Privacy Policy

1) Data We Collect

a) Data you provide

• Contact details (e.g., name, email address) when you subscribe, submit a form, comment, or contact us.
• Content you submit (comments, inquiries, feedback, messages).
• Subscription preferences (such as newsletter topics or opt-in choices, where applicable).

b) Data collected automatically

• Log and usage data (IP address, browser type, device identifiers, operating system, pages viewed, timestamps, and referrer URL).
• Approximate location based on IP address (city/country level).
• Cookie and tracking data collected through cookies, pixels, tags, local storage, and similar technologies (see Section 4).
• Performance and error data (such as crash reports or diagnostics) to help keep the Site stable and secure.

c) Data from third parties

• Analytics providers (e.g., aggregated traffic metrics and measurement data).
• Advertising partners (ad impressions, clicks, and conversion signals, if advertising is enabled).
• Affiliate networks (conversion events tied to outbound links; see Section 6).
• Embedded content providers (such as YouTube), which may collect data through embedded players or widgets if you interact with them.

Important: We do not intentionally collect sensitive personal data (such as health, religion, or precise location). Please do not submit sensitive information through the Site.

2) How We Use Data

• Provide, maintain, and improve the Site and its content about banks and financial services.
• Personalize content and remember preferences (such as language or region).
• Measure traffic, understand usage patterns, and improve user experience.
• Respond to messages, inquiries, and support requests.
• Send newsletters or updates if you subscribe, and you can unsubscribe at any time.
• Monitor performance, debug issues, and maintain the security of the Site.
• Prevent, detect, and respond to fraud, abuse, security incidents, and policy violations.
• Comply with legal obligations and enforce our terms and policies.

We do not provide financial, legal, or investment advice. The Site is for informational purposes only.

3) Legal Bases (EEA/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process personal data under one or more of the following lawful bases:

• Consent (e.g., newsletters, non-essential cookies, marketing technologies).
• Legitimate interests (e.g., website security, service improvement, fraud prevention), where those interests are not overridden by your rights.
• Contract (e.g., where you request a service or we need to respond to you in connection with a relationship).
• Legal obligation (e.g., compliance with applicable laws and lawful requests).

4) Cookies & Similar Technologies

We use cookies, pixels, tags, and local storage to operate the Site, remember preferences, measure performance, and (where enabled) deliver and measure advertising.

• Strictly necessary: core functionality, security, consent storage, and basic site operations.
• Functional: preferences such as language and region.
• Analytics: traffic and performance measurement (including Google Analytics).
• Advertising (if enabled): ad measurement, remarketing, and delivery of relevant ads (including Google Ads).

You can manage cookies via your browser settings and, where required by law, via our cookie consent banner or preferences tool.
For more details, please see our Cookies Policy.

5) When We Share Data

We may share personal data in the following situations:

• Service providers: companies that help us operate the Site (e.g., hosting, analytics, email delivery, security, content delivery networks).
• Advertising and affiliate partners (if enabled): to measure performance, attribute conversions, and provide relevant advertising.
• Legal reasons: to comply with law, respond to lawful requests, or protect the rights, safety, and security of our users, the public, and our business.
• Business transfers: if we are involved in a merger, acquisition, financing, reorganization, or sale of some or all assets (with notice where required).
• Aggregated or de-identified information: we may share statistics and insights that do not identify individuals.

We do not rent your email address to third parties for their own direct marketing.

6) Advertising & Affiliates

Some pages on the Site may include links to banks, financial services, or related providers. We may participate in affiliate programs.
If you click an affiliate link and take an action (for example, submitting an application or opening an account), we may earn a commission at no extra cost to you.

Advertising partners and affiliate networks may use cookies or similar technologies to:

• measure clicks and conversions,
• prevent fraud and duplicate attribution,
• deliver or limit advertising, and
• build audiences for remarketing (where enabled).

Where interest-based advertising is enabled, you may be able to opt out through your device settings, browser controls, or region-specific tools such as
AboutAds (availability varies by region).

We do not control third-party advertising networks’ technologies or policies. Please review their privacy policies for more information.

7) Data Retention

We keep personal data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Typical retention periods may include:

• Server logs and analytics: typically 12–24 months (then aggregated or deleted).
• Contact records: for the duration of the inquiry and up to 24 months for audit, security, and continuity.
• Newsletter data: until you unsubscribe or request deletion.

8) Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data from unauthorized access, disclosure, alteration, or destruction.
However, no online system is 100% secure, and we cannot guarantee absolute security.

9) International Transfers

Our service providers may process data in countries outside your own, including outside the EEA/UK.
Where required, we rely on appropriate safeguards for international transfers (such as Standard Contractual Clauses or other lawful mechanisms) and take steps to protect personal data.

10) Your Rights

EEA/UK

If you are in the EEA/UK, you may have the right to request access, correction, deletion, restriction, or objection to processing, and the right to data portability.
Where processing is based on consent, you may withdraw your consent at any time.

California (CCPA/CPRA)

If you are a California resident, you may have the right to request to know, access, correct, and delete personal information, and to opt out of “sale” or “sharing”
for cross-context behavioral advertising.
We do not knowingly sell personal information of consumers under 16.

Other Regions

Depending on where you live, you may have additional privacy rights under local law. We will respond to valid requests as required by applicable regulations.

To exercise your rights, contact us using the details in Section 14. We may need to verify your identity before processing certain requests.

11) Do Not Track

Your browser may send a Do Not Track (“DNT”) signal. The Site does not currently respond to DNT signals.
However, we respect region-specific consent requirements where applicable (for example, cookie consent rules in the EEA/UK).

12) Children’s Privacy

The Site is not directed to children under 13 (or the relevant age of digital consent in your country).
We do not knowingly collect personal data from children.
If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.

13) Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in technology, regulation, or our practices.
The “Last updated” date will reflect the latest changes.
If changes are material, we may provide additional notice on the Site where required.

14) Contact Us

Data Controller: on-dubai.com
Email: support@on-dubai.com

If you are in the EEA/UK and are not satisfied with our response, you may lodge a complaint with your local data protection authority.