burger icon
Two Up Review Australia

Privacy Policy

This Privacy Policy explains how Two Up, operated via twoup-au.com (the "Website"), collects, uses, discloses and protects personal information of visitors and users of our review and information services. It applies to all individuals who access or use the Website, including players who follow our links to third-party gambling operators and general site visitors. By using the Website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026.

Who We Are

OBSERVE: The project is a review and information site about the brand "Two Up" and offshore gambling services. We are not the operator of the Two Up Casino itself and do not provide gambling services.

EXPAND: Because full corporate details are not specified in the available data, this Privacy Policy identifies the Website operator functionally and provides clear contact points for privacy-related matters, while clarifying that operational gambling data held by Blue Media N.V. or any other casino operator is processed under their own privacy policies.

REFLECT: For privacy compliance and transparency to Australian users and other visitors, we clearly distinguish between (a) personal information processed by this Website as a review service and (b) personal information processed by offshore casino operators that we describe or link to.

Website Operator and Contact

The Website located at https://twoup-au.com is operated as an online information and review service under the brand "Two Up". Certain underlying corporate identification details (legal address, registration number, tax ID) are not publicly specified in the currently available materials. We will update this section once additional verified information becomes available.

For all questions about this Privacy Policy and your personal information in connection with this Website, you can contact:

All privacy and data-protection enquiries will be handled by our internal data protection contact (acting in a role similar to a Data Protection Officer, even though no formal statutory DPO appointment is currently mandated).

What Personal Data We Collect

OBSERVE: As a review site focused on offshore gambling services, we collect limited direct personal information but may process technical, behavioural, and referral-related data for analytics and advertising purposes.

EXPAND: Users may submit contact details voluntarily; technical and cookie-based data are automatically collected. We do not process payment or KYC documents ourselves but may receive aggregated statistics from partners.

REFLECT: To provide clarity and comply with privacy principles (such as those under the Australian Privacy Act 1988 (Cth) and international best practice), we categorise data and explain each type.

Categories of Personal Data

  • Identification and contact data you provide to us:
    • Full name (if you choose to provide it in correspondence or forms).
    • Email address (for newsletter sign-up, enquiries, feedback, complaints).
    • Any other information you voluntarily submit in free-text fields (e.g., your experience with an operator, questions about bonuses, or dispute details).
  • Technical and device data (automatically collected):
    • IP address, approximate geographic location (country/region).
    • Device identifiers, browser type and version, operating system, language settings.
    • Referrer URL (the page you came from), access times, and error logs.
  • Usage and behavioural data:
    • Pages viewed, clicks on internal links and outbound links (for example, clicks that redirect to Two Up or other casinos).
    • Time spent on pages, scroll depth, navigation paths.
    • Interaction with emails we send (opens, clicks, unsubscribes).
  • Marketing and preference data:
    • Newsletter subscription status and preferred language (where applicable).
    • Consent flags for cookies, marketing, and tracking.
  • Cookies and similar technologies:
    • Session cookies, persistent cookies and third-party cookies (analytics, advertising, affiliate tracking).
    • Pixel tags, tracking links and similar identifiers used by affiliate networks and advertising partners.
  • Payment and gambling-related data:
    • We do not process your payment card numbers, bank account details, Neosurf vouchers or verification documents. Such data, where relevant, are processed by the casino operator (for example, Blue Media N.V. in connection with the "Two Up" casino) and its payment processors under their own privacy policies.
    • We may receive anonymised or aggregated information from partners (e.g., number of registrations, deposit levels, bonus redemptions, dispute statistics) that does not allow us to identify you directly.

Legal Basis for Processing

OBSERVE: Our Website targets Australian users and other visitors and is operated from an offshore context; while we are not an Australian-licensed gambling provider, we adopt principles aligned with the Australian Privacy Act, the EU GDPR and recognised international standards.

EXPAND: Different processing operations rely on different legal bases, including consent, contract-like arrangements (provision of information services), legitimate interests and compliance with legal obligations in relevant jurisdictions.

REFLECT: By clearly listing legal bases, we aim to enhance transparency and allow users to understand when they may object or withdraw consent.

Our Legal Grounds

  • Consent:
    • We rely on your consent to send you direct marketing communications (such as email newsletters) where this is required by applicable law.
    • We obtain consent for non-essential cookies and similar tracking technologies used for analytics and advertising in jurisdictions where such consent is required.
    • You may withdraw your consent at any time via the unsubscribe link in our emails or by adjusting your cookie settings as described below.
  • Contractual necessity / provision of services:
    • When you request information, submit a query, or use tools on the Website, we process your data to provide the requested service (for example, to respond to an email enquiry or handle a complaint about a featured operator).
    • This processing is necessary for the functional operation of the Website and our relationship with you as a user.
  • Legitimate interests:
    • We process technical, usage and behavioural data to:
      • Ensure the security and stability of the Website.
      • Detect and prevent fraud, abuse and technical issues.
      • Measure performance of our content and affiliate partnerships.
      • Improve our reviews, rankings and responsible-gambling information.
    • When relying on legitimate interests, we balance our interests against your rights and expectations and implement safeguards (such as pseudonymisation and data minimisation).
  • Compliance with legal obligations:
    • We may need to retain and disclose certain information for:
      • Accounting, tax or corporate record-keeping obligations in the jurisdiction where the Website operator is established.
      • Responding to lawful requests from competent authorities, courts or regulatory bodies in relevant jurisdictions, including privacy regulators.

Purpose of Processing

OBSERVE: Our processing aims to operate and improve an informational website, not to run a gambling platform.

EXPAND: We use data to provide content, maintain security, support marketing/affiliate operations and promote responsible gambling awareness.

REFLECT: Specifying purposes helps ensure that data are not used in ways incompatible with user expectations.

Main Purposes

  • Providing and operating the Website and services:
    • Delivering reviews, guides, ratings and information about Two Up and other gambling brands.
    • Enabling basic Website functionality (navigation, language settings, load-balancing).
    • Responding to your enquiries, feedback, or complaints about operators we review.
  • Improving our content and user experience:
    • Analysing aggregated usage data to understand what content is most useful to visitors from Australia and other regions.
    • Testing new layouts, features and responsible-gambling messages.
    • Fixing bugs and enhancing security and performance.
  • Marketing, communications and affiliate attribution:
    • Sending newsletters and updates about new reviews, changes in regulatory status (including for offshore operators like Blue Media N.V.), and important risk warnings to subscribers who have opted in.
    • Tracking which outbound links are clicked so that our partners can attribute traffic or registrations to us, typically using cookies, pixel tags and tracking IDs.
  • Analytics and statistics:
    • Using analytics tools to compile statistics on Website traffic, geographic reach, device types and user engagement.
    • Producing anonymised or aggregated reports (e.g., popularity of certain payment methods or games) without identifying any individual.
  • Fraud prevention, security and legal protection:
    • Monitoring potentially suspicious activity (such as automated scraping, spam submissions and misuse of affiliate links).
    • Protecting our legal rights and interests, including in the context of disputes with users, affiliates or operators.

Disclosure & Sharing

OBSERVE: Data sharing is limited and primarily relates to hosting, analytics, advertising and affiliate tracking.

EXPAND: Personal data may also be disclosed when required by law or in connection with disputes.

REFLECT: Identifying categories of recipients supports transparency and enables users to assess potential risks.

Categories of Recipients

  • Hosting and technical service providers:
    • Companies providing website hosting, content delivery networks (CDNs), security services, email delivery and maintenance. These providers may process IP addresses, log data and limited contact details strictly on our instructions.
  • Analytics providers:
    • Third-party analytics platforms that help us understand how users interact with the Website. These providers use cookies and similar technologies to collect pseudonymous identifiers, device information and usage data.
  • Affiliate networks and advertising partners:
    • Affiliate networks and advertising partners that attribute traffic and conversions from our Website to gambling operators (including offshore operators such as Blue Media N.V. connected with the "Two Up" casino). They typically receive tracking IDs, cookie information and referral URLs, but not your name or direct contact details from us.
    • Advertising partners may use cookies and other technologies to deliver or measure personalised advertising, where allowed by applicable law and your consent choices.
  • Regulators, authorities and dispute-resolution bodies:
    • Where required by law, we may disclose relevant information to courts, law-enforcement agencies, privacy regulators or other competent authorities in applicable jurisdictions.
    • We may also share limited information with consumer-protection agencies or alternative dispute-resolution services if you ask us to assist with or document a complaint against a third-party operator.
  • Professional advisers:
    • Lawyers, accountants and consultants who require access to certain information to provide professional services to us under confidentiality obligations.
  • Business transfers:
    • In the event of a restructuring, merger, sale or transfer of the Website or its substantial assets, user information may be transferred to the acquiring party, subject to continued protection consistent with this Privacy Policy.

We do not sell your personal information as that term is commonly understood. Any sharing for advertising or affiliate purposes is conducted under contractual safeguards and, where required, based on your consent.

International Transfers

OBSERVE: The Website targets users in Australia and may use infrastructure and partners located in multiple jurisdictions, including the EU/EEA, the United States and Curaçao.

EXPAND: This implies cross-border transfers of personal data, which require appropriate safeguards in line with international standards.

REFLECT: Even though we are not an EU-established controller, we aim to apply measures comparable to those under the GDPR and recognised global best practice.

Cross-Border Data Flows and Safeguards

  • Where your data may be processed:
    • Servers and technical providers may be located in, or may process personal data from, countries including (but not limited to) Australia, Member States of the European Union/European Economic Area (EU/EEA), the United Kingdom, the United States and Curaçao.
    • Affiliate networks, analytics services and advertising partners may also operate globally.
  • Protection measures:
    • We use contractual safeguards, such as standard contractual clauses or equivalent data-transfer agreements, with service providers where required by applicable data-protection laws.
    • We select providers that commit to appropriate technical and organisational security measures and to respecting user rights.
  • Third-party casino operators:
    • When you follow links from our Website to the "Two Up" casino or any other third-party operator (for example, Blue Media N.V. under Curaçao jurisdiction), your data are then collected and processed directly by that operator under its own privacy policy.
    • We have no control over those operators' data-protection practices, and you should review their privacy policies carefully before creating an account or providing any personal information.

Data Retention

OBSERVE: We retain personal data only for as long as necessary for the purposes described, subject to legal obligations.

EXPAND: Different categories of data have different retention periods, based on operational needs and applicable record-keeping requirements.

REFLECT: Clear retention rules support data-minimisation and user trust.

Retention Periods

  • Contact and correspondence data:
    • Emails and contact-form submissions are typically retained for up to 5 years from the date of our last active interaction with you, to maintain records of our communications and any disputes.
    • Where legal obligations require longer retention (for example, in the context of ongoing litigation), data may be kept until the obligation ends.
  • Newsletter and marketing data:
    • We keep your subscription details for as long as you remain subscribed and for up to 2 years after you unsubscribe, for proof of consent and suppression-list purposes.
  • Technical logs and security data:
    • Server logs and security-related data are usually retained for up to 12 months, unless a longer period is needed to investigate or respond to a particular incident.
  • Analytics data:
    • Analytics data stored in third-party systems may be retained for up to 5 years in aggregated or pseudonymised form, depending on the configuration of the analytics tools we use.

Deletion Criteria

  • Data are deleted or irreversibly anonymised when:
    • The retention period described above has expired.
    • Data are no longer necessary for the purposes for which they were collected.
    • We grant your valid request for erasure, subject to any overriding legal obligations.

Your Rights

OBSERVE: Users may be located in jurisdictions with strong data-protection frameworks, including the EU/EEA and Mexico, even though the Website is focused on Australia.

EXPAND: We therefore align our practices with key principles and rights found in the EU General Data Protection Regulation (GDPR) and comparable Latin-American frameworks (such as Mexico's Federal Law on Protection of Personal Data Held by Private Parties), in addition to Australian privacy principles.

REFLECT: We explain these rights in a unified, user-friendly way and provide practical procedures for exercising them.

Data-Protection Rights

  • Right of access: You may request confirmation of whether we process your personal data and, if so, receive a copy of such data and certain related information.
  • Right to rectification: You may request that inaccurate or incomplete personal information we hold about you be corrected or updated.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data where:
    • The data are no longer necessary for the purposes for which they were collected, or
    • You withdraw consent on which the processing is based and there is no other legal ground, or
    • You object to processing and there are no overriding legitimate grounds, or
    • The data have been unlawfully processed.
    This right is subject to legal exceptions (for example, where retention is required by law).
  • Right to restriction of processing: You may request that we limit processing of your data in certain situations (for example, while we verify the accuracy of data or assess an objection).
  • Right to object: You may object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling based on those interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms or processing is required for legal claims. You may also object at any time to the use of your data for direct marketing.
  • Right to data portability: Where technically feasible, and when processing is based on consent or on a contract and carried out by automated means, you may request that we provide your personal data in a structured, commonly used and machine-readable format or transmit it to another controller.
  • Right to withdraw consent: When processing is based on your consent (for example, for newsletters or certain cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
  • Rights under Mexican data-protection laws (ARCO rights): If you are subject to Mexican data-protection regulations, you may benefit from rights of Acceso (access), Rectificación (rectification), Cancelación (erasure/cancellation) and Oposición (objection), which we will honour in parallel with the rights described above where applicable.

How to Exercise Your Rights

  1. Submit your request: Send an email to [email protected] with:
    • Your full name and a contact email address.
    • A clear description of the right you wish to exercise and the context in which you interacted with our Website (for example, newsletter subscription, complaint, or general browsing).
  2. Identity verification: To protect your data, we may ask you to provide reasonable information to verify your identity before fulfilling your request (for example, confirming the email address you used with us).
  3. Response timeframe: We aim to respond to all valid requests within 30 days of receipt. If your request is complex or we receive multiple requests from you, we may extend this period by a further 30 days, in which case we will inform you of the extension and reasons.
  4. Cost: We will handle your request free of charge, unless it is manifestly unfounded or excessive (for example, repeated requests). In such cases we may charge a reasonable fee or refuse to act on the request, consistent with applicable law.

Please note that we may not be able to act on requests relating to data held solely by third-party casino operators, such as Blue Media N.V. or other sites you access via links on our Website. In those cases, you should contact the relevant operator directly under its own privacy policy.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for basic site operation and useful for analytics and advertising.

EXPAND: Different cookie types and purposes must be distinguished, and users must be informed about control options.

REFLECT: Clear cookie information supports compliance with consent and transparency requirements.

Types of Cookies We Use

  • Session cookies:
    • Temporary cookies that are stored only for the duration of your browsing session and are deleted when you close your browser.
    • Used for core functionality, such as navigation and temporary settings.
  • Persistent cookies:
    • Remain on your device for a set period or until you delete them.
    • Used to remember your preferences (for example, cookie-consent choices, language settings) and to recognise returning visitors for analytics purposes.
  • Third-party cookies:
    • Set by third-party providers such as analytics services, advertising networks and affiliate platforms.
    • Used for metrics (page views, conversion tracking), measuring campaign performance and, where applicable, delivering or measuring personalised ads.

Purposes of Cookies

  • Strictly necessary / functional cookies:
    • Enable core features like page navigation, content loading and security.
    • The Website cannot function properly without these cookies.
  • Analytics and performance cookies:
    • Help us understand how users interact with the Website so we can improve its structure, content and usability.
    • Collected data are typically aggregated and used for statistical purposes.
  • Advertising and affiliate cookies:
    • Record when you click on affiliate links to gambling operators (for example, the "Two Up" casino) so that our partners can attribute referrals to us.
    • May be used by advertising networks to build a profile of your interests in order to show relevant ads on other sites, where such profiling is permitted and subject to your consent choices.

Managing Cookies

  • Browser settings:
    • You can configure your browser to block, delete or alert you about cookies. Please consult your browser's help section for instructions.
    • Blocking some types of cookies may affect your experience of the Website.
  • On-site controls (where implemented):
    • We may provide a cookie banner or preference centre that allows you to accept or reject non-essential cookies. You can change your preferences at any time through the relevant tool if available.
  • Third-party opt-outs:
    • Some analytics and advertising providers offer their own opt-out mechanisms (for example, through browser add-ons or industry frameworks). We encourage you to review their privacy and opt-out pages for more information.

Data Security

OBSERVE: Protecting personal data is critical given the sensitivity associated with online gambling-related activity, even when we operate only as a review site.

EXPAND: Security must address data in transit, data at rest, access control, staff awareness and incident response.

REFLECT: While no system can be absolutely secure, we implement a multi-layered approach consistent with widely accepted security standards.

Security Measures

  • Encryption:
    • Data transmitted between your browser and our Website is protected using TLS (Transport Layer Security) version 1.2 or higher, as supported by your browser.
    • Where feasible, sensitive data stored on our systems are encrypted at rest using industry-standard algorithms.
  • Access controls and authentication:
    • Access to administrative interfaces and databases is restricted to authorised personnel based on role and operational need.
    • Strong authentication practices, including multi-factor authentication where possible, are used for privileged accounts.
  • System hardening and monitoring:
    • We apply regular updates and security patches to critical systems.
    • Logs and alerts help us detect unusual activity or potential security incidents.
  • Staff awareness and confidentiality:
    • Personnel with access to personal data are bound by confidentiality obligations.
    • We promote security awareness and responsible handling of data.
  • Incident response:
    • We maintain procedures for identifying, investigating and responding to suspected data breaches or security incidents.
    • Where required by law, we will notify affected individuals and relevant authorities without undue delay.

We aim to align our technical and organisational measures with recognised international security frameworks such as ISO/IEC 27001 and SOC 2, to the extent reasonably appropriate for the scale and nature of our operations, although we may not hold formal certification.

Complaints & Contacts

OBSERVE: Users may wish to raise concerns directly with us or escalate matters to supervisory authorities.

EXPAND: We provide clear contact details and outline a step-by-step process for handling privacy-related complaints.

REFLECT: Accessible complaint pathways support accountability and user trust.

How to Contact Us

Complaint Procedure

  1. Submit your complaint: Send a detailed description of your concern, including any relevant dates, interactions with our Website and copies of correspondence, to [email protected].
  2. Acknowledgement: We will acknowledge receipt of your complaint by email, typically within 5 business days.
  3. Investigation: We will investigate your complaint, which may involve reviewing logs, consulting internal teams or contacting third-party service providers where necessary.
  4. Response: We aim to provide a substantive response within 30 days of receiving your complaint. If we need more time due to complexity, we will inform you of the delay and reasons.
  5. Further steps: If you are not satisfied with our response, you may have the right to escalate your complaint to a relevant supervisory authority, as described below.

Escalation to Supervisory Authorities

  • Australia:
    • If you are in Australia and believe we have not adequately addressed your concerns, you may contact the Office of the Australian Information Commissioner (OAIC):
      Website: https://www.oaic.gov.au
  • Mexico:
    • If you are in Mexico and believe your data-protection rights under Mexican law have been infringed, you may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI):
      Website: https://www.inai.org.mx
  • European Union / EEA:
    • If you are in the EU/EEA, you may lodge a complaint with the data-protection authority in your country of residence, place of work or place of the alleged infringement. Contact details for EU supervisory authorities are available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

OBSERVE: Laws and our services may change over time, requiring updates to this Privacy Policy.

EXPAND: We commit to informing users of material changes and providing options where required.

REFLECT: Transparent change management supports ongoing compliance and user awareness.

Policy Changes and Notification

  • We may update this Privacy Policy from time to time to reflect:
    • Changes in our services, technologies or business practices.
    • Changes in applicable laws or regulatory guidance (including in Australia and other relevant jurisdictions).
  • When we make material changes, we will:
    • Post the updated Privacy Policy on the Website with a new "Last updated" date.
    • Where appropriate, provide additional notice by:
      • Emailing registered newsletter subscribers, and/or
      • Displaying a prominent banner or notification on the Website, and/or
      • Providing alerts within any user account or dashboard environment we may introduce in the future.

Advance Notice and User Options

  • For significant changes that materially affect how we process your personal data or your rights, we will, where reasonably practicable, provide at least 30 days' advance notice before the new terms take effect.
  • During this notice period, you may:
    • Review the updated Privacy Policy in detail.
    • Contact us at [email protected] with any questions or objections.
    • Withdraw consent for specific processing activities (such as marketing) or cease using the Website if you do not agree with the changes.

Last updated: January 2026.