Privacy Policy

This privacy policy explains how Casino Outside GamStop collects, uses, stores and shares personal data when you visit this site, contact the editorial team or interact with embedded third-party content. It is written in plain English and applies the UK GDPR and the Data Protection Act 2018.

Table of Contents

Who controls your data
Key terms used in this policy
What we collect and why
Legal bases for processing
How long we keep data
Who we share data with
Your rights as a data subject
Children
Changes to this policy

Who controls your data

The data controller for this site is:

If a data protection officer is appointed in the future, contact details will be added to this section. For company registration and editorial responsibility, see the imprint.

Key terms used in this policy

What we collect and why

Casino Outside GamStop is an information resource. It does not host user accounts, does not run games and does not take payments. The data we collect is therefore limited.

Server log data. When you load any page on this site, our hosting infrastructure records standard server-log information: the IP address that made the request, the requested URL, the response code, the user-agent string, the referring URL and the timestamp. This data is held in rotating logs and is used to operate the site, detect abuse and produce aggregated traffic figures. Logs are pruned on a rolling basis (typically 14 to 30 days) and are not used to build a profile of individual readers.

Contact form submissions. If you use the form on the contact page, the data you submit (your name, your email address, the subject line and the body of your message) is transmitted to the editorial inbox so that we can answer you. We do not pass this data to any third party other than the email-hosting provider that delivers the message.

Cookies and similar technologies. See the dedicated cookies policy for the full breakdown of cookie categories, names and retention periods. In short, the site sets a small number of strictly necessary cookies; any analytics or marketing cookies are only set after you give consent through the cookie banner.

Embedded third-party content. The site may embed content from third parties (for example, a video, a chart or a regulator’s web component). Loading such content can transmit your IP address and basic browser information to that third party. We try to keep embedded content to a minimum and to identify the provider clearly where it is used.

Legal bases for processing

Under Article 6 of the UK GDPR, the legal bases we rely on are:

Legitimate interests (Article 6(1)(f)): for server-log data and for strictly necessary cookies that keep the site secure and functional. Our legitimate interest is operating, securing and improving the site.
Consent (Article 6(1)(a)): for any analytics, performance or marketing cookies, for any embedded third-party content that sets cookies, and for any optional newsletter sign-up. Consent is requested through the cookie banner and can be withdrawn at any time via the cookie-preferences link in the footer.
Performance of a contract or pre-contractual steps (Article 6(1)(b)): where you contact us via the contact form, we process the data you provide in order to respond.
Legal obligation (Article 6(1)(c)): if a competent UK authority (for example, the Information Commissioner’s Office, a court or a law enforcement body) issues a lawful request, we may have to process and disclose data on that basis.

How long we keep data

We hold personal data for the minimum period necessary for the purpose for which it was collected.

Server logs: typically 14 to 30 days, then deleted or anonymised.
Contact form correspondence: up to 24 months after the last meaningful interaction, then deleted, unless a longer period is required by law (for example, to defend a legal claim).
Cookie identifiers: see the retention period listed for each cookie in the cookies policy. None of the cookies on this site are designed to identify you across sessions for longer than necessary for the stated purpose.
Aggregated analytics figures: anonymised statistics with no link to an individual reader can be retained indefinitely as they are not personal data.

We do not sell personal data. We do not share personal data with advertisers, casino operators or affiliate networks. The categories of recipient we use are limited and listed below.

Hosting and infrastructure providers located in the United Kingdom or the European Economic Area, who process server-log data on our instructions.
Email and form-delivery providers who carry contact-form submissions to the editorial inbox.
Analytics providers if and where you have given consent, configured to use IP anonymisation and aggregated reporting.
Professional advisers (legal, accounting, audit) under appropriate confidentiality obligations, where strictly necessary.
Competent UK authorities where required by a lawful request.

If any processor is located outside the United Kingdom, we rely on a valid transfer mechanism under the UK GDPR (UK adequacy regulations, the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses), supported by appropriate supplementary measures where needed.

Your rights as a data subject

Under the UK GDPR you have the following rights in relation to your personal data:

Right of access: you can ask us to confirm what personal data we hold about you and to provide a copy.
Right to rectification: you can ask us to correct inaccurate or incomplete data.
Right to erasure: you can ask us to delete your personal data, subject to limited exceptions (for example, a legal obligation to keep records).
Right to restriction of processing: you can ask us to limit how we use your data while a query is resolved.
Right to data portability: for data you have provided to us and which we process by automated means under consent or contract, you can ask for it in a structured, commonly used and machine-readable format.
Right to object: you can object to processing based on legitimate interests; we will stop unless we can show a compelling reason to continue or need the data to establish or defend a legal claim.
Right to withdraw consent: at any time, with no effect on the lawfulness of processing done before withdrawal.
Right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. We would always ask you to contact us first so we can try to resolve the issue.

To exercise any of these rights, write to privacy@[Placeholder: domain]. We will respond within one calendar month. We may ask for proof of identity to make sure we do not disclose your data to someone else.

Children

This site is intended for adults aged 18 or over. We do not knowingly collect personal data from children. If you believe a child has submitted personal data through this site, please contact us at privacy@[Placeholder: domain] and we will delete it.

Changes to this policy

This policy is reviewed at least annually and whenever a material change happens (for example, a new processor, a new cookie or a regulatory development). The last-reviewed date at the top of the page reflects the most recent update. Substantive changes are summarised in a short change log at the foot of this section.

Change log: Initial publication.