Privacy Policy
Documented on this page: which personal details William Hill takes in from its visitors, what those details are taken in for, the location at which they are kept, who else can see them, plus the steps for exercising your rights under UK privacy law. The technical counterpart — running through cookies, analytics, and browser storage — is published on the Cookie Policy page; the page you are reading is the plain-English version of the same arrangement.
The site itself is run as an independent informational platform — full context on that arrangement is laid out on the About page. The current privacy policy applies strictly to the William Hill website itself. From the moment a reader clicks across to an operator's site, the operator's privacy policy is the document in force; no data is handed from William Hill to those operators except in the narrow form spelled out below.
1. What William Hill is
Reviews and how-to guides on online casinos accessible to UK players are what gets published on William Hill. The flagship operator review is hosted at the William Hill Casino homepage. No games are run on this site, no player accounts are operated, no deposits are accepted, no funds are held, and no withdrawals are processed. There is no signup form on offer. There is no login screen. A typical visit triggers no data exchange beyond ordinary web traffic. Where personal data is in fact collected by William Hill — for instance, when you reach out through the contact channels — this page documents in detail exactly what happens to that data afterward.
2. UK privacy law context
Personal information at William Hill is processed in accordance with the UK GDPR and Data Protection Act 2018 together with the thirteen UK GDPR principles administered by the Information Commissioner's Office (ICO). European visitors enjoy equivalent GDPR rights. Californian visitors are extended CCPA rights to the extent they apply. Where any of these frameworks imposes a stricter rule, the stricter rule wins.
3. What data William Hill collects
A short list, three categories total: technical traffic data on one side, voluntarily-submitted contact data on another, and aggregated analytics on the third.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance issues. | Legitimate interest under UK GDPR Article 6 legitimate interest. |
| Voluntary contact data | Name, email address, message content, supporting documents you choose to attach. Submitted only if you write to us. | Reply to your enquiry. | Consent under UK GDPR consent basis (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation enabled. | Understand which pages are useful and which are not. | Consent (you can decline analytics cookies on first visit). |
None of the following is gathered by William Hill: financial data (no payment processing operates on this domain at any point), gambling-account credentials (no accounts are run here in the first place), biometric data, location data more granular than country level (which itself is derived from anonymised IP), or special-category data of the kind covered by Article 9 (race, religion, health, sexual orientation, political opinion). No targeted advertising or remarketing is deployed; the funding model that keeps the site running is set out at length on the Affiliate Disclosure page.
4. Cookies and similar technologies
A detailed breakdown of the cookies running on William Hill, the third-party services that place them, and the mechanisms for controlling each one lives on the Cookie Policy page. In short: strictly necessary cookies (covering page loading, consent-banner state, and abuse prevention) are always set; analytics and affiliate-tracking cookies are only placed when you opt in through the cookie banner; the selection you make can be revisited at any point afterwards using the link in the footer.
5. Affiliate links and operator-side tracking
When an outbound operator link on William Hill is clicked, three things take place in sequence. Step one — an internal redirect at /go records the click for our analytics (irrespective of whether the visit completes). Step two — your browser is handed off to the operator's site. Step three — the operator may drop its own cookies and treat the visit as a referral attribution. William Hill does not share your name, email, or any other identifying personal data with the operator. The operator learns only that "a visitor arrived from William Hill". If you proceed to open an account on the operator's site, that registration is governed by the operator's own privacy policy rather than by this one.
6. How long data is retained
- IP addresses: raw IPs are kept for up to 24 hours for abuse prevention, then anonymised by truncating the final octet (IPv4) or last 80 bits (IPv6). Anonymised IPs are kept up to 14 months for traffic statistics.
- Contact correspondence: emails and any attachments are kept for 24 months for follow-up and audit purposes, then deleted unless still under active discussion.
- Analytics events: Google Analytics 4 data is kept for 14 months under our configuration, then automatically deleted.
- Cookie consent record: the consent record itself is stored locally in your browser for 12 months, after which the consent banner reappears.
Where the law mandates longer retention — for example, tax records under HMRC record-keeping requirements relating to affiliate accounting — the relevant data is kept only for the period the law requires and is not repurposed beyond that.
7. Who William Hill shares data with
Sharing happens across three tightly controlled buckets. Bucket one — service providers running parts of the William Hill infrastructure (web hosting, content delivery, email) — each is bound to a written data-processing agreement that confines their use of any data strictly to delivering the service in question. Bucket two — analytics providers like Google Analytics 4 — receive IP-anonymised traffic data only, never anything personally identifying. Bucket three — law-enforcement bodies and regulators — are answered only in response to a valid legal demand, and only with the scope of data that demand actually covers. Selling, renting, or trading personal data is something William Hill simply does not do — under any circumstances.
8. Where data is stored
The William Hill infrastructure is hosted with cloud providers based in the UK and across the European Economic Area. A handful of service providers — Google Analytics 4 in particular — process data in the United States. Whenever data crosses out of the UK, the recipient is bound either by Standard Contractual Clauses or by an equivalent regime that the ICO has formally assessed as offering protection at least as strong as UK law.
9. Your rights
In line with the UK GDPR (plus equivalent international laws), the rights set out below apply to any personal data on you that William Hill retains.
- Access: ask what we hold and receive a copy.
- Correction: ask for inaccurate data to be corrected.
- Deletion: ask for your data to be deleted, subject to legal retention requirements.
- Withdrawal of consent: if processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
- Complaint: if you believe William Hill has handled your data improperly, you can complain to the ICO at ico.org.uk. UK readers should ordinarily contact us first so we have a chance to fix the issue.
Putting any of these rights into effect is a matter of writing to the privacy address shown on the Contact page. Replies are issued inside 30 days — the window the UK GDPR requires.
10. Children's privacy
William Hill content is intended for adult UK readers. The site is not directed at — and not appropriate for — anyone under 18. Personal data is not knowingly collected from minors. Where it becomes apparent that data has been submitted by someone under 18, that data is deleted and (where applicable) the parent or guardian is notified directly.
11. Security
Security controls at William Hill follow the industry standard set: TLS 1.2+ enforced for any data in transit; access controls and least-privilege rules running across internal systems; the access list itself reviewed on a regular schedule; every administrative action logged; the public site subjected to periodic third-party penetration testing. No setup is invulnerable — if a personal-data breach happens and the harm it threatens is serious, those affected are notified directly and the ICO is brought in under the breach notification regime defined by the UK GDPR.
12. Changes to this policy
When this policy is amended, the "Last updated" date at the top is bumped accordingly. Material amendments — new categories of data collected, new third-party processors brought in, retention periods altered — are paired with a banner on the home page that runs for at least 30 days. Minor housekeeping edits (rewording, link updates) do not trigger a banner.
13. Contact
For any privacy-related question, the privacy contact published on the Contact page is the right channel. Editorial questions about William Hill content should be sent through the editorial channel instead; correction requests are handled under the procedure set out on the Editorial Policy page. Player-safety guidance that applies to anyone reading this site is collected on the Responsible Gambling page.