Privacy Policy
The pages that follow document the personal data PlayOJO gathers about its visitors, the purposes behind that collection, the location it sits in, the parties it gets shared with, and the steps for exercising your rights under UK privacy law. A technical sibling — covering cookies, analytics and browser-side storage — lives on the Cookie Policy page; treat this page as the plain-English version of the same arrangement.
PlayOJO operates as an independent informational platform; the broader context is on the About page. This privacy policy covers the PlayOJO website only. Once a reader clicks through to an operator's site, the operator's own privacy policy takes over; PlayOJO does not share data with operators except in the limited form described below.
1. What PlayOJO is
What PlayOJO produces are reviews and guides aimed at online casinos accessible to British players. Our flagship operator review sits on the PlayOJO Casino homepage. We don't host games, operate player accounts, take deposits, hold balances or push out withdrawals. No signup exists. No login exists. A typical visit involves no data exchange beyond standard web-traffic signals. In the situations where PlayOJO does collect personal data — for example, when you contact us through one of the published channels — this page lays out precisely what happens to that data afterwards.
2. UK privacy law context
Personal data at PlayOJO is handled in accordance with the UK GDPR and Data Protection Act 2018, alongside the thirteen UK GDPR principles overseen by the Information Commissioner's Office (ICO). Visitors from Europe receive their GDPR rights as well. Californian visitors get CCPA rights to the extent those rights apply. Where any one of these frameworks imposes a stricter rule than another, the stricter rule wins out.
3. What data PlayOJO collects
Three categories cover what is collected: technical traffic information, voluntarily-supplied contact details, and aggregated analytics.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance issues. | Legitimate interest under UK GDPR Article 6 legitimate interest. |
| Voluntary contact data | Name, email address, message content, supporting documents you choose to attach. Submitted only if you write to us. | Reply to your enquiry. | Consent under UK GDPR consent basis (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation enabled. | Understand which pages are useful and which are not. | Consent (you can decline analytics cookies on first visit). |
The list of what PlayOJO does not gather: financial data (no payment processing happens on this domain), credentials for gambling accounts (we don't operate any accounts), biometric data, anything more specific than country-level location (derived from an anonymised IP), or special-category data (race, religion, health, sexual orientation or political opinion). Targeted advertising and remarketing technologies aren't deployed; the financial model underpinning the site is laid out on the Affiliate Disclosure page.
4. Cookies and similar technologies
The Cookie Policy page documents in detail every cookie PlayOJO uses, every third-party service responsible for setting them, and the controls available. Boiled down: strictly necessary cookies (page loading, consent state, abuse prevention) are always written; analytics cookies and affiliate-tracking cookies fire only after you grant consent via the cookie banner; you can revise that selection any time through the footer link.
5. Affiliate links and operator-side tracking
Clicking an outbound operator link on PlayOJO triggers three things in sequence. To start with, an internal redirect at /go logs the click in our analytics (regardless of whether you go further). Next, the browser is forwarded across to the operator's site. After that, the operator is free to set its own cookies and record the arrival as an attributed referral. Crucially, no name, email or other identifying personal data passes from PlayOJO to the operator. The only signal the operator receives is "a visitor came in from PlayOJO". If registration on the operator's site follows, that registration falls under the operator's own privacy policy, not ours.
6. How long data is retained
- IP addresses: the raw IP is held for up to 24 hours for abuse-prevention purposes, then anonymised by lopping off the final octet (IPv4) or the last 80 bits (IPv6). Anonymised IPs are retained for a maximum of 14 months as part of traffic-stats reporting.
- Contact correspondence: incoming emails and attached files are kept for 24 months to allow follow-up and audit, after which they're deleted unless the matter is still actively in discussion.
- Analytics events: under our current GA4 configuration, Google Analytics 4 data is retained for 14 months and then purged automatically.
- Cookie consent record: your stored consent choice lives locally inside your browser for 12 months, after which the cookie banner surfaces again.
Where the law requires longer retention — for example, tax records under HMRC record-keeping rules for affiliate accounting — the relevant data is held only for the legally required period and not used for any other purpose.
7. Who PlayOJO shares data with
Sharing falls into three controlled categories. Service providers running components of the PlayOJO infrastructure — hosting, content delivery, email — work under a signed data-processing agreement that restricts use of the data strictly to delivering the service in question. Analytics providers (Google Analytics 4) receive only IP-anonymised traffic data carrying no personally identifying information. Law-enforcement bodies and regulators receive data only when a valid legal demand is presented, and only the specific data the demand covers. Selling, renting or trading personal data is something PlayOJO does not do, full stop.
8. Where data is stored
PlayOJO infrastructure runs on cloud providers based in the UK and the European Economic Area. Some service providers — Google Analytics 4 being the main example — process data in the United States. Where data leaves the UK, the recipient is bound either by Standard Contractual Clauses or by an equivalent regime that the ICO has judged to provide protection at least as strong as UK law.
9. Your rights
Under the UK GDPR and equivalent international laws, the following rights apply with respect to any personal data PlayOJO holds about you.
- Access: request what we hold about you and receive a copy.
- Correction: request that any inaccurate data be put right.
- Deletion: request removal of your data, subject to legal retention requirements that may override the request.
- Withdrawal of consent: where processing relies on consent, you may revoke it at any point, with no impact on processing that was lawful before the withdrawal took effect.
- Complaint: where you consider that PlayOJO has mishandled your data, a complaint can be lodged with the ICO at ico.org.uk. UK readers are encouraged to raise it with us first, giving us an opportunity to put it right.
To exercise any of these rights, reach out through the privacy channel listed on the Contact page. PlayOJO will respond inside 30 days, the timeframe required under the UK GDPR.
10. Children's privacy
PlayOJO content is aimed at adult UK readers. The site is not directed at, or intended for, anyone under 18. We do not knowingly collect personal data from minors. If it becomes apparent that data has been submitted by someone under 18, that data is deleted and (where applicable) the parent or guardian is notified.
11. Security
Security controls at PlayOJO line up with industry standards: TLS 1.2+ covering every transit path; access controls plus least-privilege rules on internal systems; periodic audits of who can see what; full logging across administrative actions; recurring third-party penetration tests against the public site. No setup is invulnerable; should a personal-data breach occur with material harm potential, the affected individuals will be contacted directly and the ICO will be notified in line with the breach-notification regime mandated by the UK GDPR.
12. Changes to this policy
Any update to this policy is reflected in the "Last updated" date sitting at the top of the page. For material changes — covering new categories of data being collected, new third-party processors, or shifted retention windows — a banner runs on the home page for a minimum of 30 days. Minor editorial tweaks (wording adjustments, link updates) do not produce a banner.
13. Contact
Privacy-related questions are best routed through the privacy contact listed on the Contact page. Editorial questions about PlayOJO content go via the editorial channel; correction requests are handled under the procedure on the Editorial Policy page. Player-safety guidance applicable to anyone reading this site sits on the Responsible Gambling page.