What personal data roospin-au.net collects, why, how long we keep it, who it is shared with, and the rights you have over it under Australian and EU law.
roospin-au.net is an independent online casino review platform run from Sydney, Australia. We are not a casino. We operate no gambling services, take no deposits and process no withdrawals, and we hold no player accounts. Our data processing is narrow to match — we're an informational publisher, and our privacy obligations follow from that.
The casino we review — Roospin Casino — is a separate legal entity run by a third party under a Curaçao licence. Its privacy practices answer to its own policy, on its own site, and are entirely beyond our control.
When you email us, we receive:
When you visit any page on this site, our hosting infrastructure and analytics tools automatically collect:
We collect no real name, home address, phone number, financial details or government identifiers through any automatic mechanism, and we don't knowingly collect data from anyone under 18.
| Purpose | Data used | Legal basis (where GDPR applies) |
|---|---|---|
| Responding to your enquiry | Contact form data, email | Legitimate interest / consent |
| Site analytics (aggregate traffic trends) | Anonymised IP, pages viewed, device type | Legitimate interest |
| Affiliate attribution (tracking referrals) | Click identifier passed to operator | Legitimate interest |
| Security and abuse prevention | IP address, user-agent, request patterns | Legitimate interest |
| Compliance with legal obligations | Server logs | Legal obligation |
We don't use your data to build advertising profiles, we don't run remarketing, and we don't sell, rent or trade personal data to third parties for marketing.
We rely on a small number of processors to run the site. Each has its own privacy policy, which supersedes ours for the specific processing they do:
Where these processors transfer data internationally, we rely on their standard contractual clauses and the adequacy mechanisms they publish. A full list of sub-processors for each third party is on their respective documentation.
| Category | Retention period |
|---|---|
| Contact-form submissions and email correspondence | 12 months after last interaction, unless longer is needed to resolve an ongoing matter |
| Server access logs (full IP) | 90 days |
| Aggregated analytics (GA4, no PII) | Up to 26 months per GA4 default retention |
| Affiliate click events | Per the affiliate network's policy, typically up to 24 months |
| Editorial records required by correction policy | Retained as long as the corresponding article is live, for audit of the correction log |
Once a retention period ends, the data is deleted or anonymised, and backups cycle on a shorter rotation and expire on their own.
As an Australian resident, you have the right to:
If you are a resident of the EU or the UK, you additionally have rights to data portability, restriction of processing, objection to processing, and the right to be forgotten (erasure), subject to the usual legal exceptions.
Email info with "Privacy" in the subject line. We will respond within 30 days. We will verify your identity before disclosing any personal data. The process is documented on the contact page.
There's no charge for exercising your rights. Where a request is plainly unfounded or excessive — repeated requests for the same data, for instance — we may apply a reasonable fee or decline to act, to the extent the law allows.
We use cookies and similar technologies for analytics, security, and basic site function. A full cookie list, the purpose of each cookie, the retention, and how to manage them in your browser is on the cookie policy page. You can block or clear non-essential cookies at any time from your browser settings.
Our main processors (Cloudflare, Google Analytics) run global infrastructure, so personal data may be moved to or reached from jurisdictions outside Australia — usually the United States and Europe. Those transfers sit under the processors' standard contractual clauses and adequacy mechanisms, as their own privacy policies set out.
Where you have the legal right to object to international transfer, you can exercise it by emailing the privacy address above. In practice, objecting typically means asking us to delete the data rather than restrict its location.
The site is served over TLS 1.2+ with modern cipher suites, and the admin side of the hosting uses two-factor authentication. Contact-form submissions and email correspondence sit in a mailbox protected by provider-side encryption and 2FA. Within the small team, access to personal data goes only to whoever needs it for the task in hand.
No online system is perfectly secure. Should a breach affect your personal information, we'll notify those affected and the OAIC under the Notifiable Data Breaches scheme in Australian law, along with any matching GDPR obligations where they apply.
This site, the review, and all casinos discussed on it are for adults aged 18 or over. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has submitted information to this site, please email info and we will delete the submission. Our broader position on minors and gambling is on the responsible gambling page.
We revise this policy when our practices change — adding or dropping a processor, reworking retention periods, or responding to a change in legal obligations. A material change moves the "last updated" date at the top, and for significant changes we post a short notice at the top of both the homepage and the policy page for at least 30 days afterwards.
This document is the current, authoritative version of our privacy practices. Historic versions are available on request through the contact page.
