CasinosStudioUK · Production Wing
18+UK only
DOC · STD-03

Transparency sheetA plain-English walkthrough of every piece of information the studio touches, why it touches it, and how long it keeps it.

Why this page exists

Most affiliate sites bury their data handling under a wall of boilerplate copied from another lawyer's template. This page is written from scratch by the desk, in the voice the rest of the studio uses, because if we cannot explain our data practice in plain English we have no business asking you to trust us. We will keep this sheet short. We will also keep it accurate.

The data controller

The data controller for casinosstudiouk.com is the editorial desk that publishes the site, operating under the trading name CasinosStudio. The compliance lead is the named point of contact for any data inquiry. Their email is published on the direct line page and answered within five working days.

What we collect when you read

When you load a page on the studio floor, our server records a small set of aggregate request information: the page requested, the referring URL if your browser sent one, the user-agent string of your browser, the country your request originated from, and the timestamp. We use this strictly to monitor site health and to understand which scenes readers are actually reading. We do not collect your IP address in storable form — it is hashed before it lands in any log.

What we collect when you click an outbound scene

When you click a scene that exits the studio, the link opens the operator's site directly in a new tab. No intermediate page is served, no server-side session identifier is issued by the studio, and no cookie is set on your browser by us as part of the click. Any tracking tied to the click is the operator's own and governed by their privacy policy, not ours.

What we do not collect

  • No user accounts on the studio. We do not have a sign-up form.
  • No name, email, phone, address, date of birth, or any other personal identifier.
  • No payment data. The studio never sees your money.
  • No third-party advertising trackers, no remarketing pixels, no Facebook or TikTok pixels.
  • No biometric data, location data beyond country code, or device fingerprint beyond the user-agent string.
  • No data resold to data brokers. We have never received an offer to sell data, and we would refuse one.

Cookies, in full

The studio does not set any first-party tracking, advertising, or analytics cookies on the floor. Outbound clicks open the operator's site directly — the studio does not place any cookie on your browser as part of the click. If the desk later adds privacy-first analytics (such as a self-hosted Plausible install), this sheet will be updated and the change flagged on the homepage.

The legal basis

The desk processes the limited data described above under Article 6(1)(f) of the UK GDPR — the legitimate interest of operating an editorial site that is reasonably resistant to abuse and capable of receiving fair commercial credit for outbound referrals. We have carried out a legitimate interests assessment and documented it. A copy is available on request from the compliance address.

How long we keep what we collect

  • Aggregate request logs · twelve months, then deleted on a rolling basis.
  • Affiliate reconciliation records · twenty-four months, after which they are aggregated to anonymised totals.
  • Inbound email correspondence · six years, in line with UK tax record-keeping practice, then deleted.

Where the data lives

Server infrastructure is hosted within the United Kingdom and the European Economic Area. We do not transfer personal data to third countries beyond what is strictly required by your own browser when you click an outbound scene operated outside the UK. Our hosting provider, our email provider, and our redirect infrastructure operator are all bound by written data processing agreements.

Your rights under UK GDPR

You have the right to ask us what we hold about you, to ask for a correction if anything is wrong, to ask for deletion, to ask us to restrict processing while a question is being resolved, and to object to processing altogether. To exercise any of these rights, write to the compliance address on the direct line page. We respond in writing within thirty calendar days, usually faster, and we do not charge a fee.

Children

This studio is intended for UK residents aged eighteen and over. We do not knowingly process the personal data of children, and we cooperate with any responsible adult, parent or guardian who flags a suspected minor accessing the site. Any session identifier traced to suspected underage access is purged immediately.

Security posture

The studio runs on encrypted transport (TLS 1.3), short-lived server-side session storage, and a strict Content Security Policy that forbids inline scripts and third-party trackers. The redirect layer rejects malformed scene slugs, sanitises destination URLs, and refuses to follow open-redirect patterns. We do not run a public bug-bounty program because the surface area is small, but we will respond gratefully to any reasonable disclosure sent to the compliance address.

If you think we got something wrong

Write to the compliance address before you escalate. The desk will read your message personally, respond in writing, and try to put it right. If you are not satisfied, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk. We would prefer you spoke to us first, but we respect that the choice is yours.