Privacy Policy

Richard Casino ("we", "us", "our") is the operator of aussierichard.com. This privacy policy explains what personal information we collect from you, why we collect it, how we use and store it, who we share it with, and the rights you have over it. It applies to everything you do on aussierichard.com — visiting any page, registering an account, depositing, withdrawing, contacting support, subscribing to emails, and any related interaction.

This policy is written to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth) for our Australian players, and with the General Data Protection Regulation (GDPR) for our German and other EU/EEA players. Where the two frameworks diverge, we follow the stricter one as a default.

If anything below isn't clear, email [email protected] and a real person will respond. We aim to reply within five business days; complex requests can take longer, but you'll get an acknowledgement within 48 hours.

We collect information in three ways: information you give us directly, information collected automatically when you use the site, and information we receive from third parties (payment processors, identity-verification providers, advertising networks if you consented to that).

Account information

Email address, password (stored hashed, never in plain text), legal first and last name, date of birth, residential address, mobile phone number, account currency.

Identity verification (KYC)

Government-issued photo ID (passport, driver's licence, national ID), proof of address (utility bill, bank statement no older than 90 days), partial card photo for card deposits with middle digits and CVV redacted, occasionally a selfie holding the ID for high-risk reviews.

Financial information

Deposit and withdrawal history, account balance, bonus history, source-of-funds evidence when AML thresholds are reached. We do NOT store full card numbers — these go directly to PCI-DSS Level 1 certified payment processors and never touch our servers in raw form.

Gameplay and behavioural data

Games played, bets placed, time spent on the site, win/loss history, session length, responsible-gambling tool settings, login times and locations.

Technical data

IP address, browser type and version, operating system, device type, screen resolution, referring page, language preference, time zone.

Communication data

Live chat transcripts, support email contents, marketing email open/click tracking (only if you consented to marketing), survey responses.

We do not collect special categories of data (health, religion, political views, sexual orientation, biometric identifiers other than KYC selfie comparison) unless you voluntarily provide them in a support conversation, in which case we treat them with extra care and delete them once the matter is resolved.

Under GDPR, we need a lawful basis for every category of processing. Under Australian Privacy Principles, we need a primary purpose connected to our function as a gambling operator. The reasons we process your data fall into five groups:

Performance of contract

Creating and operating your account, processing deposits and withdrawals, crediting winnings, applying bonuses, providing support. Without this data we cannot give you the service you asked for.

Legal obligation

Anti-money-laundering checks, identity verification (KYC), tax reporting, responding to lawful requests from regulators, courts, or police. We are required by law to collect and retain this data.

Legitimate interest

Fraud prevention, account security monitoring, dispute resolution, internal analytics to improve the platform, defending legal claims. We balance our interest against your rights and process the minimum needed.

Consent

Sending marketing emails, placing non-essential cookies (advertising and analytics tracking), using your testimonial in marketing if you submitted one. You can withdraw consent at any time in your account settings.

Vital interest

If we have reason to believe you may be at risk of harm to yourself or others (rare, but applies in serious responsible-gambling cases), we may share information with appropriate emergency services.

Cookies are small text files a site stores on your device to remember things between visits. Local storage and session storage work similarly. Pixels and tracking tags are small image or script requests that record an event (e.g., a page view) on a third-party server. We use all four, in carefully scoped categories.

Strictly necessary

Login session, account currency preference, age-confirmation flag, fraud-detection token. These cannot be turned off — without them the site cannot function. Lifespan: session or up to 12 months.

Performance and analytics

Aggregate statistics on which pages and games are popular, where users drop off, page load timings. We use these to fix bugs and improve the lobby. Lifespan: up to 24 months. You can refuse these in the cookie banner.

Functional

Remembering your last-played games, language and theme preferences, responsible-gambling tool defaults. Lifespan: up to 12 months. Refusing these makes the site work but resets your preferences each visit.

Marketing and advertising

Tracking which campaigns brought you to aussierichard.com, attribution for affiliate partners, retargeting on advertising networks (Google, Meta) if you opted in. Lifespan: up to 12 months. Off by default for EU/EEA users — you must affirmatively opt in via the cookie banner.

You can manage cookie preferences at any time by clicking "Cookie Settings" in the footer of any page. You can also block cookies entirely in your browser, but the site requires strictly-necessary cookies to function — fully blocking them will break login.

We share personal information only with parties who need it to provide a service we've contracted them for, with parties we are legally required to share with, and with you. We never sell your data. The categories we share with:

Payment processors

Visa, Mastercard, Apple Pay, Google Pay, Skrill, Neteller, MiFinity, Trustly, our crypto custodian, and our acquiring bank. They receive transaction data and identifying information needed to process payments and meet their own compliance requirements.

Identity verification providers

Specialist KYC vendors who run document checks and AML database matching. They receive your ID documents and selfie when you submit them and return a verified/not-verified decision plus risk score.

Game studios

NetEnt, Microgaming, Pragmatic Play, Evolution Gaming, Play'n GO, Yggdrasil, Quickspin, Evoplay, Endorphina, Spribe, Slotopia, Gamzix, BGaming. They receive a hashed player ID and bet/win events for the games you play, never your name, email, or financial details.

Cloud and infrastructure providers

Hosting providers, content delivery networks, email-sending services. They process data on our instructions under data-processing agreements and cannot use it for their own purposes.

Analytics and marketing services

Aggregated and anonymised analytics. If you opted in to marketing tracking, identified data may flow to advertising networks for retargeting; you can opt out in cookie settings or your account.

Regulators and law enforcement

When legally compelled by a valid court order, regulator notice, or police request. We push back on overbroad requests and notify you when legally permitted.

Professional advisors

Lawyers, auditors, and financial advisors bound by professional confidentiality, only when needed for a specific purpose like defending a legal claim or completing an audit.

Richard Casino operates internationally, and some of our service providers are based outside Australia and outside the EU/EEA. When we transfer your personal information to a country with weaker data-protection laws than your own, we use one of three safeguards:

• An adequacy decision — the destination country has been formally recognised as offering equivalent protection.
• Standard contractual clauses (SCCs) — legally-binding commitments we sign with the recipient that import EU/UK protections.
• Specific exceptions allowed by law, such as your explicit consent or transfers strictly necessary to perform a contract you asked for.

You can request a copy of the safeguards we have in place for any specific transfer by emailing [email protected].

We keep personal information only for as long as we need it for the purpose it was collected, plus any period required by law. Concrete retention windows:

Account and gameplay records

Active for as long as your account is open, then 7 years after closure. This is the standard AML record-keeping window required of regulated gambling operators worldwide.

Identity verification documents

5 years after the last transaction on your account. Anti-money-laundering law requires a minimum of 5 years; some jurisdictions require 7.

Financial transaction records

7 years from the date of the transaction.

Live chat and support emails

3 years from the close of the ticket, unless the matter involves an unresolved dispute, in which case until the dispute is closed plus 3 years.

Marketing preferences and consent records

Indefinitely while you remain subscribed; for 5 years after unsubscribing as proof you opted out.

Self-exclusion records

Permanently, by design — the whole point of self-exclusion is that we know not to re-onboard the person.

Cookie data on your device

As shown in the cookies section above — 12 to 24 months depending on category.

When the retention period ends, we either delete the data or anonymise it so it cannot be linked back to you.

You have the following rights, subject to limited exceptions where the law allows us to refuse. We respond to all valid requests within 30 days; complex requests can be extended once by a further 60 days, and we'll tell you if that happens.

Access

Request a copy of the personal information we hold about you. The first copy is free; subsequent copies in a 12-month window may carry a reasonable administrative fee.

Correction

Ask us to correct information that's wrong or out of date. Most account fields you can update yourself in account settings.

Deletion

Ask us to delete your data. We will, except for the parts we are legally required to keep — typically the AML and financial records under retention rules above. We'll tell you which categories we cannot delete and why.

Restriction

Ask us to stop processing your data while a dispute about its accuracy is being resolved.

Portability

Request your data in a machine-readable format (JSON or CSV) so you can move it to another service.

Objection

Object to processing based on legitimate interest, including direct marketing. We stop direct marketing immediately on request, no questions asked.

Withdraw consent

Withdraw any consent you previously gave us. The withdrawal applies going forward and doesn't affect the lawfulness of processing already done.

Complaint

Lodge a complaint with us first if you can — we'll try to resolve it. You also have the right to complain to your data protection authority: in Australia, the Office of the Australian Information Commissioner (oaic.gov.au); in Germany, the Bundesbeauftragte für den Datenschutz (bfdi.bund.de) or your state authority.

To exercise any of these rights, email [email protected] from the address tied to your account, or use the data request form in account settings. We may need to verify your identity before acting on a request — this is to protect you from someone else impersonating you.

We protect personal information with a combination of technical, organisational, and physical controls. The key ones:

• All connections to aussierichard.com are encrypted with TLS 1.3 (the same encryption banks use for online banking).
• Passwords are stored using industry-standard one-way hashing (bcrypt with a high work factor) — even our own engineers cannot read your password, not even from a database backup.
• Card numbers are never stored on our servers — they go directly to PCI-DSS Level 1 certified payment processors using tokenisation.
• Internal access to personal data is restricted on a least-privilege basis; access is logged and audited monthly.
• Employees and contractors are bound by confidentiality agreements and complete annual security training.
• We run vulnerability scans continuously and engage independent penetration testers at least annually.
• We have an incident-response plan and a 72-hour notification commitment to regulators and to you for breaches that pose a risk to your rights.

No system is perfectly secure. If we ever experience a personal data breach that affects you, we will notify you and the relevant authority as required by law, and we will explain what happened, what data was affected, what we've done about it, and what you can do to protect yourself.

Richard Casino is strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and you believe a minor has registered with us, please contact [email protected] immediately and we will close the account, refund any deposits, and delete the personal data.

Underage gambling is illegal in Australia and in Germany. We use age-verification at registration and re-verification through KYC before any withdrawal. We also work with parental-control software vendors so you can block our domain at the device or network level if you have a teenager in the home.

We update this policy when our practices change, when the law changes, or when we add or remove a service that involves personal data. The version date at the top of this page reflects the last update. For material changes (a new category of data, a new third party, a new use of existing data), we notify registered account holders by email at least 30 days before the change takes effect.

Old versions are archived. If you'd like to compare what changed, email [email protected] and we'll send you a redline.

For any privacy question — exercising a right, raising a concern, or just clarifying something in this policy — write to [email protected]. For account, deposit, withdrawal, or game support questions, our 24/7 live chat or [email protected] is faster.