Home > Legal > GDPR (UK)

UK GDPR Compliance

Your data protection rights under UK GDPR

Introduction to UK GDPR

The UK General Data Protection Regulation (UK GDPR) gives you important rights over how your personal data is collected, used, and protected. Fresh Casinos UK Ltd is committed to full compliance with UK GDPR and respecting your privacy rights.

This page explains your rights under UK GDPR, how we comply with the regulation, and how you can exercise your rights. For detailed information about how we process your data, please also see our Privacy Policy.

This page explains your rights under UK GDPR, how we comply with the regulation, and how you can exercise your rights. For detailed information about how we process your data, please also see our Privacy Policy.

Your Rights Under UK GDPR

UK GDPR gives you eight important rights regarding your personal data:

1. Right to be Informed

You have the right to know how your personal data is being used, why it's collected, and who it's shared with.

2. Right of Access

You can request a copy of the personal data we hold about you and information about how it's processed.

3. Right to Rectification

You can ask us to correct inaccurate or incomplete personal data we hold about you.

4. Right to Erasure

In certain circumstances, you can request that we delete your personal data (also known as the "right to be forgotten").

5. Right to Restrict Processing

You can ask us to limit how we use your personal data in certain situations.

6. Right to Data Portability

You can request your personal data in a machine-readable format to transfer to another service.

7. Right to Object

You can object to processing based on legitimate interests, direct marketing, or processing for research purposes.

8. Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling that significantly affects you.

How to Exercise Your Rights

You can exercise any of your UK GDPR rights by contacting us. We've made the process as simple as possible:

Contact Methods

Data Protection Officer

Email: privacy@freshcasinos.co.uk

Subject Line: "GDPR Request - [Type of Request]"

Postal Address

Data Protection Officer
Fresh Casinos UK Ltd
123 Casino Street
London, E1 6AN
United Kingdom

What to Include in Your Request

To help us process your request efficiently, please include:

  • Your full name and contact information
  • Clear description of which right you want to exercise
  • Specific details about your request (e.g., which data you want to access)
  • Proof of identity (copy of passport, driving license, or other official ID)
  • Any relevant dates or reference numbers

Response Times

We will respond to your request:

  • Within 1 month of receiving a valid request
  • Within 3 months for complex requests (we'll explain why if an extension is needed)
  • Free of charge for most requests
  • In writing (email or post, as you prefer)

Detailed Rights Explanations

Right of Access (Subject Access Request)

You can request:

  • Confirmation that we're processing your personal data
  • A copy of your personal data
  • Information about how we use your data
  • Who we share your data with
  • How long we keep your data
  • Information about your other rights

Right to Rectification

You can ask us to correct data that is:

  • Inaccurate or wrong
  • Incomplete or missing important details
  • Out of date

We'll correct the data and inform any third parties we've shared it with (where appropriate).

Right to Erasure ("Right to be Forgotten")

You can request deletion of your data when:

  • It's no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required for legal compliance

Right to Restrict Processing

You can ask us to limit processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification of our legitimate grounds

Right to Data Portability

This right applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

We'll provide your data in a structured, commonly used, machine-readable format.

Right to Object

You can object to processing based on:

  • Legitimate interests: We'll stop unless we have compelling legitimate grounds
  • Direct marketing: We'll stop immediately
  • Research/statistics: We'll stop unless processing is necessary for public interest

Lawful Bases for Processing

UK GDPR requires us to have a lawful basis for processing your personal data. We use the following bases:

Processing Purpose Lawful Basis Description
Website operation and security Legitimate interests Necessary for our business operations and user security
Responding to inquiries Contract / Legitimate interests Necessary to provide requested services or information
Newsletter and marketing Consent Based on your explicit consent
Analytics and improvements Consent / Legitimate interests With consent for cookies or legitimate interests for aggregated data
Legal compliance Legal obligation Required by law (e.g., tax records, regulatory requirements)

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms. This includes:

  • New technologies or processing methods
  • Large-scale processing of sensitive data
  • Systematic monitoring of public areas
  • Automated decision-making with significant effects

Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

Our Response Process

  1. Immediate containment: Stop the breach and assess the damage
  2. Risk assessment: Evaluate the likelihood and severity of risk to individuals
  3. ICO notification: Report to the Information Commissioner's Office within 72 hours
  4. Individual notification: Inform affected individuals without undue delay if there's high risk
  5. Documentation: Record all details of the breach and our response
  6. Review and improve: Analyze causes and strengthen our security measures

What We'll Tell You

If we need to notify you about a breach, we'll explain:

  • What happened and when
  • What types of data were involved
  • What we're doing to address the breach
  • Steps you can take to protect yourself
  • How to contact us for more information

International Transfers

Some of our service providers may be located outside the UK/EEA. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

Transfer Mechanisms

  • Adequacy decisions: Countries deemed adequate by the UK government
  • Standard contractual clauses: Approved by the ICO
  • Binding corporate rules: For multinational companies
  • Certification schemes: Approved data protection certifications

You can request information about the safeguards we use for international transfers by contacting our Data Protection Officer.

Automated Decision-Making and Profiling

We do not currently engage in automated decision-making or profiling that would significantly affect you. If this changes in the future, we will:

  • Inform you about the automated processing
  • Explain the logic involved and potential consequences
  • Provide information about your rights
  • Offer ways to request human intervention
  • Allow you to express your point of view
  • Enable you to contest the decision

Children's Data

Our website is not intended for children under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it immediately.

Age Verification

We use age verification measures to prevent access by minors. If you believe a child has provided us with personal data, please contact us immediately at privacy@freshcasinos.co.uk.

Complaints and Enforcement

If you're not satisfied with how we handle your personal data or respond to your requests, you have the right to complain to the supervisory authority.

Information Commissioner's Office (ICO)

Contact the ICO

Website: ico.org.uk

Phone: 0303 123 1113

Live Chat: Available on their website

ICO Address

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Before Complaining to the ICO

We encourage you to contact us first so we can try to resolve any issues. However, you have the right to complain directly to the ICO at any time.

Updates to UK GDPR Compliance

We regularly review our UK GDPR compliance and update our procedures as needed. Changes may be made due to:

  • Changes in UK data protection law
  • ICO guidance updates
  • Changes to our business practices
  • New technologies or processing activities

Material changes to how we process your data will be communicated through appropriate channels, including updates to our Privacy Policy and direct notification where required.

Contact Our Data Protection Officer

For any questions about UK GDPR, your rights, or our data protection practices, please contact our Data Protection Officer:

Data Protection Officer

Email: privacy@freshcasinos.co.uk

Phone: 0800 326 0015

Response Time: Within 5 business days for initial response

Postal Address

Data Protection Officer
Fresh Casinos UK Ltd
123 Casino Street
London, E1 6AN
United Kingdom