Key highlights
- What data do we collect?
- Why we process this data
- Cookies
- Your rights
What data do we collect?
We only collect data needed to run and analyse the site: your IP address, browser information and the pages you visit.
Why we process this data
The data helps us keep the site secure, fast and relevant. It is not used for advertising outside Inkybet.
Your rights
You can request access to, correction of or deletion of your data. Email the address listed in the footer.
Who the controller is
Inkybet is the controller of personal data collected through this site. Any question about processing can be sent to the contact address in the footer. Your data is processed only for the purposes described here and in accordance with the General Data Protection Regulation (GDPR).
What data we process
We process the following categories: technical data (IP address, browser type, device type, operating system, language preference), usage data (pages viewed, timestamps, referrer URLs) and optional contact data you provide (email address when submitting a correction).
We do not process special categories of personal data such as race, political opinions, religious belief, health or sexual behaviour. We also do not store payment data; all transactions occur on Inky Bet's own servers.
Legal basis and purpose
The legal bases are: (a) your consent for non-essential cookies, (b) our legitimate interest in operating the site and preventing abuse, and (c) our legal obligation to keep certain logs for security purposes.
The purposes are: providing and securing the site, analysing usage to improve articles, and following up on your contact or correction requests. We do not use your data for direct marketing without your prior consent.
Recipients and transfers
We share your data only with the service providers who carry out technical tasks on our behalf: our hosting provider, our content delivery network and our web analytics partner. Every recipient is bound by GDPR and may only use your data for the assigned task.
Some of these providers are located outside the European Economic Area. In that case, we rely on the European Commission's Standard Contractual Clauses or another appropriate safeguard such as an adequacy decision.
Retention period
Technical logs are retained for a maximum of 90 days, unless a longer period is required to investigate a specific security incident. Analytics data is anonymised after 26 months. Email correspondence is kept for as long as needed to handle your request and, in case of a legal dispute, for up to five years after closure.
Your rights
You have the right to access, rectify, erase, restrict and port your personal data, as well as the right to object to certain processing. To withdraw consent for cookies, use the cookie preferences. Requests can be submitted via the contact address in the footer.
If you believe your data is being processed unlawfully, you can lodge a complaint with your national supervisory authority (for example the Information Commissioner's Office in the UK, the Autoriteit Persoonsgegevens in the Netherlands or the CNIL in France).
Security
We apply technical and organisational measures to protect your data against unauthorised access, loss or misuse. This includes HTTPS encryption of traffic, segregated internal access levels and periodic security audits. Despite these measures, no system can be declared 100% secure.
Changes to this policy
We may update this privacy policy from time to time to reflect new legal obligations or to clarify our practices. Material changes are announced at the top of this page with the date of the last revision. We encourage you to review this page periodically.
Minors and data
Inky Bet is not directed at minors and does not knowingly collect personal data from anyone under 18. If you are a parent or guardian and suspect that we have processed a minor's data, please contact us at the address shown in the footer. We will delete such data promptly.
Under no circumstance is minors' data used for targeted communications, profiling or resale. Cookies and analytics are configured to avoid storing age-sensitive information.
Automated decision-making and profiling
We do not take automated decisions that produce legal or significant effects on you. Analytics on the site are limited to aggregated visitor statistics (for example, which pages are popular in which locale). We do not build individual behavioural profiles to personalise content.
Any future personalisation (for example remembering a play preference) will require your explicit prior consent and will be described in this document.
Data-breach notification
In the unlikely event of a data breach that presents a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it. Where the risk is high, we will also inform you directly through the contact details you have provided, with a short description of the nature of the breach and steps you can take.
We keep an internal register of security incidents to prevent recurrence. External partners processing data on our behalf are contractually required to notify us within 24 hours of any incident.
Servers, hosting and encryption
Our website runs on servers located within the European Economic Area. All traffic between your browser and our servers is protected by TLS (HTTPS) with a minimum encryption strength of 128 bits and modern cipher suites (TLS 1.2 and above). Certificates are rotated periodically in line with industry best practice.
Access to server environments is restricted to authorised staff and uses multi-factor authentication. Development, testing and production environments are logically separated. Backups are encrypted and periodically tested for restorability; older backups are destroyed automatically after 90 days.
