This Privacy Policy explains how iDoArt Reviews (the “Site”) collects, uses, and protects personal data when you visit. The Site is operated by Karen Robinson as a sole editorial reviewer and the Site serves predominantly UK readers. Where UK-resident users are concerned, processing is conducted in accordance with the UK GDPR and the Data Protection Act 2018. EU readers’ data is processed in accordance with the EU GDPR.

1. Data Controller

The data controller for personal information collected through iDoArt Reviews is Karen Robinson, the editorial reviewer. You can reach the data controller via the contact page.

2. What Personal Data We Collect

iDoArt Reviews is a content site — we do not operate any gambling product, do not hold player accounts, and do not process deposits or withdrawals. The personal data we collect is limited to:

• Server logs — IP address, user-agent string, requested URL, referer, and timestamp. Used for security, abuse prevention, and aggregate traffic analysis.
• Analytics data — pseudonymous device, browser, and page-visit data. We use this only to understand which pages are useful to readers.
• Contact-form submissions — any name, email, and message you submit via the contact page.
• Cookies and similar tracking — described in our Cookie Policy.

We do not knowingly collect data from anyone under 18 years of age and the Site is not intended for use by minors. If you believe a minor has submitted personal data, contact us via the contact page and we will delete it promptly.

3. Why We Process Personal Data

• Operating the Site — serving requested pages, preventing abuse, and maintaining security. Legal basis: legitimate interest in providing a working website.
• Editorial improvement — aggregated analytics to identify which pages are useful. Legal basis: legitimate interest, balanced against your right to privacy by using pseudonymous data.
• Responding to enquiries — processing contact-form submissions to answer your questions or process corrections. Legal basis: legitimate interest, or your consent where you have actively contacted us.
• Affiliate attribution — affiliate networks may set their own cookies when you click an operator link from our pages, attributing your signup to iDoArt Reviews. Legal basis: your consent (you can decline by not clicking the link or by clearing cookies).

4. Affiliate Relationship Detail

When you click an affiliate link on iDoArt Reviews, the destination operator may set a cookie attributing your registration or deposit to us. We are paid a commission by the operator if you go on to register or play. We never receive your name, email, deposit amounts, or gambling activity at the operator — only an anonymised signal that a registration was attributed to iDoArt Reviews. We never sell, share, or repurpose any reader data for marketing.

5. Data Processors

We use a small number of third-party processors to operate the Site. As of the “Last updated” date these are:

• Cloudflare — CDN, DDoS protection, and edge security. Processes IP addresses and request metadata; UK and EU traffic is served from EU edge nodes where possible.
• Plausible Analytics (or equivalent cookieless analytics) — pseudonymous, cookie-free page-view counting. No personally identifying data leaves the EU.
• Operator affiliate networks — LinkShter, Affision, Santeda, Sweetspot, and 1RedLink set their own cookies on the destination operator’s domain when you click an outbound affiliate link.

The processor list is reviewed and updated on each re-test cycle (60 days). Contact us if you need the current authoritative list.

6. Data Retention

• Server logs: retained for 30 days then automatically purged.
• Analytics data: retained for up to 12 months in aggregated form; raw records purged within 90 days.
• Contact-form submissions: retained for 24 months after the last related message, then deleted unless you have asked us to keep a record longer (for example, a documented correction request).

7. International Data Transfers

The Site is hosted on Cloudflare’s global infrastructure. UK and EU visitor data is preferentially served from EU edge nodes, but data may transit through other jurisdictions for routing reasons. Where data is transferred outside the UK/EU, transfers are protected by the EU Standard Contractual Clauses or equivalent safeguards.

8. Your Rights

Under the UK GDPR (and EU GDPR for EU residents) you have the right to: access the personal data we hold about you; rectify inaccuracies; request erasure; restrict or object to processing; data portability where applicable; and to withdraw consent at any time without affecting prior lawful processing. To exercise any of these rights, contact us via the contact page. We respond within 30 days. If you are not satisfied with our response, UK residents can complain to the Information Commissioner’s Office (ico.org.uk); EU residents to their national data protection authority.

9. Security

The Site runs over HTTPS with TLS 1.2 or later. Cloudflare provides edge DDoS protection. We do not hold credit card data, gambling-account data, or any other particularly sensitive category of data. No security model is infallible — if you become aware of a vulnerability, please disclose it via the contact page and we will respond within 7 days.

10. Changes to This Policy

This Privacy Policy may be updated to reflect changes in processors, retention, or law. The “Last updated” date above reflects the most recent revision. Substantive changes are flagged in a banner on the Site for 14 days.

11. Contact

Privacy enquiries, subject-access requests, and complaints should be sent via the contact page. The data controller is Karen Robinson, lead reviewer.