Privacy Policy | The Foundry Online

Last Updated: 9 May 2026

1. Introduction

Welcome to The Foundry Online (“we”, “us”, “our”). We are a United Kingdom-based independent review and information website that specialises in providing expert analysis, reviews, and guides relating to online casinos and betting sites that operate outside the GamStop self-exclusion scheme. Our website is accessible at https://www.thefoundry-online.com/ (the “Website”).

We understand the importance of protecting your personal data and we are fully committed to ensuring that your privacy is respected at all times. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It applies to all visitors to and users of our Website, regardless of how you access or use the site.

By continuing to use our Website, you acknowledge that you have read and understood this Privacy Policy. We encourage you to read this document carefully and in its entirety so that you are fully aware of how and why we use your data. If you have any questions or concerns about our privacy practices, please do not hesitate to contact us using the details provided in the “Contact Us” section at the end of this policy.

It is important to note that The Foundry Online is an editorial and informational website only. We do not operate, manage, or control any casino, gambling platform, or betting service. We do not process gambling transactions, manage player accounts, or hold any funds on behalf of users. Our role is limited to providing reviews, guides, and informational content. Any personal data we collect is gathered solely in connection with the operation of this Website and the provision of our editorial services.

2. Data Controller Information

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller responsible for your personal data is The Foundry Online.

As the data controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed lawfully, fairly, and in a transparent manner, in accordance with the principles set out in Article 5 of the UK GDPR.

If you have any questions regarding the processing of your personal data, wish to exercise any of your rights as a data subject, or have any concerns about how your information is being handled, you may contact us at any time through our Contact page.

We take our responsibilities as a data controller seriously and have implemented appropriate technical and organisational measures to ensure that your personal data is processed in compliance with applicable data protection legislation at all times. Where we engage third-party service providers to process data on our behalf, we ensure that appropriate data processing agreements are in place and that such providers offer sufficient guarantees regarding the security and lawful treatment of personal data.

3. What Information We Collect

We may collect and process the following categories of personal data when you visit and interact with our Website:

3.1 Information You Provide Voluntarily

When you choose to contact us through our contact form or via email, you may provide us with personal information including but not limited to:

Your name or chosen pseudonym
Your email address
The subject matter of your enquiry
Any additional information you choose to include in your message

We will only collect personal information that you voluntarily submit to us. We do not require you to create an account, register, or provide any personal details in order to browse our Website and access our content.

3.2 Information Collected Automatically

When you visit our Website, certain information is collected automatically through the use of cookies, analytics tools, and server logs. This may include:

Your Internet Protocol (IP) address
Your browser type and version
Your operating system
The pages you visit on our Website and the order in which you visit them
The date and time of your visit
The duration of your visit and time spent on individual pages
The referring website or source that directed you to our Website
Your approximate geographical location (derived from your IP address, typically at city or region level)
Your device type (desktop, tablet, or mobile) and screen resolution
Language preferences

This information is predominantly collected through Google Analytics and is used in an aggregated, anonymised form to help us understand how visitors use our Website and to improve our content and services. We do not use this automatically collected data to personally identify individual users.

3.3 Cookies and Similar Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience and to collect analytical data about how the site is used. Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website operators.

For comprehensive information about the specific cookies we use, their purposes, and how you can manage your cookie preferences, please refer to our Cookie Policy.

4. How We Collect Information

We collect information about you through the following methods:

4.1 Automatically Through Cookies and Analytics

When you visit our Website, we automatically collect certain technical and usage data through the deployment of cookies and third-party analytics services. This collection occurs passively as you navigate our pages and does not require any active input from you. Our primary analytics tool is Google Analytics, which uses first-party cookies to distinguish unique users and to throttle request rates.

Google Analytics collects data in an aggregated form that does not directly identify you as an individual. We have configured Google Analytics to anonymise IP addresses before storage and processing, which means that your full IP address is never retained by Google on our behalf. We use the data collected by Google Analytics to analyse visitor behaviour, identify popular content, monitor site performance, and make informed decisions about how to improve our Website.

4.2 Voluntarily Through Forms and Direct Communication

We collect personal information that you voluntarily provide to us when you use our contact form, send us an email, or otherwise communicate with us directly. The provision of this information is entirely optional and at your discretion. You are under no obligation to provide any personal data to us in order to access and use our Website.

When you submit a contact form, the information you provide is transmitted securely and stored in our email system. We use this information solely for the purpose of responding to your enquiry or feedback. We do not use contact form submissions for marketing purposes unless you have given us explicit consent to do so.

4.3 Through Server Logs

Like most websites, our hosting server automatically records certain information in server log files each time a request is made to our Website. This information typically includes your IP address, the date and time of your request, the specific page or resource you requested, your browser user-agent string, and the HTTP status code of the response. Server logs are maintained for security and diagnostic purposes and are routinely deleted after a reasonable retention period. We do not use server log data to identify or track individual users.

5. Legal Basis for Processing

Under the UK GDPR, we are required to have a valid legal basis for processing your personal data. We rely on the following legal bases, depending on the specific processing activity:

5.1 Consent (Article 6(1)(a) UK GDPR)

We rely on your consent as the legal basis for certain processing activities, including:

The placement of non-essential cookies on your device, including analytics cookies and any third-party tracking cookies
The collection and processing of personal data submitted through our contact form, where consent is provided at the point of submission
Any future marketing communications, should we choose to implement such features (which we do not currently offer)

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. You may withdraw your consent by contacting us using the details set out in the “Contact Us” section of this policy, or by adjusting your cookie settings in your browser.

5.2 Legitimate Interests (Article 6(1)(f) UK GDPR)

We rely on our legitimate interests as the legal basis for certain processing activities where such interests are not overridden by your fundamental rights and freedoms. These legitimate interests include:

Analysing aggregated, anonymised website traffic data to understand how visitors use our Website and to improve our content, layout, and user experience
Maintaining the security and integrity of our Website, including detecting and preventing fraudulent or malicious activity
Administering and managing our Website, including server maintenance, troubleshooting, and performance monitoring
Ensuring that our content is presented in the most effective manner for you and for your device

We have conducted a legitimate interests assessment for each of the above processing activities and have concluded that our interests do not override your rights and freedoms, particularly given the limited nature of the personal data involved and the measures we have taken to minimise any impact on your privacy. You have the right to object to processing based on legitimate interests at any time, as detailed in the “Your Rights Under GDPR” section below.

6. How We Use Your Information

We use the information we collect for the following purposes:

6.1 Website Improvement and Analytics

We use aggregated, anonymised analytics data to monitor and analyse trends in website traffic, to understand which pages and content are most popular with our visitors, to identify technical issues or performance bottlenecks, and to make data-driven decisions about how to improve the overall quality and usability of our Website. This analysis helps us ensure that we are providing the most relevant, useful, and accessible content to our readers. We do not use analytics data to build individual user profiles or to make automated decisions about individual visitors.

6.2 Responding to Enquiries

When you contact us through our contact form or by email, we use the personal information you provide (typically your name, email address, and message content) to respond to your enquiry, answer your questions, address your feedback, or resolve any concerns you may have raised. We will only use your contact information for the specific purpose for which it was provided, and we will not add you to any mailing list or marketing database without your explicit consent.

6.3 Website Security and Administration

We use technical data, including IP addresses and server logs, to maintain the security of our Website, to detect and prevent cyber attacks, malicious activity, or unauthorised access attempts, and to diagnose and resolve technical issues. This processing is essential for the safe and reliable operation of our Website and the protection of both our organisation and our visitors.

6.4 Legal Compliance

We may process your personal data where it is necessary for compliance with a legal obligation to which we are subject, or where it is necessary for the establishment, exercise, or defence of legal claims. This may include retaining records for regulatory or tax purposes, or responding to lawful requests from law enforcement or other governmental authorities.

7. Cookies

Our Website uses cookies to distinguish you from other users of our Website, to enhance your browsing experience, and to collect analytical information about how our site is used. Cookies are small data files that are stored on your device when you visit a website. They serve a variety of functions, including remembering your preferences, tracking site usage, and enabling certain website features to function correctly.

We use the following general categories of cookies on our Website:

Strictly Necessary Cookies: These cookies are essential for the basic functionality of our Website and cannot be switched off in our systems. They are typically set in response to actions you take, such as setting your privacy preferences or navigating between pages.
Analytics Cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our Website. They help us understand which pages are the most popular, which are the least used, and how visitors navigate around the site.

You can control and manage cookies through your browser settings. Most web browsers allow you to view, delete, and block cookies from websites. Please be aware that if you choose to block or delete certain cookies, some features of our Website may not function as intended.

For full details about the specific cookies we use, their purposes, duration, and how to manage them, please visit our dedicated Cookie Policy page.

8. Third-Party Services

In order to operate and improve our Website, we utilise certain third-party services. These services may collect data about your use of our Website on our behalf. We have outlined these services below:

8.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), to collect and analyse data about how visitors use our Website. Google Analytics uses cookies to collect information such as how often users visit our site, which pages they view, and what other sites they visited prior to coming to our Website.

We have implemented IP anonymisation (also known as IP masking) within Google Analytics, which means that your IP address is truncated before being transmitted to Google. This prevents the full IP address from being stored or processed by Google on our behalf. We do not use Google Analytics to collect personally identifiable information, and we do not combine the information collected through Google Analytics with data from other sources in a manner that could identify individual users.

Google’s ability to use and share information collected by Google Analytics is governed by the Google Analytics Terms of Service and the Google Privacy Policy. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

8.2 Web Hosting Provider

Our Website is hosted by a third-party hosting provider, which may automatically collect and store certain technical information in server log files, including IP addresses, browser types, referring URLs, and timestamps. This data is collected for the purpose of maintaining the security, stability, and performance of the hosting infrastructure. Our hosting provider processes this data on our behalf and in accordance with a data processing agreement that ensures compliance with applicable data protection legislation.

8.3 Affiliate Networks

The Foundry Online participates in affiliate marketing programmes, which means that we may earn commissions when visitors click on certain links on our Website and subsequently register or make a deposit at a third-party casino or betting site. Our participation in these affiliate programmes is disclosed in our footer and throughout our content.

Important: We do not share, sell, transfer, or otherwise disclose your personal data to any casino, betting site, or gambling operator. Our affiliate relationships are commercial in nature and do not involve the exchange of user personal data from our Website to any third-party casino or gambling platform. The affiliate tracking process typically involves the use of cookies or URL parameters that identify the referring website (The Foundry Online) but do not transmit any personal information about individual users from our systems to the affiliate partner.

9. Affiliate Links and Third-Party Websites

Our Website contains links to third-party websites, including online casinos, betting sites, and other external resources. When you click on an affiliate link or any other external link on our Website, you will be directed away from The Foundry Online and to the third party’s website. Once you leave our Website and arrive at a third-party site, you are no longer subject to this Privacy Policy.

It is important to understand that when you click on a link to a third-party casino or betting site, your interaction with that site is governed entirely by that third party’s own privacy policy and terms of use. The third-party operator may collect personal data from you during the registration process, including your name, date of birth, address, email address, payment details, and identity verification documents. This data collection is performed by the third party, not by The Foundry Online, and is subject to the third party’s privacy practices.

When you click an affiliate link, a small amount of technical data may be transferred to the third-party site as part of the standard HTTP referral process. This typically includes the URL of the referring page (i.e., the page on our Website that contained the link you clicked) and may include tracking parameters embedded in the link URL (such as an affiliate identifier or campaign code). This referral data is used by the third party to attribute the referral to our Website for commission purposes and does not include any personal information that we hold about you.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites. We strongly encourage you to read the privacy policy and terms of use of any third-party website before providing any personal information or creating an account.

The inclusion of a link to a third-party website on The Foundry Online does not constitute an endorsement of that website’s privacy practices. Our reviews and recommendations relate to the quality and features of the services offered by these third parties, but we do not warrant or guarantee the privacy or security practices of any external operator.

10. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, as set out in this Privacy Policy, and in accordance with our legal obligations. The specific retention periods applicable to different categories of data are as follows:

Contact Form Submissions

Personal data provided through our contact form (including your name, email address, and message content) is retained for a period of up to twelve (12) months from the date of submission, or until the enquiry has been fully resolved, whichever is later. After this period, the data is securely deleted from our systems. If an ongoing correspondence develops from an initial enquiry, the retention period is calculated from the date of the last communication.

Analytics Data

Analytics data collected through Google Analytics is retained in accordance with Google’s data retention settings. We have configured our Google Analytics account to retain user-level and event-level data for a period of fourteen (14) months, after which it is automatically deleted. Aggregated, anonymised reports derived from analytics data may be retained indefinitely, as they do not contain any personal information.

Server Logs

Server log files, which may contain IP addresses and other technical data, are typically retained by our hosting provider for a period of up to ninety (90) days. These logs are maintained for security monitoring and diagnostic purposes and are routinely purged after the applicable retention period expires.

11. Your Rights Under GDPR

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have a number of important rights in relation to your personal data. We are committed to respecting and facilitating the exercise of these rights. Your rights are summarised below:

11.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This is commonly referred to as a “Subject Access Request” (SAR). Upon receiving a valid request, we will provide you with a copy of your personal data, together with information about the purposes of the processing, the categories of data concerned, the recipients or categories of recipients to whom the data has been disclosed, and the envisaged retention period. We will respond to your request within one (1) calendar month of receipt, in accordance with Article 12(3) of the UK GDPR.

11.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data we hold about you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If we have disclosed the inaccurate data to third parties, we will inform them of the rectification where reasonably possible.

11.3 Right to Erasure (Article 17)

You have the right to request that we delete your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was originally collected, where you withdraw your consent (and there is no other legal basis for the processing), where you object to the processing and there are no overriding legitimate grounds, or where the data has been unlawfully processed. This right is not absolute and may be subject to certain exemptions, such as where the processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.

11.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data (for a period enabling us to verify the accuracy), where the processing is unlawful and you oppose the erasure of the data, where we no longer need the data for the original purpose but you require it for the establishment, exercise, or defence of legal claims, or where you have objected to the processing and verification of whether our legitimate grounds override yours is pending.

11.5 Right to Data Portability (Article 20)

Where the processing of your personal data is based on consent or the performance of a contract, and the processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us. Where technically feasible, you may request that we transmit the data directly to another controller on your behalf.

11.6 Right to Object (Article 21)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on our legitimate interests (Article 6(1)(f)). Upon receiving such an objection, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims. Where personal data is processed for direct marketing purposes, you have the right to object at any time, and we shall cease processing the data for such purposes without exception.

12. How to Exercise Your Rights

If you wish to exercise any of the rights outlined above, you may do so by contacting us through our Contact page. When submitting a request, please provide sufficient information to allow us to verify your identity and to locate the personal data to which your request relates.

We will respond to all legitimate requests within one (1) calendar month of receipt. In exceptional circumstances, where the request is particularly complex or where we have received a large number of requests, we may extend this period by a further two (2) months, in accordance with Article 12(3) of the UK GDPR. If an extension is necessary, we will inform you of the delay and the reasons for it within the initial one-month period.

We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive, particularly if it is repetitive. In such cases, we may either charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested, or we may refuse to act on the request, in accordance with Article 12(5) of the UK GDPR.

If you are dissatisfied with our response to your request, or if you believe that we are processing your personal data in a manner that is not compliant with data protection legislation, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights. You can contact the ICO via their website at https://ico.org.uk/, by telephone on 0303 123 1113, or by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

13. Data Security

We take the security of your personal data very seriously and have implemented a range of appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures are designed to provide a level of security appropriate to the risk associated with the processing of personal data, in accordance with Article 32 of the UK GDPR.

The security measures we have in place include, but are not limited to:

Encryption in Transit: Our Website is served exclusively over HTTPS (Hypertext Transfer Protocol Secure), which means that all data transmitted between your browser and our server is encrypted using TLS (Transport Layer Security) protocols. This prevents unauthorised parties from intercepting or tampering with data during transmission.
Access Controls: Access to personal data within our organisation is restricted to authorised personnel only, on a strict need-to-know basis. All individuals with access to personal data are bound by confidentiality obligations.
Secure Hosting: Our Website is hosted on a secure, reputable hosting platform that employs industry-standard physical and technical security controls, including firewalls, intrusion detection systems, and regular security audits.
Regular Reviews: We conduct periodic reviews of our data collection, storage, and processing practices to ensure that our security measures remain appropriate and effective in light of evolving threats and technological developments.

Whilst we take all reasonable steps to protect your personal data, please be aware that no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee absolute security, and any transmission of personal data is at your own risk. We encourage you to take your own precautions to protect your personal information, including using strong passwords, keeping your software and browser up to date, and exercising caution when sharing personal information online.

14. Children’s Privacy

Our Website is intended exclusively for individuals who are eighteen (18) years of age or older. The Foundry Online provides reviews and information relating to online gambling services, and gambling is a strictly age-restricted activity. We do not knowingly collect, solicit, or process personal data from anyone under the age of eighteen (18).

If you are under the age of eighteen, you must not use our Website, submit any personal information to us through our contact form or by any other means, or click on any affiliate links to third-party gambling or betting websites. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us immediately using the details set out in the “Contact Us” section below, and we will take prompt steps to delete such information from our systems.

In the event that we become aware that we have inadvertently collected personal data from a person under the age of eighteen, we will delete that data without undue delay and take reasonable steps to ensure that it is not further processed, disclosed to third parties, or otherwise used for any purpose.

15. International Transfers

The personal data we collect may, in some circumstances, be transferred to, stored at, or processed in a destination outside the United Kingdom. This may occur, for example, when data is processed by our third-party service providers (such as Google, in connection with Google Analytics) who operate servers or facilities in jurisdictions outside the UK.

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your data in accordance with the requirements of the UK GDPR. These safeguards may include:

Adequacy Decisions: Transfers to countries that have been determined by the UK Secretary of State to provide an adequate level of data protection, meaning that your data will benefit from protections equivalent to those under UK data protection law.
Standard Contractual Clauses: Where no adequacy decision exists, we may rely on the International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, as approved by the Information Commissioner’s Office, to ensure that appropriate safeguards are in place.
Supplementary Measures: Where necessary, we implement additional technical, organisational, or contractual measures to ensure that the level of protection afforded to your data is not undermined by the transfer.

If you would like further information about the specific safeguards we have put in place in relation to international data transfers, please contact us using the details provided in the “Contact Us” section of this policy.

16. Changes to This Policy

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable legislation, or for other operational, legal, or regulatory reasons. Any changes we make to this Privacy Policy will be effective immediately upon publication on this page.

When we make material changes to this Privacy Policy, we will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect. Your continued use of our Website after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

In the event of a significant or material change to this Privacy Policy — for example, a change that substantially alters the way we collect, use, or share your personal data — we will make reasonable efforts to notify you in advance. Such notification may take the form of a prominent notice on our Website, an update to our cookie consent mechanism, or, where we hold your email address and have your consent to contact you, a direct email notification.

We recommend bookmarking this page or checking it regularly so that you remain informed of any updates. Previous versions of this Privacy Policy are available upon request by contacting us through the details provided below.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, the personal data we hold about you, or our data processing practices, please do not hesitate to get in touch with us. We are committed to addressing all privacy-related enquiries promptly and thoroughly.

You can contact us through our dedicated Contact page, which provides a secure form for submitting your enquiry directly to our team.

When contacting us in relation to a data protection matter, please include as much relevant detail as possible to enable us to assist you efficiently. In particular, if you are making a request to exercise one of your data subject rights, please clearly identify the specific right you wish to exercise and provide sufficient information for us to verify your identity and locate any relevant personal data.

We aim to respond to all privacy-related enquiries within five (5) working days of receipt. For formal data subject rights requests (such as Subject Access Requests), we will respond within the statutory timeframe of one (1) calendar month, as required by the UK GDPR.

If you are not satisfied with our response, or if you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO is the UK’s supervisory authority for data protection matters. Their contact details are as follows: website — https://ico.org.uk/; telephone — 0303 123 1113; postal address — Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.