Privacy and Policy

Effective date: 12 May 2026. This policy explains how Ozwin Casino collects, uses, stores, shares and erases personal information about Australian players. It is written in alignment with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (APP 1 to APP 13). Where a provision in this policy is more protective than the statutory minimum, the more protective wording applies.

Information We Collect From Aussie Players

We collect three classes of personal information. Identity information: first and last name, date of birth, residential address, state, postcode, mobile number, email address and a government photo identifier (driver licence or passport) for the verification stage. Financial information: payment method details (PayID identifier, masked card number, BPAY reference, bank account name for withdrawals), transaction history and a record of bonuses awarded and wagered. Technical information: device type, operating system, IP address, browser fingerprint, session timestamps, lobby actions and game-by-game wager logs.

We do not collect tax file numbers, Medicare numbers, biometric identifiers or political, religious or health information at any stage of the player relationship. We do not require a passport for AU-domestic verification where a driver licence is available.

Why We Collect It — Lawful Bases and KYC Duties

Identity information is collected under the contractual necessity of providing a gambling account to an adult, and to satisfy anti-money-laundering obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Financial information is collected to process deposits and withdrawals and to detect fraud and bonus abuse. Technical information is collected to deliver the service, defend against bot and credential-stuffing attacks and to comply with responsible-gambling monitoring duties.

We rely on consent only for marketing communications and optional analytics. Consent for either is opt-in, separately captured, and can be withdrawn at any time from the My Account > Notifications panel without affecting the rest of the service.

How Long We Keep It and How It's Stored

Retention periods are anchored to legal duty rather than convenience. KYC records and transaction history are retained for seven years from account closure to satisfy AML record-keeping rules. Marketing consent records are retained for the period the consent is active, plus twenty-four months of the audit trail confirming opt-in source and timestamp. Technical session logs are retained for ninety days for fraud and security review, then aggregated into anonymised metrics and the row-level records are deleted.

All personal information is stored encrypted at rest using AES-256 and transmitted over TLS 1.3. Backups are encrypted, geo-redundant and rotated on a thirty-day cycle. The processing infrastructure sits with vetted providers operating from facilities in the European Union and Singapore; AU-resident data is logically segregated and never co-located with EU-resident data inside the same database tenant.

Sharing With Third Parties — Strict Scope

We share personal information only where one of four conditions applies. First, with payment processors and banks to settle deposits and withdrawals — limited to the data fields each processor needs. Second, with identity-verification providers to satisfy KYC duties — typically a single check at onboarding plus periodic refresh. Third, with regulators, law-enforcement agencies and the courts where compelled by a valid lawful request. Fourth, with cloud-infrastructure providers under written processing agreements that bind them to the same security and retention rules set out here.

We do not sell personal information. We do not share information with marketing networks for re-targeting outside our own owned channels. Where any data leaves Australia for processing under condition four, we apply contractual safeguards equivalent to APP 8.

Your Rights Under the Australian Privacy Principles

APP 12 and APP 13 give you the right to request a copy of the personal information we hold about you (subject access) and to ask us to correct anything that is wrong. We respond inside thirty calendar days of a verified request, free of charge, and provide the answer in the format you choose: PDF download, encrypted email attachment or post to the address we hold on file.

You may also withdraw consent to marketing at any time, ask us to delete information not held under a legal retention duty, and complain about our handling of personal information to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992. We ask, as a matter of fairness, that you raise the complaint with our Data Protection Officer first so that we have a chance to resolve it directly.

Cookies, Pixels and Analytics

We use first-party cookies for session management, account security and saving your lobby preferences. Strictly necessary cookies cannot be disabled — the site does not function without them. Analytics cookies are loaded only after you accept the cookie banner; if you decline, no analytics pixels load and no analytics events are sent. We do not use third-party advertising pixels.

Contact for Privacy Requests

Reach our Data Protection Officer at [email protected]. For non-urgent requests, expect an acknowledgement inside one business day and a substantive response inside thirty calendar days. For urgent matters — suspected unauthorised access, a privacy incident affecting you — mark the subject line "URGENT — Privacy" and the request is triaged the same day.