Privacy Policy
What follows is a plain-language readout of how personal information moves through Pub Casino — what gets collected, why it gets collected, where it sits, who sees it, and which rights you can exercise under UK privacy law to control any of it. For the underlying technical detail — cookies, analytics signals, anything stored client-side — see the matching Cookie Policy page; this one keeps the legalese light.
Pub Casino runs as an independent informational platform; the wider context is laid out on the About page. This privacy policy applies only to the Pub Casino website. Once a reader clicks through to an operator's site, that operator's privacy policy takes over; Pub Casino does not share data with operators beyond the limited form described below.
1. What Pub Casino is
Pub Casino publishes reviews and guides covering online casinos available to UK players. The flagship operator review lives at the Pub Casino homepage. The site does not host games, manage player accounts, accept deposits, hold funds or process withdrawals. There is no signup. There is no login. A standard visit involves no data exchange beyond ordinary web traffic. Where Pub Casino does collect personal data — for example, when you write to us through the contact channels — this page details exactly what happens to it.
2. UK privacy law context
Personal information on Pub Casino is processed against the UK GDPR and the Data Protection Act 2018, plus the thirteen UK GDPR principles administered by the Information Commissioner's Office (ICO). Readers visiting from the EU still benefit from full GDPR protections; California-based readers get CCPA rights so far as those rights reach this site. Whenever two frameworks overlap, the tighter of the two takes precedence.
3. What data Pub Casino collects
Information falls into three buckets: traffic logs gathered automatically, contact details you choose to send us, and anonymised analytics signals.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance problems. | Legitimate interest under UK GDPR Article 6 legitimate interest. |
| Voluntary contact data | Name, email address, message content, supporting documents you choose to attach. Submitted only if you write to us. | Reply to your enquiry. | Consent under UK GDPR consent basis (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation enabled. | Understand which pages are useful and which are not. | Consent (you can decline analytics cookies on first visit). |
What Pub Casino never gathers: financial details (this domain processes no payments), gambling-account login data (no accounts live here), biometric markers, geolocation finer than country level (inferred from an anonymised IP), or anything in the special-category bucket — race, religion, health, sexual orientation, political views. There's no targeted advertising or remarketing layer either; how the site keeps the lights on is spelled out on the Affiliate Disclosure page.
4. Cookies and similar technologies
The cookies Pub Casino uses, the third-party services that set them, and how to control them are described in full on the Cookie Policy page. Short version: strictly needed cookies (page loading, consent banner state, abuse prevention) are always set; analytics and affiliate-tracking cookies are set only after consent through the cookie banner; you can change your selection whenever through the link in the footer.
5. Affiliate links and operator-side tracking
Clicking an outbound operator link on Pub Casino triggers three steps in sequence. Step one: a /go redirect on this domain records the click for our internal analytics, regardless of whether you complete the journey. Step two: your browser lands at the operator's site. Step three: the operator can drop its own cookies and book the visit as a referral. No personal identifiers — your name, your email address, or anything similar — leave Pub Casino on that journey. All the operator learns is that "the visitor came in via Pub Casino". Should you proceed to open an account on their platform, that account sits entirely under their privacy policy, not under this one.
6. How long data is retained
- IP addresses: the unaltered IP is held no longer than 24 hours, purely to block abuse, after which it gets truncated — final octet stripped for IPv4, final 80 bits stripped for IPv6. The truncated version then sits in traffic logs for as long as 14 months.
- Contact correspondence: incoming emails plus any attached files live in our archive for two years (audit trail and follow-up), after which they're wiped — unless the thread is still active at that point.
- Analytics events: per the GA4 retention setting we run, traffic signals are auto-purged after 14 months without manual action.
- Cookie consent record: your banner choice sits in your own browser for a year; once that period lapses, the banner pops up again for a fresh decision.
Where the law requires longer retention — for example, tax records under the HMRC record-keeping requirements for affiliate-related accounting — the relevant data is held only for the legally required window and not used for any other purpose.
7. Who Pub Casino shares data with
Outbound data flows fall into three tightly-controlled lanes. Service providers handle pieces of the technical stack on our behalf — hosting, the CDN, mail delivery — and each one is bound by a written data-processing agreement that locks their use of the data to delivering that specific service. Analytics providers (Google Analytics 4) see only IP-anonymised traffic figures, never anything that could pin down an individual. Law-enforcement and regulators get data only on the back of a valid legal demand, and only the slice that the demand actually covers. Selling, renting or otherwise trading personal data is something Pub Casino simply does not do, full stop.
8. Where data is stored
The technical stack behind Pub Casino sits on cloud platforms physically located in the UK and across the European Economic Area. One or two providers — Google Analytics 4 being the obvious example — handle their share of the data on US soil. Whenever data crosses the UK border, the receiving organisation has to operate under Standard Contractual Clauses, or under a comparable arrangement the ICO has signed off as giving protection at least equal to what UK law guarantees.
9. Your rights
The UK GDPR — and equivalent legislation in other regions — gives readers a defined set of entitlements over any personal data Pub Casino keeps on file.
- Access: ask for a readout of everything held on you and receive a copy back.
- Correction: flag anything inaccurate and have it amended.
- Deletion: ask for your data to be removed, except where the law obliges us to keep it.
- Withdrawal of consent: for anything that depends on your consent, you can pull it back at any point — anything already processed lawfully remains valid.
- Complaint: where you feel Pub Casino has slipped up on data handling, the formal route is the ICO at ico.org.uk. The usual UK approach is to come to us first so the issue can be fixed before it escalates.
Acting on any of the entitlements above starts with an email to the privacy inbox listed on our Contact page. A reply lands inside the 30-day window the UK GDPR sets for these requests.
10. Children's privacy
Everything published on Pub Casino is written squarely for adult readers in the UK. Nothing here is aimed at, or intended for, under-18s. There's no knowing collection of data from minors; if a submission turns out to have come from someone under 18, the information is wiped and — where the situation calls for it — a parent or guardian is told.
11. Security
The security baseline on Pub Casino follows the usual industry playbook: TLS 1.2 or higher on everything moving across the wire; least-privilege access plus tight controls on internal systems; routine audits of access rights; an audit trail of every admin action; outside penetration tests of the public site at scheduled intervals. No setup is bulletproof — if a personal-data breach happens and looks likely to cause serious harm, the affected readers hear about it directly, and the ICO is informed through the breach-notification process that the UK GDPR mandates.
12. Changes to this policy
If this policy changes, the "Last updated" date at the top is bumped. Material changes — new categories of data collected, new third-party processors, altered retention windows — are signalled by a banner on the home page for no less than 30 days. Minor housekeeping changes (rewording, link updates) do not raise a banner.
13. Contact
Anything relating to privacy lands fastest through the privacy contact spelled out on the Contact page. Editorial queries about Pub Casino content go to the editorial inbox instead; if it's a correction you're flagging, the path is the one laid out on the Editorial Policy page. Safer-play guidance — relevant to every reader on this site — lives on the Responsible Gambling page.