Cookie Policy

This Cookie Policy explains how Richard Casino ("we", "us", "our") uses cookies and similar technologies on aussierichard.com. It supplements our Privacy Policy. Read both together — the Privacy Policy explains what we do with personal data overall; this policy explains the specific role cookies play.

Throughout this document, the word "cookie" is shorthand for cookies in the strict sense plus the related technologies that work the same way: localStorage, sessionStorage, web beacons (also called pixels), fingerprinting signals, and tracking parameters. Each of these can do the same job — remember something about your browser between visits — and each is governed by the same legal rules under the EU ePrivacy Directive and the Australian Privacy Principles where the data is personal.

If anything below is unclear, email [email protected]. A real person responds within five business days; you'll get an acknowledgement within 48 hours.

HTTP cookies

Small text files (typically 4 KB or less) that a website asks your browser to store and send back on subsequent requests. Cookies have a name, a value, an expiry, and a domain that controls who can read them.

localStorage and sessionStorage

Browser-side storage areas a website can read and write through JavaScript. Larger than cookies (up to 5–10 MB) and not automatically sent with every request. localStorage persists until cleared; sessionStorage clears when the tab closes.

Web beacons (pixels)

Tiny image or script requests embedded in a page or an email. They don't store data themselves — they signal to a server that an event happened (a page view, a click, an email open). Often paired with cookies for cross-session tracking.

Fingerprinting

Combining browser, device, and connection signals (screen size, fonts, time zone, language, hardware acceleration) to identify a returning visitor without using cookies. We do not use fingerprinting for advertising. We use a narrowly scoped device-fingerprint signal for fraud detection only, and this is described below.

First-party vs third-party

First-party means the cookie or storage entry is set under aussierichard.com itself — we control it and can read it. Third-party means it's set under another domain (a vendor's domain) when their script runs on our page — they control it and may share it across the other sites that include the same vendor.

We use cookies in four categories, each with a different legal basis and a different opt-out path. The strictly necessary category cannot be turned off because the site needs it to work; the other three are off by default for users in the EU/EEA and turn on only after you opt in via the cookie banner.

Strictly necessary

Login session, account currency, fraud-detection token, age-confirmation flag, cookie-consent record. Lawful basis: legitimate interest. Cannot be refused — without these the site does not function.

Performance and analytics

Aggregate statistics on which pages and games are popular, where users drop off, page load timings. Lawful basis: consent (GDPR) or legitimate interest with opt-out (APP). Refusing these does not break the site; it removes data we use to find and fix bugs.

Functional

Last-played games, language and theme preferences, responsible-gambling tool defaults. Lawful basis: consent. Refusing makes the site work but resets your preferences each visit.

Marketing and advertising

Tracking which campaigns brought you to aussierichard.com, attribution for affiliate partners, retargeting on advertising networks (Google, Meta) if you opted in. Off by default for EU/EEA visitors.

The tables below list every cookie or storage key our site is configured to use. We update them when our setup changes; the page-version date at the top reflects the most recent revision. Cookie names from third parties match the vendor's official naming so you can recognise them in your browser's developer tools.

Cookies set by domains other than aussierichard.com belong to third-party vendors. Each vendor has its own privacy notice describing what they collect and how they use it. The vendors we currently work with, what they receive, and where to learn more or opt out:

Google Analytics 4

Receives anonymised event data: page URLs, referrer, device type, country (city level only — IP anonymisation enabled). Does not receive your name, email, deposit amount, or game outcomes. Privacy: policies.google.com/privacy. Opt-out: tools.google.com/dlpage/gaoptout.

Google Ads

Receives conversion events (registration, deposit) only after you opt in. Used to measure the effectiveness of paid campaigns. Privacy: policies.google.com/privacy.

Meta (Facebook Pixel)

Receives event data tied to a hashed browser ID, only after you opt in. Used for ad attribution and retargeting. Privacy: facebook.com/privacy/policy. Opt-out: facebook.com/help/568137493302217.

Cloudflare

Sets a load-balancing and bot-protection cookie (__cf_bm) on every visit. This cookie does not track you across sites; it routes the request and screens automated traffic. Privacy: cloudflare.com/privacypolicy.

Game studio iframes

When you play a game, the studio's iframe may set its own session cookie scoped to its domain. The studio does not receive your name, email, or financial details — only a hashed player ID and bet/win events. This is described in our Privacy Policy.

You have three controls available, in order of how granular they are:

Cookie banner on aussierichard.com

The fastest way. Click "Cookie Settings" in the footer of any page (or accept/reject from the banner on first visit). You can change your choices at any time. Changes apply immediately; previously-set non-essential cookies are deleted.

Browser settings

Every modern browser lets you block all cookies, block third-party cookies, or clear cookies on exit. Chrome: Settings → Privacy and security → Cookies and other site data. Firefox: Settings → Privacy & Security → Cookies and Site Data. Safari: Preferences → Privacy. Edge: Settings → Cookies and site permissions.

Industry opt-out platforms (advertising)

For advertising cookies across many sites at once, use the Network Advertising Initiative (optout.networkadvertising.org), the Digital Advertising Alliance (optout.aboutads.info), or the European Interactive Digital Advertising Alliance (youronlinechoices.eu).

Modern browsers ship with built-in privacy features that limit how third parties can track you. We support and respect these:

Apple ITP (Intelligent Tracking Prevention)

Safari deletes third-party cookies after 24 hours of inactivity and limits storage from sites you only visited once. We do not work around ITP. If you use Safari, expect retargeting cookies to expire faster than the lifespans listed in the table above.

Firefox ETP (Enhanced Tracking Protection)

Firefox blocks known cross-site tracking cookies by default. We do not attempt to circumvent ETP. Functional and analytics cookies still work because they're either first-party or operate on a privacy-preserving basis.

Global Privacy Control (GPC)

GPC is a browser-level signal that says "I do not want my data sold or shared". When we receive a GPC signal, we treat it as a request to opt out of all marketing cookies and any data sharing for advertising purposes. You don't need to also click the cookie banner — the GPC signal is enough.

Do Not Track (DNT)

DNT is the older signal. Browsers and the W3C deprecated it because nobody could agree on what it meant. We do not act specifically on DNT. Use the cookie banner or GPC instead — both are clearer signals we honour.

For visitors from the EU/EEA and the UK, the legal framework is the ePrivacy Directive (Article 5(3)) plus the GDPR. Together they require us to obtain valid consent before storing or reading any non-essential cookie, with two exceptions:

• Strictly necessary cookies that enable a service explicitly requested by you (login, currency selection, fraud detection) — no consent required.
• Cookies whose sole purpose is to carry out the transmission of a communication (load balancing, basic page delivery) — no consent required.

Everything else — analytics, functional, marketing — requires consent that is freely given, specific, informed, and unambiguous, and that you can withdraw as easily as you gave it. We collect that consent through the cookie banner. Your choices are recorded with a timestamp and the page-version number of this policy at the time of recording, and you can change them at any time without losing other rights.

For Australian visitors, the framework is the Australian Privacy Principles. Cookies that involve personal information are processed under the same principles described in our Privacy Policy. Consent is not always required by APP for cookies, but we apply the same opt-in approach as a default — cleaner UX and no double-standard between AU and EU users.

We update this policy when we add or remove a cookie, when a vendor changes how their cookies work, or when the law changes. Material changes (a new vendor with a new purpose) are notified to registered account holders by email. Less material changes (renaming a cookie, fixing a typo) update the page-version date silently.

For any cookie or tracking-related question, write to [email protected]. To exercise your data rights more broadly, see our Privacy Policy.