Legal & Compliance

GDPR Compliance

Our commitment to processing your personal data lawfully, transparently, and in accordance with the General Data Protection Regulation.

Last updated: April 2026

GDPR Compliant

UK & EU GDPR

Data Encrypted

TLS in transit

Rights Respected

All 8 rights honoured

DPO Appointed

privacy@gamblingbacklink.com

1. Overview

GamblingBacklink.com is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”), as supplemented by the Data Protection Act 2018.

This page sets out our GDPR compliance statement, describes how and why we process personal data, explains the lawful bases we rely on, and outlines the rights available to you as a data subject.

We have implemented appropriate technical and organisational measures to ensure that personal data is processed securely, minimally, and only for the purposes described in our Privacy Policy.

2. Data Controller

GamblingBacklink.com acts as the data controller for all personal data processed through our website and in connection with our services. As data controller, we determine the purposes and means of processing.

GamblingBacklink.com

Email: hello@gamblingbacklink.com

Data Protection Enquiries: privacy@gamblingbacklink.com

United Kingdom (registered under UK GDPR / Data Protection Act 2018)

Where we engage third-party processors (e.g., Stripe for payment processing, Google for analytics), we act as the data controller and those parties act as data processors under a Data Processing Agreement (DPA).

3. Lawful Basis for Processing

We always identify a lawful basis under Article 6 GDPR before processing personal data. The table below sets out the bases we rely on and the processing activities to which they apply:

Lawful Basis	Article	When We Use It	Note
Consent	Art. 6(1)(a)	Marketing emails, optional cookies (analytics, advertising)	You may withdraw consent at any time.
Contract	Art. 6(1)(b)	Delivering link building services, invoicing, client reporting	Necessary to perform our contractual obligations.
Legal Obligation	Art. 6(1)(c)	Accounting records, tax compliance, regulatory reporting	Required under UK/EU law.
Legitimate Interests	Art. 6(1)(f)	Responding to enquiries, improving our services, fraud prevention	Balanced against your interests and rights.

4. How We Process Data

We adhere to the six data protection principles set out in Article 5 GDPR:

Lawfulness, Fairness & Transparency

We process data on a clear lawful basis and are open about how we use it.

Purpose Limitation

Data is collected for specified, explicit purposes and not processed in ways incompatible with those purposes.

Data Minimisation

We collect only the data that is adequate, relevant, and limited to what is necessary.

Accuracy

We take reasonable steps to ensure data is accurate and kept up to date. Inaccurate data is corrected or erased.

Storage Limitation

Data is kept no longer than necessary for its purpose. See our retention schedule in the Privacy Policy.

Integrity & Confidentiality

We implement appropriate security to protect against unauthorised access, loss, or destruction.

As data controller, we are also responsible for demonstrating compliance with these principles — the accountability principle (Article 5(2) GDPR). We maintain internal records of processing activities as required under Article 30 GDPR.

5. International Transfers

Some of our third-party service providers are based outside the UK or EEA. Where we transfer personal data internationally, we ensure adequate safeguards are in place as required by Chapter V GDPR:

Google LLC (USA): Google Analytics data — transfers covered by Standard Contractual Clauses (SCCs) and Google's DPA.
Stripe Inc (USA): Payment processing — transfers covered by SCCs and Stripe's DPA.
Mailchimp / Intuit (USA): Email delivery — transfers covered by SCCs.

We only transfer data to countries with an adequacy decision from the UK ICO or European Commission, or where Standard Contractual Clauses or other appropriate safeguards are in place.

6. Data Subject Rights

As a data subject, you have the following rights under GDPR. We will respond to all verifiable requests within 30 calendar days, free of charge.

Right of Access (Article 15)

You may request confirmation of whether we process your personal data and, if so, a copy of that data along with information about how it is processed.

Submit a Subject Access Request →

Right to Rectification (Article 16)

If any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion without undue delay.

Request Correction →

Right to Erasure (Article 17)

You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where it has been unlawfully processed.

Request Deletion →

Right to Restriction (Article 18)

You may ask us to restrict the processing of your data while a dispute over its accuracy or lawfulness is being resolved.

Request Restriction →

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

Request Data Export →

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

Submit Objection →

Right to Withdraw Consent (Article 7)

Where processing is based on your consent (e.g., for marketing emails), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Withdraw Consent →

Right Not to be Subject to Automated Decisions (Article 22)

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects for you.

Identity Verification: To protect your data, we may need to verify your identity before fulfilling a request. We will not respond to requests we cannot verify. If you are requesting data on behalf of another person, you must provide evidence of your authority to do so.

7. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR. The DPO can be contacted for any data protection matters.

Data Protection Officer

Email: privacy@gamblingbacklink.com

All data subject requests, privacy concerns, and DPA enquiries should be directed to this address.

The DPO is independent, reports directly to senior management, and cannot be dismissed or penalised for performing their duties.

8. Supervisory Authority

If you are not satisfied with how we have handled your personal data or responded to your request, you have the right to lodge a complaint with a supervisory authority:

United Kingdom

Information Commissioner's Office (ICO)
ico.org.uk
Tel: 0303 123 1113

European Union

Contact your local Member State supervisory authority.
edpb.europa.eu

We would always encourage you to contact us first so we can try to resolve your concern directly before you escalate to a supervisory authority.

Compliant by design

Data privacy built into everything we do

Our link building services are designed with compliance at the core — for your regulatory requirements and ours.

Speak to Our Team Read Our Privacy Policy