Privacy Policy

Data Collection Principles

UK-New Review Site collects minimal personal data in compliance with UK GDPR and Data Protection Act 2018. We only process information necessary for providing our comparison services, including: email addresses for account creation, IP addresses for security monitoring, and cookies for website functionality. We never request sensitive personal data like payment information or government IDs. Our data collection methods are regularly audited by the Information Commissioner's Office (ICO registration ZA456789). All data is obtained lawfully, either through user consent (for marketing communications) or legitimate interest (for essential services). Third-party data sources like credit reference agencies are never used without explicit user permission.

Cookie Usage Policy

Our website uses strictly necessary cookies for basic functionality, including session management and security. Optional analytics cookies (Google Analytics) help us improve user experience by tracking anonymous usage patterns. We don't use intrusive tracking cookies or behavioral advertising technologies. The Cookie Law Info plugin manages user consent preferences, allowing granular control over cookie categories. First-party cookies expire after 30 days, while third-party cookies follow their respective providers' policies. UK gambling regulations require us to maintain certain security cookies for age verification and fraud prevention. You can manage cookies through browser settings, though disabling essential cookies may impair site functionality. Full details are available in our separate Cookie Policy.

Data Security Measures

We implement industry-standard security protocols including TLS 1.2 encryption, regular penetration testing, and ISO 27001-compliant infrastructure. All data is stored on UK-based servers with strict access controls. Employee access follows the principle of least privilege, with mandatory GDPR training. In case of a data breach, we commit to notifying the ICO within 72 hours and affected users without undue delay. Our security framework includes: daily backups with 30-day retention, DDoS protection, and Web Application Firewalls. Third-party processors undergo rigorous vetting and sign Data Processing Agreements. While we take reasonable precautions, no internet transmission is 100% secure - users should always use strong passwords and enable two-factor authentication where available.

Third-Party Data Sharing

We only share personal data with trusted partners when absolutely necessary for service delivery. This includes: gambling operators for comparison accuracy (non-personal aggregated data only), payment processors for subscription management, and customer support platforms. All third parties are vetted for GDPR compliance and operate under strict contractual obligations. We never sell user data to advertisers or data brokers. In cases where data might be transferred outside the UK (e.g., cloud storage backups), we ensure adequacy decisions or Standard Contractual Clauses are in place. The complete list of sub-processors is available upon request to privacy@uk-newreviewsite.com. Users can opt-out of marketing-related data sharing through their account settings.

Data Retention Periods

We retain personal data only as long as necessary for the purposes collected: active user accounts are maintained indefinitely unless deleted; inactive accounts (no login for 5 years) are automatically purged; financial records are kept for 7 years per HMRC requirements; server logs rotate every 90 days; marketing consent is refreshed every 24 months. When data is no longer needed, it's securely erased using Blancco-certified methods. Users may request early deletion of non-essential data through our Data Subject Access Request portal. Backup copies containing personal data are encrypted and automatically deleted after 6 months. Anonymized statistical data may be retained indefinitely for research purposes, containing no identifiable information.

Your Legal Rights

Under UK data protection laws, you have the right to: access your personal data (free copy within 30 days), request correction of inaccurate information, object to processing, request data portability, withdraw consent, and request erasure ("right to be forgotten"). These rights can be exercised by contacting our Data Protection Officer at dpo@uk-newreviewsite.com. We may request verification of identity before processing requests to prevent fraudulent access. If you believe we've mishandled your data, you may lodge a complaint with the ICO (ico.org.uk). We don't charge fees for legitimate requests unless they're manifestly unfounded or excessive (per GDPR Article 12).

Children's Privacy

UK-New Review Site strictly prohibits use by anyone under 18, in accordance with the Gambling Act 2005. We implement age verification checks and don't knowingly collect data from minors. Parents discovering underage usage should immediately contact us at support@uk-newreviewsite.com - we'll promptly delete any such data and report the incident to the UK Gambling Commission. Our systems are designed to filter out obvious underage sign-up attempts using electronic verification tools. We support the Age Appropriate Design Code (Children's Code) standards, even though our services aren't directed at children. Schools and youth organizations can request educational materials about online gambling risks through our Responsible Gambling program.

International Data Transfers

While we primarily use UK-based infrastructure, some data may transit through or be processed in other countries. For EU data subjects, we ensure all transfers comply with GDPR Chapter V requirements. Current safeguards include: UK adequacy decisions for EEA transfers, Standard Contractual Clauses for other jurisdictions, and EU-US Data Privacy Framework certification for US-based sub-processors. In high-risk cases, we implement additional technical measures like pseudonymization or encryption-in-transit. Users can request information about specific data flows by submitting a Subject Access Request. Following Brexit, we maintain both UK GDPR and EU GDPR compliance through our European representative based in Dublin (contact details in our ICO registration).