What personal data bitstarzcasinoo.com collects, the purposes for which it is collected, how long it is retained, with whom it is shared, and the rights available to you under Australian and EU law.
bitstarzcasinoo.com is an independent online casino review platform run from Sydney, Australia. We are not a casino. We operate no gambling services, take no deposits and process no withdrawals, and we hold no player accounts. The scope of data processing here is correspondingly narrow - we're an informational publisher, and our privacy obligations track that.
The casino reviewed here - BitStarz Casino - is a separate legal entity run by a third party under a Curaçao licence. Its privacy practices answer to its own policy, on its own site, and lie entirely outside our control.
When you get in touch by email, we receive:
When you visit any page on this site, our hosting infrastructure and analytics tools automatically collect:
We collect no real name, home address, phone number, financial details or government identifiers by automatic means, and we don't knowingly collect data from anyone under 18.
| Purpose | Data used | Legal basis (where GDPR applies) |
|---|---|---|
| Responding to your enquiry | Contact form data, email | Legitimate interest / consent |
| Site analytics (aggregate traffic trends) | Anonymised IP, pages viewed, device type | Legitimate interest |
| Affiliate attribution (tracking referrals) | Click identifier passed to operator | Legitimate interest |
| Security and abuse prevention | IP address, user-agent, request patterns | Legitimate interest |
| Compliance with legal obligations | Server logs | Legal obligation |
We don't use your data to build advertising profiles, we run no remarketing, and we don't sell, rent or trade personal data to third parties for marketing.
We rely on a small number of processors to run the site. Each has its own privacy policy, which supersedes ours for the specific processing they do:
Where these processors transfer data internationally, we rely on their standard contractual clauses and the adequacy mechanisms they publish. A full list of sub-processors for each third party is on their respective documentation.
| Category | Retention period |
|---|---|
| Contact-form submissions and email correspondence | 12 months after last interaction, unless longer is needed to resolve an ongoing matter |
| Server access logs (full IP) | 90 days |
| Aggregated analytics (GA4, no PII) | Up to 26 months per GA4 default retention |
| Affiliate click events | Per the affiliate network's policy, typically up to 24 months |
| Editorial records required by correction policy | Retained as long as the corresponding article is live, for audit of the correction log |
Once a retention period ends, the data is deleted or anonymised, and backups rotate on a shorter cycle and expire on their own.
As an Australian resident, you have the right to:
If you are a resident of the EU or the UK, you additionally have rights to data portability, restriction of processing, objection to processing, and the right to be forgotten (erasure), subject to the usual legal exceptions.
Email info with "Privacy" in the subject line. We will respond within 30 days. We will verify your identity before disclosing any personal data. The process is documented on the contact page. More about this platform: about us, Riley Fletcher, affiliate disclosure, how we test, how we rate, sitemap, terms of use.
Exercising your rights is free. Where a request is plainly unfounded or excessive - repeated requests for the same data, for instance - we may charge a reasonable fee or decline to act, as far as the law allows.
We use cookies and similar technologies for analytics, security, and basic site function. A full cookie list, the purpose of each cookie, the retention, and how to manage them in your browser is on the cookie policy page. You can block or clear non-essential cookies at any time from your browser settings.
Our main processors (Cloudflare, Google Analytics) run global infrastructure, which means personal data may be transferred to, or accessed from, jurisdictions outside Australia - usually the United States and Europe. Those transfers are covered by the processors' standard contractual clauses and adequacy mechanisms, as set out in their own privacy policies.
Where you have the legal right to object to international transfer, you can exercise it by emailing the privacy address above. In practice, objecting typically means asking us to delete the data rather than restrict its location.
This site serves all pages over TLS 1.2 or higher with current cipher suites. The hosting admin panel requires two-factor authentication. Contact submissions and email correspondence are held in a mailbox with provider-side encryption and 2FA. Personal data access within the editorial team is restricted to whoever requires it for a specific task.
No online system is perfectly secure. Should a breach affect your personal information, we'll notify those affected and the OAIC under the Notifiable Data Breaches scheme in Australian law, plus any equivalent GDPR obligations where they apply.
This site, the review, and all casinos discussed on it are for adults aged 18 or over. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has submitted information to this site, please email info and we will delete the submission. Our broader position on minors and gambling is on the responsible gambling page.
We update this policy when our practices change - say, when we add or remove a processor, revise retention periods, or respond to a shift in legal obligations. A material change updates the "last updated" date at the top, and for significant changes we post a short notice at the top of both the homepage and the policy page for at least 30 days after.
This document is the current, authoritative version of our privacy practices. Historic versions are available on request through the contact page.
