CashQuestFun is committed to complying with the General Data Protection Regulation (GDPR) and UK GDPR. This page explains your rights and how we meet our obligations.
Last updated: 3 March 2026The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy that came into effect on 25 May 2018. The UK GDPR, which mirrors the EU GDPR following Brexit, applies in the United Kingdom.
The GDPR gives individuals greater control over their personal data and imposes obligations on organisations that collect or process it. CashQuestFun is committed to meeting those obligations.
🛡️ Our commitment: We collect only the data we need, use it only for stated purposes, protect it appropriately, and respect your rights as a data subject at all times.
This GDPR policy applies to all individuals whose personal data is processed by CashQuestFun, including:
This policy is particularly relevant to individuals in the EEA and the United Kingdom where GDPR applies as law. We extend these same protections to all our users regardless of location.
For the purposes of the GDPR, CashQuestFun acts as the data controller for personal data collected through this website.
As data controller, we determine the purposes and means of processing your personal data. For questions, please contact us at hello@cashquestfun.com.
We do not currently require a Data Protection Officer (DPO) as we are not a public authority and do not carry out large-scale systematic monitoring or processing of special category data.
We collect minimal personal data. The data we may process includes:
We do not collect special category data and we do not operate user accounts.
Under the GDPR, we must have a lawful basis for every type of data processing we carry out:
We use Google Analytics to understand site performance. We have conducted a Legitimate Interests Assessment and concluded this use is proportionate.
We track anonymised affiliate link clicks to attribute commissions. No personally identifiable information is involved.
Analytics and affiliate tracking cookies are only placed after you have given explicit consent via our cookie banner.
We only send marketing emails to individuals who have explicitly opted in. You can unsubscribe at any time.
When you contact us, we process your data to respond. This is necessary to fulfil our communication with you.
We may retain or disclose data where required by law, court order, or regulatory requirement.
The GDPR grants you the following rights regarding your personal data:
Request a copy of the personal data we hold about you (Subject Access Request).
Request that inaccurate or incomplete personal data about you is corrected.
Request deletion of your personal data where there is no compelling reason for us to keep it.
Request that we restrict the processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format and have it transferred to another controller.
Object to processing based on legitimate interests. We will cease unless we have compelling grounds.
Withdraw consent for consent-based processing at any time, without affecting prior processing.
Not to be subject to solely automated decisions with significant effects. We do not carry out such processing.
To exercise any GDPR rights, please contact us at:
We will respond to all valid requests within 30 days. In complex cases this may extend to 90 days, with notification within the first 30 days.
We may need to verify your identity before processing a request. We will not charge a fee unless requests are manifestly unfounded or excessive.
Some third-party providers (such as Google Analytics) may transfer data outside the UK or EEA. Where this occurs we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place. We use Google Analytics with IP anonymisation enabled.
We retain personal data only as long as necessary:
After retention periods expire, data is securely deleted or anonymised.
We implement appropriate technical and organisational measures to protect your personal data, including:
In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority (the ICO in the UK) within 72 hours as required by GDPR Article 33. Where a breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.
If you are unhappy with how we have handled your data, please contact us first. You also have the right to lodge a complaint with your supervisory authority:
We may update this GDPR Policy periodically. We will update the date at the top of this page when changes are made and take reasonable steps to notify you of significant changes.
Email: hello@cashquestfun.com
Subject: "GDPR Enquiry" or "GDPR Rights Request"
We aim to respond to all GDPR-related enquiries within 30 days.