UK GDPR

Your data protection rights under UK law

Last updated: January 2025

1. Introduction to UK GDPR

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 give you specific rights over your personal data. This page explains how bonusbashhq complies with UK data protection law and what rights you have.

2. What is UK GDPR?

UK GDPR is the UK's version of the European General Data Protection Regulation, which came into effect after Brexit. It works alongside the Data Protection Act 2018 to protect your personal data and privacy rights in the UK.

3. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

3.1 Right to be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.

3.2 Right of Access

You have the right to request copies of your personal data. This is known as a 'subject access request'. We will provide this information free of charge within one month.

3.3 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

3.4 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • The data has been unlawfully processed
  • Erasure is required for compliance with legal obligations

3.5 Right to Restrict Processing

You have the right to request restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data.

3.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

3.7 Right to Object

You have the right to object to processing of your personal data in certain circumstances, particularly for direct marketing or processing based on legitimate interests.

3.8 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. We do not use automated decision-making that significantly affects you.

4. How We Comply with UK GDPR

4.1 Lawful Basis for Processing

We only process your personal data when we have a lawful basis, such as:

  • Consent: For cookies and marketing communications
  • Legal obligation: For age verification requirements
  • Legitimate interests: For website functionality and security

4.2 Data Minimisation

We only collect and process personal data that is necessary for our specified purposes.

4.3 Purpose Limitation

We only use your personal data for the purposes we've told you about.

4.4 Accuracy

We take steps to ensure personal data is accurate and up to date.

4.5 Storage Limitation

We only keep personal data for as long as necessary for the purposes we collected it.

4.6 Security

We implement appropriate technical and organisational measures to protect your personal data.

5. Data We Collect

As a free-to-play social casino website, we collect minimal personal data:

  • Age verification confirmation (stored locally)
  • Cookie preferences
  • Technical information (IP address, browser type)
  • Usage analytics (anonymised)

6. How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: privacy@bonusbashhq.com
  • Subject Line: Data Protection Request
  • Include: Your full name and specific request

6.1 Identity Verification

We may need to verify your identity before processing your request to protect your personal data from unauthorised access.

6.2 Response Times

We will respond to your request within one month. In complex cases, we may extend this by up to two months and will inform you of any delay.

7. Data Protection Officer

For data protection matters, you can contact our Data Protection Officer:

  • Email: dpo@bonusbashhq.com
  • Address: Data Protection Officer, bonusbashhq, London, UK

8. Complaints

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

9. International Transfers

We primarily process your data within the UK. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules

10. Data Breach Notification

In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach.

11. Children's Data

Our service is not intended for children under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.

12. Updates to This Information

We may update this UK GDPR information from time to time. Any changes will be posted on this page with an updated revision date.

13. Further Information

For more detailed information about how we process your personal data, please see our Privacy Policy.

For information about cookies, please see our Cookie Policy.