Data Protection & Privacy Rights

Last updated: 14 August 2025

This page covers data protection rights for Australian residents and international users, including GDPR compliance for EU visitors.

1. Australian Privacy Rights

As an Australian-based service, we primarily operate under the Australian Privacy Act 1988. Australian residents have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete data
• Complaint: Lodge complaints about our privacy practices
• Opt-out: Withdraw consent for direct marketing
• Deletion: Request deletion of your personal information (subject to legal requirements)

2. European Union - GDPR Rights

For EU residents visiting our service, we comply with the General Data Protection Regulation (GDPR). You have enhanced rights including:

• Right to Access (Article 15): Obtain confirmation of processing and copies of your personal data
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): "Right to be forgotten" - request deletion of your data
• Right to Restrict Processing (Article 18): Limit how we process your data
• Right to Data Portability (Article 20): Receive your data in a structured format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Rights Related to Automated Decision-making (Article 22): Protection against automated profiling

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent (GDPR Art. 6(1)(a)): Marketing communications, optional features
• Contract (GDPR Art. 6(1)(b)): Providing gaming services, account management
• Legal Obligation (GDPR Art. 6(1)(c)): Age verification, regulatory compliance
• Legitimate Interest (GDPR Art. 6(1)(f)): Security, fraud prevention, service improvement
• Australian Privacy Principles: Compliance with Australian privacy law requirements

4. Data Retention Periods

We retain personal data for specific periods based on purpose and legal requirements:

• Account Data: Active accounts plus 3 years after closure
• Gaming Records: 7 years (Australian regulatory requirements)
• Financial Records: 7 years (Australian business law)
• Marketing Data: Until consent withdrawn or 2 years of inactivity
• Security Logs: 12 months for incident investigation
• Age Verification: Deleted immediately after verification (proof of verification retained)

5. International Data Transfers

Your data may be transferred internationally under these safeguards:

• Adequacy Decisions: Countries deemed adequate by Australian or EU authorities
• Standard Contractual Clauses: EU-approved contractual protection
• Australian Privacy Principles: Cross-border disclosure protections
• Your Consent: Explicit consent for specific transfers

6. Automated Decision-Making & Profiling

We use limited automated processing for:

• Fraud Detection: Automated systems to detect suspicious activity
• Game Personalisation: Suggesting games based on preferences (opt-out available)
• Age Verification: Automated verification of identity documents

EU residents have the right not to be subject to significant automated decision-making.

7. Data Protection Officer

Contact our Data Protection Officer for privacy-related inquiries:

• Email: dpo@outbackfortune.com
• Australian Privacy Officer: privacy@outbackfortune.com
• EU Representative: eu-representative@outbackfortune.com

8. Exercising Your Rights

To exercise your privacy rights:

1. Submit Request: Contact us via privacy@outbackfortune.com
2. Identity Verification: We may request identity verification for security
3. Response Timeline: 30 days (Australian law) or 1 month (GDPR)
4. No Cost: Requests are generally free (fees may apply for excessive requests)

9. Complaint Procedures

Australian Residents:

1. Contact our Privacy Officer: privacy@outbackfortune.com
2. If unresolved, contact the Office of the Australian Information Commissioner (OAIC):
   • Website: oaic.gov.au
   • Phone: 1300 363 992
   • Email: enquiries@oaic.gov.au

EU Residents:

1. Contact our Data Protection Officer: dpo@outbackfortune.com
2. Contact your local Data Protection Authority:
   • List available at: edpb.europa.eu

10. Children's Data Protection

We do not knowingly collect data from individuals under 18. If we discover such collection:

• Data will be deleted immediately
• Parents/guardians will be notified if identifiable
• Account access will be permanently blocked
• We will review our age verification processes

11. Breach Notification

In case of data breaches affecting your rights:

• Authority Notification: OAIC/EU authorities within 72 hours
• Individual Notification: Affected users notified without undue delay
• Information Provided: Nature of breach, likely consequences, mitigation measures
• Support Offered: Free credit monitoring if applicable

12. Regular Policy Reviews

We review and update our privacy practices:

• Annual comprehensive privacy impact assessments
• Quarterly policy reviews for regulatory changes
• Regular staff training on privacy requirements
• Ongoing monitoring of international privacy developments

13. Contact Information

Australian Privacy Officer: privacy@outbackfortune.com
EU Data Protection Officer: dpo@outbackfortune.com
General Support: support@outbackfortune.com