Data Protection and Privacy Rights
Last updated: 12 February 2026
Chicken Road Australia ("we", "us", "our") is committed to protecting the personal information of our visitors. This page explains your data protection and privacy rights when you use the website playchickit.com/au (the "Site"), the legal framework governing data protection in Australia, and how you can exercise your rights.
Important note: Australia does not fall under the European Union's General Data Protection Regulation (GDPR). However, Australia has its own robust privacy legislation — the Privacy Act 1988 (Cth) — which establishes the Australian Privacy Principles (APPs). These principles regulate how organisations collect, use, store, disclose, and dispose of personal information. This page outlines your rights under Australian privacy law and, where applicable, under the GDPR for visitors from the European Economic Area (EEA).
1. Australian Privacy Principles (APPs)
The Australian Privacy Principles (APPs) are contained in Schedule 1 of the Privacy Act 1988 and apply to Australian Government agencies and organisations with an annual turnover of more than A$3 million, as well as certain other organisations regardless of turnover (including those that trade in personal information or provide health services).
There are 13 Australian Privacy Principles that govern how personal information must be handled. The principles most relevant to your use of the Site include:
| APP | Principle | What It Means for You |
|---|---|---|
| APP 1 | Open and transparent management | We must have a clearly expressed privacy policy explaining how we handle your personal information |
| APP 3 | Collection of solicited personal information | We may only collect personal information that is reasonably necessary for our functions or activities |
| APP 5 | Notification of collection | We must tell you what information we collect and why, usually at or before the time of collection |
| APP 6 | Use or disclosure | We may only use or disclose your information for the purpose it was collected, unless you consent or an exception applies |
| APP 8 | Cross-border disclosure | Before disclosing your information overseas, we must take reasonable steps to ensure the recipient complies with the APPs |
| APP 11 | Security of personal information | We must take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access |
| APP 12 | Access to personal information | You have the right to request access to the personal information we hold about you |
| APP 13 | Correction of personal information | You can request that we correct personal information that is inaccurate, out of date, incomplete, or misleading |
For the full text of the APPs, visit the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/australian-privacy-principles.
2. Your Privacy Rights
Under the Privacy Act 1988 and the APPs, you have the following rights regarding your personal information:
2.1 Right of Access (APP 12)
You have the right to request access to the personal information we hold about you. We will respond to your request within 30 days. In most cases, access will be provided free of charge. We may refuse access in limited circumstances permitted by law (e.g., if providing access would unreasonably impact the privacy of other individuals).
2.2 Right of Correction (APP 13)
If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you have the right to request its correction. We will take reasonable steps to correct the information within 30 days of your request.
2.3 Right to Complain
If you believe we have breached your privacy or mishandled your personal information, you have the right to lodge a complaint. We encourage you to contact us first so we can attempt to resolve the issue directly. If you are not satisfied with our response, you can escalate your complaint to the OAIC.
2.4 Right to Anonymity and Pseudonymity (APP 2)
Where practicable, you have the option to interact with us anonymously or using a pseudonym. However, in some situations we may require your identity to respond to your enquiry or fulfil a legal obligation.
2.5 Additional Rights for EEA Visitors (GDPR)
If you are visiting from the European Economic Area, you may also have additional rights under the GDPR, including the right to erasure ("right to be forgotten"), the right to data portability, and the right to restrict processing. Please contact us if you wish to exercise these rights.
3. Data Controller Information
For the purposes of this data protection notice:
- Data controller: Chicken Road Australia, operating the website at playchickit.com/au
- Contact: You can reach us via our contact page
- Governing law: Privacy Act 1988 (Cth) and the Australian Privacy Principles
- Supervisory authority: Office of the Australian Information Commissioner (OAIC)
We do not have a designated Data Protection Officer (DPO) as this is not required under Australian privacy law. However, we take privacy seriously and will address any enquiry or complaint promptly.
4. Data Retention Periods
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention schedule is as follows:
| Data Type | Retention Period | Basis |
|---|---|---|
| Contact form submissions | 12 months from date of enquiry | Legitimate interest — respond to and resolve enquiries |
| Analytics data (Google Analytics) | 26 months (with IP anonymisation) | Legitimate interest — improve Site performance |
| Cookie data | Varies by cookie type (see Cookie Policy) | Consent / Legitimate interest |
| Server logs | 90 days | Security and fraud prevention |
Once the retention period expires, personal information is securely deleted or de-identified so that it can no longer be linked to you.
5. International Data Transfers
Your personal information may be transferred to, and processed on, servers located outside of Australia. This may occur when we use third-party services such as web hosting, analytics, or email delivery platforms that operate internationally.
Under APP 8 (Cross-border disclosure), before disclosing personal information to an overseas recipient, we must take reasonable steps to ensure the recipient does not breach the APPs. We implement the following safeguards:
- Contractual protections: We enter into data processing agreements with third-party providers that require them to handle your data in accordance with the APPs or equivalent standards
- Due diligence: We assess the privacy and security practices of overseas providers before engaging them
- Minimisation: We only transfer the minimum amount of personal information necessary for the service to function
- Encryption: Data is encrypted during transfer using SSL/TLS protocols
Countries where your data may be processed include the United States (hosting and analytics services), the European Union, and Singapore. These jurisdictions have their own data protection frameworks, and we verify that appropriate protections are in place before any transfer occurs.
6. OAIC Complaint Process
If you believe your privacy has been breached, we encourage you to follow this process:
- Contact us first: Reach out via our contact page with details of your complaint. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
- Internal review: If you are not satisfied with our initial response, you can request an internal review. A senior member of our team will re-examine the matter and provide a final response.
- Lodge a complaint with the OAIC: If you remain unsatisfied after our internal process, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Online: oaic.gov.au/privacy/privacy-complaints
- Phone: 1300 363 992
- Post: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
The OAIC can investigate complaints about breaches of the APPs and, where appropriate, make determinations and issue orders to resolve the matter.
7. Changes to This Policy
We may update this data protection page from time to time to reflect changes in our practices, Australian privacy law, or regulatory guidance from the OAIC. Any changes will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.
8. Contact
If you have any questions about your data protection rights or wish to exercise any of the rights described on this page, please visit our contact page.