This Privacy Policy describes how SydneyBauer collects, uses, discloses, and protects personal information in accordance with the Personal Information Protection and Electronic Documents Act (UK GDPR) and applicable UK data protection legislation. By accessing or using the SydneyBauer platform, you acknowledge that you have read and understood this policy.

1. Introduction

SydneyBauer ("we," "our," or "us") is a social casino gaming platform operated from London, United Kingdom. Our registered address is Level 1, 1 King Street, London EC2V 8RF. SydneyBauer offers free-to-play online slot games and related social casino entertainment exclusively for amusement purposes. We do not facilitate real-money gambling, accept financial wagers, or award prizes with monetary value.

We are committed to safeguarding the privacy and security of your personal information. This Privacy Policy applies to all personal information collected through our website (sydneybauer.com), our games, mobile applications (if any), email communications, and any other services we provide (collectively, the "Service").

If you have questions or concerns about this policy or our privacy practices, please contact our Privacy Officer at [email protected].

2. Information We Collect

We collect personal information only as necessary to provide and improve our Service. The categories of information we may collect include:

2.1 Information You Provide Directly

  • Account Registration: When you create an account, we collect your username, email address, date of birth (for age verification), and password (stored in hashed form).
  • Profile Information: Any optional information you choose to add to your profile, such as a display name, avatar, or country of residence.
  • Communications: Messages, feedback, or support requests you send to us, including any information contained in those communications.
  • Survey or Promotional Responses: If you participate in surveys, contests (for virtual prizes only), or promotions, we collect your responses and any contact details required for follow-up.

2.2 Usage and Activity Data

  • Game Activity: Information about the games you play, virtual coin balances, in-game actions, session durations, and game preferences.
  • Interaction Data: Pages visited, features used, buttons clicked, and navigation paths within our platform.
  • Log Data: Server logs including your IP address, access times, pages viewed, referring URLs, and error logs generated by your device when using our Service.

2.3 Device and Technical Information

  • Device Identifiers: Hardware model, operating system and version, unique device identifiers, and mobile network information (if applicable).
  • Browser Information: Browser type and version, time zone setting, browser plug-in types, and screen resolution.
  • Network Information: IP address, internet service provider, and approximate geographic location derived from IP address (typically at city or regional level).

2.4 Cookies and Tracking Technologies

We collect information through cookies, web beacons, pixel tags, and similar tracking technologies. Please see Section 8 (Cookies) and our Cookie Policy for full details.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Service Delivery and Account Management

  • To create, maintain, and authenticate your account.
  • To deliver the games, features, and functionality of our platform.
  • To save your game progress, virtual coin balance, and preferences.
  • To process account changes, password resets, and support requests.
  • To verify you meet our minimum age requirement of 18 years.

3.2 Analytics and Platform Improvement

  • To analyse usage patterns and game performance to improve our platform.
  • To measure and analyse the effectiveness of new features and content.
  • To conduct internal research and development.
  • To generate aggregated, anonymised statistical reports about our user base.

3.3 Communications

  • To send transactional emails such as account confirmations, security alerts, and support responses.
  • To send promotional communications about new games, features, or events — only with your explicit consent and subject to your unsubscribe preferences.
  • To respond to your inquiries, feedback, or complaints.

3.4 Safety and Legal Compliance

  • To detect, prevent, and investigate fraud, abuse, or other harmful activities.
  • To enforce our Terms of Service and other applicable policies.
  • To comply with applicable laws, regulations, court orders, and legal processes.
  • To protect the rights, property, and safety of SydneyBauer, our users, and others.

Under UK GDPR and the Data Protection Act 2018, we process your personal information based on the following legal grounds:

4.1 Consent

We rely on your express or implied consent for most data processing activities, including the collection of usage data, sending marketing communications, and placing non-essential cookies. You may withdraw consent at any time without detriment (see Section 7 — Your Rights). Withdrawing consent may affect your ability to use certain features of our Service.

4.2 Contractual Necessity

Some processing is necessary to fulfil our contract with you — specifically, to create and manage your account and deliver the gaming services you have requested. Without this processing, we cannot provide the Service.

4.3 Legitimate Interests

We may process your information where we have a legitimate business interest that is not overridden by your privacy rights. Our legitimate interests include: operating and improving our platform, ensuring the security of our systems, preventing fraud and abuse, and generating aggregated analytics. We conduct a balancing test before relying on this ground and will not use it for marketing purposes.

4.4 Legal Obligation

We may process your information to comply with a legal obligation under UK law, including disclosures required by valid court orders or regulatory authorities.

5. Information Sharing

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information only in the following limited circumstances:

5.1 Service Providers and Processors

We engage trusted third-party companies to assist us in operating our Service. These providers are permitted to use your data only as directed by us and are bound by appropriate data processing agreements. Current categories of service providers include:

  • Cloud Hosting & Infrastructure: Servers and databases hosted with enterprise cloud providers in United Kingdom or the United States with appropriate safeguards.
  • Analytics: Google Analytics (Google LLC) — anonymised usage analytics. Google may transfer data to the United States; we have enabled IP anonymisation.
  • Email Services: Transactional and marketing email delivery providers operating under data processing agreements.
  • Customer Support Software: Help-desk platforms used to manage support tickets and user communications.
  • Fraud Prevention: Tools used to detect and prevent bot activity, account fraud, and abuse.

5.2 Legal Requirements and Business Transfers

  • Legal Process: We may disclose your information if required by law, regulation, subpoena, court order, or other governmental request.
  • Protection of Rights: We may disclose information where necessary to protect our rights, users' safety, or to investigate potential violations of our policies.
  • Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred as a business asset, subject to the same privacy protections described in this policy. We will notify you of any such change via email or a prominent notice on our website.

5.3 Aggregated and Anonymised Data

We may share aggregated, de-identified statistical data about our users and platform usage with partners, advertisers, or the public. This data does not identify any individual user.

6. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law.

  • Active Accounts: We retain account information for as long as your account remains active.
  • Inactive Accounts: If your account is inactive for 36 consecutive months, we will notify you by email and delete your account data within 90 days, unless you request reactivation.
  • Support Records: Customer support correspondence is retained for up to 3 years from the date of last contact.
  • Analytics Data: Aggregated usage analytics are retained for up to 26 months, consistent with Google Analytics default settings. Raw log files are retained for up to 12 months.
  • Legal Holds: Where we are required to retain information to comply with legal obligations or resolve disputes, we will retain relevant information for the legally required period.

Upon expiry of the applicable retention period, or upon a valid deletion request, personal information is securely deleted or anonymised in accordance with our data disposal procedures.

7. Your Rights

Under UK GDPR and applicable United Kingdom privacy law, you have the following rights with respect to your personal information:

7.1 Right of Access

You have the right to request access to the personal information we hold about you, including information about the purposes for which it is used and the third parties to whom it has been disclosed. We will respond to access requests within 30 days of receipt (or notify you if an extension is required).

7.2 Right to Correction

If the personal information we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct or supplement it. You may update most account information directly through your account settings.

7.3 Right to Withdrawal of Consent

Where we process your information based on consent, you may withdraw that consent at any time. You can opt out of marketing emails by clicking "Unsubscribe" in any email or by contacting us. You can manage cookie consent through our cookie banner or browser settings.

7.4 Right to Deletion

You may request that we delete your personal information. We will honour deletion requests subject to our legal obligations to retain certain information (such as records required for tax or regulatory compliance). To delete your account, please contact [email protected].

7.5 Right to Data Portability

Where technically feasible, you may request a copy of your personal information in a structured, commonly used, machine-readable format (such as JSON or CSV) so that you may transfer it to another service.

7.6 Right to Lodge a Complaint

If you believe your privacy rights have been violated, you have the right to lodge a complaint with the Office of the Privacy Commissioner of United Kingdom (OPC):

  • Website: www.priv.gc.ca
  • Toll-free: 1-800-282-1376
  • Mailing address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

We encourage you to contact us first to resolve any concerns before filing a complaint with a regulatory authority.

8. Cookies

We use cookies and similar tracking technologies to operate our platform, remember your preferences, analyse usage, and deliver relevant content. We obtain your consent before placing non-essential cookies through our cookie consent banner displayed on your first visit.

You may manage or withdraw your cookie consent at any time through your browser settings or our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our Service.

For full information about the cookies we use, their purposes, durations, and how to manage them, please see our Cookie Policy.

9. Children's Privacy

SydneyBauer is intended exclusively for adults aged 18 years and older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.

Our registration process includes an age verification step requiring users to confirm that they are 18 or older. If we become aware that we have inadvertently collected personal information from a person under 18, we will delete that information promptly and terminate the associated account.

If you believe a minor has registered on our platform or provided us with personal information, please notify us immediately at [email protected] and we will take appropriate action.

10. Security

We implement appropriate technical and organisational safeguards to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. Our security measures include:

  • Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS (Transport Layer Security) encryption (HTTPS).
  • Encryption at Rest: Sensitive data stored on our servers, including passwords (which are hashed and salted using bcrypt), is encrypted at rest.
  • Access Controls: Access to personal data is restricted to authorised personnel on a need-to-know basis. All staff with data access undergo privacy and security training.
  • Infrastructure Security: Our servers are hosted in SOC 2-certified data centres with physical security controls, firewalls, and intrusion detection systems.
  • Regular Audits: We conduct periodic security reviews and vulnerability assessments of our systems.

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your information. In the event of a data breach that creates a real risk of significant harm to individuals, we will notify affected users and the Office of the Privacy Commissioner of United Kingdom as required under UK GDPR's mandatory breach reporting provisions.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Post a notice on our website homepage for at least 30 days.
  • Send a notification email to registered users (where the change materially affects how we use their data).

We encourage you to review this policy periodically. Your continued use of the Service after the effective date of any updated policy constitutes your acceptance of the changes, subject to your rights under applicable law.

If we intend to use your personal information in a manner materially different from what was described at the time of collection, we will seek your fresh consent before doing so.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

  • Email: [email protected]
  • Mailing Address: Privacy Officer, SydneyBauer, Level 1, 1 King Street, London EC2V 8RF, United Kingdom
  • Business Hours: Monday to Friday, 9:00 AM – 6:00 PM EST

We will acknowledge your request within 5 business days and respond substantively within 30 days. If we require additional time to respond (permitted under UK GDPR in certain circumstances), we will notify you of the extension and the reasons for it.