UK GDPR Compliance

Your data protection rights and our commitment to GDPR

Our GDPR Commitment

HaloPlayhouse is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and have implemented comprehensive measures to ensure your personal information is handled lawfully, fairly, and transparently.

GDPR Principles We Follow

We adhere to all seven key principles of UK GDPR:

1. Lawfulness, Fairness, and Transparency

We process your data lawfully, fairly, and in a transparent manner. We clearly explain what data we collect and how we use it through our Privacy Policy.

2. Purpose Limitation

We collect your personal data only for specified, explicit, and legitimate purposes related to operating our social games platform. We do not use your data for purposes beyond what we've disclosed.

3. Data Minimization

We collect only the minimum amount of personal data necessary to provide our video games, mobile games, and slot games services. We do not collect excessive or irrelevant information.

4. Accuracy

We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date. You have the right to have inaccurate data corrected.

5. Storage Limitation

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. We have clear data retention policies in place.

6. Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

7. Accountability

We take responsibility for complying with GDPR and can demonstrate our compliance through documentation, policies, and procedures.

Your GDPR Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.

Right of Access

You can request access to your personal data and receive a copy of the information we hold about you. This is commonly known as a "subject access request."

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure ("Right to Be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we restrict the processing of your personal data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You can object to the processing of your personal data in certain circumstances, particularly for direct marketing or processing based on legitimate interests.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making and profiling. We do not make automated decisions that significantly affect you without human involvement.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

We will respond to your request within one month (extendable by two additional months for complex requests). There is no fee unless your request is manifestly unfounded or excessive.

Data We Collect and Process

We collect and process the following categories of personal data:

  • Age Verification Data: Confirmation that you are 18 or older
  • Technical Data: IP address, browser type, device information, usage statistics
  • Contact Data: Email address and name (if you contact us)
  • Cookie Data: Information collected through cookies and similar technologies

We do not collect sensitive personal data (also known as "special category data") such as information about your health, race, religion, or political opinions.

Legal Basis for Processing

We process your data based on the following legal grounds under UK GDPR:

  • Consent: For cookies and marketing communications
  • Legitimate Interests: For platform operation, security, fraud prevention, and service improvement
  • Legal Obligation: For age verification and compliance with UK laws

Data Security Measures

We implement robust security measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication systems
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery plans

Third-Party Data Processors

We may share your data with trusted third-party service providers who help us operate our platform. These processors are:

  • Carefully vetted and selected
  • Bound by contractual obligations to protect your data
  • Required to process data only as we instruct
  • Subject to regular audits and compliance checks

We ensure all processors meet UK GDPR standards and maintain appropriate technical and organizational measures.

International Data Transfers

Your data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK, we ensure:

  • An adequacy decision exists for the destination country, or
  • Standard Contractual Clauses (SCCs) are in place, or
  • Other appropriate safeguards approved by UK authorities are implemented

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Inform affected individuals without undue delay
  • Provide details about the breach and our response measures
  • Take immediate action to contain and remedy the breach

Children's Data Protection

Our platform is for adults aged 18 and above only. We do not knowingly collect or process personal data from children. If we discover that we have inadvertently collected data from someone under 18, we will delete it immediately.

Cookies and Tracking

We use cookies in compliance with UK GDPR and the Privacy and Electronic Communications Regulations (PECR). We:

  • Obtain consent before placing non-essential cookies
  • Provide clear information about cookie usage
  • Allow you to withdraw cookie consent at any time
  • Respect Do Not Track signals where technically feasible

Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to reflect:

  • Changes in UK data protection laws
  • Guidance from the Information Commissioner's Office
  • Emerging best practices in data protection
  • Technological advancements

Complaints and Concerns

If you have concerns about how we handle your personal data, please contact us first. We are committed to resolving any issues.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

Contact Our Data Protection Officer

For questions or concerns about GDPR compliance or data protection:

Email: dpo@haloplayhouse.games
Address: Data Protection Officer, HaloPlayhouse, 123 Entertainment Way, London, EC1A 1BB, United Kingdom