Data & compliance

Privacy Policy 2026: How CCH Foundation Collects and Protects Your Data

Our privacy policy sets out, in plain terms, exactly what personal information we collect, why we collect it, who we share it with, and the enforceable rights you hold under the Privacy Act 1988 and the 13 Australian Privacy Principles.

Privacy Policy at CCH Foundation — privacy policy
A minimalist illustration of a locked document beside small data-flow icons, representing how reader information is handled and secured.

This Privacy Policy explains how CCH Foundation, publisher of this website (cchfoundation.net), collects, holds, uses and discloses personal information from visitors. We are an independent, data-led publisher covering the online casino australia category — reviewing operators, licensing and bonus terms — with the same evidence-first discipline we apply when scoring an operator's payout speed. This policy covers every page on this domain, including our guides on online pokies, casino bonuses, licensing and regulation and new casinos.

We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) it sets out. This document satisfies our notification obligations under APP 1 and APP 5: what we collect, how and why, who we share it with, where it is stored, how long we keep it, and how you can access, correct or complain.

Introduction and Scope

This policy is the technical and legal companion to our About Us page, which sets out who we are editorially. Where the two overlap — such as reader enquiries — this document governs, since it exists to meet Privacy Act obligations, not to introduce the team.

It applies to all visitors regardless of location or device. It does not extend to third-party sites we link to, including operator sites reviewed here — once you leave our domain, that operator's own privacy policy applies instead.

Who Operates This Site

CCH Foundation publishes this website as an independent information and comparison resource. We do not operate, own or accept deposits on behalf of any gambling platform reviewed here, and nothing you submit through our forms reaches an operator.

Our editorial and data-handling decisions sit with the same small team, led by our Data & Compliance Editor, which is why our privacy practice mirrors our scoring practice: documented, consistent, and reviewed on a set schedule rather than left informal.

Personal Information We Collect

We collect two broad categories: information you choose to give us directly, and information generated automatically as you browse. Most visitors interact with us only in the automatic category.

We do not knowingly collect sensitive information as defined under the Privacy Act — such as health or gambling-behaviour disclosures — through our standard contact channels, and ask that you avoid volunteering this detail in a general enquiry.

Information You Provide Directly

If you use a contact form, email us, or comment where commenting is enabled, we collect what you choose to submit: typically a name or alias, an email address, and your message. Some forms also capture a subject category so enquiries reach the right team member.

We never ask visitors for financial account details, government identifiers or identification documents. If a message happens to include this kind of detail regardless, we redact or delete it once your query is resolved.

Information We Collect Automatically

Like almost every website, we log technical data with each visit: IP address, approximate location (typically city or region level), browser and device type, operating system, referring page, and pages viewed.

This automatic data is the backbone of how we understand which comparisons and guides are genuinely useful, and it is examined in aggregate far more often than at an individual level. The purposes section below sets out exactly what it is used for.

How We Collect Your Information

Three mechanisms account for essentially all data we collect: contact forms and correspondence, cookies and similar technologies, and third-party analytics embedded in our pages.

We do not use biometric collection, app-based tracking or offline data-matching, and if that ever changes this policy will be updated in advance, as described in our changes section near the end of this page.

Contact Forms and Direct Enquiries

When you submit a form, the fields you complete are sent to us over an encrypted connection and stored in our enquiry system, alongside the technical data described above, for spam and security screening.

Email enquiries are collected the same way any business email is: retained in our mailbox, tied to the sending address, and accessible only to staff responsible for correspondence. We do not sell or rent contact-form or email data to any third party.

Cookies and Similar Technologies

Cookies are small text files placed on your device by your browser, either by us directly (first-party) or by a third-party script embedded in our pages, such as an analytics tool. We use both categories, detailed further below.

On your first visit, a consent banner lets you accept or adjust non-essential cookie categories before they are set. Strictly necessary cookies, which keep the site functioning securely, sit outside that choice, consistent with standard Australian and international practice.

Analytics Platforms

We use a third-party web analytics platform, in the same category as Google Analytics, to understand aggregate traffic: which guides are read most, typical visit length, and device mix, reaching us primarily in aggregated, de-identified form.

Analytics scripts run only once you accept that cookie category, generating a pseudonymous identifier tied to your browser rather than your name. We do not attempt to re-identify analytics data against contact-form submissions.

Why We Collect and Use Your Information

We collect personal information for a limited set of purposes, consistent with APP 3's requirement that collection be reasonably necessary for our functions, not speculatively for undefined future use.

Every field on every form exists because it serves one of the purposes below — where we cannot explain why we need a piece of information, we remove the field rather than keep collecting it out of convenience.

Operating and Improving Our Content

Aggregate usage data tells us which comparison tables, payout explainers and licensing guides are genuinely useful, and which need a rewrite — the same evidence-first instinct behind our operator scorecard, applied to our own publishing here.

We also use this data to find broken pages and navigation dead ends, all of which affect how usefully our payments and payouts guide, and other reference pages, serve readers comparing their options.

Legal, Security and Compliance Purposes

Technical logs help us detect security incidents and attempts to scrape or misuse our comparison data. We retain a subset for record-keeping and security obligations, separate from any marketing purpose.

Where required, we may use held information to respond to a lawful request from an Australian regulator or law-enforcement body, or to establish or defend a legal claim — narrow, occasional uses, never the default reason data is collected.

Cookies and Analytics in Detail

Because cookies generate the most reader questions, this section goes further than the summary above. Every category we use falls into one of four groups, set out below alongside its typical retention window.

We review this cookie inventory on a set schedule rather than leaving it to drift, in keeping with our "scored in numbers" approach to transparency — a policy is only as good as the practice behind it.

Cookie Category Purpose Set By Typical Duration
Strictly Necessary Site security, load balancing, remembering consent choice Us (first-party) Session to 12 months
Analytics Aggregate traffic measurement, page performance Third-party analytics platform Up to 14 months
Functional Remembering display preferences, e.g. table sort order Us (first-party) Up to 12 months
Affiliate/Advertising Attributing a referral click to an operator we compare Third-party affiliate network 30 days to 12 months

Categories of Cookies We Use

Strictly necessary cookies keep the site functioning securely and cannot be switched off, including the one that remembers your cookie consent choice. Analytics cookies are entirely optional and only activate once you accept that category in the banner.

Affiliate and advertising cookies record that a click on a comparison link came from this site, so a partner network can attribute the referral. These cookies typically capture a click identifier and timestamp, not a personal detail about you.

Managing Your Cookie Preferences

You can adjust or withdraw cookie consent at any time through the preference link in our footer, and you can also block or delete cookies through your browser settings — most current browsers document this under their privacy menu.

Disabling non-essential cookies will not stop you reading any page here, though it may affect how well we measure which guides need improvement, and it will stop affiliate networks correctly attributing a later referral.

Third-Party Services and Disclosure

We rely on a small number of external providers to run this site, and personal information may pass through their systems as a normal part of that arrangement, based on each provider's own privacy and security standards.

We do not sell personal information to data brokers, and we do not share contact-form content with gambling operators for marketing purposes. The categories below are the complete list our data passes through.

Service Providers We Rely On

Our site is hosted by a commercial hosting provider, which processes technical data (IP addresses, request logs) to serve pages to your browser. Our analytics platform processes aggregated, pseudonymous usage data under its own terms.

Contact-form submissions may pass through a third-party form-handling or email-delivery service before reaching our team's mailbox, encrypted in transit. Each provider is contractually limited to using data only to deliver the service we engaged it for.

Affiliate and Advertising Partners

As a comparison publisher, we earn commission when a reader clicks through to a reviewed operator and, in some cases, later signs up — standard for the informational-publisher model, and it does not affect our scoring, which is documented on our About Us page. Affiliate networks receive a click identifier, not your name.

Advertising partners, where used, may set cookies to measure which comparison pages generated a referral, again using pseudonymous identifiers rather than directly identifying information.

When We May Disclose Information

Beyond the providers above, we disclose personal information only where required by Australian law, in response to a valid regulator or law-enforcement request, to protect our legal rights, or with your explicit consent for a purpose we described at the time.

We do not disclose personal information for a purpose you would not reasonably expect, consistent with APP 6, and any new disclosure category would require an update to this policy before it began.

Data Storage and Security

Personal information we hold is stored on secured servers operated by our hosting and infrastructure providers, protected by encrypted transmission (HTTPS), access controls, and routine software patching.

No method of electronic storage or transmission is completely immune to risk, and we cannot guarantee absolute security. We commit to reasonable technical and organisational safeguards proportionate to the modest amount of personal information we actually hold, consistent with APP 11.

Where Your Data Is Held

Depending on the specific service, data may be held on servers in Australia or overseas, since several mainstream hosting, analytics and email-delivery providers operate global infrastructure. Our overseas data handling section below explains the obligations that apply.

We do not maintain a standalone customer database of gambling account details, deposit history or wagering activity, because we are a publisher rather than an operator — that category of sensitive financial data simply does not exist in our systems.

Security Measures We Apply

Access to our contact-form and email systems is restricted to staff who need it for editorial or support functions, protected by individual credentials rather than a shared login.

We periodically review our data-handling practices against current guidance from the Office of the Australian Information Commissioner (OAIC), and update technical safeguards as that guidance, and the underlying technology, evolves.

Data Retention

We keep personal information only for as long as reasonably necessary for the purpose it was collected for, or as required by law, and do not retain data indefinitely by default.

Contact-form and email correspondence is typically retained for up to 24 months from the last message in a thread, allowing follow-up on an ongoing enquiry, after which it is deleted or archived in a form that no longer identifies you.

How Long We Retain Different Records

Automatically collected analytics data is typically held for up to 14 months, reflecting our analytics platform's default retention window, after which it ages out automatically. Security and access logs are kept for a shorter operational window, enough to investigate an incident but not indefinitely.

Where information is retained for legal or compliance reasons — for example, correspondence relevant to a regulatory enquiry — it may be held longer than the standard windows above, strictly for as long as that purpose requires, then deleted or de-identified.

Overseas Data Handling

Because several of our service providers operate international infrastructure, personal information collected here may be processed or stored on servers outside Australia, commonly in the United States or the European Union.

Under APP 8, before disclosing personal information to an overseas recipient we take reasonable steps to ensure that recipient does not breach the Australian Privacy Principles in relation to it, and we select providers with established privacy and security commitments for this reason.

Cross-Border Disclosure Under APP 8

APP 8 does not require every overseas recipient to sit in a country with equivalent privacy law; it instead places an accountability obligation on us to protect the information regardless of where it is processed.

If you want to know which countries a specific category of your data may be processed in, our contact section below explains how to ask us directly, and we will answer as specifically as our own visibility into a provider's infrastructure allows.

Cloud and Hosting Considerations

Cloud infrastructure often distributes data across multiple regions for redundancy and performance rather than storing it in a single fixed location — standard practice across the modern web, not unique to this site.

We do not currently transfer personal information to any overseas recipient for onward marketing, and any future change to our overseas processing that materially affects your data will be reflected in an updated version of this policy.

Your Rights Under the Privacy Act 1988

The Privacy Act 1988 (Cth) and its 13 Australian Privacy Principles set the baseline for how we must handle your personal information, giving you specific, enforceable rights rather than a vague promise of "taking privacy seriously."

The 13 APPs cover the full lifecycle of personal information, from how we tell you what we collect through to how you can correct it later. They are summarised below; the OAIC's own website carries the full legal text if you want the primary source.

  • APP 1 — Open and transparent management of personal information (this policy is part of that obligation)
  • APP 2 — Anonymity and pseudonymity options, where practicable
  • APP 3 — Collection of solicited personal information only where reasonably necessary
  • APP 4 — Dealing appropriately with unsolicited personal information we receive
  • APP 5 — Notifying you of collection, which this policy is designed to satisfy
  • APP 6 — Using or disclosing information only for the purpose collected, or a related purpose
  • APP 7 — Restrictions on using personal information for direct marketing
  • APP 8 — Accountability for cross-border disclosure of personal information
  • APP 9 — Restrictions on adopting government-related identifiers
  • APP 10 — Taking reasonable steps to ensure information is accurate and up to date
  • APP 11 — Taking reasonable steps to secure personal information we hold
  • APP 12 — Giving you access to personal information we hold about you
  • APP 13 — Correcting personal information on request where it is inaccurate

The 13 Australian Privacy Principles

Reading the list above, most of our obligations are procedural rather than aspirational — notify, collect only what's needed, secure it, let people see and fix it. The APPs are designed to be auditable, and a genuine privacy policy should read like something you can check us against.

Two principles deserve particular attention here: APP 7, because we do not use contact-form details for direct marketing without consent, and APP 8, because our use of overseas providers means cross-border disclosure genuinely applies to us, not just as boilerplate.

Your Right to Access and Correct Your Information

Under APP 12, you can ask what personal information we hold about you, and under APP 13, ask us to correct it if inaccurate, out of date, incomplete or misleading. We respond to a reasonable request within a reasonable timeframe, generally within 30 days.

There is no fee for a straightforward access or correction request. In limited circumstances permitted under the Privacy Act — for example, where a request is unreasonably repetitive — we may decline in part and explain why in writing.

How to Access, Correct or Complain

If you want to see, correct or ask questions about personal information we hold about you, contact us directly using the details in our final section below — the fastest route, and most requests are resolved at this stage.

If you are not satisfied with our response, or believe we have breached the Privacy Act or an Australian Privacy Principle, you have a formal right to complain, both to us directly and, if that does not resolve things, to the independent regulator.

How to Make a Request to Us

Email us using the address in our contact section, describing what information you would like to access, correct, or have explained, with enough detail for us to locate the relevant record. We may ask for reasonable identity verification first.

We aim to acknowledge a request within a few business days and provide a substantive response within 30 days, consistent with OAIC guidance on reasonable response timeframes for requests of this kind.

Lodging a Complaint with the OAIC

The Office of the Australian Information Commissioner (OAIC) is the independent Commonwealth regulator responsible for privacy complaints under the Privacy Act 1988. If you remain unsatisfied after raising an issue with us, you can lodge a complaint with the OAIC, which can investigate and make determinations against an organisation found to have breached the APPs.

We recommend contacting us before escalating, simply because most concerns about a specific piece of information are resolved faster through direct correction than a formal regulatory complaint — but the choice, and the right, is entirely yours at any point.

Age Restriction and Player Safety

This website discusses real-money gambling content, including reviews of platforms in the online casino australia category, and is intended strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18, and any submission indicating a sender is under 18 is deleted without response.

If you are a parent or guardian and believe a minor has submitted information to us, contact us using the details below and we will delete the relevant record promptly. Age restriction is a content and safety matter as much as a privacy one.

Responsible Gambling Support and Your Data

We do not ask visitors to disclose gambling history, losses or self-exclusion status through our contact forms. If a message includes this kind of detail regardless, we treat it as sensitive information, restrict access, and delete it once your enquiry is resolved.

If anything on this site prompts a concern about your own gambling, or someone else's, that concern deserves a direct, confidential conversation rather than a note through our contact form — the resources below are free, staffed by trained counsellors, and not connected to any operator we review.

If gambling stops feeling like entertainment: This site is strictly for adults aged 18 and over. Free, confidential support is available around the clock from Gambling Help Online on 1800 858 858. Australians can also register with BetStop, the National Self-Exclusion Register — though BetStop covers licensed Australian wagering providers only and does not block offshore online casino australia sites, which sit under foreign licences outside its reach.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the third-party providers we use, or Australian privacy law. When we make a material change, we update the "last updated" date at the top of this page and, for significant changes, add a homepage notice for a reasonable period.

We encourage you to review this page periodically, particularly if you have previously submitted personal information through a form on this site, since continued use after an update reflects acceptance of the revised policy for future interactions.

Contact Us

Questions about this Privacy Policy, or requests to access, correct or discuss how we handle your personal information, can be sent to our privacy team at [email protected]. Please include enough detail to identify the relevant record, and note whether your request is general or formal.

For general editorial questions unrelated to privacy — including how we score an online casino australia listing or compile our new casinos coverage — our About Us page has the right contact route. Keeping the two channels separate helps us route privacy requests to the right person faster.

Privacy Enquiries and Response Times

We aim to acknowledge every privacy enquiry within a few business days and provide a full response within 30 days, in line with OAIC guidance. More complex requests, touching multiple third-party providers, may take longer, and we will tell you if that applies to yours.

This policy was last reviewed in 2026 and is current as of the date shown at the top of this page. It applies to cchfoundation.net and does not extend to any third-party site linked from our content, including any gambling operator reviewed here.

Priya Nadesan

Priya Nadesan

Data & Compliance Editor · CCH Foundation

Priya Nadesan is CCH Foundation's Data & Compliance Editor, responsible for how this site collects, discloses and secures reader information as well as the scoring rubric applied to operator reviews. She maintains this privacy policy and reviews it against current OAIC guidance.

Last updated 17 July 2026

Frequently asked questions

What personal information does CCH Foundation collect?

We collect information you give us directly, such as your name and email address through a contact form, and information collected automatically, such as IP address, browser type and pages viewed. We do not require an account to read this site, and most visitors only generate the automatic, technical kind of data.

Does this website sell my personal information?

No. We do not sell or rent contact-form data, email correspondence or analytics data to data brokers or any other third party. Aggregated, de-identified analytics data may be processed by our analytics provider, and affiliate networks receive a click identifier when you follow a link to a reviewed operator, not your name or contact details.

How do I turn off cookies on this site?

Use the cookie preference link in our footer to adjust or withdraw consent for non-essential categories at any time, or block and delete cookies through your browser's privacy settings. Strictly necessary cookies keep the site secure and cannot be disabled without affecting core functionality.

Can I find out what data you hold about me?

Yes. Under Australian Privacy Principle 12 you can request access to personal information we hold about you, and under APP 13 you can ask us to correct it if it is inaccurate. Email our privacy team with enough detail to locate your record, and we will respond within around 30 days.

How long does CCH Foundation keep my information?

Retention varies by type: contact-form and email correspondence is typically kept up to 24 months, analytics data around 14 months reflecting our platform's default, and security logs for a shorter operational window. We do not retain personal information indefinitely by default.

Is my data sent overseas?

It can be. Several hosting, analytics and email-delivery providers we use operate international infrastructure, so data may be processed in countries such as the United States or the European Union. Under Australian Privacy Principle 8, we take reasonable steps to ensure any overseas recipient handles it consistently with the Australian Privacy Principles.

How do I make a privacy complaint?

Contact us directly first, describing the issue clearly - the same email address listed on our About Us page reaches our privacy team. Most concerns are resolved at this stage. If you remain unsatisfied, you can then escalate to the Office of the Australian Information Commissioner (OAIC), the independent regulator for privacy complaints under the Privacy Act.

What does the OAIC do with a privacy complaint?

The Office of the Australian Information Commissioner is the Commonwealth body responsible for investigating complaints under the Privacy Act 1988. It can investigate a complaint about an organisation's handling of personal information and, where appropriate, make a formal determination if the Australian Privacy Principles have been breached.

Do you require ID or age verification to read this site?

No account or ID verification is needed to read our guides. However, the content covers real-money gambling topics and is intended strictly for adults aged 18 and over, and we do not knowingly collect information from anyone under that age through our contact forms.

Do you share my details with the casinos you review?

No. We are an independent publisher, not an operator, and contact-form or email information is never passed to a gambling operator for marketing or account purposes. Affiliate networks that track referral clicks receive only a click identifier and timestamp, not your personal details.

I'm worried about my gambling, not my data - what should I do?

That deserves a direct, confidential conversation rather than our contact form. Gambling Help Online is free and available 24/7 on 1800 858 858. Australians can also register with BetStop, though it covers licensed Australian wagering providers only, not offshore casino sites.