RealPlaysOnline.com (the “Platform”) is made available through the website at https://realplaysonline.com (the “Website”). The Website and any related pages, games, features, content and functionalities that link to this Privacy Policy are referred to in this Privacy Policy as the “Services”. The Services are operated by the operator of the Website (the “Controller”, “we”, “us” or “our”).
We are committed to protecting personal data and ensuring that our processing activities comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 (“DPA 2018”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), and all other applicable data protection, consumer protection and advertising-related obligations in the United Kingdom. This Privacy Policy also reflects requirements imposed by technology and advertising/measurement platforms and service providers (including Google, Microsoft and Meta) in connection with analytics, attribution, security and advertising technologies that may be used on or in connection with the Services.
This Privacy Policy explains how and why we collect, store, use and disclose personal data when you:
- visit the Website or any other website or page we operate that links to this Privacy Policy;
- access and use our free-to-play, browser-based games and related entertainment content; or
- communicate with us in any manner, including enquiries, feedback submissions, complaints, rights requests, newsletter subscriptions (where offered) or formal legal correspondence.
THE SERVICES ARE PROVIDED FOR ENTERTAINMENT PURPOSES ONLY. NO ACCOUNT REGISTRATION OR LOGIN IS PROVIDED OR REQUIRED. NO PAYMENTS, SUBSCRIPTIONS OR PURCHASES ARE ACCEPTED OR PROCESSED.
We implement appropriate technical and organisational measures to safeguard personal data and to ensure that processing is lawful, fair and transparent. We seek to maintain high standards of data protection and privacy in accordance with UK regulatory expectations and applicable industry guidance.
If you wish to contact us in connection with this Privacy Policy or any data protection matter, you must do so using the channels specified in Section 12 (CONTACT DETAILS AND DATA ENQUIRIES).
The Services are intended solely for individuals who are at least eighteen (18) years of age. Persons under eighteen (18) are not permitted to access or use the Services.
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy, our Terms of Service and our Cookies Policy. Where we rely on consent (including for non-essential cookies and similar technologies under PECR), we will obtain that consent through an appropriate consent mechanism. Where we rely on other lawful bases, we will process personal data as described in this Privacy Policy and in accordance with applicable law.
We collect and process personal data that you provide to us voluntarily and information that is collected automatically when you access or interact with the Services. The categories of personal data we process are limited to what is reasonably necessary for the operation, security, functionality and lawful administration of the Services. All personal data is processed in accordance with this Privacy Policy and applicable data protection legislation. You are responsible for ensuring that any personal data you provide is accurate, complete and up to date.
We process personal data only for specific, explicit and legitimate purposes, and only where a lawful basis exists under the UK GDPR and the DPA 2018. The purposes for which we process personal data include the following:
• To provide and operate the Services:
We may process personal data to deliver the games and entertainment content made available through the Services and to fulfil core operational functions (including delivering pages, serving content, maintaining session continuity where necessary, and ensuring technical compatibility).
• To respond to enquiries and provide support:
We may process personal data contained within enquiries, complaints, feedback, rights requests or other correspondence submitted through our contact channels in order to address your request, answer questions, manage user interactions and provide appropriate support.
• To send administrative communications:
Where necessary, we may process your personal data to send notices regarding updates to our terms, policies, operational notices, security notifications, compliance information or other service-related communications. Where marketing communications are offered (for example, a newsletter), we will send such communications only where we have a lawful basis, including where required by law your consent, and we will provide a straightforward means to opt out.
• To maintain the security and integrity of the Services:
We may process personal data as part of our efforts to safeguard the Services, prevent abuse, detect and mitigate fraud, protect against malicious activity, and maintain the stability and reliability of our systems. This may include the use of security logs, rate limiting, bot detection and similar measures.
• To operate analytics, performance measurement and service optimisation:
Subject to your consent under PECR (where required) and as described in this Privacy Policy and our Cookies Policy, we may process technical and usage data to analyse how the Services are accessed and used, to identify trends, improve user experience, optimise performance, troubleshoot issues and administer internal reporting. This includes the use of cookies, analytics tools and tracking technologies described in Section 1.
• To comply with legal and regulatory obligations:
We may process personal data to comply with our obligations under UK law, including responding to lawful requests from courts, regulators or enforcement authorities, and to establish, exercise or defend legal rights.
• To manage content quality and compliance:
We may process personal data where necessary to review submissions, address reported issues, investigate misuse, enforce our Terms of Service, and maintain appropriate standards for the operation and governance of the Services.
We do not process personal data for user account creation, authentication, purchases, order fulfilment, payment processing or any commercial transaction, as no such functions are offered by the Services. We do not use personal data for personalised advertising, behavioural profiling for targeted advertising or any activity that would require enhanced consent under UK GDPR or PECR.
Lawful bases
Our lawful bases for processing depend on the specific context and purpose of the processing and may include:
- Consent: where required (for example, non-essential cookies and similar technologies under PECR, and marketing communications where consent is required).
- Legitimate interests: where processing is necessary for our legitimate interests (for example, operating, maintaining and improving the Services, ensuring security, preventing abuse and responding to enquiries), provided those interests are not overridden by your interests or fundamental rights and freedoms.
- Legal obligation: where processing is necessary for compliance with a legal obligation to which we are subject.
- Contract: where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract (noting that the Services do not involve paid transactions, but certain interactions may still be managed on a contractual basis, for example, where you request specific support or engage with terms governing use of the Services).
All processing is subject to internal controls designed to support data minimisation, accuracy, storage limitation and purpose limitation. Personal data will not be used for any purpose that is incompatible with the purpose for which it was originally collected, unless permitted by law or supported by valid consent.
We may disclose personal data to third parties strictly where necessary for the lawful operation of the Services, compliance with applicable legal obligations, protection of our legitimate interests, or where you have expressly instructed or authorised such disclosure. Personal data is not disclosed for purposes incompatible with the purposes for which it was collected.
Disclosure may occur to the following categories of recipients:
(a) Infrastructure, hosting and technical service providers
We may share personal data with cloud hosting services, content delivery networks, security providers, data storage vendors and other technical contractors engaged to provide secure, reliable and scalable support for the Services.
(b) Analytics and measurement providers
Where you have consented to non-essential cookies or tracking technologies, we may disclose pseudonymised or technical usage data to analytics and measurement providers, including Google Analytics 4, Google Tag Manager, Google Signals, Microsoft Clarity, Microsoft UET, Meta Pixel and Yandex.Metrica, for the purposes of performance measurement, aggregated analytics, service optimisation and compliance with measurement and attribution standards. All such processing is subject to consent and associated opt-out mechanisms.
(c) Advertising and attribution partners
We may disclose limited technical data to advertising and attribution platforms (including Google, Microsoft and Meta) for the purposes of non-personalised advertising, conversion measurement, attribution and compliance with applicable platform policies. No data is disclosed for behavioural profiling or personalised advertising.
(d) Legal, regulatory and governmental authorities
We may disclose personal data where required to comply with a legal obligation, enforceable request, court order, warrant or statutory duty, including disclosures to law enforcement, regulatory bodies and governmental departments.
(e) Professional advisers
We may disclose personal data to auditors, legal advisers, compliance consultants or dispute-resolution bodies where necessary to obtain professional advice, manage risk, protect our rights or resolve regulatory, legal or contractual matters.
(f) Business succession and corporate transactions
We may disclose personal data to prospective or actual purchasers, investors or successors in connection with any proposed or actual merger, acquisition, restructuring, financing or transfer of all or part of the Services, to the extent that such disclosure is necessary to facilitate due diligence or operational continuity.
All third-party recipients are subject to legally binding obligations of confidentiality, security and purpose limitation. Personal data may not be used by third parties for independent purposes unrelated to the provision of contracted services.
We do not sell, rent, trade or otherwise monetise personal data to third parties for direct marketing, targeted advertising or profiling.
International transfers
International transfers of personal data may occur where our service providers or partners are located outside the United Kingdom. In such cases, transfers are conducted in compliance with the UK GDPR, including through the use of an adequacy regulation (where applicable) or appropriate safeguards such as the UK International Data Transfer Agreement and/or the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism. Where required by law, we will obtain your consent before transferring personal data to jurisdictions without an adequacy regulation.
The Website uses cookies and equivalent tracking technologies in accordance with the UK GDPR, the DPA 2018, PECR, and applicable requirements imposed by relevant third party platforms and service providers. Cookies are used to ensure the secure and efficient operation of the Services, to optimise performance, to conduct analytics and measurement, and to support lawful attribution associated with our marketing and measurement activities. We do not use cookies or tracking technologies for personalised advertising.
Cookies are small data files placed on your device that help us recognise your browser, maintain functionality, store certain preferences and understand how the Website is used. Cookies are classified as either “strictly necessary” (essential for core functionality and security) or “non-essential” (used for analytics, measurement or service optimisation).
We use two general categories of cookies:
- “session cookies”, which are stored temporarily and deleted automatically when your browser is closed; and
- “persistent cookies”, which remain on your device for a defined period and assist in recognising your device on repeat visits, including for the storage of consent preferences via our consent management platform.
Our use of non-essential cookies and tracking technologies is subject to your prior consent through our CookieYes IAB TCF v2.2-compliant consent interface and, where applicable, is implemented through Google Consent Mode v2. No non-essential cookies or equivalent technologies will be activated unless you have provided affirmative consent.
We permit authorised third-party service providers to use cookies, pixels and similar technologies for aggregated analytics, performance diagnostics, service optimisation, security and non-personalised attribution. No tools are used to deliver behavioural profiling, personalised or targeted advertising, or to infer sensitive characteristics.
The following technologies may be used on the Website for the purposes described above:
• Google Tag Manager
Used to deploy and manage analytics, measurement and tracking scripts across the Website.
Privacy Policy: https://policies.google.com/privacy
• Google Analytics 4 (GA4)
Used to analyse visitor behaviour, session statistics, gameplay interaction events and overall Website performance on an aggregated basis.
Privacy Policy: https://policies.google.com/privacy
• Google Signals
Used for enhanced, cross-device measurement where consent has been provided.
Privacy Policy: https://policies.google.com/privacy
• Google Ads Conversion Tracking
Used solely for non-personalised conversion tracking and campaign performance measurement.
Privacy Policy: https://policies.google.com/privacy
• Yandex.Metrica
Used for session analysis, heatmaps and Website performance diagnostics.
Privacy Policy: https://yandex.com/legal/privacy/
• Microsoft UET (Universal Event Tracking)
Used for Microsoft Advertising conversion tracking and attribution on a non-personalised basis.
Privacy Policy: https://privacy.microsoft.com/privacystatement
• Microsoft Clarity
Used to generate aggregated heatmaps, click tracking data and user interface diagnostics.
Privacy Policy: https://clarity.microsoft.com/terms
• Meta Pixel
Used solely for non-personalised conversion measurement and attribution.
Privacy Policy: https://www.facebook.com/policies/cookies/
• Advertising and measurement technologies
Used to measure campaign performance, attribute conversions and produce aggregated reporting in accordance with relevant third party privacy policies and platform rules. We do not use these technologies for personalised advertising.
• Google reCAPTCHA
Used to prevent fraud, automated abuse and spam submissions.
Privacy Policy: https://policies.google.com/privacy
• CookieYes Consent Management Platform (IAB TCF v2.2)
Used to capture, store and enforce user consent preferences in accordance with PECR and the UK GDPR.
Privacy Policy: https://www.cookieyes.com/privacy-policy/
You may manage your cookie preferences at any time by:
- responding to the cookie consent prompt displayed when you first visit the Website;
- adjusting your preferences using the consent controls made available via the Website; and/or
- adjusting your browser settings to block, delete or restrict cookies.
Refusal of non-essential cookies does not restrict access to the Website. Certain analytics or optimisation features may, however, be limited or unavailable.
Your browser may be configured to refuse all or some browser cookies or to notify you when a site attempts to place cookies. Disabling cookies may affect the functionality of parts of the Website. Further information is available in our Cookies Policy.
We retain personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, or for as long as required to comply with the UK GDPR, the DPA 2018, PECR, statutory obligations, regulatory requirements, or applicable limitation periods. As the Services do not provide user accounts, payment services or transactional features, no retention period is linked to account duration or financial activity.
Retention periods are determined by reference to the following factors:
(a) Operational necessity
Retention may be required to manage enquiries, provide responses, maintain accurate records of correspondence, ensure service continuity, resolve disputes, address misuse reports, or verify historical interactions.
(b) Legal and regulatory obligations
Certain data may be retained to comply with statutory duties, including obligations under data protection law, e-commerce and consumer protection requirements, advertising compliance requirements and recordkeeping obligations.
(c) Limitation periods
We may retain personal data where necessary to establish, exercise or defend legal rights, taking into account statutory limitation periods that apply to contractual or civil claims.
(d) Security, abuse prevention and system integrity
We may retain log data or technical security records for a limited period to detect, investigate and mitigate potential security incidents, abuse or unlawful activity.
(e) Consent records and compliance evidence
Where consent is relied upon (including for non-essential cookies and where required for marketing communications), we may retain consent logs and related records to demonstrate compliance with PECR, the UK GDPR and applicable platform requirements, including where Google Consent Mode v2 is used.
When personal data is no longer required for the purposes for which it was collected, and no further legal or regulatory obligation requires its retention, we will securely delete it or render it permanently anonymised so that it can no longer be associated with an identifiable individual.
Backup files may be retained in encrypted archival environments solely for disaster recovery, continuity and compliance purposes. Access to such archived data is strictly limited and subject to technical and organisational safeguards.
We implement and maintain appropriate technical and organisational measures designed to protect the confidentiality, integrity and availability of personal data processed through the Services. These measures are designed to provide a level of security appropriate to the risks associated with the processing of personal data.
Our security framework includes, where appropriate:
- encryption of data in transit using Transport Layer Security (TLS);
- secure hosting environments with network segmentation, firewall controls and hardened server configurations;
- role-based access controls and strict authentication requirements for authorised personnel;
- restricted administrative access in accordance with the principle of least privilege;
- regular vulnerability assessments, security reviews and penetration testing performed by qualified specialists where appropriate;
- continuous monitoring for anomalous activity, suspicious behaviour or unauthorised access attempts; and
- documented incident response procedures and audit logging designed to preserve system integrity and evidentiary records.
Although we apply commercially reasonable safeguards, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and we do not warrant that unauthorised third parties will be unable to circumvent our security measures. Transmission of personal data to or from the Services is undertaken at your own risk. You should access the Services only from secure networks and secure devices.
In the event of a personal data breach, we will take all steps required under the UK GDPR and the DPA 2018, including notification to the Information Commissioner’s Office (ICO) where required and, where legally required, to affected individuals without undue delay.
We do not knowingly collect personal data from, or direct the Services to, any individual under eighteen (18) years of age. Access to and use of the Services is strictly limited to individuals who are at least eighteen (18) years old.
The Services do not offer account registration, user profiles, messaging services or transactional features and we do not conduct age or identity verification checks as a standard feature of the Services. However, we treat any indication that a user may be under eighteen (18) years of age as a matter of concern and apply appropriate remedial measures.
If we become aware that personal data has been provided to us by or in respect of an individual under eighteen (18) years of age, we will:
(a) cease any further processing of that personal data, other than to the extent required to comply with legal obligations or to ensure the security and integrity of our systems;
(b) take reasonable steps to delete or anonymise such personal data without undue delay, insofar as technically feasible and consistent with applicable law; and
(c) where appropriate, consider whether notification to the ICO is required.
We do not knowingly sell, monetise or otherwise exploit personal data relating to minors.
If you believe that a person under eighteen (18) has accessed the Services in breach of our age restriction, or has provided personal data to us through any channel, you should notify us immediately at support@realplaysonline.com so that we can investigate and take appropriate action.
As an individual whose personal data is processed by us, you have rights under the UK GDPR and the DPA 2018. We are legally obliged to facilitate the exercise of these rights, subject to verification of identity and to certain legal limitations and exemptions.
Certain web browsers and mobile applications allow users to send a “Do Not Track” (“DNT”) signal indicating a preference not to be tracked across websites.
At present, there is no legally binding or universally adopted mechanism that requires online services to recognise or respond to DNT signals. As a result, the Website does not currently respond to DNT signals. Should a recognised technical standard or regulatory requirement emerge in the future, we will revise this Privacy Policy accordingly.
You retain control over non-essential tracking technologies through the following mechanisms:
- adjusting your consent preferences using our on-site cookie banner and consent management platform (CookieYes);
- modifying your browser settings to block, restrict or delete cookies and similar technologies; and
- using available opt-out mechanisms provided by analytics or advertising platforms (for example, Google Analytics opt-out tools or relevant platform opt-out settings).
Refusing non-essential cookies will not prevent you from accessing the Website, although certain analytics, measurement or optimisation features may be unavailable or operate with reduced functionality.
We may amend or update this Privacy Policy from time to time to reflect changes in our processing activities, legal obligations, regulatory guidance or operational requirements. The most recent version of this Privacy Policy will be identified by the “Last updated” displayed at the beginning of the document.
Where any change materially affects the manner in which we process personal data, we will take reasonable steps to bring such changes to your attention, which may include prominently posting a notice on the Website. Continued access to or use of the Services following the publication of an updated Privacy Policy constitutes your acknowledgement of the revised terms.
You are encouraged to review this Privacy Policy periodically to remain informed about how we collect, use and protect personal data.
You have rights under the UK GDPR and the DPA 2018 in relation to personal data we hold about you. These rights include:
- the right to request access to the personal data we hold about you;
- the right to request rectification of inaccurate or incomplete personal data;
- the right, in certain circumstances, to request the erasure of your personal data;
- the right, in certain circumstances, to restrict the processing of your personal data;
- the right to object to certain forms of processing, including processing based on legitimate interests; and
- the right, where applicable, to receive a copy of the personal data you have provided to us in a structured, commonly used and machine-readable format (data portability).
These rights are not absolute and may be subject to legal and operational limitations. We may, for example, be required or permitted to retain certain data where necessary to comply with legal obligations, to establish, exercise or defend legal claims, to demonstrate compliance with regulatory requirements, to protect our legitimate interests or to ensure the security and integrity of the Services.
To submit a request to access, update, correct or delete your personal data, or to exercise any other data protection right, you must contact us using the channels specified in Section 12 (CONTACT DETAILS AND DATA ENQUIRIES). We may require you to provide sufficient information to verify your identity before processing your request, in order to safeguard the security and integrity of personal data.
We aim to respond to all valid requests without undue delay and in any event within one (1) month of receipt, or within any extended period permitted by law where the request is complex or involves a large volume of information. If we are unable to comply with your request, we will explain the reasons for our decision and inform you of your right to lodge a complaint with the ICO.
All enquiries, requests, complaints, legal notices or correspondence relating to the Site, the Services, these Legal Terms, or any matter governed by them must be submitted in writing using the contact details set out below. This requirement exists to ensure appropriate review, handling and record-keeping in accordance with the laws of England and Wales and applicable UK legal and regulatory requirements.
Email Address: support@realplaysonline.com
All written communications submitted under this Section must include:
- your full legal name and valid contact details;
- a clear and precise statement identifying the subject matter and purpose of the correspondence;
- a detailed description of the issue, request, complaint or matter raised; and
- any relevant supporting documentation or information reasonably required to assess and process the submission.
We are committed to handling all valid correspondence with diligence, fairness and transparency. Where necessary, we reserve the right to request verification of identity or additional information in order to ensure that personal data, confidential information and legally sensitive material are disclosed only to the correct individual and that the correspondence is handled securely and accurately.
Responses will be provided within the timeframes required by applicable law. Where no specific statutory timeframe applies, responses will be issued within a reasonable period, taking into account the nature, complexity and volume of the correspondence received.
This contact channel is reserved exclusively for formal correspondence, including legal, regulatory, policy-related and statutory matters. General enquiries, technical issues, gameplay questions or routine communications should be submitted through any standard support or contact mechanisms made available on the Website and are not treated as formal correspondence for the purposes of this Policy.
Play Responsibly
Enjoy the games, take breaks when needed, and keep things balanced for your wellbeing.
