burger icon
Darwin Review Australia
Log In

Privacy Policy

This Privacy Policy explains how Darwin, operated via the website darwin-au.com (the "Website"), collects, uses, stores, and discloses personal information of website visitors and users of our review and informational services. It applies to all individuals who access or use the Website, including prospective and existing players who rely on our content about online gambling services. By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and supersedes any prior versions published on the Website.

Who We Are

OBSERVE: The available data indicates that Darwin is an informational and review project branded as "Darwin", operating through the domain darwin-au.com, with no verified local Australian gambling licence or confirmed corporate registration details publicly disclosed.

EXPAND: Because full corporate particulars (legal address, registration number, operator jurisdiction) are not specified, we present our identity and contact details in a transparent, good-faith manner while clearly stating these limitations to avoid misleading users. The Website targets Australian users but appears to operate on an offshore-facing basis and does not itself provide gambling services.

REFLECT: We clarify that we are a review/information provider, not a gaming operator, and provide a primary contact channel for privacy matters, including a designated data contact functionally equivalent to a DPO.

Legal Identity and Nature of Services

  • Brand and project name: The project is referred to as "Darwin" and branded as "Darwin". It operates exclusively via the Website darwin-au.com.
  • Service type: The Website provides informational and review content relating to online casinos and gambling services. It does not operate as an online casino, does not directly provide gambling products, and does not process bets or payouts.
  • Unregulated status of profiled operators: Research data indicates that some third-party gambling operators mentioned or reviewed on the Website may be unregulated, not licensed in Australia, or not verifiably licensed. Darwin does not control such third-party operators or their compliance measures.

Corporate Details and Limitations

  • Legal entity details: As of the "Last updated" date of this Privacy Policy, detailed corporate information (formal legal name, registered office, company registration number, tax identification, and licensing jurisdiction) for the entity operating Darwin is not specified in publicly available records and cannot be reliably verified.
  • Address: A specific legal or mailing address for the operator of Darwin is currently not specified. If you require our physical correspondence details for privacy-related matters, you may request them using the contact email below and we will provide them to the extent legally permissible.
  • Licensing disclaimer: No valid or verifiable gambling licence for Darwin or for any associated operator has been identified with reputable authorities (including the Northern Territory Racing Commission, MGA, UKGC, or Caribbean regulators). The Website is an informational resource only and is not presented as a licensed gambling service under Australian law.

Data Protection Contact

  • Primary contact email: [email protected] (general and privacy-specific inquiries).
  • Data protection responsible person: In the absence of a formally registered Data Protection Officer, Darwin appoints a dedicated Data Protection Contact reachable at [email protected] for all matters concerning privacy, data protection, and the exercise of individual rights.
  • Telephone and contact forms: No telephone number or online contact form is currently specified. All privacy-related communications should be directed via email.

What Personal Data We Collect

OBSERVE: To operate the Website and provide review and informational services, Darwin collects limited categories of personal and technical data, primarily via the Website and related technologies.

EXPAND: While we do not operate player accounts or handle bets directly, we may collect identifiers, technical logs, behavioural interaction data, and cookie-based profiles for analytics and marketing, and we may indirectly obtain limited payment-related information through affiliate partners' reporting tools (in anonymised or pseudonymised form where possible).

REFLECT: We clearly list each data category and explain how it is obtained and used, differentiating between data you provide directly and data generated automatically or via partners.

Categories of Personal Data

  • Identification and contact data you provide:
    • Full name, alias, or username (if you contact us or sign up for newsletters where implemented).
    • Email address (for inquiries, feedback, or newsletter subscriptions).
    • Any other details you voluntarily include in your communications (e.g., preferred casino, country, or experience reports).
  • Technical and device data:
    • IP address and approximate location (city/region level where derivable).
    • Device identifiers, operating system, browser type and version, language settings.
    • Access dates and times, pages viewed, referring URLs, and clickstream data.
    • Log files generated by our servers and by security tools (e.g., firewall logs).
  • Behavioural and usage data:
    • Interactions with our content (pages visited, time spent, scroll depth).
    • Click behaviour on links, including outbound affiliate links to third-party casinos or advertising partners.
    • Engagement with marketing communications (email opens, clicks, unsubscribes), if email campaigns are deployed.
  • Payment-related and transactional data (indirect):
    • We do not process deposits, withdrawals, or betting transactions directly.
    • However, affiliate and advertising partners may share aggregated or pseudonymised information such as whether a referred user registered, deposited, or became an active player on a third-party platform.
    • No full payment card numbers or banking credentials are collected or stored by Darwin.
  • Cookies and similar technologies:
    • HTTP cookies (session and persistent), local storage objects, and similar identifiers.
    • Third-party cookies or tags implemented by analytics, marketing, or advertising partners.
    • Unique identifiers assigned to your browser or device for analytics and advertising optimisation.

Legal Basis for Processing

OBSERVE: Under applicable data protection principles (in particular the Australian Privacy Act 1988 (Cth) and, by alignment, EU-style lawful bases), Darwin must rely on an appropriate legal basis for each processing activity.

EXPAND: Even though the Website targets Australian users and is not clearly established in the EU or Mexico, we voluntarily align many practices with the GDPR and comparable international standards, especially regarding consent and legitimate interests.

REFLECT: We identify and match each category of processing with the corresponding legal basis, taking into account consent mechanisms, our legitimate interests as a content publisher, and legal compliance obligations from regulators and enforcement bodies where applicable.

Main Legal Bases

  • Consent:
    • We rely on your explicit consent for:
      • Non-essential cookies and tracking technologies used for targeted advertising or advanced analytics.
      • Subscription to newsletters or promotional email campaigns (where implemented).
      • Any other uses of your data that are not strictly necessary or reasonably expected in the context of visiting a review website.
    • You may withdraw your consent at any time (see the "Your Rights" and "Cookies & Tracking Technologies" sections).
  • Performance of a quasi-contract / providing requested services:
    • When you contact us or request information, we process your contact data and message content to respond to you and provide the requested assistance.
    • When you subscribe to communications, we process your email and preferences to deliver those communications.
  • Legitimate interests:
    • Ensuring the security and integrity of the Website (e.g., detecting abusive traffic, preventing fraud and misuse).
    • Measuring, analysing, and improving our content, usability, and marketing effectiveness.
    • Operating a sustainable business model through affiliate relationships and advertising, including measuring conversions at an aggregated level.
    • Maintaining records necessary to respond to complaints, legal claims, or regulatory inquiries.
    • Where we rely on legitimate interests, we conduct a balancing assessment to ensure your rights and freedoms are not overridden.
  • Compliance with legal obligations:
    • Cooperating with competent authorities (such as the Australian Communications and Media Authority (ACMA) or other law enforcement bodies) where required by law.
    • Retaining certain logs and records for the periods required by applicable law, including potential anti-fraud or anti-money laundering (AML) information that may be shared via partners.

Purpose of Processing

OBSERVE: Darwin processes personal and technical data to operate a gambling review website and to interact with its users.

EXPAND: We differentiate core operational purposes (such as delivering content and ensuring security) from ancillary purposes (such as marketing and statistical analysis), and align each purpose with data minimisation principles.

REFLECT: Clear articulation of purposes enables you to understand how and why your information is used and supports informed consent and accountability.

Key Purposes

  • Providing and operating the Website and services:
    • Delivering website pages, reviews, guides, and related informational content to your device.
    • Responding to your queries, feedback, or complaints submitted via email.
    • Managing any subscriptions or preference settings you request.
  • Improving and developing our services:
    • Analysing aggregated usage patterns to understand which content is most relevant and to improve navigation, layout, and performance.
    • Testing new features, content formats, or recommendation mechanisms.
    • Conducting research and statistical analysis about audience demographics and interests, using de-identified or aggregated data where possible.
  • Marketing and communications:
    • Sending newsletters, updates, promotional content, and recommendations where you have opted in (if such features are active).
    • Serving or facilitating personalised or interest-based advertising via third-party networks, subject to your cookie and tracking preferences.
    • Measuring the effectiveness of affiliate campaigns and advertising partnerships.
  • Analytics and audience measurement:
    • Using analytics tools (e.g., third-party or self-hosted solutions) to understand site traffic and performance.
    • Generating aggregated reports (e.g., number of visits, popular pages, referral sources) without identifying individual users where feasible.
  • Fraud prevention, security, and legal compliance:
    • Monitoring access to detect suspicious behaviour (e.g., bots, scraping, denial-of-service attacks).
    • Maintaining server and security logs to investigate incidents.
    • Complying with court orders, regulatory requests, or applicable legal obligations.

Disclosure & Sharing

OBSERVE: Darwin does not sell personal information in the ordinary sense; however, we share data with third parties who help us operate the Website and monetise our content.

EXPAND: Sharing may occur with hosting providers, analytics vendors, affiliate and advertising partners, regulatory or law enforcement authorities, and other service providers acting on our instructions, including some located outside Australia.

REFLECT: We specify categories of recipients, circumstances of disclosure, and safeguards to promote transparency and accountability.

Categories of Recipients

  • Technical and infrastructure service providers:
    • Website hosting, cloud infrastructure, content delivery networks (CDNs), and security providers involved in delivering the Website to you.
    • IT support and maintenance vendors who may a have limited, controlled access to data for troubleshooting purposes.
  • Analytics and performance measurement providers:
    • Third-party analytics platforms that measure traffic, engagement, and conversions.
    • These providers typically act as data processors and process data on our behalf according to contractual restrictions and data protection obligations.
  • Affiliate and advertising partners:
    • Third-party online casinos, betting sites, or intermediaries we link to, and the affiliate networks or tracking platforms that support these relationships.
    • We may share or receive identifiers or conversion events (e.g., a click, registration, or deposit) to calculate commissions and evaluate campaign performance, usually in pseudonymised or aggregated form.
    • Advertising networks or partners may deploy their own cookies or tracking technologies, subject to your consent where required.
  • Regulators, enforcement bodies, and legal advisors:
    • Competent authorities such as the ACMA or other regulatory, supervisory, or enforcement bodies, where we are legally required or permitted to do so.
    • Courts, arbitration bodies, and legal counsel in connection with the establishment, exercise, or defence of legal claims.
  • Corporate transactions:
    • In the event of a merger, acquisition, restructuring, or sale of all or part of the Website or its assets, data may be transferred to the acquiring or successor entity, subject to appropriate confidentiality and data protection commitments.

General Principles for Sharing

  • We only share data to the extent necessary for the relevant purpose, applying data minimisation wherever feasible.
  • Where third parties act as processors on our behalf, they are contractually bound to use the data only according to our documented instructions and to implement adequate security measures.
  • Where third parties act as independent controllers (e.g., external casinos, affiliate networks), their own privacy policies govern their use of data; we encourage you to review those documents carefully.

International Transfers

OBSERVE: The Website targets users in Australia but may rely on infrastructure and partners located in multiple jurisdictions.

EXPAND: Data may be transferred to or processed in countries whose privacy and data protection laws differ from those in your country of residence, including countries without an "equivalent" regime to the Australian Privacy Act or EU GDPR.

REFLECT: We outline typical destination regions and describe contractual and technical safeguards applied to such transfers, while recognising that some partners independently determine their safeguards.

Destinations and Safeguards

  • Possible destination countries/regions:
    • Member States of the European Economic Area (EEA) and the United Kingdom.
    • United States, Canada, and other countries where cloud, analytics, or advertising providers may operate data centres.
    • Additional offshore jurisdictions used by third-party affiliates or hosting services, which may include locations in Asia or the Caribbean.
  • Protection measures:
    • Whenever practicable, we select providers that implement robust security standards and, where relevant, align with recognised certifications such as ISO/IEC 27001 or SOC 2.
    • Where applicable and feasible, we incorporate data protection clauses modelled on standard contractual clauses or equivalent contractual commitments to ensure an adequate level of protection for personal data.
    • We implement technical safeguards such as encryption in transit (TLS 1.2+), access controls, and data minimisation to reduce risks associated with cross-border transfers.
  • Third-party responsibilities:
    • Some third-party gambling operators, affiliate networks, or advertising partners act as independent controllers and determine their own international transfer mechanisms.
    • You should review their respective privacy policies to understand where and how they transfer and protect your personal data.

Data Retention

OBSERVE: Darwin retains data for varying periods depending on the category of data and the purposes for which it is processed.

EXPAND: Retention must respect principles of necessity and proportionality, while acknowledging legal retention obligations and the need to preserve records for dispute resolution and security.

REFLECT: We provide indicative retention periods and the criteria used to determine them, though exact durations may vary depending on specific circumstances and applicable laws.

Retention Periods by Category

  • Contact and communication data:
    • Emails and correspondence with users are generally retained for up to 5 years from the date of the last interaction, to respond to follow-up queries, address complaints, and manage potential legal claims.
  • Technical logs and security data:
    • Server logs, security logs, and related technical data are typically retained for between 6 months and 3 years, depending on the nature of the log and security requirements.
  • Analytics and usage data:
    • Analytics records used for statistical purposes are kept in identifiable form only for as long as necessary to produce aggregated reports, generally no longer than 24 months after collection.
    • Thereafter, data may be stored only in aggregated or anonymised form, without the possibility of reidentifying individual users.
  • Cookie data:
    • Cookies stored on your device remain valid for the period specified in our cookie settings interface or within your browser (often from a few minutes to up to 24 months for persistent cookies), unless you manually delete them earlier.
  • Affiliate and marketing data:
    • Affiliate conversion and campaign data in identifiable or pseudonymised form is generally retained for up to 5 years to manage commercial agreements and verify payments.

Deletion Criteria

  • Data is deleted or irreversibly anonymised when:
    • The original purposes for which it was collected are fully satisfied and no longer applicable.
    • Applicable limitation periods for legal claims have expired.
    • You successfully exercise your right to erasure and we have no overriding legal or legitimate grounds to continue processing.

Your Rights

OBSERVE: Although Darwin primarily targets Australian users and is primarily governed by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), we strive to align our practices with internationally recognised data protection standards, including the EU General Data Protection Regulation (GDPR) and comparable principles from Mexican privacy laws (such as the Federal Law on Protection of Personal Data Held by Private Parties).

EXPAND: Accordingly, we provide a broad suite of rights to individuals in relation to their personal data, regardless of strict jurisdictional requirements, to the extent technically and legally feasible.

REFLECT: We explain each right, how to exercise it, timeframes for response, and any limitations, ensuring transparency and realistic expectations.

Overview of Rights

  • Right of access: You may request confirmation whether we process your personal data and obtain a copy of such data, together with information about its sources, purposes, and recipients.
  • Right to rectification (correction): You may request correction of inaccurate personal data and completion of incomplete data concerning you.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent and there is no other basis for processing, or where processing is unlawful, subject to retention obligations and legitimate interests.
  • Right to restriction of processing: You may request that we restrict processing of your data in specific circumstances (e.g., while we verify its accuracy or where you object to our legitimate-interest processing).
  • Right to object: You may object, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling. We will cease such processing unless we demonstrate compelling legitimate grounds or need the data for legal claims.
  • Right to data portability: To the extent applicable, you may request that we provide you with personal data you have provided to us in a structured, commonly used, and machine-readable format, or that we transmit it to another controller, where technically feasible.
  • Right to withdraw consent: Where processing is based on your consent (e.g., non-essential cookies, direct marketing), you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Marketing opt-out: You may object at any time to the use of your data for direct marketing, including profiling related to such marketing, and we will honour your request.

Procedures for Exercising Rights

  1. Submitting a request:
    • Send an email to [email protected] with the subject line "Privacy request - ".
    • Describe your request in sufficient detail (e.g., access, correction, deletion, restriction, objection, portability) and provide any information that will help us identify your records (such as the email address you used to contact us previously).
  2. Verification:
    • To protect your privacy, we may request additional information to verify your identity before fulfilling certain requests, particularly where disclosure or deletion of data is involved.
  3. Response timeframe:
    • We aim to respond to all valid requests within 30 days of receipt.
    • Where requests are complex or numerous, we may extend this period in accordance with applicable law, informing you of the reasons for delay.
  4. Fees:
    • We process rights requests free of charge. However, we may charge a reasonable fee or decline to act where requests are manifestly unfounded or excessive, for example, repetitive demands without legitimate purpose.
  5. Limitations:
    • Some rights may be limited where fulfilling your request would adversely affect the rights and freedoms of others, conflict with legal obligations, prevent us from defending legal claims, or impair ongoing security investigations.

Cookies & Tracking Technologies

OBSERVE: The Website uses cookies and similar technologies to ensure its proper functioning, improve performance, and support analytics and marketing activities.

EXPAND: Cookies may be set directly by Darwin (first-party cookies) or by third parties such as analytics providers and advertising partners. We distinguish between essential and non-essential categories.

REFLECT: We explain cookie types, purposes, and management options so that you can make informed choices about your online privacy.

Types of Cookies

  • Session cookies:
    • Temporary cookies that remain on your device only for the duration of your browsing session and are deleted when you close your browser.
    • Used primarily for basic site functionality and security.
  • Persistent cookies:
    • Cookies that remain on your device for a specified period or until you delete them.
    • Used for remembering preferences, analytics, and marketing attribution.
  • Third-party cookies:
    • Cookies set by domains other than darwin-au.com, such as analytics or advertising providers and affiliate networks.
    • These cookies may track your activity across multiple websites to build interest profiles and deliver targeted advertising, subject to your consent where required.

Cookie Purposes

  • Strictly necessary / functional:
    • Enable essential Website functions, such as page navigation, security features, and load balancing.
    • Without these cookies, the Website may not operate correctly.
  • Preferences:
    • Remember your language settings, cookie choices, or other preferences to provide a more personalised experience.
  • Analytics and performance:
    • Collect aggregated information on how visitors use the Website, which pages are visited most, and how users interact with content.
    • Used to improve the Website's usability, content, and structure.
  • Advertising and affiliate tracking:
    • Measure the performance of affiliate links and advertising campaigns (e.g., when you click a link to a third-party casino and later register or deposit).
    • Support interest-based advertising and remarketing by third parties, to the extent permitted by your consent settings.

Managing and Disabling Cookies

  • Browser settings:
    • You can configure your browser to block, delete, or notify you about cookies. Refer to your browser's help or settings for instructions.
  • Consent tools (where implemented):
    • The Website may provide a cookie banner or preference centre where you can accept or reject specific categories of cookies (e.g., analytics, advertising) and change your choices at any time.
  • Third-party opt-outs:
    • Some analytics and advertising providers offer their own opt-out mechanisms, which you may use in addition to our controls.
  • Impact of disabling cookies:
    • Blocking or deleting cookies may affect your ability to use certain features or may impact the performance and appearance of the Website, but essential content will generally remain accessible.

Data Security

OBSERVE: Protecting the confidentiality, integrity, and availability of personal data is a priority for Darwin.

EXPAND: While no online service can guarantee absolute security, we implement a combination of organisational, technical, and administrative measures proportionate to the nature and volume of data processed and the risks posed.

REFLECT: We describe our principal security practices and standards while avoiding disclosure of sensitive internal details that could compromise security.

Technical and Organisational Measures

  • Encryption:
    • Data transmitted between your browser and the Website is protected using industry-standard transport layer security (TLS 1.2 or higher), where supported by your device and browser.
    • Where feasible and appropriate, we encrypt data at rest within our systems or those of trusted service providers.
  • Access control and authentication:
    • Access to systems containing personal data is restricted to authorised personnel and service providers who require it for their duties.
    • We use authentication mechanisms and role-based access controls, and where appropriate may implement multi-factor authentication.
  • Infrastructure security:
    • We rely on reputable hosting providers that implement layered security measures (e.g., firewalls, intrusion detection, anti-DDoS protections).
    • Regular software maintenance and patching are conducted to minimise known vulnerabilities.
  • Policies, training, and awareness:
    • Personnel with access to personal data receive guidance on confidentiality obligations and basic security practices.
    • We maintain internal policies addressing acceptable use, incident response, and data handling.
  • Monitoring and incident response:
    • System and security logs are monitored for unusual activity.
    • In the event of a data breach affecting your personal data, we will assess the risk and, where required by applicable law, notify affected individuals and relevant authorities without undue delay.
  • International standards:
    • Some of our key infrastructure or service providers may hold recognised security certifications such as ISO/IEC 27001 or SOC 2. While Darwin itself is not currently certified under these standards, we seek to work with vendors that apply industry-standard security frameworks.

Complaints & Contacts

OBSERVE: Users need clear channels to raise questions or concerns regarding our handling of personal data.

EXPAND: Complaints can be addressed both internally (to us) and externally (to regulators or supervisory authorities), depending on the jurisdiction of the complainant and the nature of the issue.

REFLECT: We set out our internal complaint process and provide information about relevant authorities, including in Australia and, where applicable, in the EU or Mexico for individuals who may be protected by those regimes.

Internal Complaint Channels

  • Email contact:
    • All privacy-related questions, concerns, or complaints should be sent to [email protected].
  • Information to include:
    • Your name and contact email address.
    • A clear description of your concern, including relevant dates, interactions with the Website, and any supporting evidence.
  • Procedure and timelines:
    • We will acknowledge receipt of your complaint as soon as reasonably practicable.
    • We aim to investigate and respond substantively to complaints within 30 days of receipt.
    • Where a complaint is complex, we will keep you informed about progress and any expected delay.

Escalation to Supervisory Authorities

  • Australia:
    • If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
    • Website: https://www.oaic.gov.au
    • Contact details (including online forms and postal address) are available on the OAIC website.
  • European Union / EEA (where GDPR applies):
    • If you are located in the EU/EEA and believe that we process your personal data subject to the GDPR, you may lodge a complaint with your local data protection authority. Contact details for all EU supervisory authorities are available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • Mexico (where Mexican privacy laws apply):
    • Individuals protected under Mexican data protection regulations may lodge complaints with the Mexican data protection authority, the National Institute for Transparency, Access to Information and Personal Data Protection (INAI):
    • Website: https://www.inai.org.mx

Updates

OBSERVE: Legal requirements, industry standards, and our internal practices may evolve over time.

EXPAND: We may need to update this Privacy Policy to reflect changes in technology, our services, or applicable law, including developments in Australian privacy law and international regulations.

REFLECT: We describe how we will inform you about material changes, how version control works, and your options if you do not agree with updated terms.

Changes to This Privacy Policy

  • Version control:
    • This Privacy Policy is identified by the "Last updated" date below. Previous versions may be archived and made available upon reasonable request.
  • Notification methods:
    • We may notify you of significant changes by:
      • Posting a prominent banner or notice on the Website;
      • Updating the Privacy Policy link and date on relevant pages; and/or
      • Sending an email notification to users who have provided us with their email address and consented to receive such updates.
  • Advance notice for material changes:
    • Where changes materially affect your rights or how we use your personal data, we will, where reasonably practicable, provide at least 30 days' notice before the new terms take effect.
  • Your options:
    • If you disagree with the updated Privacy Policy, you should discontinue use of the Website and, where applicable, exercise your rights (such as erasure or restriction) in respect of the data we hold.
    • Continued use of the Website after the effective date of changes will constitute your acknowledgement of the updated policy to the extent permitted by law.

Last updated: January 2026