Privacy Policy
This page lays out what personal information the site collects from its visitors, why it is collected, where it ends up, who else might see it, and how you can exercise the rights given to you under Australian privacy law. The technical companion piece — cookies, analytics, browser storage — sits on the Cookie Policy page; what you are reading here is the plain-language version of the same arrangement.
This is an independent informational platform that covers Spinaud Casino; the broader context is on the About page. The privacy policy below applies only to this website. Once a reader clicks through to Spinaud itself, the operator's own privacy policy takes over; this site does not forward data to Spinaud except in the narrow form described later on.
1. What this site is
This domain hosts editorial reviews and topic guides on Spinaud Casino and the broader Australian offshore casino market. The flagship operator write-up lives at the Spinaud Casino homepage. Nothing is wagered here, no player accounts run on this domain, and there are no deposits, balances or withdrawals to administer. The site has no registration form and no login screen. A standard read-only visit triggers no data exchange beyond ordinary web request traffic. Where genuine personal data does come in — for instance, an email through the contact channels — the rules below describe exactly how it is handled.
2. Australian privacy law context
Every piece of personal data handled on this site is processed within the framework of the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs), which the Office of the Australian Information Commissioner (OAIC) administers. EU-based visitors keep their GDPR rights when they read here; Californian visitors keep CCPA rights to the extent those rights apply. Where any two of these regimes both touch the same issue, whichever offers the stronger protection is the one that takes precedence.
3. What data this site collects
Data falls into three buckets here: technical traffic logs, contact information you choose to submit, and aggregated analytics statistics.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance. | Legitimate interest under APP 6. |
| Voluntary contact data | Name, email, message content, any documents you choose to attach. Provided only if you write in. | Reply to your enquiry. | Consent under APP 3 (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation switched on. | See which pages help readers and which do not. | Consent (you can decline analytics cookies on first visit). |
This site does not collect: financial data (no payment processing happens on this domain), Spinaud account credentials (we do not operate any accounts), biometric data, location beyond country level (derived from anonymised IP), or special-category data (race, religion, health, sexual orientation, political view). No targeted advertising or remarketing is in use; the funding model behind the site is on the Affiliate Disclosure page.
4. Cookies and similar technologies
A full register of every cookie on this site, along with the third-party services that set them and the controls at your disposal, sits on the Cookie Policy page. In short: strictly necessary cookies (covering page rendering, the consent banner state and abuse prevention) are always present; analytics and affiliate-tracking cookies are only dropped once you opt in via the consent banner; and the footer carries a permanent link to revise that choice whenever you wish.
5. Affiliate links and operator-side tracking
Clicking an outbound Spinaud link triggers a three-stage sequence. First, the request passes through an internal /go redirect that logs the click in our analytics, regardless of whether registration follows. Second, your browser is forwarded onward to the Spinaud platform. Third, Spinaud may drop its own cookies and tag the arrival as a referral. No name, email or other identifying data of yours travels to Spinaud from this site — the operator merely sees that a visit originated here. Should you go on to open a Spinaud account, that registration falls under the operator's own privacy policy and not this one.
6. How long data is retained
- IP addresses: the raw IP is retained for up to 24 hours strictly for abuse-prevention purposes, then anonymised — the final octet stripped for IPv4, the last 80 bits stripped for IPv6. The anonymised form is held for up to 14 months to support aggregate traffic stats.
- Contact correspondence: messages and any attached files are stored for 24 months to enable follow-up and recordkeeping, then automatically deleted unless the matter is still being worked on.
- Analytics events: records collected by Google Analytics 4 are retained for 14 months under the current configuration, after which they are purged automatically.
- Cookie consent record: the record of your consent choice sits in your own browser storage for 12 months; once that window closes the consent banner is shown again.
In cases where statute mandates a longer retention period — affiliate-related tax accounting under the Income Tax Assessment Act being the obvious example — the data is held strictly for the legally required interval and not repurposed in any other workflow.
7. Who this site shares data with
Data leaves this site only in three tightly controlled scenarios. Service providers that operate parts of the infrastructure — web hosting, CDN, transactional email — each work under a signed data-processing contract that limits the data to the specific service. Analytics providers (Google Analytics 4) receive only IP-anonymised traffic readings with no identifying detail attached. Law enforcement and regulators are given access only on the back of a valid legal demand, and only for the data that demand actually covers. Personal data is never sold, leased, traded or exchanged with anyone — that line is absolute.
8. Where data is stored
The infrastructure backing this site sits with cloud vendors located in Australia and the European Economic Area. A handful of partners, Google Analytics 4 most notably, perform processing in the United States. Every outbound transfer of data beyond Australia is covered either by Standard Contractual Clauses or by an equivalent framework the OAIC has assessed as delivering protection on par with Australian law.
9. Your rights
Under the Privacy Act and equivalent international laws, you have the following rights with respect to any personal data this site holds about you.
- Access: ask what we hold and receive a copy.
- Correction: ask for inaccurate data to be corrected.
- Deletion: ask for your data to be deleted, subject to any legal retention requirements.
- Withdrawal of consent: if processing is based on consent, you can withdraw it at any time without affecting earlier lawful processing.
- Complaint: if you think this site has handled your data improperly, you can lodge a complaint with the OAIC at oaic.gov.au. Australian readers should ordinarily contact us first so we have a chance to fix the issue.
To exercise any of these rights, write to the privacy address listed on the Contact page. We will respond inside 30 days, the timeframe the Privacy Act requires.
10. Children's privacy
Every page on this site is written for adult Australian readers and discusses an 18+ adult product. Neither the design nor the editorial framing targets anyone below the age of 18. No personal data is knowingly collected from minors. Should we discover that a submission came from someone under 18, the data is erased, and where possible a parent or legal guardian is notified.
11. Security
Standard industry security controls are in force across the site: TLS 1.2 or higher protects every byte in transit; least-privilege access rules and auditable permission boundaries govern internal systems; access reviews run on a recurring schedule; administrative actions are logged; and external penetration tests are commissioned periodically against the live site. No defensive stack is absolute — if a personal-data breach occurs with the potential to cause serious harm, affected individuals are contacted directly and the OAIC is informed in line with the Notifiable Data Breaches scheme under the Privacy Act.
12. Changes to this policy
Any update to this policy bumps the "Last updated" timestamp at the top of the page. Substantive changes — fresh data categories, newly engaged third-party processors, altered retention windows — also raise a banner on the home page for a minimum of 30 days. Small housekeeping tweaks such as rewording or link maintenance do not warrant a banner notice.
13. Contact
Privacy-related questions are best routed through the privacy contact listed on the Contact page. Editorial questions about content on the site go through the editorial channel; correction requests are governed by the procedure on the Editorial Policy page. Player-safety guidance for anyone reading this site sits on the Responsible Gambling page.