Recruitment Privacy Policy

Introduction

This Privacy Policy provides information about Personal Data which are processed by

ATME SPORTS TRADING L.L.C (“we”, “us”, “ANTA”, or “our”) in relation to

individuals who apply to work for, or who attend a recruitment event or undertake an

assessment with us (“Applicants”). This includes prospective employees, interns and

contractors. This Privacy Policy explains what Personal Data we, other ANTA group

companies and/or any third-party recipients as set out in the Privacy Policy may process

about you, what and how your Personal Data is used, and who your Personal Data would

be shared with. It also sets out your rights in relation to your Personal Data under

applicable laws and regulations and who you can contact for more information or queries.

For individuals who are successful in their application for employment, internship or

engagement as a contractor, the separate privacy statements will apply.

We may collect Personal Data directly from you, through third parties such as job

placement agents, referees and background verification providers (for certain roles).

Some systems, databases, websites, applications (collectively, “Solutions”) provided or

made accessible through us, and/or third parties may have separate privacy policy that

differ from this Privacy Policy. Please refer to the relevant privacy policy for those

Solutions, to understand how Personal Data is processed and the rights entitled by

individuals (“Data Subjects”).

If you have any questions regarding this Privacy Policy, you can contact us using the

contact details provided below.

Data Controller

Generally, ATME SPORTS TRADING L.L.C to whom you applied for a role, or attend a

recruitment event or undertake an assessment with (whether as a consultant, a secondee,

a franchisee or otherwise) is the Data Controller for the purpose of this Privacy Policy,

details as below:

Entity Name: ATME SPORTS TRADING L.L.C

E-mail: MEPIPO@ANTA.COM

Phone Number: 971-50- 7343721

Address for postal: Unit 2802, the One Tower, Sheikh Zayed Road – Barsha Heights,

Dubai, U.A.E

License or Commercial Register: Dubai Department of Economy and Tourism

ATME SPORTS TRADING L.L.C has designated a data protection officer in accordance

with applicable laws. You can reach the data protection officer at the following contact

details: E-mail: MEPIPO@ANTA.COM.

Date of Last Update

The Privacy Policy was last updated on [September 15, 2025]. You can review the update

history by E-mail MEPIPO@ANTA.COM.

We may need to update this Privacy Policy from time to time to comply with applicable

laws and regulations or for other lawful basis. We will not make any change that will

affect your rights under this Privacy Policy without first obtaining your consent as may

be required by applicable laws and regulations. If we make any material changes, we will

notify you of the changes and amend the revision date of this Privacy Policy. The new

modified privacy policy will apply from that revision date.

What Personal Data is collected?

We collect and process the following Personal Data:

Possible Personal Data to be

Collected/Generated

Categories of Personal Data and

Illustrative examples

Personal Data about you

We will generally

collect/generate Personal Data

(listed in the right column) from

or for you, but on occasion

(where necessary and in

accordance with applicable laws

and regulations), we may also

collect such information from

third-party sources in which

your Personal Data was legally

obtained (e.g., by use of such

technologies as cookies, by

collecting references and work

experience from previous

employers and referees or from

educational institutions.

 Basic information: name, photo, gender, date

of birth, nationality, place of residence as

shown in your ID card, certification number

 Contact information: telephone number,

email address, and correspondence address

 Identity information: ID card number and a

photocopy of your ID card

 Educational information: academic

institutions, academic qualifications and

degrees, transcripts, subject majored in,

graduation status

 Work or internship experience: name of

current/former employer, position and title,

remuneration and benefits, employment

period, current/former job description and

reasons for resignation, job reference and

referee contact information, work

performance, reward and punishment record

 Criminal or other disciplinary record:

whether you have a criminal or other

disciplinary record

 Written test performance: answers provided

and scores of the written test

 Interview performance: audio and video

recordings of the written test

 Salary information: your current/former

annual salary, fixed monthly salary, variable

monthly salary, variable quarterly salary,

annual bonus, income before tax for the

current year, income from shares/options,

overtime salary, housing allowance, meal

allowance, telephone allowance, transport

allowance, travel allowance and other related

fees

 Language proficiency: level of language

proficiency, foreign language proficiency

certificate and level (results)

 Information on skill certificates and

professional qualifications, including

computer skills certification information

 Reasons for applying to work with us,

availability for work/internship

 Conflicts of interest: whether you are subject

to any non-compete restrictions, whether you

hold any shares or interests (including,

among others, options) in any other

companies, whether you have any relatives

working for the company (including the

names, positions and contact information of

other relatives) or have any relatives working

for our competitors (including the names,

positions and contact information of those

relatives)

 Emergency contact information: name,

relations, telephone number, mailing address

and email address

 Other information: interests and hobbies

Personal Data of other

 Family/Relatives contact information: name,

Individuals

We may also process basic

identity and contact details of

your family and relatives, on a

need-to- know basis (e.g., for

compliance testing).

relation, age, company, position, telephone

number

Special Categories of

Personal Data

We may also process and

generate Personal Data which

may be regarded as Special

Categories of Personal Data

Information about you

 Religion, health status

The personal information we collect is all based on your voluntary provision. You have

the right to decide independently whether to provide us with the relevant information.

However, please note that if you choose not to provide certain necessary personal

information, it may affect for your potential employment, engagement or internship.

You may voluntarily provide us with additional Personal Data, which will help us to meet

the purposes as set out in this Privacy Policy or for purposes notified at the point of

collection.

Where you provide Personal Data of other individuals (e.g., your emergency contact,

family members, friends, etc.), you warrant that you have informed him/her of the

categories of Personal Data and purpose(s) for which we require his/her Personal Data

and all other relevant arrangement described in this Privacy Policy relating to the

processing of Personal Data, and that he/she has consented to your disclosure of his/her

Personal Data for processing by us after being informed of all of the above.

How do we collect your Personal Data? What is the purpose for

collection?

Personal Data that we process is obtained directly and indirectly from you using

electronic form, third-party platform service, paper documents, telephone and face-to-

face interview for the following purposes:

- Resume Screening

We will process the following Personal Data submitted in your job application (including

in your resume) in order for us to assess your suitability for the position and to prepare

and arrange for any written tests or interview:

(a) Basic information: name, photo, gender, nationality, date of birth.

(b) Identity information: ID card number and a photocopy of your ID card.

transcripts, subject majored in.

(d) Work or internship experience: name of current/former employer, position and title,

remuneration and benefits, employment period, current/former job description and

reasons for resignation.

(e) Language proficiency: level of language proficiency, foreign language proficiency

certificate and level (results).

(f) Information on skill certificates and professional qualifications, including computer

skills certification information.

(g) Reasons for applying to work with us, availability for work/internship.

- Written Tests and Interviews

In order to evaluate your performance during written tests and interviews and to assess

whether your capabilities and experiences are suitable for the position you have applied

for, we may need to collect and use any of the following Personal Data about you:

(a) Basic information: name, gender, date of birth, place of residence as shown in your

ID card, certification number.

(b) Contact information: telephone number, email address, and correspondence address.

certificate and level (results).

(d) Information on skill certificates and professional qualifications, including computer

skills certification information.

(e) Emergency contact information: name, relations, telephone number, mailing address

and email address.

(f) Family/Relatives contact information: name, relation, age, company, position,

telephone number.

(g) Reasons for applying to work with us.

(h) Salary information: your current/former annual salary, fixed monthly salary, variable

monthly salary, variable quarterly salary, annual bonus, income before tax for the

current year, income from shares/options, overtime salary, housing allowance, meal

allowance, telephone allowance, transport allowance, travel allowance and other

related fees.

(i) Educational information: academic institutions, academic qualifications and degrees,

transcripts, subject majored in, graduation status.

(j) Work or internship experience: name of current/former employer, position and title,

remuneration and benefits, employment period, current/former job description and

reasons for resignation, job reference and referee contact information.

(k) Written test performance: answers provided and scores of the written test.

(l) Interview performance: audio and video recordings of the written test.

(m)Conflicts of interest: whether you are subject to any non-compete restrictions,

whether you hold any shares or interests (including, among others, options) in any

other companies, whether you have any relatives working for the company (including

the names, positions and contact information of other relatives) or have any relatives

working for our competitors (including the names, positions and contact information

of those relatives).

(n) Other information: interests and hobbies.

If we do not collect this information from you, we may not be able to process your job

application with us.

You will need to ensure that you have obtained the valid and complete authorization and

consent from your emergency contacts, referees, relatives and other related parties

before providing their Personal Data to us.

- Background Checks

In order to confirm the authenticity of the information contained in your job application

and to proceed with the recruitment process, we may need to collect and use any of the

following Personal Data about you:

(a) Basic information: name.

(b) Work or internship experience: name of current/former employer, position and title,

remuneration and benefits, work performance, reward and punishment record.

disciplinary record.

Please note that we may collect some of this information from publicly available sources

(e.g., as voluntarily disclosed in public by you or as disclosed by law). If we do not collect

this information, we may not be able to process your job application with us.

How do we use your Personal Data?

We use Personal Data collected, directly or indirectly, as follows:

- Resume Screening to assess your suitability for the position and to prepare and

arrange for any written tests or interview.

- Written Tests and Interviews to evaluate your performance during written tests and

interviews and to assess whether your capabilities and experiences are suitable for the

position you have applied for.

- Background Checks to confirm the authenticity of the information contained in your

job application and to proceed with the recruitment process.

Who receives your Personal Data?

We may process the Personal Data collected to achieve the purposes described in this

be processed (including transfer/disclose and storage as defined) by the following classes

of transferees/categories of recipients:

- ANTA group companies

As ANTA is an international enterprise, operating globally, your Personal Data may be

processed by other ANTA group companies (and their respective subsidiaries and

affiliates), outside the country/region where you are located. Each ANTA group company

is a separate legal entity. This includes countries and territories outside your location

that may not have laws that provide specific protection for Personal Data.

Other ANTA group companies may process your Personal Data on behalf of the Data

Controller for the same purposes as set out herein.

- Third-party service providers and other transferees

We may transfer or disclose your Personal Data to third-party service providers,

contractors, subcontractors, agents, suppliers, government and regulatory authorities,

whether local or overseas in relation to any of the purposes described in this Privacy

Policy.

Your Personal Data shared with us, or transferred to other ANTA group companies may

also be transferred to service providers that are not part of ANTA group (“Third-party

Service Providers”) to process on our/their behalf. Third-party Service Providers and

other transferees may include providers of IT services, identity management, website

hosting and management, data analysis, data back-up and archiving, security and

storage services (including cloud service providers), event management companies,

government authority (e.g., immigration and tax authority), and service providers for

pre-employment activities (e.g., reference and background checks). Such transferees

provide services with respect to the operation of our business.

The Third-party Service Providers may use their respective subsidiaries and affiliates,

and their own third-party subcontractors that have access to Personal Data (sub-

processors). It is our policy to use only third-party providers that follow those same

obligations down to their sub-processors.

Our/other ANTA group companies’ service providers, their sub-processors, and other

transferees are bound to maintain appropriate levels of security and confidentiality, to

process Personal Data only as instructed by us/other ANTA group companies and under

our/their supervision and comply with applicable laws and regulations.

You may be asked to provide Personal Data (where necessary) direct to our/other ANTA

group companies’ authorized service providers or sub-processors or other transferees

that we engage in connection with the above purposes.

Where third parties collect data directly from you either on our behalf or otherwise in

connection with recruitment, you are encouraged to review such third parties’ privacy

practices (for example any privacy notices they include on their websites or data

collection forms) before disclosing any Personal Data. You acknowledge that, unless the

relevant third parties are acting as our authorized agents, we shall have no responsibility

for the appropriateness of their privacy practices.

- Disclosures to law enforcement, regulatory and other government agencies,

and other third parties

We may disclose Personal Data to law enforcement, regulatory and other government

agencies and other third parties (which may locate outside the country/region where you

are located), as required by and/or in accordance with, applicable laws and regulations.

We may disclose certain Personal Data without your consent where an exemption applies

under applicable laws and regulations. This may include disclosure directly related to

national security, national defense, prevention or detection of crime, public security,

public health, and major public interests. Personal Data may be disclosed outside the

country you are located. We may also review and use your Personal Data to determine

whether the disclosure is required or permitted.

- Other disclosures

We may also disclose Personal Data to third parties pursuant to applicable laws and

regulations under the following circumstances:

• when explicitly requested by you;

• as otherwise, set out in this Privacy Policy.

- Cross-border transfers

As ANTA is an international enterprise, operating globally, your Personal Data may be

transferred to, accessed from or stored outside the country/region where you are located in

accordance with requirements under applicable laws and regulations. We, other ANTA group

companies, and/or service providers and sub- processors that we or other ANTA group

companies engage may use servers and other resources in various countries and territories to

process your Personal Data.

We will only transfer your Personal Data to the recipients who meet our standards and

comply with applicable laws and regulations. While data protection laws differ among

countries, we ensure consistent protection described in this Privacy Policy for your Personal

Data regardless of its location and only transfer your Personal Data pursuant to legally valid

mechanisms.

Legal Basis for Collecting and Processing Your Personal Data

When we use your Personal Data, we take care to ensure that it is used in an appropriate

way. Use of Personal Data under applicable data protection laws must be justified under

one of a number of legal “grounds”. The following are the legal bases on which we rely for

processing such data: (One legal basis or more can be selected from the below bases)

- Your explicit consent. You can withdraw your consent at any time without affecting

processing operations carried out based on other legal bases. To this end, you can

contact MEPIPO@ANTA.COM.

- In fulfillment of a contractual obligation. Your Personal Data is necessary for us to

enter into or perform a contract with you.

- In compliance with legal and statutory obligation. We need to use your Personal Data

to comply with legal and regulatory obligations.

- Maintaining vital interests. We collect and process your Personal Data to protect the

vital interests of you or another person.

- Achieving public interest. We collect and process your Personal Data to achieve public

interest objectives. For example, to prevent fraud, to ensure public health and safety, or

to support national security.

- Legal claims. We collect and process your Personal Data to defend, prosecute or make a

claim against you, us or a third party.

Generally, where we are processing your Personal Data in a recruitment context, we

process your Personal Data on the basis that it is necessary to do so in connection with

your individual contracts of employment relationship and where our legal duties as an

employer necessitate it.

How do we store your Personal Data?

Your Personal Data is stored securely either at the headquarters/or at a cloud computing

service provider in the United Arab Emirates. We also retain your Personal Data only for

as long as necessary to fulfil the purposes for which it was collected, unless we

specifically agree a longer retention period with you, or a longer retention period is

required to comply with our legal or regulatory accounting or reporting requirements, as

permitted by applicable law or to assert or defend against legal claims. When the

applicable retention period expires, we will securely delete, de-identify, or irreversibly

anonymise the Personal Data.

How do we protect your Personal Data?

We have implemented generally accepted standards of technology and operational

security including standards required under applicable laws and regulations, in order to

protect Personal Data against accidental, unauthorised or unlawful access, use,

processing, alteration, disclosure, transfer, erasure, loss of the Personal Data. Our

personnel follow a security policy. Only authorized persons are provided access to

Personal Data and such persons are obliged to ensure confidentiality.

Although we use appropriate security measures once we have received your Personal

Data, the transmission of data over the Internet (including by e-mail) is never completely

secure. We endeavor to protect Personal Data, but we cannot guarantee the security of

data transmitted to or by us. We will be responsible for any failure of our physical

systems, technology or management error that result in any unauthorized disclosure or

compromise of your Personal Data.

Where a Personal Data security incident arises, we shall respond to the incident, assess

the likely impact of the incident, and take necessary actions to bring the incident under

control. We will let you know in accordance with applicable laws and regulations if a

breach occurs that may have compromised the privacy or security of your Personal Data.

In the event of a Personal Data breach likely to prejudice privacy or confidentiality, we

will notify the UAE Data Office and affected individuals within the period and in the

manner set by the PDPL and related regulations, including a description of the breach,

likely effects and corrective measures.

We will assess the Personal Data security impact regularly to comply with basic

principles for Personal Data security under applicable law and when new requirements

are effective and legally binding and take appropriate actions to protect Personal Data.

Your Rights Regarding Processing of Your Personal Data

Under applicable data protection laws, you have the following rights, which primarily

depend on the purpose of Personal Data collection and processing:

- Right to Be Informed: You are entitled to be informed how we collect your Personal

Data, legal basis for collection and processing, how such data is processed, stored,

destroyed, and to whom it will be disclosed. You can access all details through the

- Right to Request Access to Your Personal Data: You are entitled to request

access to your Personal Data held by the Controller in a readable and clear format if

technically feasible through below contacting channel.

- Right to Request Correction of Your Personal Data: You are entitled to request

correction of your Personal Data that you believe is inaccurate, incorrect or incomplete.

In addition, you will be notified through below contacting channel.

- Right to Request Destruction of Your Personal Data: You are entitled to

request destruction of your Personal Data in certain circumstances through below

contacting channel.

- Right to Request Transfer of Your Personal Data: You are entitled to request

the transfer of your Personal Data to another controller through MEPIPO@ANTA.COM

in a structured, commonly used, and machine-readable format, where technically

feasible.

- Right to Withdraw Your Consent for Processing Your Personal Data: You

are entitled to withdraw your consent for processing your Personal Data at any time

unless there are legal bases that require otherwise.

- Right to Restrict Processing of Your Personal Data: You have the right to

request us to restrict or halt the processing of your Personal Data through

MEPIPO@ANTA.COM. This right may be exercised, for example, where: (a) You object

to the accuracy of the Personal Data; we will restrict processing for a specific period

to allow us to verify its accuracy; (b) You object that the processing violates the

notified/agreed purposes of processing; or (c) The processing is carried out in violation

of the PDPL or other applicable laws.

- Right to Object to Automated Decision: You have the right to object to the

decisions about you that are based solely on automated processing (including profiling)

and that produce legal or similarly significant effects. You may request human review,

express your point of view, and contest the decision by contacting MEPIPO@ANTA.COM.

Unless otherwise stipulated by the law, you will not be required to pay any fees in return

for exercising this right. In case of submitting a request for exercising this right, you will

receive a response within the time frame under applicable laws and regulations as of the

request receiving date.

Your exercise of these rights is subject to certain exemptions to safeguard public interest

(e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of

legal privilege). If you exercise any of these rights, we will check your entitlement and

respond in most cases within the time frame under applicable laws and regulations.

Under certain circumstances permitted by applicable laws and regulations, we may

refuse to accede to your requests above. Under certain circumstances permitted by

applicable laws and regulations, we may refuse to accede to your requests above. For

example, when your requests unreasonably violate the personal privacy of others, are

repetitive, or lack a factual basis, we reserve the right to reject them. In such

circumstances, we will notify you of the reasons for refusing to accede to your requests.

For security purposes, you may be required to provide written requests or prove your

identification in other ways. We will respond to your request within the time frame

under applicable laws and regulations. We may charge a fee for your request to access

your Personal Data, if permitted by applicable laws and regulations.

For further details regarding the processing of your Personal Data and how to exercise

your rights, you can contact the Personal Data Protection Officer at

MEPIPO@ANTA.COM. When requested, and provided that it is practical and

commercially feasible to comply with the request, we will reply to your request within the

time frame under applicable laws and regulations.

Complaint or Objection Filing Method

If you believe that your data protection rights may have been breached, you may submit

a complaint with the relevant data protection authority in your country or region.

If you are in the UAE and believe your data-protection rights have been breached, you

may lodge a complaint with the UAE Data Office pursuant to Article 24 of Federal Decree

Law no.45 of 2021 on the Protection of Personal Data. You may also first contact us by

MEPIPO@ANTA.COM, and we will help explain the process and provide the latest filing

route.

For the competent authority and filing steps in your country/region, please email

MEPIPO@ANTA.COM and we will share the relevant contact details and guidance.