Privacy Policy

Transparency refresh May 2026 · refer to changelog footers on commercial emails when live

ukcasinosonline.org publishes affiliate editorial content aimed at GB adults contemplating licensed remote casino products. This policy explains processors we rely on today; partner pixels may augment this list whenever we onboard new attribution vendors—inspect version stamps before delegating supervisory complaints.

Cookies, tags & consent

Essential cookies underpin secure sessions, CDN routing, perimeter bot scoring, CSP nonce pinning, infrastructure tracing, transactional integrity fingerprints, resilience replay caches, editorial feature flags referencing consent artefacts, and failover routing. Affiliate measurement cookies may store pseudonymous click lineage after you affirm marketing categories on the banner.

Google Consent Mode v2 defaults initialise denying marketing analytics until affirmative storage in the cookie_consent envelope or downstream synchronisation—refer to instrumentation toggles surfaced in CMP audits. Revocation resets partner tags asynchronously; instantaneous deletion across every edge node is aspirational—not guaranteed within seconds globally.

Categories of personal data

Identity · contact artefacts: Email pseudonyms and topic metadata when voluntarily submitted via “Contact” forms after server-side validation ships; until then confirmations remain illustrative only inside your browser sandbox.
Technical telemetry: IP-derived coarse geolocation snapshots, referrer headers truncated for retention dashboards, hashed user-agent fingerprints, TLS cipher suites signalling downgrade attacks, anomaly heuristics.
Usage metrics: Scroll depth aggregates, carousel dwell signals, abandonment funnels reconstructed by privacy-safe bucketing—not raw keystroke captures—unless narrowly scoped experimentation discloses overlays.

Purposes & legal bases

Contractual necessity powering infrastructure SLAs underpinning uptime commitments with hosting partners—not player wagering contracts referencing GC licences administered elsewhere.
Legitimate interests in fraud remediation, spoofing interception, referrer hygiene, network forensics—with balancing tests documented internally for supervisory inspection.
Consent-gated profiling when marketing pixels hydrate after CMP acceptance—withdraw anytime without prejudicing transactional necessity cookies.

Retention & erasure choreography

Server logs truncate after rolling windows dictated by infra policies (often ninety days nominal but extended when incident response demands hold notices). Pseudonymous analytics blobs may linger longer inside privacy sandbox vendors—purge requests propagate subject to SLA guarantees published downstream.

Your rights · UK GDPR schedule

You may pursue access rectification portability restriction objection erasure and complaint lodging with supervisory authorities—we respond within statutory windows except where exemptions shield journalistic endeavours.

Operational requests unrelated to licensees should begin at Contact referencing ticket IDs when escalations chain across processors.

Children & excluded audiences

This site refuses deliberate interaction with minors; telemetry filters flag behavioural signatures inconsistent with adult browsing—false positives routed to humans before enforcement.