What personal data joefortunee.com collects, why, how long we keep it, who it is shared with, and the rights you have over it under Australian and EU law.
joefortunee.com is an independent online casino review platform run from Sydney, Australia. We are not a casino. We don't operate gambling services, take deposits or process withdrawals, and we hold no player accounts. Our data processing is narrow to match — we're an informational publisher, and our privacy obligations reflect that.
The casino we review — Joe Fortune Casino — is a separate legal entity run by a third party under a Curaçao licence. Its privacy practices are governed by its own policy, on its own site, and are entirely outside our control.
When you email us, we receive:
When you visit any page on this site, our hosting infrastructure and analytics tools automatically collect:
We don't collect your real name, home address, phone number, financial details or government identifiers through any automatic mechanism, and we don't knowingly collect data from anyone under 18.
| Purpose | Data used | Legal basis (where GDPR applies) |
|---|---|---|
| Responding to your enquiry | Contact form data, email | Legitimate interest / consent |
| Site analytics (aggregate traffic trends) | Anonymised IP, pages viewed, device type | Legitimate interest |
| Affiliate attribution (tracking referrals) | Click identifier passed to operator | Legitimate interest |
| Security and abuse prevention | IP address, user-agent, request patterns | Legitimate interest |
| Compliance with legal obligations | Server logs | Legal obligation |
We don't use your data to build advertising profiles, we don't run remarketing, and we don't sell, rent or trade personal data to third parties for marketing.
We rely on a small number of processors to run the site. Each has its own privacy policy, which supersedes ours for the specific processing they do:
Where these processors move data internationally, we rely on their standard contractual clauses and the adequacy mechanisms they publish. Each third party lists its full set of sub-processors in its own documentation.
| Category | Retention period |
|---|---|
| Contact-form submissions and email correspondence | 12 months after last interaction, unless longer is needed to resolve an ongoing matter |
| Server access logs (full IP) | 90 days |
| Aggregated analytics (GA4, no PII) | Up to 26 months per GA4 default retention |
| Affiliate click events | Per the affiliate network's policy, typically up to 24 months |
| Editorial records required by correction policy | Retained as long as the corresponding article is live, for audit of the correction log |
Once a retention period ends, the data is deleted or anonymised, and backups rotate on a shorter cycle and expire on their own.
As an Australian resident, you have the right to:
If you are a resident of the EU or the UK, you additionally have rights to data portability, restriction of processing, objection to processing, and the right to be forgotten (erasure), subject to the usual legal exceptions.
Email [email protected] with "Privacy" in the subject line. We will respond within 30 days. We will verify your identity before disclosing any personal data. The process is documented on the contact page.
Exercising your rights costs nothing. If a request is plainly unfounded or excessive — repeated requests for the same data, for instance — we may charge a reasonable fee or decline to act, as the law permits.
We use cookies and similar technologies for analytics, security and basic site function. A full list — each cookie's purpose, its retention and how to manage it in your browser — is on the cookie policy page. You can block or clear non-essential cookies any time from your browser settings.
Our main processors (Cloudflare, Google Analytics) run global infrastructure, so personal data may be moved to or accessed from jurisdictions outside Australia — usually the United States and Europe. Those transfers sit under the processors' standard contractual clauses and adequacy mechanisms, as set out in their own privacy policies.
Where you have the legal right to object to international transfer, you can exercise it by emailing the privacy address above. In practice, objecting typically means asking us to delete the data rather than restrict its location.
The site runs over TLS 1.2+ with modern cipher suites, and the admin side of the hosting uses two-factor authentication. Contact-form submissions and email correspondence sit in a mailbox protected by provider-side encryption and 2FA. Within the small team, access to personal data is limited to whoever needs it for the task at hand.
No online system is perfectly secure. If a breach affects your personal information, we'll notify those affected and the OAIC under the Notifiable Data Breaches scheme in Australian law, plus any equivalent GDPR obligations where they apply.
This site, the review, and all casinos discussed on it are for adults aged 18 or over. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has submitted information to this site, please email [email protected] and we will delete the submission. Our broader position on minors and gambling is on the responsible gambling page.
We revise this policy when our practices change — adding or dropping a processor, adjusting retention periods, or responding to a shift in legal obligations. Any material change moves the "last updated" date at the top, and for significant changes we post a short notice at the top of the homepage and the policy page for at least 30 days.
This document is the current, authoritative statement of our privacy practices. Earlier versions are available on request via the contact page.
