Privacy Policy

Summary: This Privacy Policy explains in detail how The Cornea Impression (the “Website”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data in connection with its content and services across the verticals Aviation, Cars, Watches, Bikes, Lifestyle and Technology. This Policy applies to visitors, registered users, subscribers, customers and contributors in the United Arab Emirates and elsewhere. By using the Website, you accept the practices described below.

1. Controller, scope and contact
   • Data controller: The Cornea Impression. Our contact and Data Protection Contact (DPC) details are published on the Website under the ‘Contact’ or ‘Privacy’ pages.
   • Scope: This Policy covers personal data collected through the Website, mobile interfaces, newsletters, comment systems, competitions, events, customer support, surveys and transaction flows. It does not apply to third-party websites that we link to; those sites are governed by their own policies.
   • Data Protection Officer / Contact: We maintain a DPC or responsible privacy contact. For privacy requests, data subject rights, data breach notifications or other enquiries, use the published DPC contact details.
     
     
2. Categories of personal data collected and examples
   • Identity and account information: name; username; date of birth if supplied; profile photo; account identifiers.
   • Contact information: email address; postal address; telephone/mobile number.
   • Authentication and security data: hashed passwords; two-factor authentication tokens; security questions (where used).
   • Payment and billing data: payment card tokens; billing address; transaction identifiers; invoices (third-party processors process payments; we do not store full card PAN numbers).
   • Technical and device data: IP address; device identifiers; browser and operating system; screen resolution; device model; user agent string.
   • Usage and behavioural data: pages visited; session duration; clickstream; search queries; engagement with content and ads; feature usage.
   • Communications data: messages to customer support; email correspondence; newsletter subscription status; contest or survey responses.
   • User content and uploads: comments, reviews, forum posts, uploaded photos or videos, and any metadata you include.
   • Marketing and preference data: interests, segments, marketing consent and delivery preferences.
   • Location data: coarse location inferred from IP address or self-reported location details.
   • Logs and security data: error logs; security events and fraud prevention telemetry.
   • Special categories: we do not routinely collect special category data (sensitive personal data). If you voluntarily supply such data (for example, in a profile or submission), you consent to its processing for the stated purpose, and we will handle it in accordance with this Policy and applicable law.
     
     
3. Legal bases for processing (UAE context)
   We process personal data only where we have a lawful basis to do so. The lawful bases we rely on include:
   • Performance of a contract: to provide accounts, subscriptions, premium services, deliver purchases, process payments, and fulfil orders.
   • Consent: where we ask for and obtain explicit consent (for example, newsletter marketing, profiling for advertising, optional cookies and specific promotions). You can withdraw consent at any time for future processing.
   • Legitimate interests: to operate, secure and improve the Website, prevent fraud, detect abuse, personalise content and services, aggregate analytics, and communicate service updates, provided your rights do not override those interests.
   • Legal obligation: to comply with statutory or regulatory obligations, court orders and law enforcement requests in the UAE or other jurisdictions.
   • Vital interests: where required to protect the vital interests of an individual or the public.
     
     Where required by applicable UAE law, we will identify and record the legal basis for specific processing activities at the time of collection.
     
     
4. How we collect personal data
   • Directly from you: when you register an account, subscribe to newsletters, comment, upload content, enter competitions, purchase paid services, or contact support.
   • Automatically: via cookies, web beacons, server logs, analytics and similar technologies when you access the Website.
   • From third parties: from social networks (when you sign in via social login), advertisers, analytics providers, public sources, data enrichment suppliers or business partners (for example, co-sponsored promotions).
   • From service providers: payment processors, email delivery platforms, hosting providers and CDNs who supply processed or aggregated data to enable the service.
     
     
5. Cookies, trackers and similar technologies
   • Categories and purpose:
     • Essential cookies: required for site operation, authentication and security.
     • Performance and analytics cookies: measure and improve site performance and user experience.
     • Functionality cookies: remember preferences and personalise features.
     • Advertising and targeting cookies: support ad delivery, frequency capping and measurement; enable behavioural profiling where consented.
   • Management and choices: on the first visit, we present a cookie notice and settings control (where provided). You may accept, decline or customise non-essential cookies. You can also use your browser settings to block or delete cookies; blocking some cookies may reduce or degrade the Website’s functionality.
   • Third-party trackers: we use third-party analytics, social plugins and advertising platforms that may set their own cookies; these third parties’ use of cookies is governed by their policies.
     
     
6. Purposes of processing and specific uses
   We process data for the following core purposes:
   • Provide and manage services and user accounts: registration, authentication, profile management, subscription management and customer support.
   • Deliver transactions and payments: process orders, billings, refunds, invoices, and communicate transactional updates. Authorised third-party processors perform payment processing.
   • Operate, secure and improve the Website: system administration, troubleshooting, performance monitoring, load balancing, backups and upgrades; detecting and preventing fraud, abuse and security incidents.
   • Personalisation and content delivery: recommend articles, tailor feeds, personalise newsletters and show relevant content or offers based on interests and behaviour.
   • Marketing and communications: send newsletters, promotional emails, alerts, push notifications and personalised offers where consented or otherwise permitted.
   • Advertising and measurement: enable ad targeting, retargeting, conversion measurement and campaign analytics in accordance with your consent settings.
   • User contributions and community features: moderate, publish and manage comments, reviews, images and other UGC; enforce community standards.
   • Legal compliance and safety: respond to legal requests, defend legal claims, exercise or defend legal rights and comply with regulatory obligations.
   • Analytics and research: aggregate and anonymise usage data for product analytics, market research and business intelligence.
     
     
7. Recipients, processors and third-party disclosures
   • Service providers and processors: we share personal data with vendors who provide hosting, cloud storage, analytics, email delivery, CRM, advertising, content delivery networks (CDNs), payment processing, identity verification and other services. These providers process data on our instructions under contract, with appropriate safeguards in place.
   • Commercial partners and sponsors: limited data may be shared with partners when you enter co-branded promotions, events or subscriptions; we will disclose the sharing at the point of collection.
   • Advertising and analytics partners: advertising platforms, networks and measurement providers receive data for ad delivery and analytics in accordance with your consent.
   • Legal and safety disclosures: we may disclose data to law enforcement, regulators or courts where required by law or to protect rights, property or safety.
   • Business transfers: In connection with a merger, sale, asset transfer, financing, or bankruptcy, personal data may be transferred; we will notify affected users if required.
   • Public or anonymised data: we may publish aggregated, de-identified or anonymised data that does not reasonably identify individuals.
     
     We require contractual, technical, and organisational safeguards with all processors; copies of our standard terms for data processing are available upon request.
     
     
8. International transfers and safeguards
   • Cross-border processing: personal data may be stored, hosted or processed in the UAE and in other jurisdictions where our service providers operate. Cross-border transfers will be subject to appropriate safeguards such as standard contractual clauses, explicit consent, binding corporate rules, or other lawful transfer mechanisms required under applicable law.
   • Risk assessment: we assess transfer risks and adopt measures (encryption, access controls, contractual commitments) to protect data in transit and at rest.
     
     
9. Data retention and deletion
   • Retention principles: we retain personal data only for as long as necessary for the purposes set out in this Policy, to comply with legal obligations, to maintain records for dispute resolution, tax and accounting, and to enforce our agreements.
   • Typical retention periods (indicative):
     • Account and profile data: retained while the account is active and for up to 2 years after deactivation for legitimate business needs and fraud prevention.
     • Transaction and billing records: retained for at least 5 years or longer where required by law for tax and auditing.
     • Cookies and analytics data: retention varies by provider; aggregated data retained indefinitely in anonymised form.
     • Comments and public posts: retained until you remove them or we remove them for policy reasons; backups may persist longer.
     • Support and correspondence records: retained for up to 3 years for customer service and quality assurance unless law requires otherwise.
   • Deletion and anonymisation: on request, we will delete or de-identify personal data where retention is no longer necessary and there are no overriding legal grounds to retain it. Some data may be retained in backup archives for a limited period of time.
     
     
10. Data subject rights and how to exercise them
    You may exercise the following rights in relation to your personal data, subject to verification and applicable law:
    • Access: request confirmation if we process your data and obtain a copy of the personal data we hold.
    • Correction: request rectification of inaccurate or incomplete personal data.
    • Deletion: request erasure of personal data where processing is no longer necessary, subject to legal exceptions.
    • Restriction: request limitation of processing while a dispute or verification is ongoing.
    • Objection: object to processing based on our legitimate interests, including profiling for direct marketing.
    • Portability: request a machine-readable copy of the data you have provided for transfer to another controller where technically feasible.
    • Withdraw consent: withdraw consent to processing that was based on consent (this will not affect lawfulness of prior processing).
    • Complain: complain with the UAE supervisory authority or other relevant regulator (contact details published on the Website).
      
      To exercise your rights, use the account settings provided, follow the published request form on the Website, or send a request to the DPC contact. We will verify identity before fulfilling requests to protect privacy and security. We will respond within a reasonable timeframe, in accordance with applicable UAE law.
      
      
11. Automated decision‑making and profiling
    • Profiling: we may use automated means to build interest profiles for personalising content, recommendations and advertising. These processes do not produce legal effects and do not make automated decisions that significantly affect individuals without human review.
    • Rights and choices: where profiling materially affects you and profiling is based on consent or legitimate interest, you can request human intervention, express your point of view and contest the processing.
      
      
12. Security measures
    • Technical safeguards: encryption in transit (TLS) and, where appropriate, at rest, access controls, firewalls, intrusion detection, secure configuration and regular vulnerability testing.
    • Organisational safeguards: role-based access, employee training, confidentiality obligations, incident response plans and contractual data protection terms with processors.
    • Limitations: While we take commercially reasonable measures to protect data, no system can be entirely secure; residual risk remains.
      
      
13. Data breach response and notifications
    • Breach handling: We maintain an incident response plan. Upon discovery of a personal data breach, we will contain and remediate the incident, assess the risk to affected individuals, and take steps to mitigate harm.
    • Notification: we will notify affected individuals and competent authorities where required by applicable UAE law and as appropriate, without undue delay and in accordance with legal obligations.
      
      
14. Minors and parental responsibility
    • Age policy: the Website is not directed to children under the age required by local law to consent to data processing. If you are under the applicable legal age, you may use the Website only with the consent of a parent or guardian.
    • Parental requests: if we learn we have collected data from a child without valid consent, we will take steps to delete that data. Parents or guardians may contact us to request the deletion of their child’s information.
      
      
15. Third-party services, embedded content and social login
    • Third-party widgets and embeds: pages may include embedded content (social plugins, videos, maps) that is served by third parties and may capture data directly. Their own policies govern their use of data.
    • Social login: if you sign in using a third-party account (e.g., social network), we receive identity and profile information from that provider; you should consult the provider’s privacy settings and policy.
      
      
16. Marketing and promotional communications
    • Consent and lawful sending: we will only send promotional emails, newsletters or personalised messages where you have consented or where permitted by law and our legitimate interests.
    • Opt‑out: every marketing email includes an unsubscribe link. You can also change preferences in your account or contact our DPC. Opting out of marketing will not prevent transactional or service messages necessary to operate your account.
      
      
17. International use and cross-border visitors
    • Visitors outside the UAE: if you access the Website from outside the UAE, your data may be transferred and processed outside your country. By using the Website, you consent to such transfer subject to the safeguards described in this Policy. Local laws may give you additional rights.
      
      
18. Recordkeeping, audits and compliance
    • Records: we maintain internal records of processing activities and data protection measures.
    • Audits: We conduct periodic audits of processors and implement corrective actions where required.
    • Legal compliance: We monitor applicable UAE data protection laws and industry guidance and update practices accordingly.
      
      
19. Changes to this Privacy Policy
    • Variation: we may amend this Policy to reflect operational, legal or regulatory changes. Material changes will be communicated via the Website, email or other reasonable means before taking effect. Continued use of the Website after notification constitutes acceptance of the updated Policy. The Effective Date at the top of this Policy will be updated on every substantive change.
      
      
20. Contact, complaints and supervisory authority
    • Contact us: for privacy enquiries, to exercise your rights, to request copies or corrections, or to report concerns, use the DPC contact details published on The Cornea Impression.
    • Complaints to authority: you may complain to the UAE supervisory authority or other competent data protection regulator if you consider your rights have been infringed.