🛡️ 18+ Play Responsibly
Home > GDPR (UK)

GDPR (UK) Compliance

Your data protection rights under UK GDPR

Last updated: January 1, 2024

Contents

1. UK GDPR Overview

The UK General Data Protection Regulation (UK GDPR) came into effect on 1 January 2021, replacing the EU GDPR in UK law following Brexit. It provides comprehensive data protection rights for individuals in the UK.

Lucky Haven Ltd is fully committed to compliance with UK GDPR and the Data Protection Act 2018. This document explains how we meet our obligations and protect your rights.

⚠️ Important Notice

This page specifically covers UK GDPR compliance. For general privacy information, please see our Privacy Policy.

2. Data Controller Information

Lucky Haven Ltd acts as the data controller for personal data processed through our website. Our details are:

Data Controller: Lucky Haven Ltd
Registration Number: 12345678
ICO Registration: ZA123456
Address: 123 Casino Street, London, EC1A 1BB, United Kingdom
Email: dpo@luckyhaven.co.uk
Phone: +44 20 7946 0958

We have appointed a Data Protection Officer (DPO) who oversees our data protection compliance and serves as your point of contact for privacy matters.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

3.1 Legitimate Interests

  • Providing casino review and information services
  • Website analytics and improvement
  • Fraud prevention and security
  • Business development and marketing research

3.2 Consent

  • Email newsletter subscriptions
  • Marketing communications
  • Optional cookies and tracking

3.3 Legal Obligation

  • Age verification (gambling regulations)
  • Compliance with court orders
  • Regulatory reporting requirements

3.4 Contract Performance

  • Providing requested services
  • Account management (where applicable)
  • Customer support

4. Your Rights Under UK GDPR

You have comprehensive rights under UK GDPR. Here's how to exercise them:

4.1 Right of Access (Article 15)

You can request a copy of your personal data and information about how we process it.

  • How to request: Email dpo@luckyhaven.co.uk with "Data Access Request" in the subject
  • What we provide: Copy of data, processing purposes, recipients, retention periods
  • Response time: 1 month (extendable to 3 months for complex requests)
  • Cost: Free (additional copies may incur reasonable fee)

4.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

  • Process: Contact us with correct information and evidence
  • Action: We will correct the data and notify third parties where required

4.3 Right to Erasure (Article 17)

You can request deletion of your personal data in specific circumstances:

  • Data no longer necessary for original purpose
  • You withdraw consent (where consent was the lawful basis)
  • Data processed unlawfully
  • Erasure required for legal compliance

4.4 Right to Restrict Processing (Article 18)

You can request limitation of processing in certain situations:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification of legitimate grounds

4.5 Right to Data Portability (Article 20)

Where technically feasible, you can receive your data in a structured, machine-readable format or have it transmitted to another controller.

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

  • Marketing: Absolute right to opt-out
  • Legitimate interests: We must stop unless we demonstrate compelling legitimate grounds

4.7 Rights Related to Automated Decision Making (Article 22)

You have rights regarding automated decision-making and profiling that significantly affects you.

5. Categories of Personal Data

We process the following categories of personal data:

5.1 Identity Data

  • Name
  • Age verification status
  • Contact preferences

5.2 Contact Data

  • Email address
  • Phone number (if provided)
  • Postal address (if provided)

5.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Cookie identifiers

5.4 Usage Data

  • Pages visited
  • Time spent on site
  • Click patterns
  • Search queries
  • Referring websites

5.5 Communication Data

  • Contact form submissions
  • Email correspondence
  • Survey responses
  • Feedback submissions

6. Data Sources

We collect personal data from the following sources:

6.1 Direct Collection

  • Information you provide through forms
  • Newsletter subscriptions
  • Contact requests
  • Survey participation

6.2 Automated Collection

  • Website analytics tools
  • Cookies and tracking technologies
  • Server logs
  • Security monitoring tools

6.3 Third Parties

  • Analytics providers (Google Analytics)
  • Email service providers
  • Social media platforms (when you interact with our content)

7. Data Sharing and Recipients

We share personal data with the following categories of recipients:

7.1 Service Providers

  • Web hosting: Amazon Web Services (Ireland)
  • Analytics: Google Analytics
  • Email marketing: Mailchimp
  • CDN: Cloudflare

7.2 Legal and Regulatory

  • UK Gambling Commission (if required)
  • Information Commissioner's Office
  • Law enforcement agencies
  • Legal advisors

7.3 Business Partners

  • Affiliate networks (anonymized data only)
  • Research partners (anonymized data only)

All third-party processors are bound by data processing agreements ensuring UK GDPR compliance.

8. International Data Transfers

Some of our service providers are located outside the UK. We ensure adequate protection through:

8.1 Adequacy Decisions

We transfer data to countries with UK adequacy decisions, including:

  • European Economic Area countries
  • Countries with specific UK adequacy findings

8.2 Appropriate Safeguards

For other countries, we use appropriate safeguards:

  • UK Addendum to EU Standard Contractual Clauses
  • Binding Corporate Rules
  • Certification schemes

8.3 Specific Transfers

  • Google Analytics: US (Google's UK Addendum to SCCs)
  • Mailchimp: US (Intuit's UK Addendum to SCCs)
  • AWS: Ireland (EU adequacy)

9. Data Retention Periods

We retain personal data for specific periods based on legal requirements and business needs:

Data Type Retention Period Legal Basis
Age verification 30 days Gambling regulations
Contact inquiries 2 years Customer service
Newsletter data Until unsubscribe Consent
Analytics data 26 months (anonymized) Legitimate interests
Legal compliance 6 years Legal obligation

10. Automated Decision Making

We may use automated processing in limited circumstances:

10.1 Age Verification

  • Purpose: Verify users are 18+
  • Logic: Browser fingerprinting and session data
  • Consequences: Access granted/denied to content
  • Rights: You can request human review

10.2 Fraud Prevention

  • Purpose: Detect malicious activity
  • Logic: IP reputation and behavioral patterns
  • Consequences: Temporary access restrictions
  • Rights: You can appeal decisions

We do not use automated decision-making for marketing profiling or content personalization.

11. Making a Complaint

If you believe we have not handled your data appropriately, you have the right to complain:

11.1 Internal Complaint

Contact our Data Protection Officer first:

  • Email: dpo@luckyhaven.co.uk
  • Subject: "Data Protection Complaint"
  • Response time: 5 working days

11.2 Information Commissioner's Office

You can lodge a complaint with the UK's supervisory authority:

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

11.3 Right to Judicial Remedy

You also have the right to seek judicial remedy in UK courts for data protection violations.

12. Contact Our DPO

Our Data Protection Officer is your primary contact for all data protection matters:

Data Protection Officer
Lucky Haven Ltd
123 Casino Street
London, EC1A 1BB
United Kingdom

Email: dpo@luckyhaven.co.uk
Phone: +44 20 7946 0958
Secure Contact: Available upon request

When to Contact Our DPO

  • Exercise your data protection rights
  • Ask questions about data processing
  • Report data protection concerns
  • Request information about safeguards for international transfers
  • Seek guidance on consent or legitimate interests

📝 Request Requirements

To help us process your request efficiently, please include:

  • Your full name and contact details
  • Description of your request or concern
  • Any relevant dates or reference numbers
  • Proof of identity (for access requests)