Privacy policy

This privacy policy covers visitors who read Gala Casino Guides on this domain. It is written for a UK-primary audience and references UK GDPR concepts alongside the Data Protection Act 2018 where relevant. It does not replace the privacy notice of any licensed gambling operator whose products we discuss; players with registered accounts must read that operator’s statement for wallet, betting and verification data.

Summary in plain language

We run an informational website. Servers log technical traffic data. If you email us, we keep your message long enough to respond and meet legal duties. We may use cookies for essentials and, where allowed, for analytics. We use vendors under contract. You have rights to ask what we hold, to fix mistakes and, in some cases, to delete or restrict data. You can complain to the ICO. We do not sell lists of readers to data brokers.

Controller details

The organisation operating Gala Casino Guides on this hostname acts as the controller for personal data described here. Identify us through the mailbox published on the Contact page. If multiple legal entities share responsibility for different services, we will clarify roles in an addendum; today’s scope is the public guide pages and related email.

Data collected automatically

Each HTTP request may generate entries containing IP address, user agent string, requested resource, HTTP method, status code, bytes transferred and a timestamp. Some requests pass through reverse proxies or firewalls that add geolocation approximations for abuse prevention. Error logs may capture stack traces that inadvertently include query parameters; we scrub them when discovered.

Data you provide voluntarily

Email is the main voluntary channel. Content may include your name, signature blocks, attachments and any personal story you choose to share. Please minimise sensitive categories unless strictly necessary. We discourage sending identity documents; if you do, we delete them after the narrow purpose is complete unless law requires longer storage.

Purposes matrix

Security processing protects availability and confidentiality. Analytics processing measures aggregate interest in topics. Communication processing lets us answer you. Legal processing covers tax, litigation holds or regulatory correspondence. We do not profile visitors for automated eligibility decisions about gambling products on this site because we do not offer those products here.

Cookie layers

Essential cookies may include load-balancer affinity, CSRF tokens or short-lived session identifiers for administrative users if any exist. Analytics cookies, if deployed, should respect your consent choices where the law demands consent. Marketing cookies are uncommon on this property; if introduced, they will be disclosed and gated appropriately.

Legal bases in more detail

Legitimate interests cover fraud prevention, network security, quality analytics and internal reporting, after balancing tests. Consent covers optional non-essential storage where required. Legal obligation covers responding to court orders or regulator demands. Contractual necessity is rare for casual readers but may apply if we enter a direct agreement with you.

Sharing categories

Infrastructure hosts, DNS providers, TLS certificate authorities, email transport agents and backup services may access personal data only as needed to perform services. We require confidentiality and processing terms. We may disclose information to law enforcement with a lawful basis. We do not allow processors to monetise your data for their own advertising products without explicit permission.

International transfers

Cloud regions may sit outside the UK. Where transfers occur, we assess risk and implement safeguards such as the UK International Data Transfer Agreement or addendum, EU standard contractual clauses as adapted, or reliance on adequacy regulations. You may request a summary of mechanisms applicable to your data.

Retention specifics

Raw access logs typically roll off after a short window unless security incidents extend retention. Email may be archived for several years if it relates to disputes or intellectual-property claims. Analytics aggregates may persist indefinitely because they no longer identify individuals. Backup tapes rotate on a schedule that may delay deletion until the next cycle completes.

Your rights and how to exercise them

UK individuals may access, rectify, erase, restrict, object and port data in defined circumstances. Some rights are not absolute. Contact us first; you may then escalate to the ICO. We do not charge a fee for manifestly reasonable requests; we may charge or refuse excessive or repetitive ones.

Minors

Content is for adults. We delete information collected inadvertently from minors when notified.

Last updated: March 2026.