV / Facility Access Logs | 90 days | Security, incident investigation |
| Support & Correspondence | 3 years from resolution | Dispute resolution |
Once the retention period expires, data is securely deleted or anonymised. You may request early deletion subject to legal retention obligations — see Section 8.
DATA SECURITY
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Our security measures include:
- Encryption in Transit: All data transmitted via our website and systems uses TLS 1.2+ (HTTPS). Our SSL certificate is maintained and renewed automatically.
- Encryption at Rest: Sensitive data stored in our systems is encrypted using AES-256 encryption.
- Access Controls: Role-based access control (RBAC) ensures staff access only the data they need. Multi-factor authentication (MFA) is required for all internal systems.
- Regular Audits: We conduct annual security audits, penetration testing, and vulnerability assessments on all systems holding personal data.
- Incident Response: We maintain a documented data breach response plan. In the event of a breach affecting your rights, we will notify you and the relevant authority within 72 hours as required by applicable law.
- Staff Training: All GWC employees undergo mandatory annual data protection and security awareness training.
- Third-Party Vetting: All data processors are assessed for security compliance before engagement and are required to maintain equivalent security standards.
If you discover a security vulnerability or suspect your data has been compromised, please contact us immediately at info@goldenwavecargo.com. We take all reports seriously and will respond within 24 hours.
YOUR RIGHTS
Depending on your location, you have the following rights over your personal data. We will respond to all requests within 30 days (extendable to 90 days for complex requests).
Request a copy of all personal data we hold about you, free of charge.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data, subject to legal retention obligations.
Receive your data in a structured, machine-readable format and transfer it to another provider.
Object to processing based on legitimate interest, including direct marketing at any time.
Request that we limit how we use your data while a dispute or request is being resolved.
Where processing is based on consent, withdraw it at any time without affecting prior processing.
Lodge a complaint with the UAE Data Office or your local supervisory authority if you feel your rights have been violated.
Submit a request by emailing info@goldenwavecargo.com, calling +1 (323) 452-5826, or writing to our registered address. We may require proof of identity. There is no charge for most requests; complex or repetitive requests may incur a reasonable fee.
INTERNATIONAL TRANSFERS
As a global logistics provider, we operate across 150+ destinations on 6 continents. To deliver our services, your data may be transferred to and processed in countries outside the UAE or your country of residence.
Where we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Adequacy Decisions: Transfers to countries recognised by the UAE Data Office or European Commission as providing adequate protection are made without additional safeguards.
- Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we use EU-approved SCCs or equivalent contractual mechanisms.
- Mandatory Customs Disclosures: Certain data transfers are mandatory under international customs law (e.g. Advance Cargo Information to US CBP, EU Import Control System). These are legal obligations, not discretionary.
- Binding Corporate Rules: Where applicable, internal transfers within GWC’s operational network follow documented and audited binding data protection standards.
CHILDREN’S PRIVACY
Golden Wave Cargo’s services are designed for business and commercial use and are not directed at children under the age of 18. We do not knowingly collect personal data from minors.
If we become aware that we have inadvertently collected personal data from a child under 18, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@goldenwavecargo.com.
THIRD-PARTY LINKS
Our website and communications may contain links to third-party websites, tools, or services — such as airline partner portals, tracking platforms, regulatory authority websites, and industry publications featured in GWC Insights.
We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policy of any external website you visit. Our inclusion of a link does not constitute endorsement of that site’s data practices.
Specifically, our website may integrate with:
- Google Services: Maps (for office location), Analytics (GA4), and reCAPTCHA — governed by Google’s Privacy Policy
- LinkedIn: Insight Tag for B2B advertising — governed by LinkedIn’s Privacy Policy
- WhatsApp Business: For customer support — governed by WhatsApp/Meta’s Privacy Policy
POLICY CHANGES
We review and update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page
- Post a prominent notice on our homepage for at least 30 days
- Send an email notification to registered customers (for significant changes)
- Where required by law, seek fresh consent before processing data under the new terms
Your continued use of our services after changes take effect constitutes acceptance of the updated policy. We recommend reviewing this page periodically. Previous versions are available on request by emailing info@goldenwavecargo.com.
Version History
| Version | Date | Summary of Changes |
|---|---|---|
| v2.1 | 1 Jan 2025 | Added cookie preference controls, updated retention table, LinkedIn Insight Tag disclosure |
| v2.0 | 1 Jun 2024 | Full rewrite to align with UAE PDPL, GDPR cross-reference added |
| v1.2 | 15 Mar 2023 | Added WhatsApp Business and third-party integrations section |
| v1.0 | 1 Jan 2022 | Initial policy publication |
CONTACT & DPO
For any questions, requests, or concerns relating to this Privacy Policy or your personal data, please contact our Data Protection Officer (DPO) or our main office:
If you are an EU resident and believe your data protection rights have been violated, you have the right to lodge a complaint with your national supervisory authority. UAE residents may contact the UAE Data Office at www.tdra.gov.ae. We always encourage you to contact us first so we can try to resolve your concern directly.
This Privacy Policy was last reviewed by our legal team on 1 January 2025. This policy is governed by the laws of the United Arab Emirates. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the Dubai Courts.