How we handle personal information at Spinfinderuk

1. Scope of this policy

This Privacy Policy explains how Spinfinderuk processes personal data when you browse our editorial pages, contact our team, or interact with site features such as age confirmation and cookie preferences. We operate as an independent comparison publisher for UK-licensed gambling services. We are not a gambling operator and we do not provide betting accounts. Even so, we treat visitor privacy as a core responsibility and apply a structured approach to data protection.

The policy applies to information processed through spinfinderuk.co.uk, email correspondence linked to this domain, and limited technical data handled by providers that support hosting, analytics, and security. It does not govern third-party casino websites that may be linked from our pages. When you leave our domain, the privacy policies of those operators apply and should be reviewed separately.

2. Data we collect

We collect a small set of data categories. First, technical information such as IP address, browser family, referring page, session timing, and basic device attributes is recorded through server logs and analytics scripts. Second, interaction information is captured, including page views, scroll depth, clicked sections, and aggregate navigation patterns. Third, communication data is processed when you write to us by email, including the details you choose to provide.

We also store local preference values in your browser for age confirmation and cookie consent. These values are kept in localStorage under the keys `Spinfinderuk_age` and `Spinfinderuk_cookies`. They are used to reduce repeated prompts and do not include sensitive profile information.

3. How we use personal data

Data is used to operate, secure, and improve the website. Technical logs help identify abuse, failed requests, and suspicious automation. Interaction data helps us evaluate which guides are useful and which pages need clearer structure. Communication data is used to answer your request, maintain records of correspondence, and follow legal obligations linked to consumer communication.

We do not sell personal data. We do not build speculative marketing profiles tied to gambling behaviour. We focus on editorial analytics needed for product quality, fraud prevention, and compliance with legal duties.

4. Lawful basis under UK GDPR and EU GDPR

Our processing relies on several lawful bases. Legitimate interests apply to site security, service performance, aggregate analytics, and editorial planning, provided those interests do not override your fundamental rights. Consent applies where required, for example when non-essential analytics tools are enabled through a user choice. Contractual necessity may apply when you contact us and request a direct response. Legal obligation applies where retention or disclosure is required by law or regulatory request.

When we use legitimate interests, we run balancing checks that consider necessity, proportionality, and expected user impact. Where consent is needed, you can withdraw it by changing browser settings or contacting us directly.

5. Cookies and related technologies

Cookie and local storage technologies support session continuity and preference handling. Essential functions include remembering age verification state and basic consent choices. Optional analytics tools may set identifiers that help us measure article usage patterns. Detailed categories, examples, and control options are described in our dedicated Cookie Policy.

You can manage storage through browser controls, delete existing values, or configure stronger tracking prevention. Deleting preferences may cause repeated banners or popups until choices are set again.

6. Sharing data with third parties

We share data only where necessary with service providers that assist with hosting, uptime monitoring, analytics, email delivery, and security filtering. These providers are required to process data on documented instructions and maintain suitable safeguards. We may also share limited information with legal advisers, auditors, or public authorities when required to comply with law, prevent fraud, or enforce rights.

Affiliate partners receive referral context when you choose to click outbound links. They do not receive your private correspondence with us through that mechanism. Any account data you submit on an operator site is controlled by that operator under its own policy.

7. International transfers

Some providers process data outside the UK. Where transfers occur, we use recognised safeguards such as adequacy regulations, International Data Transfer Agreements, or Standard Contractual Clauses with supplementary measures where needed. Transfer mapping is reviewed during vendor onboarding and at regular intervals so controls remain aligned with legal developments.

If you would like summary information about the transfer mechanisms relevant to your interaction with our services, contact us at the email address below and we will provide an appropriate response.

8. Data retention periods

Retention depends on purpose. Server logs are usually retained for a short operational window unless needed for security investigation. Analytics data is kept in aggregated form where possible and reviewed regularly for minimisation. Email enquiries are retained for as long as needed to complete the conversation and meet legal recordkeeping needs. Where records are no longer required, they are deleted or anonymised.

We do not retain personal data indefinitely by default. Scheduled review points are part of our governance process.

9. Data security

We use layered security controls that include encrypted connections, access restrictions, least-privilege practices, supplier due diligence, and incident response procedures. Administrative access is limited to authorised personnel with role-based permissions. We monitor for unusual activity and maintain internal workflows for investigating potential breaches.

No system is risk free, but we continuously improve controls based on threat trends and operational review. If a reportable incident occurs, we will follow applicable notification rules and coordinate with competent authorities where required.

10. Your rights

Subject to legal conditions, you may request access to personal data, correction of inaccurate information, deletion, restriction of processing, objection to processing based on legitimate interests, and data portability where applicable. You may also withdraw consent for consent-based processing. Requests are handled through identity-aware procedures designed to protect both user rights and data security.

If you are not satisfied with our response, you may contact the UK Information Commissioner’s Office. We encourage contacting us first so we can try to resolve concerns quickly and clearly.

11. Children and age policy

Spinfinderuk is intended for adults aged 18 and over. We do not knowingly direct content to children and we do not intentionally collect personal data from anyone under 18. If we learn that underage data has been submitted, we will remove it as soon as reasonably practicable, unless retention is required by law for safeguarding or evidential reasons.

12. Policy updates and contact details

We may revise this policy to reflect legal changes, technology updates, or editorial workflow adjustments. Material changes will be published on this page with a fresh effective date. Please review this page periodically if you want the latest version.

Privacy contact: privacy@spinfinderuk.co.uk. General contact: info@spinfinderuk.co.uk.