GDPR & Data Rights — Rules and Guides
Last updated: November 2025
Your data is your business — we just happen to look after a very small amount of it so the site runs properly. At Rules and Guides, we believe in transparency, privacy, and giving you full control over any personal information we hold. This page explains your rights under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR, as well as how to exercise those rights.
1. Who We Are
We’re Rules and Guides, an independent website about board game strategy, teaching, and reviews. You can contact us at [email protected].
We act as the data controller, which means we decide how and why any personal information you share with us is processed. We don’t share it, sell it, or use it for anything other than keeping the website running and communicating with you when you’ve asked us to.
2. What the GDPR Means
The General Data Protection Regulation is a law that gives individuals control over their personal data and requires organizations to handle it responsibly.
Under this law, you have rights — real, enforceable rights — over how your data is collected, stored, and used. It also obliges us to be transparent and accountable for every bit of data we touch.
3. What We Collect
We keep this minimal.
When you interact with our site, we may collect:
- Name and email address if you post a comment or contact us by email.
- Email address and name if you subscribe to our newsletter or updates.
- Technical information like your IP address, browser type, and general location (via Google Analytics).
- Cookie data that helps us track affiliate links and site performance.
That’s it. We don’t collect payment information, health data, or anything that could identify you beyond what you choose to share.
4. Why We Collect It
We only use your personal information for legitimate reasons:
- To display and moderate comments you post.
- To respond to your questions or messages.
- To send newsletters you’ve subscribed to.
- To analyze site traffic and improve performance.
- To comply with any legal obligations (for instance, if law enforcement requires us to disclose information).
We never process personal data for automated decision-making or profiling.
5. Our Legal Basis for Processing
Under Articles 6(1)(a–f) of the GDPR, we rely on the following legal bases:
- Consent (Article 6(1)(a)) — when you give permission, such as subscribing to our newsletter.
- Contractual necessity (Article 6(1)(b)) — when we respond to a request or message from you.
- Legitimate interests (Article 6(1)(f)) — for site analytics, functionality, and preventing abuse.
- Legal obligation (Article 6(1)(c)) — when compliance with the law requires us to retain or disclose certain data.
You can withdraw consent at any time by emailing [email protected].
6. Your Rights Under GDPR
Under Articles 12 to 23 of the GDPR, you have several key rights regarding your data. We take them seriously and will honor them promptly.
Right of Access (Article 15)
You can ask for a copy of the personal data we hold about you, along with details of how and why we process it.
Right to Rectification (Article 16)
If any of your information is inaccurate or incomplete, you can request that we correct it.
Right to Erasure (“Right to be Forgotten,” Article 17)
You can ask us to delete your personal data entirely. We’ll comply unless we have a legal reason to keep it (for example, to maintain comment history on the site).
Right to Restrict Processing (Article 18)
You can request that we temporarily stop using your data while an issue is being resolved.
Right to Data Portability (Article 20)
You can ask for your data in a structured, machine-readable format to transfer it elsewhere.
Right to Object (Article 21)
You can object to how we process your data if it’s based on legitimate interests, including analytics or marketing.
Right to Withdraw Consent (Article 7)
If you’ve consented to something — such as joining our newsletter — you can withdraw that consent at any time.
To exercise any of these rights, just email [email protected]. We’ll respond within 30 days, or sooner where possible.
7. Cookies and Tracking
We use cookies for:
- Essential site functions (like remembering preferences).
- Analytics (Google Analytics).
- Affiliate tracking (Awin, CJ, ShareASale, etc.).
Cookies are small text files stored on your device. They don’t store personal data directly. You can delete or block them via your browser at any time. Doing so may affect how the site functions but won’t stop you from reading our content.
We don’t use invasive or behavioral advertising cookies.
8. Data Transfers
Some of our service providers — for example, Google and certain affiliate networks — may process limited data outside the UK or EU. When that happens, it’s done under recognized legal safeguards, such as Standard Contractual Clauses or adequacy decisions by the European Commission.
9. How Long We Keep Data
We retain personal data only for as long as it’s needed:
- Comments: indefinitely (so conversations remain intact).
- Email queries: up to 12 months.
- Analytics data: usually 26 months.
- Subscriber data: until you unsubscribe.
When data is no longer required, we delete it securely.
10. Security Measures
We protect your data with a combination of technical and organizational safeguards, including:
- HTTPS encryption across the entire site.
- Limited administrator access with strong authentication.
- Regular security updates and backups.
- Encrypted storage of any personal data (where applicable).
While no system is 100% secure, we work to minimize risk and respond swiftly to any potential breach.
If a data breach ever does occur that could affect your rights or freedoms, we’ll notify you and the relevant supervisory authority as required by Articles 33–34 of the GDPR.
11. Children’s Data
We don’t knowingly collect data from anyone under 13 years old. If you believe a child has submitted personal data, please contact us and we’ll remove it immediately.
12. Complaints and Supervisory Authorities
If you ever feel we’ve mishandled your data, please contact us first at [email protected]. We’ll do everything possible to resolve the issue directly.
If you’re in the UK and remain unsatisfied, you have the right to contact the Information Commissioner’s Office (ICO):
https://ico.org.uk
If you’re in the EU, you can contact your local data protection authority.
13. Changes to This Page
We review this policy periodically to make sure it stays accurate and up to date. Any major updates will be announced on the site with a clear date stamp at the top.
14. Contact Details
For any GDPR, privacy, or data-related question:
Email: [email protected]
Website: https://rulesandguides.com
We’ll reply within 5 business days whenever possible — and always within 30, as required by law.
At Rules and Guides, we try to treat data privacy the same way we treat rulebooks: read carefully, follow the rules, and make sure everyone at the table understands what’s happening.