1. Data Collection and Processing
Acanego collects personal data only when explicitly necessary for service delivery. We gather identification details including names, email addresses, and payment information when you subscribe to our gaming analytics platform. This data enables us to process transactions, deliver personalised content recommendations, and maintain secure account access across all devices.
Our technical infrastructure automatically logs IP addresses, browser types, and usage patterns to monitor platform performance and detect unauthorised access attempts. All server logs are retained for thirty days before secure deletion. We do not purchase third-party data lists or engage in aggressive tracking across external websites.
2. Data Processing Transparency
Our legal framework for processing personal data falls under three primary bases: contractual necessity, legitimate interest, and explicit consent. Contractual processing covers subscription management and payment verification. Legitimate interest applies to fraud prevention and platform security monitoring. All marketing communications require opt-in consent with clear withdrawal options at any time.
Automated decision-making is limited to basic profiling for content personalisation. Users have the right to object to such processing and can request human intervention in decisions producing legal effects. Our profiling algorithms analyse gaming preferences and engagement patterns to suggest relevant content categories only.
3. International Data Transfers
Acanego operates servers within the United Kingdom and European Economic Area. Where data transfer outside these regions becomes necessary, we implement Standard Contractual Clauses approved by the UK Information Commissioner's Office. These legal instruments ensure equivalent protection standards regardless of geographical location.
4. User Rights and Control
You retain complete control over your personal information. The right to access allows you to request a comprehensive report of all data we hold about you, processed within thirty days free of charge. The right to rectification enables correction of inaccurate data, while the right to erasure permits deletion of non-essential records upon request.
Data portability is provided through export tools in your account dashboard, generating machine-readable JSON files containing your profile and activity history. You may also exercise the right to restrict processing during disputes, and the right to object to processing based on legitimate interests. All requests are handled without undue delay and within the statutory one-month timeframe.
To exercise any of these rights, please contact our privacy team at the details provided below. We will require identity verification through our secure authentication process before processing any data modification requests to prevent unauthorised access.
5. Data Retention and Security
Personal data is retained only for the duration necessary to fulfil the purposes for which it was collected. Active account data remains stored throughout your subscription period plus six months for account closure procedures. Marketing consent records are kept for proof of compliance but can be suppressed immediately upon withdrawal requests.
Security measures include end-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256). We implement multi-factor authentication for all administrative access, conduct quarterly penetration testing, and maintain an ISO 27001-compliant information security management system. In the unlikely event of a data breach affecting your rights, we will notify you and the relevant authorities within seventy-two hours of discovery.
