18+ only. Confirm your age to continue.
We use cookies for consent memory and site stability.
Cookie Policy
Tinzora logo

Privacy Policy

Last updated: 16 June 2026

Tinzora is an editorial comparison website. We do not operate gambling services and we do not hold betting accounts. This policy explains how personal data is handled when you visit our pages, click partner links, send us messages, or use consent settings. It is written for users in the United Kingdom and the European Economic Area and follows the UK GDPR, the Data Protection Act 2018, and related ePrivacy rules.

1. Who Controls Your Data

The data controller for this site is Tinzora editorial operations. You can contact us at privacy@tinzora.com for standard privacy questions. If you need a formal rights request, a correction, or escalation, contact dataprotection@tinzora.com. We answer privacy requests as quickly as possible and no later than one calendar month unless law permits an extension for complex requests.

2. Data We Collect

We collect limited information needed to run and improve a content website. Data categories include technical usage data, consent preferences, and communication records when you contact us. Technical usage data can include browser type, rough location derived from IP at country level, pages viewed, referral source, and device information. Consent preference data includes whether you accepted or declined optional cookies. Communication records include the text you send us and our reply history.

We do not ask for payment card details, identity documents, or gambling account credentials. We do not request special category data unless you voluntarily include it in an email. Please avoid sending health or financial details in open email unless required for your specific request.

3. Why We Use Data and Legal Bases

We process personal data under lawful bases defined by GDPR. For strict site operation and fraud prevention we rely on legitimate interests, balanced against user rights. For optional analytics and preference cookies we rely on consent. For direct communication handling, records, and legal follow-up we rely on legitimate interests and legal obligation when disclosure is required by law.

Our legitimate interest is maintaining a reliable editorial service, protecting systems from misuse, understanding which pages are useful, and fixing technical faults quickly. We do not use behavioural profiling to make automated legal or similarly significant decisions about visitors.

4. Cookies, Local Storage, and Similar Tools

Tinzora uses a small set of browser storage keys and cookies. Necessary storage records age confirmation and cookie preference so banners do not repeatedly interrupt your session. Optional measurement tools may be activated only when consent is given. You can change your browser settings at any time, clear local storage, and revisit our cookie controls.

Storage keys used by this site include values tied to age and cookie status. These values are functional and do not identify you by name. They are used to control banner visibility and improve page usability across visits.

5. Affiliate Tracking and Outbound Links

When you click a casino link, the destination operator may receive referral metadata so they can attribute traffic. That process is managed by the destination service and may involve cookies on the operator domain. Tinzora does not access your gambling account, deposit history, or game records at that operator. We recommend reading each operator privacy notice before registration.

Affiliate tracking may include campaign IDs, timestamp data, and basic source information. It should not include direct identity fields from Tinzora unless you choose to provide them independently to the operator.

6. Data Sharing

We share data only where needed for website operation, legal compliance, and security. Typical recipients include hosting providers, analytics tools (consent based), email infrastructure, and contracted technical support bound by confidentiality duties. We do not sell personal data lists. We do not grant third parties unrestricted access to raw visitor logs.

If law requires disclosure to regulators, courts, or law enforcement, we provide only the scope required by that request. When legally allowed, we challenge overbroad requests and seek to narrow the data shared.

7. International Transfers

Some suppliers may process data outside the UK or EEA. Where transfer occurs, we use approved transfer safeguards such as UK International Data Transfer Addendum terms, standard contractual clauses, or adequacy regulations. We also review supplier security controls and monitor whether the legal framework remains suitable.

8. Security Measures

We apply administrative and technical safeguards appropriate for a content site. Measures include access controls, account protection policies, encrypted transport, role-based permissions, and log monitoring. No system is risk-free, but we work to reduce exposure and respond quickly to incidents.

Staff and contractors with data access are bound by confidentiality terms and receive internal guidance on handling personal data and user requests.

9. Retention Periods

We retain technical logs for the minimum period needed to maintain service integrity, detect abuse, and investigate incidents. Contact emails are retained while the request is open and then archived for a limited period where needed for legal or audit reasons. Consent records may be retained to demonstrate compliance with legal obligations.

Retention periods differ by record type. If you request deletion of communication records, we review legal obligations first and erase data that is no longer necessary.

10. Your Rights

Under GDPR you may have the right to access your data, correct inaccuracies, request deletion, restrict processing, object to certain processing, and request data portability where applicable. You also have the right to withdraw consent at any time for optional processing that depends on consent.

To exercise rights, email dataprotection@tinzora.com. We may need to verify identity before releasing data. Verification is limited to what is necessary for security.

11. Complaints

If you believe your data rights were not handled correctly, contact us first so we can resolve the issue. You can also complain to the UK Information Commissioner's Office. Contact details are available on the ICO website. Raising a complaint with us does not remove your right to approach the ICO directly.

12. Children and Age Restrictions

Tinzora is intended for adults aged 18 and over. We do not knowingly target children. If we become aware that a child has provided personal data, we will remove it where possible. Parents or guardians can contact us for support if they believe data from a minor was submitted.

13. Automated Decision-Making

We do not run automated decision-making that produces legal effects about individuals. Ranking calculations on casino pages are editorial scoring outputs, not personal decisions about a user profile.

14. Changes to this Policy

We may update this policy when legal requirements, technology, or site operations change. Significant edits are marked with a new date. We encourage users to revisit this page periodically, especially before sending data through contact channels.

15. Detailed GDPR Transparency Notes

This section provides additional clarity for users and auditors. Data minimisation is applied by collecting only what is needed for website operation, analytics under consent, and support requests. Purpose limitation is observed by using data for declared goals and not reusing it for unrelated advertising profiles. Accuracy controls include internal review of records and correction on request. Storage limitation is applied by deleting or anonymising data when retention purposes expire.

Integrity and confidentiality are addressed through access control, network protections, and documented response processes. Accountability is supported by internal records of processing activities and vendor oversight. Where processors are engaged, contracts include obligations for security, confidentiality, and assistance with rights requests. We review supplier terms before onboarding and monitor material policy changes after onboarding.

Consent management is designed so declining optional cookies does not block core site access. Necessary storage that records consent and age confirmation remains available because it supports legal and technical obligations. You can clear browser data at any time, but doing so may display banners again until preferences are reset.

When a rights request is unclear, we may ask for clarification to avoid over-collection and to produce an accurate response. Requests are logged with date, scope, and completion notes. If we require extra time due to complexity or volume, we will notify you within one month and explain the reason. Identity checks are proportionate and we avoid requesting high-risk documents unless absolutely required.

Data breach procedures include detection, triage, containment, and notification review under UK GDPR thresholds. If a breach is likely to risk individual rights and freedoms, we notify the regulator and affected users where required. Post-incident actions include root cause analysis and control updates.

Where legal claims, compliance investigations, or fraud cases require temporary preservation of records, deletion may be delayed until the matter closes. Once preservation grounds end, normal retention deletion rules resume. We do not keep records indefinitely without a valid reason.