Privacy Policy
This policy sets out what personal information Heart Bingo collects about visitors, the reasons it is gathered, where it is held, the parties it may be passed to, and how to exercise your rights under British privacy law. The technical companion piece — cookies, analytics, browser storage — sits on the Cookie Policy page; this page is the human-readable version of the same arrangement.
Heart Bingo operates as a stand-alone, independent informational platform; the broader background is laid out on the About page. The policy here covers the Heart Bingo website by itself, nothing else. The moment a reader clicks through onto an operator's domain, that operator's privacy policy is the one in force; data is not handed from Heart Bingo to operators outside the limited circumstances spelled out further down.
1. What Heart Bingo is
Heart Bingo publishes reviews and guides covering online casinos open to UK players. The flagship operator write-up is the Heart Bingo Casino homepage. This site does not host games, run player accounts, accept deposits, hold funds or process withdrawals. There is no signup. There is no login. A default visit produces no data exchange beyond standard web traffic. Where Heart Bingo does end up collecting personal data — for example, where you contact us through the available channels — this page sets out exactly what happens to it.
2. UK privacy law context
Heart Bingo processes personal information in line with the UK GDPR and Data Protection Act 2018 together with the thirteen UK GDPR principles administered by the Information Commissioner's Office (ICO). European visitors also receive GDPR rights. Californian visitors receive CCPA rights to the extent that statute applies. Where a stricter rule applies under any of these frameworks, the stricter rule takes precedence.
3. What data Heart Bingo collects
Three buckets. Technical traffic data, contact data submitted voluntarily, and aggregated analytics.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance issues. | Legitimate interest under UK GDPR Article 6 legitimate interest. |
| Voluntary contact data | Name, email address, message content, supporting documents you choose to attach. Submitted only if you write to us. | Reply to your enquiry. | Consent under UK GDPR consent basis (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation enabled. | Understand which pages are useful and which are not. | Consent (you can decline analytics cookies on first visit). |
The following are explicitly outside Heart Bingo's collection: financial details (no payment processing happens on this domain at all), gambling-account credentials (no accounts are operated), biometric records, location at any precision finer than country-level (drawn from an anonymised IP), and special-category data (race, religion, health, sexual orientation, political opinion). Targeted advertising and remarketing pixels are not in use; the revenue model that keeps the site running is documented on the Affiliate Disclosure page.
4. Cookies and similar technologies
The cookies Heart Bingo deploys, the third-party services that set them, and the routes for controlling them are detailed on the Cookie Policy page. The short version: strictly necessary cookies (page loading, consent banner state, abuse prevention) are always set; analytics and affiliate-tracking cookies fire only with your consent through the cookie banner; you can revise your selection at any point via the footer link.
5. Affiliate links and operator-side tracking
Clicking an outbound operator link on Heart Bingo triggers three things. First, an internal redirect at /go logs the click for our analytics (regardless of whether you proceed). Second, your browser is forwarded onward to the operator's site. Third, the operator may set its own cookies and treat the visit as a referral attribution. Heart Bingo does not hand over your name, email, or any other identifying personal data to the operator. The operator simply sees that "a visitor arrived from Heart Bingo". Should you go on to register an account on the operator's site, that registration sits under the operator's own privacy policy, not under this one.
6. How long data is retained
- IP addresses: full IPs are retained for at most 24 hours to support abuse mitigation, after which they are anonymised by stripping the trailing octet (IPv4) or the trailing 80 bits (IPv6). The anonymised remnant is held for up to 14 months as input for traffic statistics.
- Contact correspondence: incoming emails and any attached files are held for 24 months for follow-up and audit purposes, then purged unless the thread is still under active discussion.
- Analytics events: the Google Analytics 4 dataset is held for 14 months under the retention configuration we have set, after which it is automatically purged.
- Cookie consent record: the consent record itself lives locally in your browser for 12 months, after which the banner returns and asks again.
Where legal retention obligations call for longer storage — for example, tax records under the HMRC record-keeping requirements covering affiliate-related accounting — the relevant data is kept only for the legally required period and used for no other purpose.
7. Who Heart Bingo shares data with
The list breaks into three controlled buckets. Service providers running pieces of Heart Bingo's stack — web hosting, content delivery, email — each bound by a written data-processing agreement that limits their handling of the data to delivering the service itself. Analytics providers (Google Analytics 4): the only payload is IP-anonymised traffic data, with nothing personally identifying attached. Law-enforcement bodies and regulators: data flows only on receipt of a valid legal demand, and only the data covered by that demand is included. Beyond those routes, Heart Bingo does not sell, rent or trade personal data to anyone, period.
8. Where data is stored
The Heart Bingo stack runs across cloud providers based in the UK and the European Economic Area. A handful of service providers — Google Analytics 4 most notably — process data within the United States. Where data crosses out of the UK, the receiving party must be tied either to Standard Contractual Clauses or to an equivalent regime that the ICO accepts as delivering protection at least on par with UK law.
9. Your rights
Under the UK GDPR and equivalent international statutes, you hold the rights listed below over any personal data Heart Bingo keeps about you.
- Access: request a description of what we hold and receive a copy.
- Correction: request that any inaccurate data be put right.
- Deletion: request that your data be erased, subject to any legal retention obligations.
- Withdrawal of consent: where processing rests on consent, you can withdraw that consent at any moment without affecting any lawful processing carried out previously.
- Complaint: should you suspect that Heart Bingo has mishandled your data, the ICO accepts complaints at ico.org.uk. UK readers are normally expected to raise the matter with us first so we have an opportunity to put it right.
To exercise any of these rights, get in touch via the privacy channel listed on the Contact page. Heart Bingo will reply within 30 days, the deadline required by the UK GDPR.
10. Children's privacy
Heart Bingo content is intended for adult British readers. The site is neither directed at nor designed for anyone under 18. We do not knowingly collect personal data from minors. If we discover that data has been submitted by someone under 18, that data is purged and (where applicable) the parent or guardian is informed.
11. Security
Heart Bingo applies industry-standard security measures: TLS 1.2 or above for every piece of data in transit; access controls and least-privilege restrictions across internal systems; periodic review of who is permitted to see what; full logging of administrative actions; and scheduled third-party penetration testing against the public site. No system is impossible to breach; in the event of a personal-data incident likely to cause serious harm, affected individuals are contacted directly and the ICO is notified per the breach-notification regime under the UK GDPR.
12. Changes to this policy
Where this policy is amended, the "Last updated" date at the top is refreshed. Material changes — new categories of data collected, new third-party processors, revised retention periods — are flagged with a banner on the homepage for at least 30 days. Minor housekeeping edits (rewording, link refreshes) do not trigger a banner.
13. Contact
Privacy-related queries are best routed through the privacy contact listed on the Contact page. Editorial questions about Heart Bingo content go through the editorial channel; correction requests follow the procedure documented on the Editorial Policy page. Player-safety guidance relevant to anyone reading this site sits on the Responsible Gambling page.