Privacy Policy

This Privacy Policy explains how Crown Melbourne, operated via the website crownmelbourne-au.com, collects, uses, discloses, and protects personal information of website visitors and users who interact with our content and services. It applies to all individuals who access or use https://crownmelbourne-au.com from within Australia or elsewhere. By using this website, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is effective and applies to processing activities carried out from 1 January 2026 onwards and reflects our practices as at that date.

Who We Are

For the purposes of this Privacy Policy, references to "we", "us", or "our" mean the operator of the informational website crownmelbourne-au.com under the project name Crown Melbourne. This website is an independent review and information resource about Crown Melbourne and related gambling topics and is not the official website of Crown Melbourne Limited or Crown Resorts.

To align with Australian privacy expectations and transparency standards, we identify the following organisational details:

Trading/Project name: Crown Melbourne
Primary online presence: https://crownmelbourne-au.com
Operator company (reference entity for gambling content context only): Crown Melbourne Limited, holder of the Victorian Casino Licence issued by the Victorian Gambling and Casino Control Commission (VGCCC), jurisdiction: State of Victoria, Australia. Our website is not owned or controlled by Crown Melbourne Limited but provides information about its operations and regulatory environment.
Physical reference address (casino location for contextual purposes): 8 Whiteman St, Southbank VIC 3006, Australia, 3006.

All privacy-related queries regarding this website should be directed to our data protection contact:

Data Protection Contact / Data Protection Officer (DPO): Privacy Desk, Crown Melbourne
E-mail: [email protected] (primary and preferred channel)

We primarily operate in and target users in Australia, with an emphasis on Victorian gambling regulation and responsible gambling resources.

What Personal Data We Collect

We apply the principle of data minimisation and collect only what is reasonably necessary for operating, securing, and improving crownmelbourne-au.com. Depending on how you interact with the website, we may collect the following categories of personal and technical data:

Identity and Contact Data

Basic identifiers: first name and last name, if you voluntarily provide them (for example, through feedback or contact forms, newsletter sign-up forms, or correspondence).
Contact details: e-mail address (including [email protected] as our contact address, and any sender addresses you use to contact us), and any telephone number you voluntarily provide.

Technical and Usage Data

Device and connection data: IP address, approximate geolocation inferred from IP (country/region), browser type and version, operating system, device type, screen resolution, language settings.
Log and interaction data: pages viewed, time and date of visits, time spent on pages, referring/exit pages, click-stream data, and standard web server logs.
Security and diagnostic data: information related to error logs, security events, suspected malicious activity, and system performance to detect abuse or technical issues.

Behavioural and Preference Data

Browsing behaviour: navigation paths, clicked links (including outbound links to third-party resources such as VGCCC, Royal Commission documents, Office of the Special Manager, responsible gambling resources and other referenced sites).
Engagement metrics: scroll depth, frequency of visits, opened sections, and interaction with on-site tools (for example, rating features or feedback widgets when available).
Marketing preferences: if we offer newsletters or marketing communications and you subscribe, we may store your subscription status, language preferences, and opt-in/opt-out history.

Payment and Financial Data

Currently, crownmelbourne-au.com does not process direct payments, conduct wagering, or handle player accounts. We therefore do not intentionally collect payment card numbers, bank details, or direct betting transaction records from you. However:

Our analytics and advertising partners may receive aggregated or pseudonymised data associated with conversions or referrals (for example, when you click through to third-party gambling operators) without us storing full financial details.
Any financial transactions you perform with third-party operators (such as Crown Melbourne Limited or other gambling providers) are subject to those parties' own privacy and AML/KYC policies, not this Privacy Policy.

Cookies and Similar Technologies

Cookies: small text files stored on your device to support essential functions, remember preferences, and measure audience engagement.
Tracking pixels and scripts: for analytics and, where used, advertising performance measurement.
Identifiers: online identifiers (such as cookie IDs or device IDs) used by us or authorised third parties for analytics and, with your consent where required, marketing purposes.

More detailed information is provided in the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

Our processing of personal information in connection with crownmelbourne-au.com is grounded in the following legal bases, reflecting principles consistent with the Australian Privacy Act 1988 (Cth) and, where relevant, international best practices such as the EU General Data Protection Regulation (GDPR):

Consent

We rely on your explicit or implied consent for:
- Optional activities such as subscribing to newsletters or marketing communications.
- Non-essential cookies and tracking technologies used for targeted advertising or advanced analytics, where consent banners or settings are presented.
- Processing any additional information you choose to share in free-text contact or feedback forms.
You may withdraw your consent at any time as outlined in the "Your Rights" section.

Performance of a Contract or Taking Steps at Your Request

Where we enter into or prepare to enter into an arrangement with you (for example, providing you with requested information, responding to a query, or delivering a subscribed newsletter), we may process your:
- Contact data to send the requested content.
- Basic usage data to ensure delivery and troubleshooting.

Legitimate Interests

We process certain data because it is necessary for our legitimate business interests, balanced against your privacy expectations and rights. These interests include:

Operating and securing the website: maintaining functionality, detecting fraud, abuse, or technical issues, preventing unauthorised access, and protecting our infrastructure.
Analytics and service improvement: understanding how users interact with crownmelbourne-au.com to improve content, navigation, and user experience.
Non-intrusive marketing and promotion: promoting our content and services (e.g., casino reviews, regulatory information) in a manner consistent with applicable laws and opt-out mechanisms.

Compliance with Legal Obligations

We may process and retain data where required by applicable laws and regulations, for example:
- Obligations under Australian consumer and electronic communications law.
- Responding to valid requests from authorities, including gambling regulators (e.g. VGCCC), or other oversight bodies such as the Office of the Special Manager for Crown Melbourne, where our data is relevant.
- Record-keeping, dispute handling, and enforcement of our legal rights.

Purpose of Processing

We use personal and technical data in a structured and proportionate manner to achieve the following purposes:

Provision and Operation of Website and Services

To make the website crownmelbourne-au.com available, including:
- Delivering content such as reviews, regulatory reports, and responsible gambling resources related to Crown Melbourne and the Victorian market.
- Providing contact channels and responding to your enquiries sent to [email protected].
- Operating any user-facing tools such as comment sections, feedback forms, or subscription services, when implemented.

Improvement, Analytics, and Research

To analyse usage trends and website performance:
- Understanding aggregated user behaviour across pages and sections.
- Measuring effectiveness of content, such as regulatory guides or casino reviews.
- Diagnosing technical issues and optimising loading times and usability.
To conduct internal research and statistical analysis on how gambling-related information is consumed (for example, interest in responsible gambling tools or regulatory updates).

Marketing and Communications

To send you:
- Newsletters or informational updates about Australian gambling regulations, Crown Melbourne developments, or new guides, where you have opted in.
- Promotional or affiliate offers relating to licensed gambling operators in Australia, in a manner compliant with advertising standards and only where legally permitted.
To personalise content or recommendations on the website, using cookies or similar technologies (subject to your preferences).

Fraud Prevention, Security and Legal Protection

To prevent misuse of our website, including:
- Identifying suspicious IP addresses or patterns indicating automated bots or attacks.
- Investigating violations of our terms, or suspected fraudulent or abusive behaviour.
To establish, exercise, or defend legal claims, including cooperation with regulators or oversight bodies where our data or content is relevant (for example, when referencing VGCCC, Royal Commission findings, or other oversight reports).

Disclosure & Sharing

We treat personal information as confidential and limit disclosure to what is necessary and lawful. We do not sell your personal data. We may disclose or share your information with the following categories of recipients:

Service Providers and Technical Partners

Hosting and infrastructure providers: companies that provide servers, content delivery networks, and related infrastructure that enable crownmelbourne-au.com to function.
Analytics providers: third-party analytics services that help us understand usage patterns (for example, page views, traffic sources) in aggregated or pseudonymised form.
IT, security and maintenance partners: external experts or vendors who assist with technical support, troubleshooting, security monitoring, or auditing.

Payment and Affiliate Partners

We may cooperate with:
- Affiliate networks and advertising partners that track when you click on links from our site to third-party operators and may receive limited data such as your IP address, general location, timestamp, and the fact that a click originated from crownmelbourne-au.com.
We do not receive or store your full payment card details or banking credentials. Any such data disclosed to third-party gambling operators or payment processors is governed by their own privacy policies.

Regulators, Authorities and Legal Counterparties

We may disclose personal data when required or permitted by law to:
- Australian regulatory and supervisory authorities, including the Victorian Gambling and Casino Control Commission (VGCCC) and relevant oversight bodies (for example, Office of the Special Manager for Crown Melbourne) if our data is specifically requested and relevant to an investigation or compliance matter.
- Law enforcement, courts, or governmental bodies to comply with legal obligations, respond to valid legal processes, or protect our rights, property, or safety, or those of others.

Affiliates and Business Transfers

If the ownership or control of Crown Melbourne or its assets changes (for example, through a merger, acquisition, or restructuring), limited personal data may be transferred to the new controlling entity, subject to privacy safeguards consistent with this Policy.

Advertising and Third-Party Content

Where we embed third-party content or code (for example, analytics tags, advertising scripts, social media widgets), those third parties may collect data directly from your device, subject to their own privacy policies.
We will only permit such access where:
- it is necessary for operating or improving the website, and/or
- you have provided consent for non-essential marketing/analytics cookies, where applicable.

International Transfers

Although Crown Melbourne focuses on the Australian market and Crown Melbourne, our technical infrastructure and service providers may be located in, or process data from, multiple jurisdictions outside Australia.

Possible destinations: Data may be processed or stored in:
- Australia;
- Member States of the European Economic Area (EEA);
- United States of America and other countries where common cloud and analytics providers operate data centres.
Safeguards: Where personal data is transferred outside of your country or region, we take steps consistent with international best practice, including:
- Using reputable service providers that implement robust security measures.
- Where applicable under foreign laws such as GDPR, reliance on Standard Contractual Clauses or similar contractual mechanisms approved by regulators to provide adequate protection.
- Ensuring that access is limited to what is strictly necessary for providing services to us.
Australian context: By using this site, you understand that your data may be transferred or accessed internationally, including by third parties who assist us in delivering and improving crownmelbourne-au.com, and you consent to such transfers where required.

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by applicable laws. Retention periods may vary depending on the type of data and context of collection.

Indicative Retention Periods

Contact and identity data: up to 5 years after our last meaningful interaction with you (for example, last email correspondence or last login/interaction with a subscriber account), unless a shorter or longer retention period is required or permitted by law.
Technical and log data: typically between 6 months and 2 years, depending on the nature of the logs and security or diagnostic needs.
Marketing and subscription data: for the duration of your subscription and up to 2 years after you unsubscribe or we cease sending communications, in order to demonstrate compliance with opt-out requests and marketing laws.
Analytics data: may be stored in aggregated or pseudonymised form for longer periods, where it no longer identifies you directly.

Deletion Criteria

Data is deleted or irreversibly anonymised when:
- The retention period has expired;
- The data is no longer needed for the purpose for which it was collected;
- You request deletion and there is no overriding legal basis or obligation to retain it.
Where we are legally required to keep certain records (for example, in relation to complaint handling or regulatory correspondence), we will retain only what is necessary and restrict access accordingly.

Your Rights

We support privacy rights consistent with leading data protection frameworks, including the Australian Privacy Act and, by alignment, key principles of the EU GDPR. While this site targets Australia, we endeavour to respect the following rights for all users, subject to legal limitations:

Right of Access

You may request confirmation of whether we process personal data about you and obtain a copy of such data, together with certain information about how it is used and disclosed.

Right to Rectification

You may request correction of inaccurate personal data and completion of incomplete data that we hold about you.

Right to Erasure ("Right to be Forgotten")

You may request that we delete your personal data where:
- It is no longer necessary for the purposes for which it was collected;
- You withdraw consent (where processing was based on consent) and there is no other legal ground;
- You legitimately object to processing and there are no overriding legitimate grounds.
We may retain certain data where retention is required by law or necessary to establish, exercise or defend legal claims.

Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to our use of it. During restriction, we will store the data but generally not use it further.

Right to Object

You may object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling for analytics or marketing, where such rights are recognised under applicable law.
You always have the right to object to direct marketing, including profiling related to direct marketing, and we will respect your choice.

Right to Data Portability

Where technically feasible and required by law (for example, under GDPR), you may request a copy of certain personal data in a structured, commonly used and machine-readable format, and ask us to transmit it to another controller, where the processing is based on consent or contract and carried out by automated means.

Right to Withdraw Consent

Where we rely on your consent for processing (for example, marketing e-mails or non-essential cookies), you may withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

Procedure, Timeframes and Cost

How to exercise rights: Send a clear request to [email protected], specifying:
- The right you wish to exercise;
- Any relevant context (for example, date of contact, subscription email address).
Verification: To protect your privacy, we may need to verify your identity before fulfilling a request, for example by confirming your control over a specific email address.
Response time: We aim to respond within 30 days of receiving your request. If the request is complex or numerous, we may extend this by a further reasonable period, in which case we will inform you.
Fees: We generally handle requests free of charge. We may charge a reasonable fee or decline to act on requests that are manifestly unfounded or excessive, consistent with applicable law.

Cookies & Tracking Technologies

We use cookies and similar technologies on crownmelbourne-au.com to ensure the site functions correctly, to understand how it is used, and, where applicable, to support advertising or affiliate activities.

Types of Cookies

Session cookies: Temporary cookies that remain on your device only while your browser is open. They are used to manage page navigation, load balancing, and basic interactions.
Persistent cookies: Cookies that remain stored for a defined period or until you delete them. They help us remember your preferences (such as cookie choices or language) and collect long-term analytics.
First-party cookies: Placed directly by crownmelbourne-au.com to support core functionality and first-party analytics.
Third-party cookies: Set by external providers (for example, analytics services, affiliate platforms, or advertising networks) to measure performance, attribute referrals, or deliver contextual advertising.

Purposes

Strictly necessary / functional: Enabling you to browse the site, access secure areas (if any), and store your cookie settings.
Analytics and performance: Gathering information about how visitors use the website, which pages are most visited, and whether errors occur, to improve our services.
Advertising and affiliation: Measuring the effectiveness of outbound links to third-party gambling operators, tracking conversions for affiliate programmes, and, where applicable, tailoring content or ads (subject to your consent where required).

Managing Cookies

You can manage or disable cookies:
- Through your browser settings (for example, blocking cookies, deleting existing cookies, or setting alerts when cookies are stored).
- Through any on-site cookie banner or preference panel provided by us, where you can adjust non-essential cookie categories.
Disabling certain cookies may affect the functionality or performance of the website but should not prevent basic access.

Data Security

We implement technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. While no system is completely secure, we apply industry-aligned safeguards appropriate to the nature of the data and risks.

Technical Measures

Encryption in transit: Data exchanged between your browser and crownmelbourne-au.com is protected using TLS 1.2+ (HTTPS) where supported.
Encryption at rest (where applicable): We use hosting providers and storage solutions that support encryption of stored data or employ logical separation and access controls to minimise exposure.
Access controls: Administrative access to systems and data is restricted on a need-to-know basis, with authentication mechanisms such as strong passwords and, where feasible, multi-factor authentication (MFA).
Network and application security: Use of firewalls, security patches, and monitoring tools to detect potential intrusion, misuse, or unusual traffic patterns.

Organisational Measures

Policies and training: Internal policies on data handling, confidentiality, and incident reporting, accompanied by awareness activities for staff and contractors with access to systems.
Vendor due diligence: Selection of third-party service providers that demonstrate appropriate security and privacy practices.
Incident response: Procedures to detect, assess, and mitigate security incidents, including obligations (where applicable) to notify affected individuals and/or regulators.

We aim to align our security posture with internationally recognised standards (such as ISO 27001 or SOC 2) through our choice of infrastructure providers and internal controls, even if we do not publicly certify against these standards ourselves.

Complaints & Contacts

If you have any questions, concerns, or complaints about how we handle your personal information, or if you wish to exercise any of your privacy rights, you can contact us using the following details:

Primary Contact Channels

E-mail (preferred): [email protected]
Website: https://crownmelbourne-au.com (where online feedback or contact forms are provided, if implemented, you may use them as an alternative channel).

Internal Complaint Procedure

Submission: Send your complaint or query to [email protected] with a clear description of the issue and any supporting information.
Acknowledgement: We will acknowledge receipt of your complaint within 7 business days, where possible.
Investigation: Our Data Protection contact will review your complaint, gather relevant information, and assess whether any corrective action is required.
Response: We aim to provide a substantive response or outcome within 30 days of receiving your complaint. If more time is needed due to complexity, we will notify you and keep you updated.
Resolution: Where appropriate, we will implement measures to correct data, adjust processing, or improve our policies and practices.

Escalation to Supervisory Authorities

If you are not satisfied with our response, you may have the right to raise your concerns with a competent privacy or data protection authority in your jurisdiction. For users in Australia, you may contact:

Office of the Australian Information Commissioner (OAIC)
Website: https://www.oaic.gov.au
Phone (within Australia): 1300 363 992

Depending on your location, you may also have the right to complain to other relevant supervisory authorities, such as EU data protection authorities, if EU data protection law applies to you. Contact details for EU supervisory authorities are available via the European Data Protection Board (EDPB) website.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or how we operate crownmelbourne-au.com and the Crown Melbourne project.

Notification of Changes

Minor updates: For non-material changes (for example, clarifications or formatting improvements), we will post the updated version on this page with a revised "Last updated" date.
Material changes: For significant changes affecting how we process your data or your rights:
- We will provide additional notice, which may include:
  - Prominent banners or notices on the website;
  - E-mail notifications to users who have provided contact details (for example, newsletter subscribers);
  - Messages or alerts in any user dashboard or account area we may offer in future.
- Where practicable, we will provide such notice at least 30 days before the change takes effect.

User Options on Updates

If you do not agree with changes to this Privacy Policy, you should discontinue using crownmelbourne-au.com and, where applicable, unsubscribe from our communications or request deletion of your data.
Continued use of the website after the effective date of changes will constitute your acknowledgement of the updated Privacy Policy, to the extent permitted by law.

Last updated: January 2026