Privacy policy — Sky Casino guide (host two)

This hostname’s privacy statement stands apart from Sky Betting & Gaming’s player-account notices. We operate a non-transactional editorial mirror about Sky Casino; personal data volume is modest and mostly technical. Registering or wagering with Sky still falls under Sky’s own controllers and policies, which cover financial crime checks, staking logs and marketing consents beyond our visibility.

Roles and relationships

Our configured publisher acts as controller for site operations described here. Hosting, DNS, TLS and mail vendors are processors. No sale of personal data occurs.

Technical processing

HTTP transactions create logs suitable for debugging and security monitoring. Derived metrics may aggregate traffic patterns without identifying individuals. Bot management can challenge suspicious IPs.

Cookies

Necessary cookies support core functions. Optional analytics or marketing cookies, if present, follow UK consent rules. Browser controls remain your first-line preference manager.

Correspondence

Emails include headers and bodies processed for replies, archival and occasional legal defence. Attachments undergo malware scanning. Avoid embedding highly sensitive personal data unless strictly necessary.

Legal obligations

We may preserve or disclose information to comply with court orders, regulatory demands or national security requests after legal review. Transparency reports may aggregate such events without exposing individuals.

Rights requests

UK GDPR rights apply subject to exceptions. Submit requests through the published contact channel with enough detail to locate data. Identity verification guards against impersonation-led leaks.

Retention layers

Operational logs expire on infrastructure timers. Mailbox retention aligns with dispute windows. Backup tapes may briefly retain deleted items until rotation.

Minors

Adult-oriented gambling context is assumed. Child-generated mail is deleted where identified.

Policy changes

Substantive edits will appear in this document. Rights-expanding or new-purpose processing will follow consent or notification paths as law requires.

Processor subprocessors

Our vendors may engage their own subprocessors under contractual flow-down terms. We monitor major changes where contracts require notice periods.

Exercising rights without fee

Subject-access requests are usually free. Manifestly unfounded or excessive repeats may incur a reasonable fee or refusal with explanation per UK GDPR.

Death of a data subject

Estate representatives may request closure of mail threads or deletion where appropriate, with probate documentation. Technical logs may be minimally retained for security.

Pseudonymisation

Where feasible we pseudonymise analytics keys so re-linking to individuals requires additional information held separately.

Processor audits

We periodically review subprocessors for certifications and incident history, adjusting contracts when gaps appear.

Supervisory authority cooperation

We cooperate with the ICO and other UK authorities on lawful information orders, documenting requests internally.

Employee access logging

Staff with administrative rights may access mailboxes or configuration panels under role-based rules; access events are reviewed periodically for anomalies.

Data inventory

We maintain a living inventory of categories processed, lawful bases, and retention anchors to support accountability and DPIA-style thinking even for low-risk sites.

Incident playbooks

Documented runbooks guide staff through containment, evidence preservation and regulator communication if personal data is compromised.

Training

People with access to mail or configuration undergo periodic privacy refreshers covering phishing recognition and data-minimisation habits.

Processor questionnaires

Before onboarding vendors we circulate security and privacy questionnaires; unsatisfactory answers block procurement until remediated.