Personal data on this second Coral Casino information host

Visitors sometimes arrive here after following a different bookmark from our primary Coral-focused guide. Both properties share a mission—accurate, cautious journalism around a famous UK betting and casino name—but this host runs on a separate deployment with its own logging endpoints and editorial inbox. That separation matters for privacy because it defines which organisation answers subject-access requests about data collected on this domain.

Controller and registration details

The legal entity named in the site footer is controller for processing described here. Companies house registration numbers, if shown, identify that publisher—not Entain plc or Coral-branded licensees. Mentioning Coral descriptively in articles does not merge our legal responsibilities with theirs.

Inventory of processing activities (reader-friendly)

We maintain an internal register summarising purposes, categories, recipients and retention. Publicly, we disclose that we process connection metadata, correspondence content, optional survey replies and cookie identifiers. We avoid creating shadow profiles that combine those elements with gambling account identifiers because we do not possess the latter.

Retention clocks

Access logs: rolling thirty to ninety days depending on security tier, unless extended for incident review. Email: twenty-four months after last substantive reply unless litigation holds apply. Survey exports: ninety days post-analysis unless participants consented to a longitudinal study with isolated storage. Cookie consents: twelve months before re-prompting, aligned with industry practice.

Security measures

We implement TLS, role-based access, mandatory MFA for staff consoles and vulnerability scanning after major template releases. Secrets rotate automatically where tooling supports it. Physical media containing backups is encrypted before leaving controlled facilities.

Subprocessors we may rely on

Typical categories include content delivery networks, managed WordPress-style hosts (even if custom), transactional email APIs and ticketing systems. Each vendor is assessed for UK GDPR Article 28 compliance before onboarding. A current list can be emailed on request; we expect changes as we optimise performance.

Your rights in practice

Access: we supply machine-readable extracts where feasible. Rectification: we correct obvious typos in correspondence logs. Erasure: we delete non-essential mailbox segments and redact names in editorial notes where legal freedom-of-expression tests pass. Objection: you may object to certain legitimate-interest processing; we balance your interests against ours and respond in writing. Portability: largely irrelevant here because we do not run loyalty programmes, but if you supplied structured data we can return it in JSON or CSV.

Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means regarding readers. Spam filters use scoring but human reviewers sample borderline cases weekly.

ICO and supervisory cooperation

We cooperate with lawful information orders. We also volunteer contextual facts when regulators study sector-wide marketing trends, ensuring our submissions anonymise individuals unless legally required otherwise.

Transparency updates

When Coral rebrands promotions or Entain adjusts corporate structure, our articles change—but privacy fundamentals here remain about this site. We will edit headings if readers confuse operator notices with ours. Thank you for distinguishing the two ecosystems responsibly.

Accessibility of this notice

If you need this privacy summary in another format—such as large print or a simplified English outline—contact us using the details in the footer and describe your preference. We will try to provide a reasonable alternative within a few working days without charging a fee unless requests become manifestly unfounded or excessive.