Data Protection Policy

Last updated: January 2025

1. Data Controller Information

LuckyBetFinder.com is the data controller responsible for your personal data. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact Details:

  • Email: [email protected]
  • Address: [Your registered address]
  • Data Protection Officer: [Name if applicable]

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

2.1 Consent

  • Newsletter subscriptions
  • Marketing communications
  • Non-essential cookies
  • Analytics and tracking

2.2 Legitimate Interests

  • Website functionality and security
  • Fraud prevention
  • Business development
  • Affiliate commission tracking

2.3 Legal Obligation

  • Age verification compliance
  • Anti-money laundering requirements
  • Regulatory reporting
  • Tax obligations

2.4 Vital Interests

  • Prevention of harm (gambling addiction)
  • Safety and security measures

3. Personal Data We Collect

3.1 Data Provided by You

  • Email address (newsletter, contact forms)
  • Name (if provided in communications)
  • Message content (contact forms, support tickets)
  • Age verification confirmation

3.2 Data Collected Automatically

  • IP address and location data
  • Device information (browser, OS, device type)
  • Usage data (pages visited, time spent, actions taken)
  • Referral information (how you found our site)
  • Cookie data

3.3 Data from Third Parties

  • Analytics data from Google Analytics
  • Affiliate tracking data from partners
  • Security data from fraud prevention services

4. How We Use Your Data

4.1 Essential Operations

  • Providing website functionality
  • Age verification and compliance
  • Security and fraud prevention
  • Technical support and troubleshooting

4.2 Communication

  • Responding to your inquiries
  • Newsletter delivery (with consent)
  • Important service updates
  • Policy change notifications

4.3 Business Operations

  • Affiliate commission tracking
  • Website analytics and improvement
  • Regulatory compliance
  • Legal obligations

5. Data Sharing and Recipients

5.1 Service Providers

We share data with trusted third parties who provide services on our behalf:

  • Hosting providers (website infrastructure)
  • Email service providers (newsletters)
  • Analytics providers (Google Analytics)
  • Security services (fraud prevention)
  • Payment processors (if applicable)

5.2 Affiliate Partners

  • Casino operators receive referral information when you click our links
  • Limited to: IP address, timestamp, referral source
  • No personally identifiable information shared without consent

5.3 Legal Requirements

We may share data when legally required:

  • Court orders or legal proceedings
  • Regulatory investigations
  • Law enforcement requests
  • Protection of rights and safety

6. International Data Transfers

Some of our service providers are located outside the UK/EEA. We ensure adequate protection through:

6.1 Safeguards

  • Adequacy decisions from UK government
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct

6.2 Specific Transfers

  • Google Analytics (USA) - Protected by adequacy decision
  • Email services - Subject to SCCs
  • Hosting services - EU/UK based where possible

7. Data Retention Periods

7.1 Retention Schedule

  • Email addresses: Until unsubscription + 1 year
  • Contact form data: 3 years from last contact
  • Age verification cookies: 1 year from verification
  • Analytics data: 14 months (Google Analytics setting)
  • Server logs: 90 days
  • Affiliate tracking data: 2 years for commission purposes

7.2 Criteria for Retention

We determine retention periods based on:

  • Legal and regulatory requirements
  • Business operational needs
  • Legitimate interests
  • Data subject rights

8. Your Data Protection Rights

Under UK GDPR, you have the following rights:

8.1 Right to Information

The right to know how your data is being processed (this policy fulfills this right).

8.2 Right of Access

Request a copy of all personal data we hold about you.

8.3 Right to Rectification

Correct any inaccurate or incomplete personal data.

8.4 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances.

8.5 Right to Restrict Processing

Limit how we use your data while disputes are resolved.

8.6 Right to Data Portability

Receive your data in a machine-readable format or transfer it to another controller.

8.7 Right to Object

Object to processing based on legitimate interests or direct marketing.

8.8 Rights Related to Automated Decision Making

We don't use automated decision-making, but you have rights if we did.

8.9 Right to Withdraw Consent

Withdraw consent at any time for processing based on consent.

9. Exercising Your Rights

9.1 How to Make a Request

  1. Email us at: [email protected]
  2. Include "Data Subject Request" in the subject line
  3. Provide clear details of your request
  4. Include proof of identity (if required)

9.2 Response Times

  • Initial response: 2 business days
  • Full response: 30 days (may be extended to 60 days for complex requests)
  • Urgent requests: Prioritized where possible

9.3 No Fees

We don't charge fees for data subject requests unless they are manifestly unfounded or excessive.

10. Data Security Measures

10.1 Technical Measures

  • SSL/TLS encryption for data transmission
  • Secure hosting infrastructure
  • Regular security updates and patches
  • Access controls and authentication
  • Data backup and recovery procedures

10.2 Organizational Measures

  • Staff training on data protection
  • Data protection policies and procedures
  • Regular security assessments
  • Incident response procedures
  • Vendor security assessments

11. Data Breach Procedures

11.1 Detection and Assessment

  • Continuous monitoring for security incidents
  • Risk assessment of potential breaches
  • Documentation of all incidents

11.2 Notification Requirements

  • ICO notification within 72 hours (if high risk)
  • Individual notification without undue delay (if high risk)
  • Clear communication about the breach and steps taken

11.3 Response Actions

  • Immediate containment of the breach
  • Investigation and root cause analysis
  • Remedial actions and system improvements
  • Support for affected individuals

12. Complaints and Supervisory Authority

12.1 Making a Complaint

If you're unhappy with how we handle your data:

  1. Contact us first: [email protected]
  2. We'll try to resolve the issue quickly
  3. If unsatisfied, contact the ICO

12.2 ICO Contact Information

Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to This Policy

We may update this policy to reflect:

  • Changes in law or regulation
  • New technologies or business practices
  • Feedback from data subjects or regulators

We'll notify you of significant changes by:

  • Updating this page with a new date
  • Email notification (if you've subscribed)
  • Website banner for major changes

14. Contact Information

For any data protection queries:

  • Email: [email protected]
  • Response time: 2 business days
  • Address: [Your registered business address]
← Back to Home