Privacy Policy
Last updated: 22 May 2026
This Privacy Policy explains how personal data is collected and processed when you visit hedolist.com (the “Website”). It is written for visitors in the United Kingdom and is intended to meet the transparency requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Hedolist publishes informational and affiliate content about third-party online casino operators. We do not operate gambling services, accept bets, or process player deposits or withdrawals. Third-party operators have their own privacy policies, which apply once you leave our Website.
1. Data controller
For the purposes of UK data protection law, the data controller responsible for your personal data is:
- Legal name: ADAM CURTIS DWCF LIMITED
- Trading name: Hedolist
- Company number: 08964027 (Companies House, England and Wales)
- Registered office: 207 The Street, Kirtling, Newmarket, Suffolk, CB8 9PD, United Kingdom
- Contact (email only): info@hedolist.com
- Postal correspondence: 207 The Street, Kirtling, Newmarket, Suffolk, CB8 9PD, United Kingdom
We do not provide a telephone contact number. For questions about this policy or to exercise your data protection rights, contact us by email or post using the details above. Privacy enquiries are handled by the data controller directly; we do not require a Data Protection Officer for our current processing activities.
2. Personal data we collect
Depending on how you use the Website, we may process the following categories of personal data:
- Technical and usage data (collected automatically): IP address, browser type and version, operating system, device type, language settings, referring URL, pages viewed, approximate visit timestamps, clicks on internal links and outbound affiliate links, and similar server or analytics logs.
- Cookie and consent data: your cookie preference (accept/reject), age-verification status for the current session, and related identifiers stored in your browser (see our Cookie Policy).
- Communications data (if you contact us): your email address, message content, and any information you choose to include. Please do not send special category data (for example health or financial account details) unless strictly necessary.
We do not knowingly collect data from anyone under 18 years of age.
3. Purposes, lawful bases, and legitimate interests
We process personal data only where we have a lawful basis under Article 6 UK GDPR. The table below describes each main processing activity, its purpose, and the lawful basis we rely on.
| Processing activity | Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Hosting, security logs, fraud and abuse prevention | Operate a secure Website, detect malicious traffic, and protect our infrastructure | Legitimate interests (Art. 6(1)(f)) — our interest in security and integrity, balanced against your rights; you may object (see Section 8) |
| Essential cookies and local storage (age gate, consent record) | Remember necessary choices required for the Website to function | Legitimate interests (Art. 6(1)(f)) and, where applicable, strictly necessary storage under UK PECR; no consent required for essential storage |
| Optional analytics or performance cookies | Understand aggregated usage and improve content and navigation | Consent (Art. 6(1)(a)) — only placed if you click “Accept” on the cookie banner |
| Affiliate link tracking and referral reporting | Measure referrals to partner operators and attribute commercial partnerships | Legitimate interests (Art. 6(1)(f)) — operating an affiliate information service; you may object where applicable |
| Responding to email enquiries | Answer questions, handle complaints, and maintain an audit trail of correspondence | Legitimate interests (Art. 6(1)(f)) and, where relevant, pre-contractual steps (Art. 6(1)(b)) |
| Legal and regulatory compliance | Comply with law, respond to lawful requests, and establish or defend legal claims | Legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f)) |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights, given the limited nature of the data, its short retention where possible, and the availability of your rights and opt-outs. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
4. Cookies
We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies are not activated unless you provide consent through the on-site banner. You may change your browser settings or clear stored preferences at any time.
5. Recipients and processors
We may share personal data with the following categories of recipients, only as needed for the purposes above:
- Website hosting and infrastructure providers that store server logs and deliver the Website;
- Analytics or security service providers (if you have accepted optional cookies or where security tools process logs);
- Affiliate networks and advertising partners when you click outbound links, subject to their own policies;
- Professional advisers (lawyers, accountants) where required;
- Public authorities where we are legally required to disclose information.
Processors act on our documented instructions and are contractually required to protect personal data and use it only for the services they provide to us. We do not sell your personal data.
6. International transfers
Personal data is primarily processed within the United Kingdom and the European Economic Area (EEA). However, some of our service providers (for example hosting, content delivery, email, or analytics providers) may process data in countries outside the UK/EEA, including the United States and Canada.
Where personal data is transferred outside the UK to a country that does not benefit from a UK adequacy regulation, we ensure appropriate safeguards are in place as required by UK GDPR Chapter V, such as:
- the UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses; and/or
- the EU Commission Standard Contractual Clauses (where applicable), together with supplementary measures where required.
You may request further information about the safeguards applied to a specific transfer by contacting info@hedolist.com.
7. Retention periods
We keep personal data only for as long as necessary for the purposes set out in this policy:
| Data type | Retention period |
|---|---|
| Server and security logs (IP address, user agent, request metadata) | 90 days from collection, unless needed longer for an active security investigation |
| Optional analytics data (if consent given) | 26 months in aggregated form, or sooner if the analytics provider’s settings allow |
| Cookie consent preference (local storage) | 12 months, after which the consent banner is shown again |
| Age-verification flag (session storage) | Until you close your browser session |
| Email correspondence | 3 years from the date of our last message in the thread, unless a longer period is required for legal claims |
| Records relating to legal disputes or regulatory requests | Up to 6 years after the matter is closed, where UK limitation periods apply |
When retention periods end, data is securely deleted or anonymised so it can no longer be linked to you.
8. Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access — to obtain confirmation of processing and a copy of your data;
- Right to rectification — to correct inaccurate or incomplete data;
- Right to erasure — in certain circumstances, to request deletion;
- Right to restrict processing — in certain circumstances, to limit how we use your data;
- Right to data portability — where processing is based on consent or contract and carried out by automated means;
- Right to object — to processing based on legitimate interests, including profiling where applicable;
- Right to withdraw consent — at any time where processing is based on consent (for example optional cookies).
To exercise any of these rights, email info@hedolist.com with sufficient detail for us to identify you and verify your request. We will respond within one calendar month, which may be extended by a further two months for complex requests as permitted by law. We do not charge a fee unless a request is manifestly unfounded or excessive.
9. Right to complain to the ICO
You have the right to lodge a complaint with the UK supervisory authority if you believe our processing of your personal data breaches data protection law. The supervisory authority is the Information Commissioner’s Office (ICO):
- Website: https://ico.org.uk/make-a-complaint/
- Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
We encourage you to contact us first so we can try to resolve your concern promptly.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include access controls, secure hosting practices, and monitoring for suspicious activity. No method of transmission over the internet is completely secure; you should also protect your devices and accounts.
11. Automated decision-making
We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects concerning you.
12. Changes to this policy
We may update this Privacy Policy to reflect changes in law, technology, or our services. The “Last updated” date at the top of this page shows when the policy was last revised. Material changes will be posted on this page. Where required by law, we will obtain renewed consent for non-essential processing.
13. Contact
For privacy questions, rights requests, or international-transfer information, contact the data controller by email at info@hedolist.com or by post at the registered office address in Section 1. We do not offer telephone support.