Last updated: 27 June 2026

Privacy Policy

This Privacy Policy explains how Joe Fortune AU Review ("we", "us", "our") handles your personal information when you visit our website at hmm.kiwi.nz. We are an independent information resource that publishes reviews of online casinos — we are not a gambling operator, and we never ask for or hold your casino account details, passwords or payment information. This policy covers what we collect, why, how long we keep it, who we share it with, and the rights you have under Australian and European data-protection law. If anything here is unclear, email our privacy contact at [email protected].

1. Who we are and which laws apply

This website is operated by the editorial team behind Joe Fortune AU Review, publisher of independent casino reviews for Australian readers. Because our audience is primarily in Australia, we handle personal information in line with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs). Where a visitor is in the European Economic Area or the United Kingdom, we also apply the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR to that visitor's data. This policy takes effect from the "Last updated" date shown above and replaces any earlier version. The person responsible for data questions can be reached at [email protected].

2. What personal data we collect

A. Information you give us directly

If you use our contact form, we collect the name and email address you enter, the subject category you select, and the content of your message. We use this only to read and reply to your enquiry. We do not collect payment-card numbers, casino login credentials, passwords, copies of identity documents, or any financial account data — there is no reason for a review site to ever ask for these, and we never will.

B. Information collected automatically

Like almost every website, our servers and analytics tools record limited technical data when you browse:

• IP address — used to infer your country so we can show the right regional content, and to protect the site against abuse and denial-of-service attacks. It is anonymised before it reaches our analytics.
• Browser type and version (User-Agent) — so we can render pages correctly across Chrome, Safari, Firefox and Edge.
• Operating system and device type — so we can serve a layout suited to phones, tablets or desktops.
• Pages viewed and time on each page — aggregated, anonymous analytics that tell us which reviews are useful so we can improve them.
• Referrer URL — the page you arrived from, which helps us understand how readers find us.
• Browser language and screen resolution — used to display content in the right language and at the right size.

C. Cookies

We use a small number of cookies for essential functions, anonymous analytics and affiliate-link tracking. Each cookie is listed by name, provider, purpose and lifetime in our Cookie Policy, where you can also learn how to disable them.

3. Why we process your data

• To run and improve the site — we look at which reviews are read most so we can write more useful content. We use Google Analytics 4 in anonymised form for this.
• Analytics and statistics — aggregated traffic data helps us understand our audience. It cannot be used to identify you as an individual.
• Affiliate links — when you click a link to a casino, an affiliate network may set a cookie that records the referral so the programme works. We explain this fully in our Affiliate Disclosure.
• Security — protecting the site from spam, bots and malicious traffic.
• Communication — answering messages you send through the contact form.
• Legal obligations — meeting any record-keeping duties that apply to us.

4. Legal basis (GDPR Art. 6) and APP basis

For visitors covered by the GDPR, we rely on the following legal bases. Consent (Art. 6(1)(a)) for any non-essential cookies — you give this through the cookie banner on your first visit and can withdraw it at any time. Legitimate interests (Art. 6(1)(f)) for analytics, site security and fraud prevention; our legitimate interest is understanding our audience and keeping the site safe. Performance of a request (Art. 6(1)(b)) for handling contact-form enquiries. Legal obligation (Art. 6(1)(c)) for any data we must retain by law. Under the Australian Privacy Principles, we collect only information reasonably necessary for our functions and use it only for the purposes set out above.

5. Who we share data with

We use a small set of trusted processors and never sell your data:

• Google Analytics 4 (Google LLC, USA) — anonymised traffic analytics. Transfers to the USA are covered by Standard Contractual Clauses and the EU–US Data Privacy Framework. Data: anonymised IP, on-site behaviour, device.
• Google Search Console — search-visibility data such as queries, impressions and click-through rate.
• Affiliate networks (for example operator affiliate platforms and aggregators such as Income Access or NetRefer) — these record only the technical fact that a click came from our site, never your name or email.
• Hosting / CDN provider (Cloudflare) — server logs and bot protection. Data: IP address, requests, timestamps.

We do not sell personal data, do not pass it to advertising networks for targeted ads, and do not hand your details to any casino. A casino only ever receives data if you choose to click through and register on its own site.

6. International data transfers

Some of our processors are located outside Australia and the EEA — notably Google, in the United States. Where data leaves the EEA or UK, we rely on Standard Contractual Clauses, European Commission adequacy decisions and the EU–US Data Privacy Framework to keep it protected to an equivalent standard. You can request a copy of the safeguards we rely on by emailing [email protected].

7. How long we keep data

• Contact-form messages — kept for 12 months after your last message, then deleted.
• Server logs — 90 days, then purged.
• Analytics cookies — depend on the cookie (for example _ga lasts 2 years, _gid 24 hours); see the Cookie Policy.
• Affiliate tracking cookies — typically 30–90 days depending on the network.
• Data we must retain by law — kept only for the period required, then deleted or anonymised.

8. Your rights

Depending on where you live, you have some or all of these rights. Under the GDPR: the right of access (Art. 15), rectification (Art. 16), erasure or "right to be forgotten" (Art. 17), restriction (Art. 18), data portability in a machine-readable format such as JSON or CSV (Art. 20), and the right to object to processing based on legitimate interests (Art. 21). You may also withdraw consent at any time without affecting earlier processing. Under the Australian Privacy Act you have the right to access and correct the personal information we hold about you.

To exercise any right, email [email protected]. We will acknowledge your request within 72 hours and respond within 30 days. If you are unhappy with how we handle your data, you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or, in the EU/UK, to your local data-protection authority.

9. How we keep data secure

All connections to the site use 256-bit SSL/TLS encryption (the address begins with https://). We keep our content-management system and server software patched to close known vulnerabilities. Access to any personal data is restricted to authorised members of the editorial team. Administrative accounts use two-factor authentication (2FA), and backups are encrypted. No system is ever 100% secure, but we take every reasonable measure to protect the limited data we hold.

10. Children's data

This site is intended only for adults aged 18 or over. We do not knowingly collect data from anyone under 18. If we discover that we have collected a minor's data, we delete it immediately. If you believe a child has provided us with personal information, contact us at [email protected] and we will remove it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top always reflects the current version, and we will flag any significant change with a notice on the site. Continuing to use the site after an update means you accept the revised policy. For anything you can't find here, see our Cookie Policy or Contact Us page.