Privacy Policy for sportsbettingmedia.co.uk (GDPR & UK-GDPR)
We commit to lawfulness fairness transparency, accountable processing, clear purposes, minimal collection, secure handling, rights respect, and responsible outcomes, across every data use. Updated November 2025.
Introduction, Scope, Effective Date & Updates (Privacy Policy overview and applicability)
This section states the privacy notice, outlines data practices, and sets expectations for transparency, fairness, and security during Service use. It applies to site visitors, enquiry senders, and business partners wherever they access services, demonstrating GDPR compliance across operations. Territorial coverage includes the United Kingdom, the EEA, and lawful locations. The effective date is November 2025. Updates will be announced in advance through on-site messages and contact. Links may appear within the Service; this policy does not govern third-party websites, tools, or platforms.
- Audiences: visitors, enquirers, partners using the Service.
- Reach: UK, EEA, permitted jurisdictions.
- Timing: advance notice before material revisions.
- Method: banners and concise summaries.
This notice identifies our legal controller and provides data controller details for privacy queries covering visitors, enquirers, and partners across the United Kingdom and EEA. Queries receive timely responses, with languages accepted including English and Ukrainian, using clear channels described below.
| Controller entity | SportsBettingMedia Ltd, incorporated in England and Wales, accountable for records of processing activities. |
| Registered office / jurisdiction | 27 Old Gloucester Street, Holborn, London, WC1N 3AX, United Kingdom |
| Privacy channels | Web form, dedicated email, or postal correspondence; acknowledgement within two business days, substantive reply within one month. |
Controller identity, DPO contact details & routes to the UK/EU supervisory authority
SportsBettingMedia Ltd acts as controller. Where appointed, our data protection officer (DPO) can receive a user rights request via secure email or authenticated web form. Individuals may escalate concerns to the UK Information Commissioner’s Office or their relevant EU supervisory authority. Please raise matters with us first for prompt resolution; if unresolved, lodge a complaint with the authority that serves your residence or principal workplace. We respond swiftly, document outcomes, and cooperate fully with regulators throughout any investigation.
Personal Data We Collect & Purposes (PII, electronic identification, partner interactions)
We collect information provided directly and signals gathered automatically to operate the Service, deliver service customisation, refine content, measure performance, support security, and run lawful revenue analytics. Direct submissions may include contact details and messages created during enquiries or commercial discussions. Automatically captured telemetry helps deliver pages, maintain sessions, prevent abuse, and enable high-level reporting. Partner events indicate referral outcomes and settlement workflows without building profiles beyond stated aims. We follow purpose limitation principles and adopt safeguards that reduce unnecessary collection while sustaining essential features, accurate metrics, and reliable interfaces for visitors, enquirers, and bona fide partners.
| Contact | Support | Resolution |
| Account | Access | Continuity |
| Session | Security | Stability |
| Telemetry | Performance | Insights |
| Attribution | Settlement | Reporting |
Enquiry personal data (PII) and customer support purposes
Contact forms and email threads may include names, addresses for replies, and message content necessary for assistance. We use these inputs solely to acknowledge receipt, triage issues, provide answers, enhance guidance quality, and maintain compliant personal data processing procedures supporting timely outcomes and clearly documented interactions throughout practical service lifecycles across appropriate jurisdictions.
- Name — routing, salutation, context.
- Email — acknowledgement, updates, closure.
- Message — triage, diagnosis, tracking.
- Optional reference — thread continuity, priorities.
- Anti-abuse token — verification, rate control.
Electronic identification & partner interaction data for functionality, customisation, analytics and revenue statistics
Technical signals enable page delivery, session continuity, personalisation, fraud resistance, and high-level statistics. We keep items only while necessary for reliability, legal duties, or documented audits, then aggregate or remove them. Where available, non-essential analytics cookies can be declined through controls surfaced within applicable interfaces. Opt-outs limit measurement breadth without affecting core navigation or purchase confirmations. We avoid linking behavioural traces with identities unless a specific obligation requires association, and we continue to separate operational metrics from sensitive correspondence wherever feasible to protect expectations and sustain trustworthy experiences.
- Session token hash
- Client fingerprint signature
- Approximate region hint
- Event timestamp series
- Referrer outcome mark
Lawful Basis for Processing (consent & legitimate interests)
Our processing follows the lawful basis for processing appropriate to each purpose described in this notice. Consent covers voluntary enquiries and preference choices. Contractual performance supports account access and requested communications. Statutory duties guide retention where regulations require evidence. For optimisation, safeguarding, and measurement, we rely on carefully balanced interests after proportionate tests considering necessity, expectations, and potential impact. We summarise outcomes plainly, avoid unnecessary intrusion, and adjust measures whenever circumstances change to keep decisions fair, transparent, and proportionate.
Consent for enquiries; legitimate interests for operation, security, improvement and threat prevention
We obtain consent management for optional enquiries and preference signalling. Site delivery, fraud prevention, feature refinement, and protective controls rely on balanced interests aligned with expectations. You may object where those grounds apply; we will assess promptly and stop non-essential handling when justified, while preserving essential reliability and safety.
- Responding to questions — consent for voluntary messages.
- Running core pages — interest supporting dependable service.
- Blocking abuse — interest enabling protective countermeasures.
- Refining experience — interest guiding iterative improvements.
Cookie use supports essential functions, measurement, personalisation, and safety across our Service. This cookie policy summarises categories employed, management choices, and high-level alternatives using non-cookie identifiers. Preferences can be set through the banner presented on first visit, revisited anytime, and respected thereafter. Browsers offer additional options, including clearing history, restricting storage, or blocking specific technologies. Where supported, preference signals receive appropriate attention. Some settings reduce features, reporting precision, or sign-in continuity; strictly necessary items remain active to deliver requested pages reliably during typical daily usage.
| Category | Purpose | Control path |
| Strictly necessary | Core loading | Always on |
| Performance | Speed insights | Banner toggle |
| Functional | Preference recall | Banner toggle |
| Analytics | Usage metrics | Banner toggle / browser tools |
Cookie types, preference management and opt-out mechanisms
Technologies support delivery, reliability, custom features, measurement, and optional advertising. We describe types plainly and show controls enabling choice. Non-essential analytics cookies are disabled unless accepted. Settings may be changed using the banner or browser tools, and revocation applies going forward. Opt-outs can limit diagnostics or personalisation. Core elements continue so pages load, sessions persist, and security checks function. Requests for changes are logged for audit purposes and applied within reasonable timeframes across applicable interfaces.
- Strictly necessary — load pages, preserve sessions; no disable switch.
- Performance — capture timings; adjustable via banner controls.
- Functional — remember selections; change choices anytime.
- Measurement — gather aggregated signals; revoke permission quickly.
- Advertising — cap repeats; restrict through settings and browser.
Data Retention, Security & Access Control (SSL/TLS and organisational measures)
We implement proportionate organisational and technical measures focused on information security, balancing risk, practicality, and user expectations. Protections include hardened infrastructure, disciplined change control, monitored environments, and vetted suppliers. Retention decisions follow necessity, legal duties, and accountability, with periodic reviews ensuring data does not outlive purpose. Access is limited by roles, segregation, and audit logging. Cryptography safeguards transmissions and storage while recovery procedures, testing, and staff training support continuity, resilience.
Retention periods, deletion requests, SSL/TLS in transit, access controls and safeguards against unauthorised access or loss
We retain categories for indicative periods tied to purpose, law, and operational needs, then delete or aggregate. Verified deletion requests trigger targeted removals and confirmations. Transport security uses SSL/TLS encryption between browsers and our endpoints. Role-based permissions apply least-privilege access, with reviews, logging, and time-bound entitlements. Backups follow rolling lifecycles with restricted restoration pathways and controlled expiry. Threat prevention combines monitoring, alerting, and disciplined incident handling. Where objections apply, we assess promptly, halt non-essential processing, and document outcomes to maintain clarity, fairness, and trustworthy continuity across services and supporting systems. Reviews ensure consistent protective posture.
| Category | Indicative retention |
| Enquiry threads | Up to 24 months |
| Account records | While active plus statutory limits |
| Security logs | 12–24 months |
| Analytics reports | Aggregated after 14 months |
| Backups | Rolling cycles with enforced expiry |
Your Rights, Sharing & International Transfers (GDPR/UK GDPR rights; processors; adequacy)
This overview maps data subject rights, explains how we share limited information with vetted service providers, and outlines movement of records across borders using recognised protections. Individuals can request actions, receive explanations, and challenge outcomes through clear routes. Our partners support delivery, security, measurement, and billing under written terms. When information leaves domestic jurisdictions, safeguards align with recognised frameworks, while proportional reviews, documentation, and oversight help maintain fairness. Detailed steps, forms, and identity checks appear within subsequent sections.
Data subject rights: access, rectification, erasure, restriction, objection, portability, consent withdrawal, complaint
- Right of access — confirm holdings, obtain a copy; identity verified; target one month.
- Rectification — correct inaccuracies; proof may be requested; prompt response aimed.
- Erasure — delete where grounds apply; conflicts with legal duties considered.
- Restriction — pause handling during checks or disputes; scope documented.
- Objection — contest certain interests; we assess necessity and stop where justified.
- Portability — receive structured export where feasible; secure transfer encouraged.
- Withdraw consent — revoke choices anytime; earlier processing remains unaffected.
- Lodge a complaint — contact a regulator; children’s data protection concerns prioritised.
Sharing with third-party processors, authorities and group members; transfers outside the EEA with adequacy decisions or contractual safeguards
We appoint providers as third-party processors only when necessary, after diligence on security, reliability, and purpose fit. Contracts define scope, controls, audits, and deletion on completion. Disclosures to authorities occur minimally where law compels, documented for accountability. Cross-border movement relies on adequacy determinations or standard contractual clauses, complemented by layered technical and organisational protections. Typical vendor categories include hosting, incident handling support, analytics, payments, and communications. Selection follows privacy by design principles, with periodic reviews, measurable obligations, and suspension options for non-conformance.
