This Privacy Policy explains how CCH Foundation, publisher of this website (cchfoundation.net), collects, holds, uses and discloses personal information from visitors. We are an independent, data-led publisher covering the online casino australia category — reviewing operators, licensing and bonus terms — with the same evidence-first discipline we apply when scoring an operator's payout speed. This policy covers every page on this domain, including our guides on online pokies, casino bonuses, licensing and regulation and new casinos.
We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) it sets out. This document satisfies our notification obligations under APP 1 and APP 5: what we collect, how and why, who we share it with, where it is stored, how long we keep it, and how you can access, correct or complain.
Introduction and Scope
This policy is the technical and legal companion to our About Us page, which sets out who we are editorially. Where the two overlap — such as reader enquiries — this document governs, since it exists to meet Privacy Act obligations, not to introduce the team.
It applies to all visitors regardless of location or device. It does not extend to third-party sites we link to, including operator sites reviewed here — once you leave our domain, that operator's own privacy policy applies instead.
Who Operates This Site
CCH Foundation publishes this website as an independent information and comparison resource. We do not operate, own or accept deposits on behalf of any gambling platform reviewed here, and nothing you submit through our forms reaches an operator.
Our editorial and data-handling decisions sit with the same small team, led by our Data & Compliance Editor, which is why our privacy practice mirrors our scoring practice: documented, consistent, and reviewed on a set schedule rather than left informal.
Personal Information We Collect
We collect two broad categories: information you choose to give us directly, and information generated automatically as you browse. Most visitors interact with us only in the automatic category.
We do not knowingly collect sensitive information as defined under the Privacy Act — such as health or gambling-behaviour disclosures — through our standard contact channels, and ask that you avoid volunteering this detail in a general enquiry.
Information You Provide Directly
If you use a contact form, email us, or comment where commenting is enabled, we collect what you choose to submit: typically a name or alias, an email address, and your message. Some forms also capture a subject category so enquiries reach the right team member.
We never ask visitors for financial account details, government identifiers or identification documents. If a message happens to include this kind of detail regardless, we redact or delete it once your query is resolved.
Information We Collect Automatically
Like almost every website, we log technical data with each visit: IP address, approximate location (typically city or region level), browser and device type, operating system, referring page, and pages viewed.
This automatic data is the backbone of how we understand which comparisons and guides are genuinely useful, and it is examined in aggregate far more often than at an individual level. The purposes section below sets out exactly what it is used for.
How We Collect Your Information
Three mechanisms account for essentially all data we collect: contact forms and correspondence, cookies and similar technologies, and third-party analytics embedded in our pages.
We do not use biometric collection, app-based tracking or offline data-matching, and if that ever changes this policy will be updated in advance, as described in our changes section near the end of this page.
Contact Forms and Direct Enquiries
When you submit a form, the fields you complete are sent to us over an encrypted connection and stored in our enquiry system, alongside the technical data described above, for spam and security screening.
Email enquiries are collected the same way any business email is: retained in our mailbox, tied to the sending address, and accessible only to staff responsible for correspondence. We do not sell or rent contact-form or email data to any third party.
Cookies and Similar Technologies
Cookies are small text files placed on your device by your browser, either by us directly (first-party) or by a third-party script embedded in our pages, such as an analytics tool. We use both categories, detailed further below.
On your first visit, a consent banner lets you accept or adjust non-essential cookie categories before they are set. Strictly necessary cookies, which keep the site functioning securely, sit outside that choice, consistent with standard Australian and international practice.
Analytics Platforms
We use a third-party web analytics platform, in the same category as Google Analytics, to understand aggregate traffic: which guides are read most, typical visit length, and device mix, reaching us primarily in aggregated, de-identified form.
Analytics scripts run only once you accept that cookie category, generating a pseudonymous identifier tied to your browser rather than your name. We do not attempt to re-identify analytics data against contact-form submissions.
Why We Collect and Use Your Information
We collect personal information for a limited set of purposes, consistent with APP 3's requirement that collection be reasonably necessary for our functions, not speculatively for undefined future use.
Every field on every form exists because it serves one of the purposes below — where we cannot explain why we need a piece of information, we remove the field rather than keep collecting it out of convenience.
Operating and Improving Our Content
Aggregate usage data tells us which comparison tables, payout explainers and licensing guides are genuinely useful, and which need a rewrite — the same evidence-first instinct behind our operator scorecard, applied to our own publishing here.
We also use this data to find broken pages and navigation dead ends, all of which affect how usefully our payments and payouts guide, and other reference pages, serve readers comparing their options.
Legal, Security and Compliance Purposes
Technical logs help us detect security incidents and attempts to scrape or misuse our comparison data. We retain a subset for record-keeping and security obligations, separate from any marketing purpose.
Where required, we may use held information to respond to a lawful request from an Australian regulator or law-enforcement body, or to establish or defend a legal claim — narrow, occasional uses, never the default reason data is collected.
Cookies and Analytics in Detail
Because cookies generate the most reader questions, this section goes further than the summary above. Every category we use falls into one of four groups, set out below alongside its typical retention window.
We review this cookie inventory on a set schedule rather than leaving it to drift, in keeping with our "scored in numbers" approach to transparency — a policy is only as good as the practice behind it.
| Cookie Category | Purpose | Set By | Typical Duration |
|---|---|---|---|
| Strictly Necessary | Site security, load balancing, remembering consent choice | Us (first-party) | Session to 12 months |
| Analytics | Aggregate traffic measurement, page performance | Third-party analytics platform | Up to 14 months |
| Functional | Remembering display preferences, e.g. table sort order | Us (first-party) | Up to 12 months |
| Affiliate/Advertising | Attributing a referral click to an operator we compare | Third-party affiliate network | 30 days to 12 months |
Categories of Cookies We Use
Strictly necessary cookies keep the site functioning securely and cannot be switched off, including the one that remembers your cookie consent choice. Analytics cookies are entirely optional and only activate once you accept that category in the banner.
Affiliate and advertising cookies record that a click on a comparison link came from this site, so a partner network can attribute the referral. These cookies typically capture a click identifier and timestamp, not a personal detail about you.
Managing Your Cookie Preferences
You can adjust or withdraw cookie consent at any time through the preference link in our footer, and you can also block or delete cookies through your browser settings — most current browsers document this under their privacy menu.
Disabling non-essential cookies will not stop you reading any page here, though it may affect how well we measure which guides need improvement, and it will stop affiliate networks correctly attributing a later referral.
Third-Party Services and Disclosure
We rely on a small number of external providers to run this site, and personal information may pass through their systems as a normal part of that arrangement, based on each provider's own privacy and security standards.
We do not sell personal information to data brokers, and we do not share contact-form content with gambling operators for marketing purposes. The categories below are the complete list our data passes through.
Service Providers We Rely On
Our site is hosted by a commercial hosting provider, which processes technical data (IP addresses, request logs) to serve pages to your browser. Our analytics platform processes aggregated, pseudonymous usage data under its own terms.
Contact-form submissions may pass through a third-party form-handling or email-delivery service before reaching our team's mailbox, encrypted in transit. Each provider is contractually limited to using data only to deliver the service we engaged it for.
Affiliate and Advertising Partners
As a comparison publisher, we earn commission when a reader clicks through to a reviewed operator and, in some cases, later signs up — standard for the informational-publisher model, and it does not affect our scoring, which is documented on our About Us page. Affiliate networks receive a click identifier, not your name.
Advertising partners, where used, may set cookies to measure which comparison pages generated a referral, again using pseudonymous identifiers rather than directly identifying information.
When We May Disclose Information
Beyond the providers above, we disclose personal information only where required by Australian law, in response to a valid regulator or law-enforcement request, to protect our legal rights, or with your explicit consent for a purpose we described at the time.
We do not disclose personal information for a purpose you would not reasonably expect, consistent with APP 6, and any new disclosure category would require an update to this policy before it began.
Data Storage and Security
Personal information we hold is stored on secured servers operated by our hosting and infrastructure providers, protected by encrypted transmission (HTTPS), access controls, and routine software patching.
No method of electronic storage or transmission is completely immune to risk, and we cannot guarantee absolute security. We commit to reasonable technical and organisational safeguards proportionate to the modest amount of personal information we actually hold, consistent with APP 11.
Where Your Data Is Held
Depending on the specific service, data may be held on servers in Australia or overseas, since several mainstream hosting, analytics and email-delivery providers operate global infrastructure. Our overseas data handling section below explains the obligations that apply.
We do not maintain a standalone customer database of gambling account details, deposit history or wagering activity, because we are a publisher rather than an operator — that category of sensitive financial data simply does not exist in our systems.
Security Measures We Apply
Access to our contact-form and email systems is restricted to staff who need it for editorial or support functions, protected by individual credentials rather than a shared login.
We periodically review our data-handling practices against current guidance from the Office of the Australian Information Commissioner (OAIC), and update technical safeguards as that guidance, and the underlying technology, evolves.
Data Retention
We keep personal information only for as long as reasonably necessary for the purpose it was collected for, or as required by law, and do not retain data indefinitely by default.
Contact-form and email correspondence is typically retained for up to 24 months from the last message in a thread, allowing follow-up on an ongoing enquiry, after which it is deleted or archived in a form that no longer identifies you.
How Long We Retain Different Records
Automatically collected analytics data is typically held for up to 14 months, reflecting our analytics platform's default retention window, after which it ages out automatically. Security and access logs are kept for a shorter operational window, enough to investigate an incident but not indefinitely.
Where information is retained for legal or compliance reasons — for example, correspondence relevant to a regulatory enquiry — it may be held longer than the standard windows above, strictly for as long as that purpose requires, then deleted or de-identified.
Overseas Data Handling
Because several of our service providers operate international infrastructure, personal information collected here may be processed or stored on servers outside Australia, commonly in the United States or the European Union.
Under APP 8, before disclosing personal information to an overseas recipient we take reasonable steps to ensure that recipient does not breach the Australian Privacy Principles in relation to it, and we select providers with established privacy and security commitments for this reason.
Cross-Border Disclosure Under APP 8
APP 8 does not require every overseas recipient to sit in a country with equivalent privacy law; it instead places an accountability obligation on us to protect the information regardless of where it is processed.
If you want to know which countries a specific category of your data may be processed in, our contact section below explains how to ask us directly, and we will answer as specifically as our own visibility into a provider's infrastructure allows.
Cloud and Hosting Considerations
Cloud infrastructure often distributes data across multiple regions for redundancy and performance rather than storing it in a single fixed location — standard practice across the modern web, not unique to this site.
We do not currently transfer personal information to any overseas recipient for onward marketing, and any future change to our overseas processing that materially affects your data will be reflected in an updated version of this policy.
Your Rights Under the Privacy Act 1988
The Privacy Act 1988 (Cth) and its 13 Australian Privacy Principles set the baseline for how we must handle your personal information, giving you specific, enforceable rights rather than a vague promise of "taking privacy seriously."
The 13 APPs cover the full lifecycle of personal information, from how we tell you what we collect through to how you can correct it later. They are summarised below; the OAIC's own website carries the full legal text if you want the primary source.
- APP 1 — Open and transparent management of personal information (this policy is part of that obligation)
- APP 2 — Anonymity and pseudonymity options, where practicable
- APP 3 — Collection of solicited personal information only where reasonably necessary
- APP 4 — Dealing appropriately with unsolicited personal information we receive
- APP 5 — Notifying you of collection, which this policy is designed to satisfy
- APP 6 — Using or disclosing information only for the purpose collected, or a related purpose
- APP 7 — Restrictions on using personal information for direct marketing
- APP 8 — Accountability for cross-border disclosure of personal information
- APP 9 — Restrictions on adopting government-related identifiers
- APP 10 — Taking reasonable steps to ensure information is accurate and up to date
- APP 11 — Taking reasonable steps to secure personal information we hold
- APP 12 — Giving you access to personal information we hold about you
- APP 13 — Correcting personal information on request where it is inaccurate
The 13 Australian Privacy Principles
Reading the list above, most of our obligations are procedural rather than aspirational — notify, collect only what's needed, secure it, let people see and fix it. The APPs are designed to be auditable, and a genuine privacy policy should read like something you can check us against.
Two principles deserve particular attention here: APP 7, because we do not use contact-form details for direct marketing without consent, and APP 8, because our use of overseas providers means cross-border disclosure genuinely applies to us, not just as boilerplate.
Your Right to Access and Correct Your Information
Under APP 12, you can ask what personal information we hold about you, and under APP 13, ask us to correct it if inaccurate, out of date, incomplete or misleading. We respond to a reasonable request within a reasonable timeframe, generally within 30 days.
There is no fee for a straightforward access or correction request. In limited circumstances permitted under the Privacy Act — for example, where a request is unreasonably repetitive — we may decline in part and explain why in writing.
How to Access, Correct or Complain
If you want to see, correct or ask questions about personal information we hold about you, contact us directly using the details in our final section below — the fastest route, and most requests are resolved at this stage.
If you are not satisfied with our response, or believe we have breached the Privacy Act or an Australian Privacy Principle, you have a formal right to complain, both to us directly and, if that does not resolve things, to the independent regulator.
How to Make a Request to Us
Email us using the address in our contact section, describing what information you would like to access, correct, or have explained, with enough detail for us to locate the relevant record. We may ask for reasonable identity verification first.
We aim to acknowledge a request within a few business days and provide a substantive response within 30 days, consistent with OAIC guidance on reasonable response timeframes for requests of this kind.
Lodging a Complaint with the OAIC
The Office of the Australian Information Commissioner (OAIC) is the independent Commonwealth regulator responsible for privacy complaints under the Privacy Act 1988. If you remain unsatisfied after raising an issue with us, you can lodge a complaint with the OAIC, which can investigate and make determinations against an organisation found to have breached the APPs.
We recommend contacting us before escalating, simply because most concerns about a specific piece of information are resolved faster through direct correction than a formal regulatory complaint — but the choice, and the right, is entirely yours at any point.
Age Restriction and Player Safety
This website discusses real-money gambling content, including reviews of platforms in the online casino australia category, and is intended strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18, and any submission indicating a sender is under 18 is deleted without response.
If you are a parent or guardian and believe a minor has submitted information to us, contact us using the details below and we will delete the relevant record promptly. Age restriction is a content and safety matter as much as a privacy one.
Responsible Gambling Support and Your Data
We do not ask visitors to disclose gambling history, losses or self-exclusion status through our contact forms. If a message includes this kind of detail regardless, we treat it as sensitive information, restrict access, and delete it once your enquiry is resolved.
If anything on this site prompts a concern about your own gambling, or someone else's, that concern deserves a direct, confidential conversation rather than a note through our contact form — the resources below are free, staffed by trained counsellors, and not connected to any operator we review.
If gambling stops feeling like entertainment: This site is strictly for adults aged 18 and over. Free, confidential support is available around the clock from Gambling Help Online on 1800 858 858. Australians can also register with BetStop, the National Self-Exclusion Register — though BetStop covers licensed Australian wagering providers only and does not block offshore online casino australia sites, which sit under foreign licences outside its reach.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the third-party providers we use, or Australian privacy law. When we make a material change, we update the "last updated" date at the top of this page and, for significant changes, add a homepage notice for a reasonable period.
We encourage you to review this page periodically, particularly if you have previously submitted personal information through a form on this site, since continued use after an update reflects acceptance of the revised policy for future interactions.
Contact Us
Questions about this Privacy Policy, or requests to access, correct or discuss how we handle your personal information, can be sent to our privacy team at [email protected]. Please include enough detail to identify the relevant record, and note whether your request is general or formal.
For general editorial questions unrelated to privacy — including how we score an online casino australia listing or compile our new casinos coverage — our About Us page has the right contact route. Keeping the two channels separate helps us route privacy requests to the right person faster.
Privacy Enquiries and Response Times
We aim to acknowledge every privacy enquiry within a few business days and provide a full response within 30 days, in line with OAIC guidance. More complex requests, touching multiple third-party providers, may take longer, and we will tell you if that applies to yours.
This policy was last reviewed in 2026 and is current as of the date shown at the top of this page. It applies to cchfoundation.net and does not extend to any third-party site linked from our content, including any gambling operator reviewed here.
Sources
- Office of the Australian Information Commissioner (OAIC) — regulates the Privacy Act 1988 and the Australian Privacy Principles
- Gambling Help Online — free, confidential 24/7 support — 1800 858 858
- AUSTRAC — Australia's AML/CTF and financial-intelligence regulator
Read more
- online casino Australia guide — our pillar overview
- about our review team — how we test and score
- licensing and regulation — the IGA, ACMA and offshore licences
