Plain English. No legalese. This is what we collect, why we collect it, how long we keep it, and what your rights are — written the way we'd want to read it ourselves.
Venue Axis Pty Ltd operates the Venue Axis platform — compliance software for registered clubs and licensed gaming venues in New South Wales, Australia.
In privacy law terms, we are the entity that decides how and why personal information is collected and handled. This policy applies to anyone whose information passes through Venue Axis: venue staff who use the platform, patrons whose information is recorded as part of a venue's compliance obligations, and anyone who contacts us directly.
Our principal place of business is in Merimbula, New South Wales, Australia.
We collect two categories of personal information: information about the people who use Venue Axis (venue staff), and information that venues record through Venue Axis as part of their legal compliance obligations (patron records).
Pages on venueaxis.com.auuse a privacy-friendly analytics tool to count which pages, calculators, and surveys people use. The tool records the page URL, the type of device and browser, the country derived from the IP address (the IP is not stored), and which of our funnel events fired (for example: “readiness check completed”). It does not set advertising cookies, build cross-site profiles, or attempt to identify individual visitors. We do not run retargeting pixels, session replay, or heatmap tools.
When you arrive via a campaign link, the URL parameters (utm_source, utm_campaign, etc.) and the referring page are kept for that browser session so we know which message brought you. If you then submit a readiness check, FRT assessment, switch plan, or contact form, those parameters are attached to the lead so we can attribute the conversation. They contain no personal information beyond what you typed into the form.
Most of the personal information in Venue Axis exists because the law requires it to exist. Clubs and licensed gaming venues have statutory obligations to collect and retain compliance records. Venue Axis is the tool they use to meet those obligations.
Specifically, venues are required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and associated AUSTRAC rules to identify customers, conduct due diligence, monitor transactions, and report suspicious activity. They are required by the Gaming Machines Act 2001(NSW) and Liquor & Gaming NSW to maintain incident registers, enforce exclusion orders, and evidence their harm minimisation practices.
Venue Axis collects and structures this information on behalf of venues so they can meet these obligations. The venue, as a licensed operator, is the entity with the primary legal responsibility. Venue Axis acts as their tool — and in privacy law terms, as a service provider who handles the data at the venue's direction.
We also collect contact information from people who reach out to us through the website — solely to respond to their enquiry.
We use personal information only for the purposes it was collected. We do not use it for anything else.
Staff and shift records are used to operate the Venue Axis platform — enabling login, attributing compliance entries to the right role, and generating audit trails. They are not used for any marketing purpose.
Patron compliance records(incident logs, CDD records, risk profiles, SMRs) are used exclusively by the venue to meet their legal obligations. Venue Axis processes this data on the venue's behalf. We do not analyse, mine, profile, or aggregate patron data across venues for any commercial purpose.
Contact information from enquiries is used only to respond to the enquiry. We do not add enquirers to marketing lists without explicit consent.
We may use de-identified, aggregated data (for example, total incident counts across all venues) to improve the platform and report on the effectiveness of compliance workflows — but this data cannot be used to identify any individual.
All data collected through Venue Axis is hosted in Australia.
Our cloud infrastructure is located in Australian data centres. Data is not transferred to overseas servers for storage or processing, except in limited circumstances where a venue explicitly requests a feature that involves an overseas service — in which case we will notify the venue and seek consent before any cross-border transfer occurs.
We keep personal information for as long as the venue needs it to meet their legal obligations — and no longer.
When a venue's subscription ends, we retain their compliance records for the applicable legal period and then securely delete them. Venues can request an export of all their records at any time.
For patron records not subject to a mandatory retention period, we retain these only for as long as the venue's subscription is active. Patrons can request deletion of non-mandatory records; see Data Deletion Requests.
Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to access personal information we hold about you and to request corrections where that information is inaccurate.
Access. You can request a copy of the personal information Venue Axis holds about you. We will respond within 30 days. There is no charge for a reasonable access request.
Correction. If you believe information we hold about you is inaccurate, you can request a correction. We will make corrections within 30 days where we are able to do so without conflicting with our legal obligations.
Deletion. You can request deletion of personal information not subject to a mandatory legal retention period. Submit a deletion request here.
Complaints. If you believe we have handled your personal information in breach of the Australian Privacy Principles, contact us first. If unsatisfied, you can escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
Compliance records are sensitive. We treat them accordingly.
Venue Axis is built with the following security measures: AES-256 encryption at rest; TLS 1.2+ in transit; role-based access controls; immutable audit logs on all compliance entries; regular third-party penetration testing; and Australian-hosted cloud infrastructure.
We are currently progressing ISO 27001 certification (target Q4 2026).
If we become aware of a data breach likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches (NDB) scheme within 30 days.
For any privacy enquiry, access request, correction request, or complaint — contact us directly.
This policy was last updated on 1 April 2026. We will notify venues and relevant users of any material changes before they take effect.