Privacy Policy
This document spells out the personal information that Kwiff Casino gathers from visitors, the reasons for doing so, the storage locations, the third parties involved, and the route for exercising rights granted by UK privacy law. Its technical counterpart — covering cookies, analytics and browser storage — sits on the Cookie Policy page; what you are reading here is the plain-language summary of the same set of arrangements.
Kwiff runs as an independent information platform — broader background is available on the About page. The policy on this page is confined to the Kwiff site itself. Once a reader follows an outbound link to an operator, that operator's privacy policy takes over; Kwiff does not pass data on to operators beyond the limited mechanics outlined further down.
1. The role Kwiff plays as a publisher
Kwiff publishes review content and guides covering online casinos that UK players can access. Its flagship operator review lives on the Kwiff Casino homepage. The site itself hosts no games, runs no player accounts, accepts no deposits, holds no balances and processes no withdrawals. No sign-up exists. No login exists. The default visit involves nothing beyond normal web-traffic exchange. Where personal data does enter the picture — for instance, when someone writes in through the contact channels — the handling is documented in detail on this page.
2. The UK privacy-law framework that applies
Personal data on Kwiff is processed in accordance with the UK GDPR and Data Protection Act 2018, alongside the thirteen UK GDPR principles supervised by the Information Commissioner's Office (ICO). EU-based visitors receive GDPR rights as well. California-based visitors receive CCPA rights to the extent they apply. Whenever any of these frameworks imposes a stricter standard, the stricter standard is what we apply.
3. The categories of data gathered on Kwiff
Three buckets in total: technical traffic information, contact information submitted voluntarily, and aggregated analytics figures.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance issues. | Legitimate interest under UK GDPR Article 6 legitimate interest. |
| Voluntary contact data | Name, email address, message content, supporting documents you choose to attach. Submitted only if you write to us. | Reply to your enquiry. | Consent under UK GDPR consent basis (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation enabled. | Understand which pages are useful and which are not. | Consent (you can decline analytics cookies on first visit). |
The data Kwiff does not gather includes: financial information (no payment processing runs on this domain), gambling-account credentials (no accounts exist here to log into), biometric records, location data narrower than country level (which itself is derived from an anonymised IP), or special-category data (race, religion, health, sexual orientation, political opinion). Targeted advertising and remarketing have no place in the model; the commercial backbone of the site is laid out on the Affiliate Disclosure page.
4. Browser storage and tracking technologies
A full breakdown of the cookies Kwiff serves, the third-party services responsible for them, and the controls available is on the Cookie Policy page. The condensed version: strictly necessary cookies (covering page rendering, consent banner state and abuse prevention) are always present; analytics and affiliate-tracking cookies are placed only after you opt in through the consent banner; your selection can be amended at any moment using the footer link.
5. How affiliate redirects and operator tracking work
Three things happen when an outbound operator link is clicked on Kwiff. Step one: an internal redirect at /go logs the click for analytics purposes (regardless of whether you continue). Step two: the browser is forwarded to the operator's destination. Step three: the operator may issue its own cookies and treat the arrival as a referral attribution. Kwiff transmits no name, email or other identifying personal data to the operator — all it learns is that "a visitor came in via Kwiff". Should you go on to open an account on the operator's site, that registration is governed entirely by the operator's privacy policy, not by the policy you are reading.
6. Retention windows for each data category
- IP addresses: unmodified IPs are retained for up to 24 hours for abuse-prevention purposes, after which they are anonymised by lopping off the final octet (IPv4) or the trailing 80 bits (IPv6). The anonymised form is then held for up to 14 months for traffic analysis.
- Contact correspondence: emails together with any attachments are retained for a 24-month window for follow-up and audit needs, then erased unless the thread is still actively in play.
- Analytics events: Google Analytics 4 telemetry is held for 14 months under the current configuration and purged automatically thereafter.
- Cookie consent record: the consent token itself sits in your local browser storage for a 12-month period, after which the consent banner re-prompts.
Where statute mandates longer retention — for instance, HMRC record-keeping obligations for affiliate-related accounting — the relevant data is held strictly for the statutorily prescribed window and never repurposed beyond that.
7. Third-party recipients of any shared data
Sharing falls into three controlled brackets. Service providers that handle portions of Kwiff's infrastructure — web hosting, content delivery, email — each bound by a written data-processing agreement that confines their use of the data to delivering the contracted service. Analytics providers (Google Analytics 4): IP-anonymised traffic figures only, with no identifying personal information passed through. Law-enforcement bodies and regulators: engaged solely in response to a legally valid demand, and only with the data the demand actually covers. Kwiff has never sold, rented or traded personal data, and will not.
8. Hosting locations and cross-border transfers
Kwiff's infrastructure runs on cloud providers based in the UK and across the European Economic Area. A handful of service providers — Google Analytics 4 in particular — process data inside the United States. Whenever data crosses out of the UK, the receiving party is held to either Standard Contractual Clauses or an equivalent regime that the ICO has judged to offer protection at least on par with UK law.
9. The privacy rights available to readers
The UK GDPR — along with comparable laws elsewhere — grants the following rights over any personal data Kwiff holds on you.
- Access: request confirmation of what is on file and a copy of that data.
- Correction: request that inaccurate data on file be amended.
- Deletion: request that your data be erased, subject to any statutory retention duties.
- Withdrawal of consent: where processing rests on consent, that consent can be retracted at any point without invalidating processing that was lawful beforehand.
- Complaint: if Kwiff appears to have mishandled your data, a complaint can be lodged with the ICO at ico.org.uk. UK readers are encouraged to contact us first so the matter can be addressed directly.
Anyone wishing to invoke these rights should write to the privacy address shown on the Contact page. A reply will follow inside 30 days, in line with the UK GDPR response window.
10. Treatment of data relating to minors
Kwiff content is written for adult UK audiences. The site is not aimed at, and not intended to be used by, anyone below the age of 18. No personal data is knowingly gathered from minors. Should we discover that information has been submitted by an under-18 user, that data is erased and, where relevant, the parent or guardian is informed.
11. Security
Industry-standard security controls are applied across Kwiff: TLS 1.2+ enforced on all data in transit; access controls and least-privilege rules in force on internal systems; periodic audits of who can see and touch what; logging of administrative actions; third-party penetration testing of the public site on a regular cycle. No system is invulnerable; in the event of a personal-data breach with potential for serious harm, the affected individuals will be contacted directly and the ICO notified in line with the breach-reporting regime under the UK GDPR.
12. Future amendments to this document
Whenever this policy is amended, the "Last updated" stamp at the top of the document is refreshed. Substantive amendments — new data categories collected, new third-party processors brought in, retention periods altered — are paired with a homepage banner that stays live for at least 30 days. Routine housekeeping (wording adjustments, link maintenance) does not trigger the banner.
13. Contact
Privacy queries should be routed through the privacy contact set out on the Contact page. Editorial enquiries regarding Kwiff content go through the editorial channel; correction requests follow the procedure laid out on the Editorial Policy page. Player-safety guidance relevant to every reader of the site sits on the Responsible Gambling page.