Privacy Policy: Data Processing and UK GDPR Protocol
Last updated: March 2026
This Privacy Policy explains how CrazyTimeWheel handles data in accordance with the UK GDPR, the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations (PECR).
Scope of Data Collection (Zero-PII Approach)
This site follows the principle of data minimisation. We do not intentionally collect directly identifying personal data such as full names, payment card details, or transaction records through the standard browsing experience.
| Data Category | Status | Detail | Retention |
|---|---|---|---|
| Server Logs | Collected (Automatic) | IP address, browser User-Agent, timestamp, referring URL, and technical request metadata | Deleted every 30 days — used only for DDoS protection, security monitoring, and technical diagnostics |
| Financial Data | 🛑 NOT Collected | No integrated payment gateway — no card data, bank details, or gambling transactions are processed on this site | N/A |
| Tracker Telemetry | Not collected remotely | Spin sequences are processed locally in the browser via JavaScript — no gameplay telemetry is transmitted to our servers as part of the standard tracker setup | Browser cache / local session only |
| Email Correspondence | Collected (Voluntary) | Email address and message content when a user contacts us directly | Retained until the request is resolved, then permanently deleted unless a longer retention period is legally required |
| Strictly Necessary Cookies | Collected (Automatic) | Cookies required for site functionality, such as language preference, session handling, and consent storage | Session duration or up to 12 months |
| Analytics Cookies | Collected (Consent Required) | Aggregated and anonymised traffic measurement cookies, where enabled by the user via the cookie banner | Up to 26 months — consent can be withdrawn at any time |
| Profiling / Advertising Cookies | 🛑 NOT Collected by default | We do not operate our own profiling or behavioural advertising cookie layer as part of the standard site setup | N/A |
Data Controller
The data controller can be contacted using the details provided on the site's Contact page. For privacy-related enquiries, use the dedicated contact channel listed on the Contact Us section of the website.
Legal Bases for Processing
| Processing Activity | Legal Basis | Reference |
|---|---|---|
| Server logs (IP address, User-Agent, technical metadata) | Legitimate interests — site security, abuse prevention, and service stability | UK GDPR Article 6(1)(f) |
| Strictly necessary cookies | Legitimate interests / necessity for providing the requested service | UK GDPR Article 6(1)(f) + PECR |
| Analytics cookies | User consent | UK GDPR Article 6(1)(a) + PECR |
| Email correspondence | Steps taken at the request of the data subject before entering into a potential arrangement, or legitimate interests in responding to enquiries | UK GDPR Article 6(1)(b) and/or 6(1)(f) |
Recipients and Data Transfers
| Recipient | Role | Data Shared | Transfer Basis |
|---|---|---|---|
| Hosting provider | Processor | Server logs and essential infrastructure data | Data processing terms in place — hosting environment subject to applicable contractual safeguards |
| Google Analytics (if enabled) | Processor / independent service provider depending on configuration | Aggregated and anonymised browsing data | User consent + applicable contractual safeguards where relevant |
| Email provider | Processor | Email content and sender address | Data processing terms for communications handling |
We do not sell, rent, or share personal data with third parties for their own direct marketing purposes. Where service providers process data outside the UK, we rely on appropriate safeguards, such as adequacy regulations or approved contractual protections, where required.
Cookies and Similar Technologies
Strictly Necessary Cookies
These cookies are essential for the website to function correctly and do not require consent where they are strictly necessary for the service requested.
| Cookie | Purpose | Duration |
|---|---|---|
session_id | Manages the browsing session | Session |
lang_pref | Stores language preference | 12 months |
cookie_consent | Records the user's cookie choice | 12 months |
Analytics Cookies (Consent Required)
These cookies are activated only after the user gives clear consent via the cookie banner. They help us understand traffic patterns in an aggregated and privacy-conscious way.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes users in aggregated analytics reporting | Up to 26 months |
_gid | Google Analytics | Distinguishes users by session | 24 hours |
IP anonymisation or equivalent privacy-reducing configuration is enabled where supported. You can withdraw consent for analytics cookies at any time through the cookie banner or your browser settings.
Your Rights Under UK Data Protection Law
Subject to the conditions and limits set by law, you may have the right to:
| Right | Description | Reference |
|---|---|---|
| Access | Obtain confirmation that your data is being processed and receive a copy | UK GDPR Article 15 |
| Rectification | Correct inaccurate or incomplete personal data | UK GDPR Article 16 |
| Erasure | Request deletion of personal data in certain circumstances | UK GDPR Article 17 |
| Restriction | Request restriction of processing in certain cases | UK GDPR Article 18 |
| Portability | Receive certain data in a structured, commonly used, machine-readable format | UK GDPR Article 20 |
| Objection | Object to processing based on legitimate interests | UK GDPR Article 21 |
| Withdraw consent | Withdraw consent at any time where processing is based on consent | UK GDPR Article 7(3) |
To exercise these rights, contact us through the site's Contact page. We aim to respond within one month, subject to the complexity and volume of the request.
Right to Lodge a Complaint
You have the right to lodge a complaint with the UK's supervisory authority for data protection matters:
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Data Security
We apply reasonable technical and organisational measures to protect data against unauthorised access, loss, misuse, or disclosure.
| Measure | Detail |
|---|---|
| Encryption | HTTPS/TLS across the site |
| Restricted access | Only authorised personnel can access server-side diagnostic data |
| Automatic deletion | Server logs are routinely deleted after 30 days |
| Data minimisation | Only the minimum technical data necessary for security and performance is processed |
Children
This site is not intended for anyone under 18. We do not knowingly collect personal data from children. The site is informational in nature and intended for an adult audience only.
Changes to This Policy
This Privacy Policy may be updated from time to time to reflect legal, operational, or technical changes. The latest revision date appears at the top of this page. Where changes are material, we may highlight them through a visible notice on the site.
Last updated: March 2026