Privacy

Privacy Policy

We collect as little as we sensibly can, we keep it for as briefly as we sensibly can, and we never sell it. This page explains what we hold, why we hold it, and the rights you have under UK GDPR.

1. Who is the data controller

RoyalFlushUK is the data controller for personal data collected through this site. Privacy questions, subject access requests and deletion requests should be addressed to the privacy mailbox listed on our Contact page.

2. What we collect

2.1 Automatic technical data

When you visit the site we record standard server log information: your IP address (truncated where possible), the user-agent string sent by your browser, the page you visited, the time of the visit and the referrer that led you here. This data is collected for security, abuse prevention and aggregate analytics.

2.2 Attribution data

Where you reach the site through a paid campaign, we may record click identifiers passed by the advertising platform — for example a Google click identifier or a Facebook click identifier. These are used to measure whether marketing investment is producing visits and registrations.

2.3 Information you give us

We do not run a registration system. The only personal data you supply is the content of any electronic correspondence you choose to send. We retain that correspondence only for as long as it is needed to answer your question.

3. How we use it

  • To deliver the site and ensure it functions correctly on your device
  • To detect abuse, fraudulent traffic, scraping and security threats
  • To measure aggregate traffic patterns and improve the editorial register
  • To attribute referrals from third-party operator platforms where applicable
  • To respond to messages sent to our editorial, privacy or complaints addresses

We do not use personal data to build behavioural profiles, and we do not sell personal data to third parties.

4. Our lawful basis

We rely on the following lawful bases under UK GDPR:

  • Legitimate interest — for site security, fraud prevention, attribution and aggregate analytics.
  • Consent — for non-essential cookies and any optional marketing tracking. You may withdraw consent at any time through the cookie controls described in our Cookies Policy.
  • Legal obligation — where we are required by law to retain certain log data for a defined period.

5. Cookies and similar technologies

A separate Cookies Policy explains which cookies we set, why we set them and how you can refuse or remove them.

6. Third-party services and recipients

We share limited technical data with the following categories of recipient:

  • Our hosting and content delivery providers, in order to serve the site
  • Our analytics provider, to measure aggregate traffic patterns
  • The operator platforms you visit through our affiliate links — they record their own attribution data once you arrive on their site, governed by their own privacy notices
  • Regulators or law enforcement where we are legally required to disclose

7. Data retention

Server logs and technical attribution data are retained for the period necessary to meet our legitimate interest in security and analytics, and are then deleted or anonymised. Electronic correspondence is retained for the period necessary to resolve the matter, plus a short tail in case of follow-up. We do not keep personal data "just in case".

8. Your rights

Under UK GDPR you have the right to access the personal data we hold about you, to ask us to correct inaccurate data, to ask us to delete data we no longer need, to restrict our processing in certain circumstances, and to object to processing based on legitimate interest. You also have the right to complain to the Information Commissioner's Office if you believe we have mishandled your data.

To exercise any of these rights, please write to the privacy mailbox listed on our Contact page. We will respond within the timeframe set by UK GDPR.

9. Children

The site is intended for adults aged eighteen or over and is not directed at children. We do not knowingly collect personal data from children. If you become aware that a child has supplied personal data through the site, please contact us and we will delete it.

10. International transfers

Some of our service providers operate infrastructure outside the United Kingdom. Where personal data is transferred internationally, we rely on the safeguards prescribed by UK GDPR — including standard contractual clauses and adequacy decisions — to keep the data protected to the same standard as if it remained in the UK.

11. Changes to this policy

We may update this policy when our practices change or when guidance from the regulator evolves. The current version is always the one published on this page.

For any privacy question — including subject access requests, deletion requests or concerns about how your data has been handled — please write to the privacy address listed on the Contact page.