Privacy Policy
This privacy policy explains what information is collected when you visit this website, why it is collected, how it is stored and shared, and the choices you have. The site is an informational resource that publishes reviews and guides about online casinos available to Australian audiences. It is not a casino: nothing is wagered, deposited or held on this domain. Reading reviews here does not require an account, an email address or any login. The points below describe the limited data that is collected during a normal visit and how it is handled.
This policy applies to the website at https://www.nicholasjermyn.co.nz only. It does not apply to any third-party site you choose to visit through a link from this page, including the casino operators that are reviewed. Each operator runs its own privacy practices on its own domain. Once you click an outbound link, that operator’s privacy notice governs everything that happens after.
1. Who is responsible for this site
This is an independent review website. It does not represent any casino operator and is not a licensee of any gambling regulator. References on the site to ratings, opinions, testing notes and methodology reflect the position of the editorial side of this project, which works at arm’s length from any commercial partner. There is no operator account on this site, no payment processing, and no real-money product. Editorial and partnership functions are kept separate, and that separation is described on the Affiliate Disclosure page.
Privacy questions and requests regarding personal information held about you (where any exists) can be directed through the channels described on the Contact page. Because this site does not run forms or login accounts, the volume of personal data held in connection with a normal visit is minimal — mostly limited to standard server logs and analytics records, as set out below.
2. What information this site collects
Information collection on this domain falls into two narrow categories. We do not run contact forms, account registration or newsletter sign-ups. We do not ask for names, phone numbers or copies of identification. We do not handle payments. The only data created is what is automatically generated by the act of loading a web page from a server.
2.1. Information you actively provide
None, in normal use. There is no form on this site, no account creation flow and no checkout process. If you choose to email a partner organisation listed on the Contact page, the data you send goes to that partner organisation under their own privacy practices, not to this site.
2.2. Information collected automatically
The following details are produced automatically by your browser and the hosting infrastructure when you load a page on this site, in line with the technical realities of how the modern web works:
- IP address (often truncated or anonymised): used by the hosting provider to route traffic, mitigate denial-of-service attacks and produce aggregate geographic statistics. Where analytics are configured to anonymise IP addresses, the last octet is dropped before storage.
- User-agent string: the browser name, version, rendering engine and operating system. Used to assess whether a layout breaks on a particular browser or device class.
- Device class and screen dimensions: phone, tablet or desktop, plus viewport width. Used to confirm responsive layouts behave correctly.
- Referrer URL: the previous page (if any) you arrived from. Used to understand which other websites or search terms send traffic.
- Pages requested and timestamps: which URLs were loaded and when. Used to identify popular pages and detect unusual traffic patterns.
- Browser language preference: sent by your browser on every request. Used to confirm the site is being read by an English-speaking audience.
- Cookie identifiers: small pieces of text stored in your browser. Detail on each cookie used is in the Cookie Policy.
3. Why this information is collected
Each piece of information has a specific operational purpose. Nothing on this list is collected for advertising profile building or for resale.
- Site delivery and security. IP addresses, user-agent strings and request timestamps allow the hosting provider to deliver pages, block automated abuse and recover from outages. Without this layer, the site cannot function.
- Audience analytics. Aggregated counts of pageviews, sessions and traffic sources help inform editorial decisions: which guides are read most, which sections need expansion, which pages load slowly. Analytics records are aggregated and do not identify individual readers.
- Affiliate attribution. When you click an outbound link to a casino operator, an affiliate network may set a tracking identifier so the operator knows the click came from this site. The identifier is used only to attribute the click; it does not contain your name or contact information. More on this on the Affiliate Disclosure page.
- Legal compliance. Logs may be retained for a short window in order to meet record-keeping obligations, respond to credible takedown or DMCA notices, and support law-enforcement requests where validly issued.
4. Legal basis for processing
For visitors located in Australia, this site operates consistently with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APPs) set out in Schedule 1 of that Act. Where personal information is handled, it is handled under APP 3 (collection of solicited information), APP 5 (notification at the point of collection — this page is that notification), APP 6 (use and disclosure), APP 11 (security), and APP 12 (access).
For visitors located in the European Economic Area or the United Kingdom, the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR apply where the processing falls within their scope. The legal bases relied on are: Article 6(1)(a) consent for non-essential cookies (analytics and affiliate-attribution), given through the cookie banner and required by the ePrivacy Directive (2002/58/EC) and the UK PECR; Article 6(1)(f) legitimate interests for strictly necessary security logging and bot-management at the hosting layer, where the processing is necessary to keep the site operating safely and the visitor’s reasonable expectations align with that purpose; and Article 6(1)(c) legal obligation where retention or disclosure is required by law.
Consent given through the cookie banner can be withdrawn at any time by clearing cookies in your browser or using the cookie controls described in the Cookie Policy. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
5. Sharing with third parties
Information is not sold. It is not rented to advertising networks for behavioural targeting. It is not transferred to any casino operator unless you yourself click through to that operator’s site, in which case the operator receives the information your browser sends to its server — the same way it would for any direct visit. The third parties that do receive limited data are the technical providers needed to deliver the site:
- Hosting and CDN provider. Receives the technical request data needed to serve pages and protect the site from abuse: IP address, user-agent, requested URL and timestamps. Logs are typically retained for security investigation purposes for a short window.
- Analytics provider (where configured). Receives aggregated visit data with IP anonymisation enabled. Standard contract terms apply for the international transfer of this data, including Standard Contractual Clauses where appropriate.
- Affiliate network for clicked outbound links. When you click an outbound “Play” or “Visit Casino” link, the affiliate network records the click, the originating site and a timestamp. It does not receive your name, contact details, gambling history or any account information — that data only exists at the casino, after you choose to register there.
- Law enforcement and regulators. Where a valid legal order or regulatory request is received, limited information may be disclosed. We do not voluntarily share visitor information outside that narrow path.
6. International transfers
Some technical providers used by this site are located outside Australia and the European Economic Area, including in the United States. Where personal information is transferred to those countries, transfers rely on safeguards permitted under the GDPR and on equivalents under the Australian Privacy Act, including Standard Contractual Clauses with the receiving party, recognised adequacy decisions where available, and contractual obligations to handle data in line with this policy.
If you would like a description of the safeguards that apply to a specific transfer, you can request it through the channels listed on the Contact page.
7. How long information is kept
Retention periods are kept short. Specifics depend on the type of record:
- Server access logs — typically up to 90 days, after which they are rotated out of active storage. Aggregated, anonymised statistics derived from logs may be kept longer.
- Analytics records — aggregated data about pageviews, sessions and traffic sources, retained for up to 26 months. Individual-level analytics is not retained.
- Cookies stored in your browser — vary by cookie. The Cookie Policy lists each cookie’s lifetime: most are session-only or expire within 30 to 90 days, with one analytics cookie persisting up to two years if you do not clear it sooner.
- Affiliate click records — held by the affiliate network, typically for 30 to 90 days, in line with the network’s own privacy practices.
- Records subject to legal retention obligations — held for the period required by the applicable law, then deleted.
8. Your rights
The Australian Privacy Act and the GDPR each give you rights in relation to personal information held about you. The set below applies whichever framework is most favourable to you, in keeping with APP 12 and APP 13 and Articles 15–22 of the GDPR.
- Right of access. You can ask for a copy of the personal information held about you. Given the limited data this site holds, the response is normally a confirmation that no individually identifying record exists beyond short-lived server logs.
- Right of correction. If a record about you contains an inaccuracy, you can ask for it to be corrected.
- Right of erasure (GDPR / UK GDPR). EU/UK residents can ask for personal information to be deleted, subject to any obligation to retain it. Under the Australian Privacy Act, the corresponding obligation sits on the entity holding the data: APP 11.2 requires that personal information no longer needed for the purpose it was collected for is destroyed or de-identified, and short-lived server logs roll out of storage on their normal schedule regardless of any specific request.
- Right to restrict processing. You can ask that processing be limited while a query, complaint or correction request is reviewed.
- Right to portability. Where personal data was provided by you on the basis of consent or under a contract, you can ask for it in a structured, machine-readable form. In practice, this site does not collect data of that kind.
- Right to object. You can object to processing carried out under legitimate interests — primarily, basic analytics. The cookie banner provides the simplest way to register that objection.
- Right to lodge a complaint. Australian residents can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. EU/EEA residents can complain to their local data protection authority. UK residents can complain to the Information Commissioner’s Office at ico.org.uk.
To exercise any of these rights, use the channels described on the Contact page. Requests are acknowledged and processed in line with the timeframes set by the applicable law: 30 days under the GDPR; a reasonable period (typically up to 30 days) under APP 12.
9. Security
Reasonable steps are taken to protect the limited information this site handles. The measures include: HTTPS with TLS 1.2 or above for all pages and resources, with HTTP Strict Transport Security (HSTS) enforcing the encrypted channel; access controls on the hosting environment that limit administrative access to authorised parties only; regular updates of underlying server software and content management components; backup of site files in an encrypted form; and monitoring for unusual access patterns including failed login attempts and abnormal request volumes. No system connected to the internet can be guaranteed perfectly secure, but the technical and organisational measures described here are intended to reduce risk to a level appropriate to the nature of the data processed — which is, by design, kept minimal in the first place.
Data-breach notification. If a security incident affecting personal information were to occur, the notification obligations under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988) and, for affected EU/UK residents, under Articles 33 and 34 of the GDPR would apply. In practice, the very limited personal information handled on this domain (no accounts, no contact submissions, no payment data) makes a notifiable breach unlikely, but the obligations exist and would be honoured if the threshold were ever crossed.
10. Children
This website is intended only for visitors aged 18 and over. The reviewed casinos legally restrict their products to adults. The site does not knowingly seek information from anyone under 18, and no part of the site is designed for or marketed to children. If you believe a minor has nonetheless interacted with this site in a way that left personal information, please make contact through the channels listed on the Contact page so any record can be removed.
11. Changes to this policy
This policy may be updated from time to time to reflect changes in the technical setup of the site, in third-party providers, or in applicable law. The date at the top of the page shows when the most recent update was made. Material changes will be highlighted prominently on the site. Continued use of the site after a change indicates acceptance of the updated text. The previous version remains available on request.
For related material, see the Cookie Policy for a per-cookie breakdown, the Terms & Conditions for the rules that govern your use of the site, and the Affiliate Disclosure for how outbound links are tracked.