Privacy Policy

This Privacy Policy explains how Red Stag at redstag-au.com ("we", "us", "our") collects, uses, stores and discloses personal information of users in connection with our informational and review services relating to the Red Stag brand. It applies to website visitors, readers of our reviews, individuals who contact us via email, and any person whose data is processed through this site. This Privacy Policy is effective as of 1 January 2026 and supersedes any earlier versions published on this domain.

Who We Are

OBSERVE: The site Red Stag operates as an independent review and information website about online gambling services targeting Australian users. It is not the gambling operator itself. The operational and corporate data available relates primarily to Deckmedia N.V., the company historically associated with the Red Stag brand.

EXPAND: To ensure transparency, we must clearly distinguish between (i) our role as a content/review publisher on redstag-au.com, and (ii) Deckmedia N.V. as the offshore gambling operator located in Curaçao, which is not licensed in Australia and is the subject of Australian Communications and Media Authority (ACMA) blocking actions. We therefore identify each entity distinctly, clarify responsibility for personal data, and provide contact details for privacy queries.

REFLECT: Based on the available information, we define the controller for data processed via redstag-au.com as the site operator (not Deckmedia N.V.) and set out a dedicated privacy contact.

Site Operator (Data Controller for redstag-au.com)

For the purposes of this Privacy Policy and the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the data controller for personal information collected through redstag-au.com is:

Trading name: Red Stag
Domain: https://redstag-au.com
Legal form / jurisdiction: Independent online information and review service (exact corporate registration details not publicly disclosed on this site; operated from outside Australia for an international audience including Australian readers).

Any reference on this site to "Red Stag" relates to the online gambling brand reviewed and does not imply ownership or operation of that casino by Red Stag.

Gambling Operator (Not Our Entity)

Red Stag Casino is historically associated with the offshore operator:

Operator company: Deckmedia N.V.
Legal entity type: Private limited liability company
Operator jurisdiction: Curaçao
Registered / legal address: E-Zone Vredenberg, Curaçao
Game licence: Claimed Curacao eGaming licence (historical claim; no active or verifiable public seal identified as of mid-2024; status unverified by us).

Deckmedia N.V. is solely responsible for data processing occurring directly on its own domains, such as redstagcasino.eu. We do not control, operate, or manage those sites and this Privacy Policy does not apply to them.

Data Protection Contact

All questions, requests, or complaints about privacy in relation to Red Stag may be directed to:

Privacy contact person: Data Protection Officer (DPO) - Red Stag
Email: [email protected] (primary and critical contact)

If you contact us, please indicate that your query relates to the "Privacy Policy - Red Stag" to support efficient handling.

What Personal Data We Collect

OBSERVE: Red Stag primarily processes data about visitors to an informational website. We do not provide gambling services ourselves and do not require identity verification (KYC) on this site. Data categories therefore focus on contact, technical, and behavioural analytics data, plus any data you voluntarily provide.

EXPAND: To comply with the Australian Privacy Principles and international best practice, we must specify the categories of personal information collected, the circumstances of collection (automatic vs. manual), and whether the information is reasonably identifiable. Although we do not knowingly target children, our content is gambling-related and intended for adults aged 18+; we therefore discourage minors from using the site.

REFLECT: We group the collected information into categories and explain typical sources of collection.

Personal Identification and Contact Data

Basic identifiers: Name, alias, or username if you choose to provide them when you contact us.
Contact details: Email address (e.g., when you write to [email protected]), and any telephone number or social media handle you voluntarily disclose.
Content of communications: Information contained in your emails or messages, including queries, complaints, or feedback, and any attachments you send.

Technical and Usage Data

Device and connection data: IP address, browser type and version, operating system, device model, language settings, approximate geolocation inferred from IP (country or region level), and referral URLs.
Server logs: Date and time of visits, pages viewed, HTTP status codes, and other standard web log information for security, diagnostics, and analytics.

Behavioural and Interaction Data

On-site behaviour: Pages visited, time spent, scroll depth, clicks on internal links, and interaction with navigation elements.
Outbound click data: Clicks on outbound links, including links directing to third-party gambling sites such as Red Stag Casino, Fair Go, Uptown Aces, Miami Club, or Sloto'Cash, if tracked through analytics tools.

Payment and Financial Data

We do not provide gambling services or process player wagers on redstag-au.com. We therefore do not request or store payment card details or bank account numbers for playing casino games.

Limited financial data: Only where you enter into a direct commercial arrangement with us (for example, advertising or affiliate cooperation) might we process invoicing details, business payment information, and transaction records. Such relationships are generally business-to-business rather than consumer-focused.

Cookies and Similar Technologies

Cookies: Small text files placed on your device to recognise your browser, remember preferences, and measure website performance.
Pixel tags / web beacons: Small code snippets used to track interactions (e.g., whether a link was clicked, or a page was viewed).
Analytics scripts: Third-party code (for example, Google Analytics or similar services) used to gather aggregated traffic and usage statistics.

Where cookies or similar technologies can identify you or your device, they may constitute personal information and are treated accordingly under this Policy.

Legal Basis for Processing

OBSERVE: As an international-facing website accessible in Australia and beyond, we align our legal bases with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles, and broadly with the legal concepts found in the EU General Data Protection Regulation (GDPR) to support users from the EEA. Although Mexican law references in the brief do not directly apply to our AU-focused site, we adopt compatible transparency and user-rights standards where relevant.

EXPAND: We rely on a combination of consent, necessity for the performance of requested services, legitimate interests, and legal obligations. Users must be able to understand when each basis applies and what choices they have. We therefore break down our processing by legal justification.

REFLECT: This multi-basis approach allows flexible yet accountable processing while honouring users' expectations and regulatory requirements.

User Consent

Marketing communications: If we ever offer newsletters or promotional emails, we will only send them where you have actively opted in. You may withdraw consent at any time using the unsubscribe link or by contacting us.
Non-essential cookies and tracking: Where required by applicable law, we will seek your consent for analytics or advertising cookies that are not strictly necessary for the functioning of the site.

Performance of a Contract or Requested Service

Responding to enquiries: When you email [email protected] or otherwise request information from us, we process your contact details and message content as necessary to respond and provide the requested assistance.
Business relationships: Where we enter into an agreement with partners, affiliates, or advertisers, we process relevant business contact and billing information to perform that agreement.

Legitimate Interests

Site operation and improvement: We process technical, usage, and behavioural data to operate our website, troubleshoot issues, optimise content (including Red Stag related reviews), and understand user preferences.
Security and fraud prevention: We log IP addresses and access patterns to detect and mitigate abuse, unauthorised access attempts, or malicious activities.
Statistics and analytics: Aggregated usage metrics help us refine our editorial strategy and evaluate the performance of links and content.

Where we rely on legitimate interests, we assess that our interests are not overridden by your privacy rights and expectations and provide opt-out options where appropriate.

Compliance with Legal Obligations

Record-keeping: Basic records of communications and transactions may be retained to comply with accounting, tax, or regulatory requirements under applicable laws in our operating jurisdiction.
Cooperation with authorities: We may process and disclose information when required by law or in response to lawful requests from competent authorities, including in Australia (for example, ACMA, OAIC) or other relevant jurisdictions.

Purpose of Processing

OBSERVE: Red Stag focuses on content and referral-based services, so the core purposes involve providing information, maintaining website functionality, performing analytics, and managing limited marketing and partner relationships.

EXPAND: To ensure legal clarity, we articulate each purpose, link it to the categories of data processed, and indicate whether it is optional or essential. We particularly highlight that we are not the gambling operator and do not process player account or betting data except as aggregated behavioural analytics relating to clicks and referrals.

REFLECT: Users can then make informed decisions about interacting with our site and exercising their rights.

Service Provision and Site Operation

Content delivery: To display pages, articles, and reviews about Red Stag and related brands to your device.
User support: To respond to questions or feedback you send to [email protected] and to handle complaints regarding our content.
Technical functionality: To enable core functions such as page navigation, language settings, and basic security features.

Improvement and Optimisation

Analytics and performance measurement: To understand how visitors use our site, which pages are most popular, and how users interact with reviews and outbound links.
Content development: To analyse trends in user interest (for example, demand for AU-specific information about offshore operators blocked by ACMA) and adjust our editorial focus accordingly.

Marketing and Communication

Direct communications: To send you updates or promotional messages about our site or related services, if you have expressly subscribed.
Affiliate and advertising performance: To track aggregate click-through and conversion performance of affiliate links, where permissible, so we can manage our commercial relationships.

Fraud Prevention, Security, and Legal Compliance

Security monitoring: To protect the site, investigate suspicious activities, and prevent misuse (including automated scraping, DDoS attempts, or spam).
Legal and regulatory obligations: To retain and, where necessary, disclose certain information to comply with applicable laws, enforce our legal rights, and cooperate with regulatory authorities.

Disclosure & Sharing

OBSERVE: As a review site, Red Stag may share limited personal information (mainly technical and analytics data) with service providers and partners. We do not sell your personal information as that term is commonly understood, but we may participate in affiliate programs and analytics arrangements.

EXPAND: To meet compliance expectations, we specify each category of recipient, the types of data shared, and the circumstances under which sharing occurs. We also clarify that outbound links to Deckmedia N.V. brands (such as Red Stag Casino) leave our control.

REFLECT: This enables users to understand who might access their data and under what safeguards.

Service Providers (Processors)

Hosting and infrastructure providers: Companies that host our servers, databases, and related infrastructure may process your IP address, log data, and stored communications on our behalf.
Analytics providers: Third-party analytics services process usage and performance data to generate aggregated statistics.
IT and security providers: Technical experts or tools may access log data and system configurations for maintenance, security monitoring, and backup.

Affiliate and Advertising Partners

Affiliate networks / operators: When you click through to third-party gambling sites (such as Red Stag Casino at redstagcasino.eu or related Deckmedia N.V. brands), tracking parameters may be appended to the URL or stored in cookies for attribution. These third parties act as independent controllers of any data they collect on their own domains.
Advertising networks: If used, these may receive pseudonymous identifiers, cookie data, and limited device information to display or measure advertising. Where required, we will obtain your prior consent.

Regulators, Authorities, and Legal Recipients

Regulatory and enforcement bodies: We may disclose information to regulators or law enforcement agencies (for example, ACMA or the Office of the Australian Information Commissioner (OAIC) in Australia, or analogous bodies in other jurisdictions) where required by law.
Legal advisers and courts: We may share necessary information with lawyers, auditors, or courts in connection with legal claims, audits, or compliance reviews.

Corporate Transactions

Business transfers: In the event of a merger, acquisition, sale of assets, or similar transaction involving Red Stag, personal information held by us may be transferred to the acquiring entity, subject to continuing protection substantially in line with this Policy.

Third-Party Sites

When you access third-party websites, including Red Stag Casino or other Deckmedia N.V. brands, those sites' own privacy policies and practices apply. We do not control their data handling and are not responsible for their compliance with Australian or other laws.

International Transfers

OBSERVE: Our site targets users in Australia but is operated from infrastructure that may be located in various countries. Some processing or storage of data, as well as access by service providers, may therefore occur outside Australia, including in the European Union, the United States, and Curaçao.

EXPAND: Under Australian law and widely accepted privacy norms, we must take reasonable steps to ensure that overseas recipients do not breach the Australian Privacy Principles in relation to your personal information, or that equivalent safeguards are implemented. For EEA users, we also reference GDPR-style transfer safeguards (such as Standard Contractual Clauses) where applicable.

REFLECT: We define where data may go, the types of safeguards used, and how users are protected.

Potential Destinations

Australia: Access by users and, potentially, certain service providers or partners operating in or for the AU market.
European Union / EEA: Analytics, hosting, or content delivery partners may process data in EU/EEA data centres.
United States and other jurisdictions: Some third-party service providers, including analytics and advertising networks, may store or access data from the US or other locations worldwide.
Curaçao: While Deckmedia N.V. (Red Stag Casino's operator) is based in Curaçao, your personal data is only processed there by that operator if you interact directly with its websites, not simply by visiting redstag-au.com.

Safeguards

Contractual protections: We use written agreements with service providers that include confidentiality obligations and data protection requirements. For EU-related transfers, we may rely on Standard Contractual Clauses or equivalent measures where appropriate.
Access controls: Access to personal information is restricted to staff and contractors with a legitimate business need and subject to confidentiality undertakings.
Risk assessment: We assess privacy and security risks related to overseas transfers and take reasonable steps to mitigate them, consistent with the Australian Privacy Principles and international best practice.

Data Retention

OBSERVE: To comply with good governance and privacy principles, personal information should not be kept longer than necessary for the purposes for which it was collected. Different categories of data require different retention periods.

EXPAND: We specify indicative timeframes for core data types. These are subject to extension to meet legal obligations (for example, tax requirements) or to resolve ongoing disputes. Given that this site primarily collects limited personal data, retention periods are generally conservative.

REFLECT: Clear retention rules improve transparency and support users' rights to deletion and objection.

Retention Periods by Category

Contact and correspondence data: Emails and related contact information are typically retained for up to 3 years after the last interaction, unless a longer period is necessary for dispute resolution, legal compliance, or documentation purposes.
Technical and log data: Server logs and security-related records are generally kept for 6 to 24 months, depending on the sensitivity and need for security monitoring.
Analytics data: Aggregated analytics information is often stored in a de-identified form. Where identifiers are retained, they are kept no longer than 26 months, or as configured with our analytics provider.
Business partner data: Records relating to commercial relationships (e.g., affiliate or advertising partners) may be held for up to 7 years from the end of the financial year to which they relate, to comply with accounting and tax requirements.

Deletion Criteria

Purpose completion: Data is deleted or irreversibly anonymised once it is no longer reasonably required for the purposes for which it was collected.
User request: Where you exercise your right to deletion (subject to legal limitations), we will erase or de-identify your personal information.
Legal or regulatory limitations: Some data may be retained despite a deletion request where we are legally required to keep it or where we need it to establish, exercise, or defend legal claims.

Your Rights

OBSERVE: While our primary legal frame is the Australian Privacy Act 1988 (Cth), we also take guidance from GDPR-style rights and, where relevant, similar concepts in other jurisdictions. Users should be able to access, correct, and, in some cases, delete or restrict the processing of their personal information, and control marketing choices.

EXPAND: We structure this section to cover key rights recognised internationally: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. We also commit to specific procedures and timeframes (generally 30 days) and confirm that requests are free of charge, subject to limited exceptions.

REFLECT: Even where certain legal regimes (such as Mexican law) are not directly applicable to AU users, aligning with their standards supports a robust and user-centric privacy framework.

Right of Access

You can request confirmation about whether we hold personal information about you and, if so, receive a copy of that information in an intelligible form.
We will provide additional details about how we process your data, consistent with this Privacy Policy.

Right to Correction (Rectification)

You may ask us to correct or update inaccurate or incomplete personal information (for example, a misspelled email address or outdated contact details).
We may need to verify the accuracy of the new information before making changes.

Right to Deletion (Erasure)

You may request that we delete your personal information where:
- it is no longer necessary for the purposes for which it was collected;
- you have withdrawn consent (where processing is based on consent); or
- you have objected to processing and there are no overriding legitimate grounds.
We may retain certain data where we are legally obliged, or where necessary to establish, exercise, or defend legal claims.

Right to Restrict Processing

You can request that we restrict the processing of your information (for example, while we verify its accuracy or assess an objection).
During restriction, we will store your data but not otherwise use it without your consent, except for legal claims or protection of others' rights.

Right to Object

You may object at any time to:
- direct marketing communications; and
- processing based on legitimate interests, where your particular situation justifies it.
If you object to direct marketing, we will promptly stop such activities.

Right to Data Portability

To the extent applicable (in line with GDPR-like standards), you may request that we provide certain personal information you have given us in a structured, commonly used, machine-readable format, or that we transmit it to another controller where technically feasible.

Right to Withdraw Consent

Where processing relies on your consent (for example, newsletters or some types of cookies), you may withdraw that consent at any time.
Withdrawal will not affect the lawfulness of processing prior to withdrawal.

How to Exercise Your Rights

Submit a request: Contact us via [email protected] with a clear description of your request and the right you wish to exercise.
Verification: We may ask you for reasonable information to verify your identity (for example, confirmation of the email address used to contact us previously).
Response timeframe: We aim to respond to all valid requests within 30 days of receipt. If more time is needed due to complexity, we will inform you of the delay and reasons.
Fees: We generally handle requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, consistent with applicable law.

Nothing in this section limits any statutory rights you may have under the Australian Privacy Act 1988 (Cth) or comparable international laws.

Cookies & Tracking Technologies

OBSERVE: Cookies are central to how modern sites function and measure performance. As a review site, we typically use cookies for essential operation, analytics, and possibly affiliate attribution.

EXPAND: To align with industry standards and user expectations, we categorise cookies by duration (session/persistent), by origin (first-party/third-party), and by purpose (functional/analytics/advertising). We also explain how users can manage or disable them.

REFLECT: This transparency supports user choice, especially given the gambling-related context where tracking may be sensitive.

Types of Cookies We Use

Session cookies: Temporary cookies that exist only during your browsing session and are deleted when you close your browser. They support navigation and basic functionality.
Persistent cookies: Cookies that remain on your device for a defined period or until deleted. They can remember preferences, such as language or previously viewed content.
First-party cookies: Cookies placed by redstag-au.com to support site operation and analytics.
Third-party cookies: Cookies placed by external services, such as analytics providers or advertising/affiliate partners.

Purposes of Cookies

Strictly necessary / functional: Essential for the proper functioning of the website, such as load balancing, security features, and basic navigation.
Analytics and performance: Used to gather aggregated statistics about site traffic, page popularity, and user navigation patterns, helping us improve content and usability.
Advertising and affiliate tracking: Where applicable, used to measure the performance of affiliate links, ensure correct attribution to our site, and, in some cases, support targeted advertising or limit the number of times you see certain promotions.

Managing Cookies

Browser settings: You can configure your browser to block or delete cookies. Most browsers provide options to:
- block all cookies;
- block cookies from specific sites; or
- delete cookies when you close the browser.
Third-party opt-outs: Some analytics and advertising providers offer their own opt-out mechanisms on their websites.
Impact of disabling cookies: If you block or delete cookies, parts of the site may not function correctly, and some preferences may not be saved.

Data Security

OBSERVE: Protecting personal information is particularly important in the online gambling ecosystem, even where our role is limited to content and referrals. Users expect robust technical and organisational safeguards.

EXPAND: We adopt widely recognised security practices, including encryption, access controls, and ongoing monitoring, while noting that no system can be guaranteed fully secure. As a relatively small information site, we may not hold formal ISO 27001 or SOC 2 certifications ourselves, but we strive to use providers and practices aligned with those standards.

REFLECT: A layered security approach ("defence in depth") provides reasonable protection against common threats.

Technical Measures

Encryption in transit: Data exchanged between your browser and redstag-au.com is protected using TLS (Transport Layer Security) version 1.2 or higher, as enabled by your browser and our hosting provider.
Encryption at rest (where applicable): We aim to use reputable hosting providers that support disk-level or database encryption for stored data, particularly for backups and logs.
Network security: Firewalls, intrusion detection or prevention mechanisms, and other security controls are used to protect our infrastructure from unauthorised access.

Organisational and Access Controls

Least-privilege access: Access to systems storing personal information is restricted to personnel and contractors who require it for legitimate business purposes.
Authentication: Administrative interfaces are protected by strong passwords and, where feasible, multi-factor authentication (MFA).
Staff awareness: Individuals involved in operating the site are made aware of privacy and security obligations, including confidentiality requirements.

Monitoring and Incident Response

Logging and monitoring: We maintain logs of access and system activities to detect anomalies or unauthorised access attempts.
Incident response: In the event of a suspected data breach, we will investigate promptly, mitigate potential harm, and, where required by law, notify affected users and relevant authorities (such as the OAIC in Australia) without undue delay.

While we take reasonable measures to protect your information, no online service can guarantee absolute security. You are encouraged to take appropriate steps to protect your own devices and accounts, such as using up-to-date software and secure passwords.

Complaints & Contacts

OBSERVE: Users must have clear channels to contact us and escalate privacy concerns to supervisory authorities where necessary. In Australia, the main authority is the Office of the Australian Information Commissioner (OAIC), and ACMA has specific jurisdiction over interactive gambling services.

EXPAND: We define a step-by-step complaint process, expected response times, and external remedies. Although the brief mentions Mexican and EU authorities, our primary focus is AU; still, EU users may contact their local data protection authorities, and we follow similar standards.

REFLECT: A transparent complaints mechanism enhances accountability and user trust.

Contacting Us

Primary contact for privacy: Data Protection Officer - Red Stag
Email: [email protected]

Internal Complaint Procedure

Submit your complaint: Send an email to [email protected] describing your concern in detail, including any relevant dates, communications, and supporting documents.
Acknowledgement: We aim to acknowledge receipt of your complaint within 7 days.
Investigation: We will review your complaint, consult relevant records, and, if necessary, request additional information from you.
Response: We strive to provide a substantive response within 30 days of receipt of a complete complaint. If we cannot meet this timeframe, we will inform you of the delay and expected resolution date.
Outcome: Our response will outline the findings of our investigation and any corrective measures we propose or have implemented.

Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that we have not handled your personal information in accordance with applicable laws, you may lodge a complaint with a competent supervisory authority.

Australia - Office of the Australian Information Commissioner (OAIC)
- Website: https://www.oaic.gov.au
- Privacy complaints: https://www.oaic.gov.au/privacy/privacy-complaints
Australia - Australian Communications and Media Authority (ACMA) (for interactive gambling issues)
- Website: https://www.acma.gov.au
- Offshore gambling information and complaints: see ACMA's online resources and contact forms.
European Union / EEA users: You may contact your local data protection authority in the country where you live, work, or where you consider an infringement to have occurred. Contact details are generally available on the European Data Protection Board website.

Updates

OBSERVE: Privacy laws and our services may change over time, especially given evolving regulatory scrutiny of offshore gambling services and associated review sites.

EXPAND: We must explain how users will be informed of changes, how version control is maintained, and what options users have if they disagree with material updates.

REFLECT: A structured update mechanism supports ongoing compliance and user awareness.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.
Each version will be identified by a "Last updated" date at the end of the document.

Notification of Material Changes

Email notifications: Where we have your email address and consider a change to be material, we may notify you by email.
On-site notices: We may display a prominent banner or notice on redstag-au.com and/or within any user account dashboard (if such functionality is introduced) to draw attention to important updates.
Advance notice: For significant changes that materially affect the way we process your personal information, we will endeavour to provide at least 30 days' advance notice before the changes take effect, where reasonably practicable.

User Options Following Changes

If you do not agree with the updated Privacy Policy, you should discontinue use of redstag-au.com and, where applicable, opt out of any mailing lists or other optional services.
Continued use of the site after the effective date of an updated Policy will constitute your acknowledgement of the changes.

Last updated: January 2026