Privacy Policy

This Privacy Policy explains how Oz2win Casino, operated via the website oz2win-aussie.com (the "Website", "we", "us", "our"), collects, uses, discloses and protects personal information of players and visitors. It applies to all individuals who access or use the Website, create an account, participate in games or promotions, or otherwise interact with our services. By using the Website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and replaces all prior versions.

Who We Are

OBSERVE: The available data does not provide a verified legal entity name, registered office, or confirmed licence details for Oz2win Casino. The service is AU-facing and claims Curaçao licensing, but this cannot be independently validated based on the information supplied.

EXPAND: To avoid misleading statements, we do not fabricate or assume corporate details. Instead, we describe the operator in functional terms and clearly flag points that "need clarification", while still providing the contact channels that are actually known and active for privacy-related matters.

REFLECT: The following information therefore focuses on verified contact data and on the role of the operator in relation to your personal information.

For the purposes of this Privacy Policy, the "operator", "we", "us" or "our" refers to the business entity that owns and operates Oz2win Casino via the domain oz2win-aussie.com. Based on the information currently available to us:

• Legal name of operator: not specified / under clarification
• Legal address / registered office: not specified / under clarification
• Registration / company number: not specified / under clarification
• Claimed licensing jurisdiction: Curaçao (claimed only; licence number and validator link not verifiable)

We act as the controller of your personal information in connection with the Website.

Data Protection Contact

• Data protection contact / responsible department: Privacy & Compliance Team, Oz2win Casino
• Email (primary contact for privacy matters): [email protected]
• Alternative general contact: [email protected]
• Payments-related enquiries (may involve personal data): [email protected]
• Website: https://oz2win-aussie.com

If a specific Data Protection Officer (DPO) or detailed corporate information becomes available or changes, we will update this section accordingly.

What Personal Data We Collect

OBSERVE: Online casino operations require identification, technical, financial, and behavioural data to provide services, prevent fraud, and meet anti-money laundering (AML) and "know your customer" (KYC) obligations, especially for AU-facing real-money gambling.

EXPAND: We classify the information we collect into clear categories to help you understand what is collected and why, including cookies and similar technologies that indirectly identify you or your device.

REFLECT: The categories below may vary depending on how you interact with Oz2win Casino and which features you use.

Identity and Contact Data

• Full name, date of birth, and gender (where provided).
• Residential address, country of residence, and postcode.
• Email address (for example, the address used to contact [email protected]), telephone number, and other contact details you provide.
• Copies of identity documents for verification (e.g. passport, driver licence, ID card) and, where applicable, proof of address (utility bills, bank statements).

Account and Usage Data

• Username, password (stored in encrypted form), account settings, preferred language and currency.
• Login and logout timestamps, session duration, and account status (active, self-excluded, blocked, closed).
• Customer support communications, including emails, live chat logs, and internal notes related to support interactions.

Technical and Device Data

• IP address, approximate geographic location inferred from IP, and connection timestamps.
• Device identifiers, browser type and version, operating system, screen resolution, and similar device attributes.
• Server logs, including pages visited, referral URLs, clickstream data, and error logs.

Payment and Transaction Data

• Details relating to deposits and withdrawals, including amount, currency, method, and transaction timestamps.
• Limited payment instrument details (such as a masked card number or e-wallet identifier) processed via our payment partners.
• Banking or alternative payment details necessary to process payouts (e.g. bank account numbers, PayID identifiers, or crypto wallet addresses, where supported).
• Records required for AML/KYC checks, source-of-funds information, and other legally required financial data.

Gameplay and Behavioural Data

• Betting and gameplay history, including games played (e.g. pokies, table games), stakes, outcomes, win/loss records, bonus use, and jackpots.
• Bonuses and promotions claimed, wagering progress, and fulfilment of bonus conditions.
• Interaction data such as clicks, page views, navigation patterns, time spent on particular pages or games, and responses to offers.

Marketing and Communication Data

• Preferences regarding receipt of marketing emails, SMS, push notifications, or in-account messages.
• Records of consent to marketing, subscription status, and opt-out/unsubscribe actions.
• Engagement data with marketing campaigns (e.g. whether you opened or clicked a promotional email).

Cookies and Similar Technologies

• Cookies: Small data files stored on your device that help us recognise you, maintain sessions, and remember preferences.
• Tracking technologies: Web beacons, pixels, tags, and scripts used for analytics, security monitoring, and marketing (where allowed).
• Third-party analytics and advertising cookies: Set by external providers to help measure traffic and, with your consent where required, deliver targeted advertising.

Where the information collected by cookies or similar technologies constitutes personal data under applicable law, we treat it as such and process it in accordance with this Privacy Policy.

Legal Basis for Processing

OBSERVE: Although Australia does not apply the GDPR as such, best practice and many partners rely on legal-basis concepts similar to those used in EU data protection law. Gambling operations also face strict AML/KYC and reporting requirements.

EXPAND: We therefore identify and explain the main legal bases on which we process your information, combining contractual necessity, legal obligations, legitimate interests, and consent (especially for marketing and certain cookies).

REFLECT: The legal basis applicable will depend on the purpose for which your information is used, as outlined below.

Performance of a Contract

• To create and manage your player account at Oz2win Casino on oz2win-aussie.com.
• To provide access to games, process deposits and withdrawals, and credit winnings.
• To verify your eligibility to use our services (age, location, account ownership).
• To provide customer support and to communicate with you about your account, game interruptions, technical issues, and service updates.

Compliance with Legal and Regulatory Obligations

• To perform KYC and AML checks, including identity verification, transaction monitoring, and reporting of suspicious activities where required.
• To comply with record-keeping obligations applicable to financial transactions and gambling activities in relevant jurisdictions.
• To respond to lawful requests from competent authorities, courts, or regulators.

Legitimate Interests

• To secure our systems and prevent abuse, fraud, money laundering, and other unlawful activities.
• To enforce our Terms and Conditions, bonus rules, and house policies.
• To analyse service performance and player behaviour (in aggregate or pseudonymised form where possible) to improve the Website, games, and user experience.
• To protect our rights, property, and safety, as well as those of our players, staff, and partners.

Consent

• To send you direct marketing communications (email, SMS, push notifications) where required by law or where we do not rely on soft-opt-in mechanisms.
• To use non-essential cookies and similar technologies for analytics and advertising purposes, where required under applicable law.
• To process certain optional profile information you choose to provide.

You may withdraw your consent at any time, as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Purpose of Processing

OBSERVE: Each category of data serves one or more concrete purposes, from basic account operation to security, compliance, and marketing.

EXPAND: Clarifying these purposes helps ensure transparency and aligns with international privacy expectations, even where local law does not strictly prescribe a given format.

REFLECT: Below we link the key purposes to the data categories and legal bases already described.

Provision and Management of Casino Services

• Creating and managing your account, verifying your identity and age.
• Providing access to games, processing bets, calculating results, and crediting balances.
• Handling deposits, withdrawals, and bonus credits, including payment confirmations and transaction notifications.

Customer Support and Communication

• Responding to queries you send to [email protected] or other contact points.
• Notifying you of important account events (security alerts, password resets, changes to terms, or service interruptions).
• Managing complaints and dispute resolution processes.

Legal, Regulatory, and Risk Management

• Conducting KYC and AML checks and retaining related records for the periods required by law or industry practice.
• Monitoring transactions and gameplay behaviours to detect fraud, abuse, or anomalous patterns.
• Complying with orders and information requests from competent authorities where applicable.

Analytics, Service Improvement, and Personalisation

• Analysing aggregate gameplay and Website usage data to understand performance and player preferences.
• Testing and improving Website features, game offerings, payment options (e.g. evolving AU-focused methods such as PayID, Neosurf, and crypto), and support tools.
• Customising content and offers displayed to you on the Website based on your profile and behaviour, where permitted.

Marketing and Promotions

• Sending promotional communications, offers, and newsletters relating to Oz2win Casino where you have not opted out and where this is permitted by law.
• Running loyalty schemes, VIP programmes, competitions, or giveaways and communicating with eligible participants.
• Measuring the effectiveness of campaigns, affiliate traffic, and partner relationships.

Disclosure & Sharing

OBSERVE: Operating an AU-facing online casino requires a network of third-party providers, payment processors, and sometimes regulators, which necessitates controlled data sharing.

EXPAND: To ensure accountability, we identify the main categories of recipients, typical circumstances of disclosure, and the safeguards applied.

REFLECT: We do not sell your personal data, but we do share it where necessary for the purposes set out in this Privacy Policy.

Payment Service Providers and Financial Institutions

• Banks, card schemes, e-wallet providers, voucher systems (e.g. Neosurf), PayID facilitators, and crypto payment gateways that process your deposits and withdrawals.
• These entities receive information required to execute the transaction, such as your name, transaction amount, and account or wallet identifiers.

Technical, Hosting, and Support Service Providers

• Data centre and hosting providers responsible for storing our servers and databases.
• IT, security, and software vendors (including platform providers such as RTG) that support Website functionality, game offerings, and security tools.
• Customer support tools and communication platforms used to manage support tickets or live chat.

Affiliates and Marketing Partners

• Affiliate networks and marketing partners who refer you to oz2win-aussie.com, to attribute traffic and calculate commissions in a privacy-conscious manner.
• Advertising networks and analytics providers, where permitted by law and subject to your cookie/marketing choices.

Regulators, Authorities, and Dispute Bodies

• Regulatory or governmental authorities, courts, law enforcement agencies, and dispute resolution bodies where we are legally required or reasonably consider it necessary to comply with legal or regulatory obligations.
• Any competent authority in relation to AML, fraud, or responsible gambling investigations, where applicable.

Corporate Transactions

• Prospective or actual buyers, investors, or successors in the event of a merger, acquisition, reorganisation, or sale of assets, provided that we take reasonable steps to ensure that your privacy is protected.

General Safeguards

• We require service providers to use your personal data only for specified purposes and in accordance with our instructions and applicable data protection laws.
• We implement contractual and technical safeguards designed to protect your information when it is shared.

International Transfers

OBSERVE: Oz2win Casino uses partners, hosts data, and processes transactions in multiple jurisdictions, including outside Australia. Claims of Curaçao licensing and use of RTG and other international platforms further indicate cross-border data flows.

EXPAND: We need to explain where data may be processed, which categories of partners may receive it, and what measures are taken to protect it, even where specific legal frameworks (such as EU SCCs) may not be formally required for AU players.

REFLECT: We therefore adopt internationally recognised safeguards where feasible and aim for comparable levels of protection regardless of location.

Regions Involved

• Servers and operational infrastructure may be located in data centres in the European Union/European Economic Area (EU/EEA), Curaçao or other Caribbean jurisdictions, and other locations used by our technical or payment providers.
• Payment processors and banking partners may process data in their own jurisdictions, which can include the EU/EEA, the United Kingdom, North America, and Asia-Pacific regions.

Protection Measures

• Where we transfer personal data from a jurisdiction with recognised data export rules (such as the EU/EEA), we seek to rely on appropriate safeguards such as:
  • Standard contractual clauses (SCCs) approved by the European Commission or equivalent instruments; and/or
  • Contractual obligations requiring the recipient to maintain data security and confidentiality and to process data only as instructed.
• We limit access to personal data to those employees, contractors, and partners who need such access for the purposes set out in this Privacy Policy.

By using the Website, you understand that your personal information may be transferred to, stored, and processed in countries outside your country of residence, which may have different data protection rules than your country.

Data Retention

OBSERVE: Gambling and financial services are subject to minimum record-keeping periods, especially for AML and transaction data. At the same time, privacy principles call for storage limitation and deletion once data is no longer needed.

EXPAND: We define retention periods based on category and purpose, taking into account statutory limitations, AML requirements, and operational needs such as dispute handling.

REFLECT: We strive to keep your data only for as long as necessary and then delete or irreversibly anonymise it.

General Principles

• We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting, or reporting requirements.
• After expiry of the relevant period, we will securely delete, anonymise, or aggregate the data so that it no longer identifies you.

Indicative Retention Periods

• Account and identity data: Typically retained for up to 5 years after account closure, or longer if required by AML, fraud prevention, or other legal obligations.
• Transaction and payment records: Typically retained for 5 - 7 years after the transaction date to meet financial and AML record-keeping obligations and to resolve any disputes.
• Gameplay and betting history: Typically retained for 5 years after account closure, or longer where reasonably necessary to defend legal claims or comply with law.
• Marketing data: Retained until you opt out of marketing, plus a reasonable period (e.g. up to 2 years) to document and respect your choice.
• Technical logs and security data: Retained for 6 - 24 months depending on the log type, unless needed longer for security investigations or legal proceedings.

Deletion Criteria

• The data is no longer necessary for the purposes for which it was collected.
• Applicable retention periods or statutory limitation periods have expired.
• You have exercised a valid right to erasure and we have no overriding legal basis to continue processing.

Your Rights

OBSERVE: While this Website targets Australian players, international standards - including EU GDPR-style rights - influence expectations and some partner requirements. The brief also refers to Mexican privacy law alignment.

EXPAND: We therefore describe a full set of data subject rights (access, rectification, erasure, restriction, objection, portability, and consent withdrawal) and adopt response standards modelled on GDPR (typically 30 days) and comparable regimes.

REFLECT: Exercising these rights is subject to verification of your identity and to legal limitations (e.g. AML retention duties). We handle requests in a consistent and free-of-charge manner unless they are manifestly unfounded or excessive.

Right of Access

• You can request confirmation of whether we process your personal data and obtain a copy of that data, together with information about how we use it.

Right to Rectification

• You can ask us to correct or complete inaccurate or incomplete personal data (for example, if your contact details or address have changed).

Right to Erasure ("Right to be Forgotten")

• You can request deletion of your personal data where:
  • It is no longer necessary for the purposes for which it was collected; or
  • You withdraw consent (where consent was the legal basis) and there is no other legal ground to continue processing; or
  • You validly object to processing; or
  • The data was unlawfully processed.
• We may not be able to delete data where we must retain it to comply with AML, financial, or other legal obligations or to establish, exercise, or defend legal claims.

Right to Restriction of Processing

• You can request that we limit the processing of your personal data (for example, pending verification of its accuracy or where you have objected to our use of it).

Right to Object

• You can object at any time to:
  • Processing based on our legitimate interests (for reasons relating to your particular situation); and
  • Processing for direct marketing purposes (including profiling related to direct marketing). If you object to marketing, we will stop using your data for that purpose.

Right to Data Portability

• Where technically feasible and where processing is based on your consent or on a contract and carried out by automated means, you can request that we provide your personal data in a structured, commonly used, and machine-readable format or that we transfer it to another controller of your choice.

Right to Withdraw Consent

• Where we rely on your consent (for example, for certain marketing communications or some cookies), you may withdraw that consent at any time.
• Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.

Procedures, Timeframes, and Cost

• How to exercise your rights:
  • Contact us via email at [email protected] (recommended channel for privacy requests); or
  • Use any other contact method indicated on https://oz2win-aussie.com clearly stating that your request concerns data protection.
• Verification: We may require proof of identity and additional information to ensure that we do not disclose data to an unauthorised person.
• Response time: We aim to respond to all valid requests within 30 days of receipt. If your request is complex or we receive many requests, this period may be extended by a further 30 days. We will inform you if an extension is needed and explain why.
• Cost: Requests are handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly where they are repetitive.

References in this section to GDPR-style rights and to comparable regimes (such as Mexican data protection concepts) are provided to ensure a high and consistent standard of protection. They do not by themselves indicate that any particular foreign law applies directly to your relationship with Oz2win Casino.

Cookies & Tracking Technologies

OBSERVE: Cookies are integral to session security, game performance, and analytics for an AU-facing casino, while advertising and affiliate tracking often rely on third-party tools.

EXPAND: We distinguish between types of cookies, explain purposes, and outline how players can manage preferences both via their browser and, where available, via internal tools.

REFLECT: This supports transparency and offers meaningful control without compromising essential functionality.

Types of Cookies We Use

• Session cookies: Temporary cookies that remain on your device only while your browser is open and are automatically deleted when you close it. They are used to maintain your logged-in status, keep your session secure, and allow gameplay continuity.
• Persistent cookies: Remain on your device for a period of time or until you delete them. They remember your preferences (such as language, currency, and site settings) and help us recognise you on return visits.
• First-party cookies: Set directly by oz2win-aussie.com for core functionality, security, and basic analytics.
• Third-party cookies: Set by external providers (e.g. analytics platforms, affiliate tracking tools, and, where used, advertising networks) to help us understand traffic patterns and measure campaign performance.

Purposes of Cookies

• Strictly necessary / functional: Required for the Website and games to function correctly, including login, account management, transaction processing, and security features (e.g. fraud detection).
• Performance and analytics: Help us measure and improve the performance of the Website by collecting aggregated information about how players use and navigate the site.
• Advertising and marketing (where applicable): Used to deliver and measure promotional campaigns, avoid showing the same ad repeatedly, and - where permitted - tailor marketing content.

Managing and Disabling Cookies

• Browser settings: Most web browsers allow you to:
  • Refuse some or all cookies;
  • Receive a notification when a cookie is set; or
  • Delete existing cookies.
  Please refer to your browser's help section for detailed instructions.
• Internal tools: Where available, you may use cookie or privacy settings offered within your Oz2win account or on the Website to adjust non-essential cookie preferences.
• Impact of disabling cookies: If you disable or reject certain cookies, some features of the Website or games may not function correctly, and your user experience may be degraded.

Data Security

OBSERVE: Online gambling involves financial transactions and sensitive identity data, making robust information security essential.

EXPAND: We therefore explain our technical and organisational measures, referencing widely recognised standards and focusing on encryption, access control, monitoring, and incident response.

REFLECT: While no system can be entirely risk-free, we implement layered safeguards designed to reduce the risk of unauthorised access, loss, or misuse of your data.

Technical Measures

• Encryption in transit: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher to reduce the risk of interception.
• Encryption at rest: Sensitive personal and financial data is stored using strong encryption or equivalent pseudonymisation techniques where appropriate.
• Access controls: Access to personal data is restricted on a need-to-know basis and protected by robust authentication mechanisms; multi-factor authentication is used for selected administrative systems.
• Network and system security: Firewalls, intrusion detection/prevention systems, and other security tools are used to monitor and protect our infrastructure.

Organisational Measures

• Policies and training: Staff with access to personal data receive training on data protection, confidentiality, and security obligations and are subject to internal policies governing acceptable use and data handling.
• Vendor management: We assess key service providers for their security posture and require appropriate safeguards through contractual obligations.
• Security reviews: We conduct periodic internal reviews and, where relevant, work with external experts to test and improve our security controls. The underlying software platforms (such as RTG) are subject to testing and certification by independent bodies like TST/GLI at the platform level.

Incident Response

• We have procedures in place to detect, investigate, and respond to suspected data breaches or security incidents.
• Where required by law, we will notify relevant authorities and affected individuals of a qualifying data breach without undue delay, including details of what happened and steps taken in response.

We aim to align our security practices with internationally recognised standards (such as ISO 27001 or SOC 2 principles) where applicable, although formal certification for Oz2win Casino itself is not specifically confirmed by the information available.

Complaints & Contacts

OBSERVE: Effective privacy protection requires clear, accessible channels to raise questions or concerns and, where necessary, to escalate complaints to supervisory authorities.

EXPAND: We outline internal steps (contacting our privacy team) and external recourse options modelled on international norms, even though the precise competent authority may depend on your location.

REFLECT: Our goal is to resolve issues directly wherever possible, while acknowledging your right to contact regulators.

Contacting Us

• Primary privacy contact (recommended): [email protected]
• General enquiries: [email protected]
• Payments-related issues that may involve personal data: [email protected]

Internal Complaint Procedure

1. Submission: Send a clear description of your concern, including relevant dates, account details, and any supporting evidence, to [email protected], stating that your message is a "Privacy Complaint".
2. Acknowledgement: We will aim to acknowledge receipt of your complaint within 5 business days.
3. Investigation: Our Privacy & Compliance Team will review your complaint, gather necessary information, and may contact you for clarification.
4. Response: We aim to provide a substantive written response within 30 days of receiving your complete complaint. If more time is needed due to complexity, we will inform you of the delay and the expected new timeframe.

External Escalation

If you are not satisfied with our response, you may have the right to lodge a complaint with a competent data protection or privacy authority in your country of residence. The appropriate authority depends on your location. For example:

• Australia: Office of the Australian Information Commissioner (OAIC) - see https://www.oaic.gov.au for current contact details.
• European Economic Area (if applicable to you): Your local supervisory authority for data protection.

References to "Mexican data protection authority" in the brief guiding this document reflect alignment with international privacy standards; they do not necessarily indicate that Mexican law or supervisory bodies have jurisdiction over Oz2win Casino. If you reside in Mexico, you may consult the competent authority in your jurisdiction (for example, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) for up-to-date guidance on lodging a complaint.

Updates

OBSERVE: Privacy practices evolve over time due to legal changes, technological developments, and operational updates (including new payment methods or jurisdictions).

EXPAND: We therefore require a structured update and notification process, version tracking, and reasonable advance notice for material changes affecting users.

REFLECT: This section explains how we will communicate changes and the options available to you.

Changes to This Privacy Policy

• We may update this Privacy Policy from time to time to reflect changes in law, technology, our business operations, or for other legitimate reasons.
• All changes will be posted on https://oz2win-aussie.com with a revised "Last updated" date.

Notification of Material Changes

• Where changes are material - for example, if we introduce new types of processing, change the way we use your data in a significant manner, or significantly expand data sharing - we will take additional steps to inform you, which may include:
  • Sending an email notification to the address associated with your account;
  • Displaying a prominent banner or notice on the Website; and/or
  • Providing an in-account notification or dashboard alert.
• Where reasonably practicable and required by applicable law, we will provide at least 30 days' advance notice of material changes before they take effect for existing players.

Your Options

• If you do not agree with the updated Privacy Policy, you may choose to stop using the Website and request account closure.
• Continued use of the Website after the effective date of the updated Privacy Policy will constitute your acceptance of the changes, to the extent permitted by applicable law.

Last updated: January 2026