Privacy Policy

This Privacy Policy explains how personenbezdata is collected, used, stored, and disclosed when you visit or use the online casino services offered under the brand Bitstarz on the website bitstarzbet-au.com (referred to in this document as "Bitstarz", "we", "us", or "our"). It applies to all visitors to our website and all registered players accessing our services from Australia and any other permitted locations.

This Privacy Policy is effective as of 1 January 2026 and governs our processing of personal information from that date onwards, unless superseded by a later version as described in the "Updates" section below.

Who We Are

OBSERVE: Bitstarz must clearly identify the legal entities responsible for personal data processing, including licensing, registered addresses, and key contacts.

EXPAND: We incorporate the Curaçao-registered operator, the Cyprus-based payment processor, and dedicated contact channels, to provide transparency consistent with Australian privacy expectations and international standards.

REFLECT: The following information explains who controls your data and how you can contact us.

3. Operator and Contact Details

Operator and Data Controller

• Legal entity: Dama N.V.
• Legal form: Public limited company (N.V.) incorporated under the laws of Curaçao
• Registration number: 152125
• Registered and legal address: Scharlooweg 39, Willemstad, Curaçao
• Role: Owner and operator of the Bitstarz brand and the website bitstarzbet-au.com, including the provision of online gambling services to Australian players on an offshore basis.

Payment Processing Subsidiary

• Entity: Friolion Limited
• Legal form: Limited company incorporated in Cyprus
• Address: Leandrou, 12A 3086, Limassol, Cyprus
• Role: Acts as a payment processing agent on behalf of Dama N.V. for certain fiat payment methods (including card payments and bank transfers).

Licensing Information

• Gaming licence holder: Dama N.V.
• Licence number: 8048/JAZ2020-013 (sub-licence under Master Licence 8048/JAZ)
• Licensing authority: Antillephone N.V., authorised by the Government of Curaçao
• Licence status: Valid and subject to transition to the Curaçao Gaming Control Board (GCB) under the LOK framework, with validity extended at least until 31 December 2026.

Data Protection Contact

• Primary contact for privacy matters (Data Protection Contact/Data Protection Department):
• Email (primary): [email protected] (please include "Privacy request" in the subject line)
• Email (alternate/general): [email protected]
• Website: https://bitstarzbet-au.com

While we may not be required to formally appoint a Data Protection Officer under all applicable laws, we maintain an internal data protection function responsible for overseeing compliance with this Privacy Policy and responding to privacy-related inquiries.

What Personal Data We Collect

OBSERVE: Operating an online casino like Bitstarz via bitstarzbet-au.com requires identifying players, processing payments, securing accounts, and meeting anti-fraud and AML obligations.

EXPAND: To achieve this, we collect several categories of information, from basic contact details to technical and behavioural data, including information derived from cookies and tracking technologies.

REFLECT: Below we describe the main data categories we process and provide non-exhaustive examples of each.

1. Identification and Contact Data

• Full name, date of birth, gender (where provided), nationality.
• Residential address, billing address, country of residence.
• Email address, telephone/mobile number, preferred language.
• Account username, profile information, communication preferences.

2. Verification and KYC/AML Data

• Copies or details of identity documents (e.g., passport, national ID card, driving licence).
• Proof of address documents (e.g., utility bills, bank statements).
• Source-of-funds or source-of-wealth information where required.
• Results of checks against sanctions, politically exposed person (PEP) and risk databases, where applicable.

3. Account and Gaming Data

• Account registration date, login history, account status and security settings.
• Betting and gaming history, including games played, session times, stakes, wins, losses and bonuses used.
• Transaction history (deposits, withdrawals, chargebacks, refunded transactions, applied limits and self-exclusion events).
• Interactions with customer support (including live chat logs, emails and complaint records).

4. Payment and Financial Data

• Partial payment card details (masked PAN), card type, cardholder name, expiry date (where necessary for processing).
• Bank account or IBAN details, payment instrument identifiers, wallet identifiers (e.g., e-wallet, crypto wallet where applicable).
• Transaction identifiers, payment provider references, confirmation codes, and chargeback information.
• Billing currency, amounts and timestamps associated with each transaction.

5. Technical and Device Data

• IP address, approximate geolocation derived from IP, and VPN/proxy detection signals.
• Device identifiers (such as device ID, operating system, browser type and version, screen resolution, language settings).
• Log data relating to access times, pages viewed, referral URLs, clickstreams, crash logs and performance statistics.

6. Behavioural and Usage Data

• Click behaviour on the website, navigation paths, session duration and interactions with specific features.
• Marketing engagement metrics (e.g., email open rates, link clicks, campaign responses).
• Risk indicators derived from play patterns to support responsible gambling, anti-fraud and AML monitoring.

7. Cookies and Similar Technologies Data

• Unique cookie identifiers and tags associated with your browser or device.
• Information collected by analytics tools (e.g., pages visited, time spent, conversion events).
• Information collected by advertising or affiliate tracking technologies, where enabled and consented to.

8. Optional and Communication Data

• Information you voluntarily provide in surveys, feedback forms, promotions or competitions.
• Content of messages sent through contact forms, email or live chat, including attachments.
• Preferences regarding communication channels, language, game categories and promotional frequency.

Legal Basis for Processing

OBSERVE: As an offshore casino serving Australian players, Bitstarz must process data in line with recognised privacy principles such as those reflected in the Australian Privacy Principles and international standards (e.g., GDPR-style lawful bases).

EXPAND: Data is processed because it is necessary to perform our contract with you, comply with legal and regulatory duties (including KYC/AML and gambling regulations), pursue legitimate business interests, and, where appropriate, on the basis of your consent.

REFLECT: The main legal grounds for processing your personal data are:

1. Performance of a Contract

• To create and manage your player account on bitstarzbet-au.com.
• To verify your eligibility to use our services, including age and location checks.
• To process deposits, bets, game participation and withdrawals.
• To provide customer support, handle queries and resolve technical issues.
• To enforce our Terms and Conditions, including bonus rules and wagering requirements.

2. Compliance with Legal and Regulatory Obligations

• To meet anti-money laundering (AML) and counter-terrorist financing (CTF) requirements, including customer due diligence and transaction monitoring.
• To fulfil record-keeping obligations imposed by our Curaçao licence and any other applicable regulatory authority.
• To respond to lawful requests from law enforcement, courts and regulators.
• To ensure responsible gambling measures, such as self-exclusion, limits, and monitoring for problematic behaviour.

3. Legitimate Interests

• To maintain the security and integrity of our platform, detect and prevent fraud, abuse, collusion, money laundering, bonus misuse and other prohibited activities.
• To protect our rights, property and interests, including the recovery of debts and the defence of legal claims.
• To analyse website performance and user behaviour in order to improve our products, services and user experience.
• To conduct internal reporting, risk management, auditing and business planning.
• To personalise content, game recommendations and non-intrusive service-related communications.

4. Consent

• For sending direct electronic marketing communications (such as promotional emails or SMS) where required by law.
• For the use of non-essential cookies and similar technologies (e.g., advertising or advanced analytics cookies) depending on your cookie preferences.
• For participation in optional surveys, competitions or certain promotional activities that involve additional data processing.

You may withdraw your consent at any time where processing is based solely on consent, without affecting the lawfulness of processing carried out before withdrawal.

Purpose of Processing

OBSERVE: Each category of data collected by Bitstarz via bitstarzbet-au.com serves specific operational, security and compliance-related functions.

EXPAND: To deliver a safe and legally compliant online casino experience, we must link your information to defined purposes, including service provision, regulatory compliance, marketing and analytics.

REFLECT: We process your personal data for the following main purposes:

• Provision of Casino Services
  • Setting up and maintaining your player account and profile.
  • Allowing you to access and participate in games, tournaments and promotions.
  • Processing deposits, in-game transactions and withdrawals.
  • Providing multilingual customer support and resolving complaints.
• Regulatory Compliance and Risk Management
  • Conducting identity verification, age checks and KYC/AML assessments.
  • Monitoring transactions and gaming activity to detect suspicious patterns.
  • Recording and evidencing compliance with licensing and statutory obligations.
• Security and Fraud Prevention
  • Protecting accounts against unauthorised access and credential compromise.
  • Preventing collusion, chargebacks, multi-accounting and bonus abuse.
  • Maintaining system logs and technical safeguards to detect and respond to security incidents.
• Service Improvement and Analytics
  • Analysing gameplay and usage behaviour to optimise site performance and usability.
  • Developing new games, features and functionalities based on aggregated data.
  • Measuring the effectiveness of marketing campaigns and site content.
• Marketing and Personalisation
  • Sending promotional offers, bonuses and newsletters, where permitted.
  • Customising game recommendations and promotional content based on your preferences and activity.
  • Managing opt-in/opt-out marketing settings and preferences.
• Customer Relationship Management
  • Recording communications with you for training, quality assurance and dispute handling.
  • Handling feedback, surveys and loyalty program participation.
• Legal Defence and Enforcement
  • Maintaining evidence necessary to handle legal claims, regulatory investigations or audits.
  • Enforcing our Terms and Conditions and protecting our rights and those of our partners and other players.

Disclosure & Sharing

OBSERVE: Online gambling operations rely on a network of service providers, financial institutions and regulatory bodies, requiring controlled information sharing.

EXPAND: Any disclosure by Bitstarz through bitstarzbet-au.com must be limited to what is necessary, subject to confidentiality and appropriate safeguards, particularly for cross-border transfers.

REFLECT: We will not sell your personal data. We may share it only as described below.

• Group Companies and Affiliates
  • With Dama N.V. and its subsidiaries, including Friolion Limited, for payment processing, risk management, internal reporting and support services.
  • With other entities under common ownership or control as necessary for centralised functions and consistent service provision, subject to contractual safeguards.
• Payment Service Providers and Financial Institutions
  • With banks, card schemes, e-wallet providers, payment gateways and crypto processors to facilitate deposits, withdrawals and refunds.
  • This may include transfer of transaction identifiers, limited card details, account numbers, payer/payee details and risk/fraud flags.
• Technology and Infrastructure Providers
  • With hosting providers, cloud service providers, content delivery networks (CDNs) and security vendors who support the technical operation and protection of bitstarzbet-au.com.
  • With providers of email, SMS and customer support platforms, live chat, analytics and crash reporting tools.
• Game and Platform Providers
  • With game studios or platform partners who provide gaming content integrated into our casino, when necessary to operate and audit game sessions, resolve technical issues or satisfy regulatory checks.
• Regulators, Law Enforcement and Authorities
  • With the Curaçao licensing authority, the Curaçao Gaming Control Board and other regulators or competent authorities where required or permitted by law.
  • With law enforcement or courts in response to lawful requests, investigations, court orders or legal processes.
• Professional Advisors
  • With lawyers, auditors, consultants and other professional advisors who are subject to confidentiality obligations and require access for advisory, audit or dispute-resolution purposes.
• Marketing, Affiliates and Advertising Networks
  • With affiliates who refer players to bitstarzbet-au.com to attribute traffic and calculate commissions, using tracking identifiers and limited data.
  • With selected marketing and advertising partners, including newsletter platforms and advertising networks, where permitted by law and, where required, based on your consent.
• Business Transfers
  • In the context of a merger, acquisition, reorganisation, sale of assets or similar corporate transaction, your data may be disclosed to potential or actual acquirers or their advisers, subject to confidentiality commitments.

Whenever we share data with third-party processors, we ensure they process it only according to our instructions, use appropriate technical and organisational measures and comply with applicable data protection requirements.

International Transfers

OBSERVE: Bitstarz, operated by Dama N.V. in Curaçao, inherently involves cross-border data flows between Curaçao, Cyprus, infrastructure locations and players' countries, including Australia.

EXPAND: Although some jurisdictions (such as EU Member States) are subject to specific transfer regimes (e.g., Standard Contractual Clauses), our general approach is to apply comparable contractual and technical safeguards to all cross-border transfers.

REFLECT: We aim to protect your information consistently, regardless of where it is processed.

17. Locations of Processing and Transfers

• Your personal data may be processed and stored in:
  • Curaçao (principal place of business of Dama N.V. and licensing jurisdiction).
  • Cyprus (location of Friolion Limited and certain payment and support operations).
  • European Union/European Economic Area countries (where some technology providers, game providers or hosting facilities are based).
  • Other countries where our carefully selected third-party service providers or data centres are located, which may include locations such as the United States, the United Kingdom or other regions, subject to appropriate safeguards.

Safeguards for Cross-Border Transfers

• Where required by applicable data protection frameworks, we implement:
  • Standard Contractual Clauses or analogous contractual instruments that contractually require recipients to protect your data to standards comparable to those found in leading privacy regimes.
  • Technical safeguards such as strong encryption in transit and at rest, access controls and pseudonymisation where appropriate.
  • Organisational safeguards including internal policies, staff training and restricted access on a need-to-know basis.
• By using our services, you acknowledge that your data may be transferred and processed outside your country of residence, including in countries that may have different data protection laws than your own. In all cases we take reasonable steps to ensure your data is handled securely and in accordance with this Privacy Policy.

Data Retention

OBSERVE: Regulatory and AML requirements applicable to online casinos operating from Curaçao, combined with good industry practice, require retention of certain records for defined minimum periods.

EXPAND: At the same time, privacy principles require that data is not kept for longer than necessary for the purposes for which it was collected.

REFLECT: We apply specific retention schedules and then securely delete or anonymise data.

• Player Account and Identification Data
  • Core account and KYC/AML information (e.g., name, contact details, identity documents, proof of address, KYC records) is typically retained for the duration of your active account and for at least five (5) years after account closure or last transaction, whichever occurs later, to meet legal obligations and for the establishment, exercise or defence of legal claims.
• Gaming and Transaction Data
  • Betting history, game logs, transaction records and related financial data are generally retained for a minimum of five (5) years after the relevant transaction or account closure, in line with AML and licensing requirements.
• Technical Logs and Security Data
  • Server logs, security event logs and device-related information are normally kept for up to two (2) years, unless a longer period is required for security incident investigation or legal reasons.
• Marketing and Communication Data
  • Marketing preference data is kept as long as you remain opted in and for a limited period thereafter to demonstrate compliance with consent and opt-out requests.
  • Copies of marketing communications and associated engagement metrics are typically retained for up to three (3) years, unless a different period is required by law.
• Customer Support and Complaint Records
  • Support transcripts, complaints and dispute records are retained for up to five (5) years after closure of the case, or longer where necessary for legal or regulatory purposes.
• Aggregated and Anonymised Data
  • Data that has been permanently anonymised (so it can no longer be linked to an identifiable individual) may be retained indefinitely for statistical, analytical or business planning purposes.

When retention periods expire, we will either delete your personal data securely or irreversibly anonymise it. We may retain certain minimal information (such as email address and a note about self-exclusion or opt-out) for longer if strictly necessary to comply with responsible gambling and marketing suppression obligations.

Your Rights

OBSERVE: While our core operations are governed by Curaçao law and international standards, we recognise rights comparable to those under the EU General Data Protection Regulation (GDPR) and, where relevant, similar principles adopted in other jurisdictions.

EXPAND: For Australian players accessing bitstarzbet-au.com, we apply high-level privacy safeguards, including transparency, access, correction, erasure, restriction, portability, and objection rights, as well as the ability to withdraw consent for marketing.

REFLECT: The following rights are subject to applicable legal limitations and our regulatory obligations.

• Right of Access
  • You may request confirmation as to whether we process your personal data and obtain a copy of key data we hold about you, along with relevant information about how we use it.
• Right to Rectification
  • You may request correction of inaccurate or incomplete personal data. In many cases, you can update certain details directly via your account settings.
• Right to Erasure ("Right to be Forgotten")
  • You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected or where you have withdrawn consent (where processing is based on consent) and there is no other legal basis for processing.
  • This right is subject to legal and regulatory obligations requiring us to retain certain data for specified periods (for example, AML and licensing requirements).
• Right to Restrict Processing
  • You may request that we restrict processing of your data in certain circumstances, such as when you contest its accuracy or object to processing based on legitimate interests, pending verification.
• Right to Object
  • You may object at any time to the processing of your personal data for direct marketing, in which case we will stop such processing.
  • You may also object to processing based on our legitimate interests, on grounds relating to your particular situation, unless we demonstrate compelling legitimate grounds that override your interests or the processing is required for legal claims.
• Right to Data Portability
  • Where technically feasible and where the legal conditions are met, you may request that we provide certain personal data you have provided to us in a structured, commonly used and machine-readable format, or request that we transmit it directly to another controller.
• Right to Withdraw Consent
  • Where we rely on your consent (for example, to send marketing communications or to set non-essential cookies), you have the right to withdraw that consent at any time through your account settings, via unsubscribe links or by contacting us.

Procedures, Timeframes and Cost

• Requests to exercise your rights should be submitted via email to [email protected] or [email protected] with the subject line "Privacy request".
• We may ask you to provide information necessary to verify your identity before fulfilling your request, particularly for access, portability or deletion requests.
• We aim to respond to all valid requests within 30 days of receipt. In complex cases or where we receive numerous requests, this period may be extended by a further reasonable period as permitted by law; if so, we will notify you of the extension and reasons.
• We do not generally charge a fee for handling your requests. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly if they are repetitive.

Please note that your rights are not absolute. If we cannot comply with a request due to overriding legal obligations, compelling legitimate grounds, or the need to protect the rights and freedoms of others, we will explain this to you in our response.

Cookies & Tracking Technologies

OBSERVE: Bitstarz uses cookies and similar technologies on bitstarzbet-au.com to maintain sessions, secure accounts, analyse usage and, where allowed, deliver targeted marketing.

EXPAND: These technologies record information that may be linked with your account and device. Their use must be transparent and controllable by you where the law requires consent.

REFLECT: By managing your cookie preferences, you can influence how your data is collected for non-essential purposes.

Types of Cookies We Use

• Strictly Necessary (Functional) Cookies
  • Required for the website to function properly, for example to log in, manage sessions, process payments and maintain security features.
  • These cookies are usually set in response to actions made by you and cannot be disabled via our cookie banner, although you can configure your browser to block them (which may impact site functionality).
• Preference Cookies
  • Store your choices such as language, region, display settings and cookie preferences.
  • Help us provide a more personalised experience without requiring you to re-enter settings each time you visit.
• Analytics and Performance Cookies
  • Collect aggregated information on how visitors use bitstarzbet-au.com, such as pages visited, time spent, navigation paths and error messages.
  • Used to improve website performance, identify problems and optimise user experience.
• Advertising and Affiliate Cookies
  • Used to deliver and measure marketing campaigns, track referrals from affiliate partners and prevent fraud.
  • May be placed by us or by carefully selected third parties (e.g., affiliate networks or advertising providers) with whom we cooperate.

Session vs. Persistent Cookies

• Session cookies are temporary and are deleted when you close your browser.
• Persistent cookies remain on your device for a defined period or until you delete them manually and are used to remember your preferences and recognise you when you return.

Managing Cookies

• You can manage or disable cookies by adjusting your browser settings (e.g., blocking all cookies, allowing only first-party cookies or deleting cookies when you close your browser).
• Some browsers allow you to send a "Do Not Track" signal; we may not respond to such signals consistently due to the absence of an industry standard, but you can still manage cookies directly via your browser or any cookie banner or preference centre we provide.
• Disabling certain cookies may adversely affect the functionality and performance of bitstarzbet-au.com and may prevent you from using some features or services.

Data Security

OBSERVE: As an online gambling operator, Bitstarz processes sensitive financial and behavioural data, which requires robust technical and organisational security measures.

EXPAND: Security must cover data in transit and at rest, access management, monitoring, incident response and staff training, aligned with recognised standards such as ISO 27001 and SOC 2 where applicable.

REFLECT: While no system is absolutely secure, we commit to applying industry-standard measures to protect your information.

5. Our Security Measures

• Encryption and Transmission Security
  • Data exchanged between your browser and bitstarzbet-au.com is protected using Transport Layer Security (TLS) version 1.2 or higher, including strong cipher suites and certificate validation.
  • Sensitive information such as passwords is stored using industry-standard hashing algorithms and, where appropriate, additional encryption.
• Data Encryption at Rest
  • We use encryption technologies and secure storage mechanisms to protect key categories of personal and financial data when stored on our servers or those of our trusted providers.
• Access Controls and Authentication
  • Access to personal data is restricted to authorised personnel and service providers who need it for their job functions and are bound by confidentiality obligations.
  • We implement role-based access controls, strong authentication policies and, where available, support multi-factor authentication mechanisms.
• Network and System Security
  • We employ firewalls, intrusion detection/prevention systems, anti-malware solutions and security monitoring tools to protect our infrastructure.
  • Systems are regularly updated and patched to address security vulnerabilities.
• Monitoring, Audits and Testing
  • We conduct periodic security reviews and assessments, which may include internal and external audits, vulnerability scans and penetration testing.
  • We review access logs and security events to detect unusual or suspicious activity.
• Staff Training and Policies
  • Employees and contractors with access to personal data receive periodic training on information security and data protection responsibilities.
  • We maintain internal policies and procedures governing data handling, acceptable use, incident response and confidentiality.
• Incident Response
  • We maintain procedures to identify, assess and respond to suspected data breaches or security incidents.
  • Where required by applicable law, we will notify relevant authorities and affected individuals without undue delay and provide information on remedial steps.

Although we implement appropriate safeguards, you are responsible for maintaining the confidentiality of your account credentials and ensuring that you use up-to-date security software and a secure internet connection when accessing our services.

Complaints & Contacts

OBSERVE: Players using bitstarzbet-au.com must have clear avenues to raise privacy concerns and complaints and to contact the operator.

EXPAND: This includes internal escalation processes and, where applicable, options to contact regulators or data protection authorities in their jurisdiction.

REFLECT: We encourage you to contact us first so we can attempt to resolve your concerns directly.

21. How to Contact Us

• For general privacy questions and rights requests:
  • Email: [email protected]
  • Alternative email: [email protected]
• Postal correspondence (operator address):
  • Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Internal Complaint Procedure

1. Submission: Send us a detailed description of your concern or complaint, including relevant account information, to the email addresses listed above.
2. Acknowledgement: We will normally acknowledge receipt of your complaint within 5 business days.
3. Investigation: Our data protection or compliance team will investigate the matter, which may involve contacting you for additional information.
4. Response: We aim to provide a substantive response within 30 days of receiving your complete complaint. Where this is not possible due to complexity, we will inform you of any delay and provide an expected timeframe.
5. Escalation: If you are not satisfied with our response, you may request that your complaint be escalated to a higher management or compliance level within the organisation.

External Recourse

If you remain dissatisfied after exhausting our internal process, you may have the right to lodge a complaint with a data protection or privacy authority in your place of residence or in the jurisdiction where you believe an infringement has occurred. Contact details will vary depending on your country. As an offshore operator licensed in Curaçao, our primary regulatory contacts relate to gaming regulation; however, for privacy-specific matters you may consult your local privacy regulator or ombudsman for guidance.

Updates

OBSERVE: Legal, regulatory and operational changes may require periodic updates to this Privacy Policy.

EXPAND: To maintain transparency for players using bitstarzbet-au.com, we provide notice of significant changes and allow time to review them.

REFLECT: Continued use of our services after changes take effect signifies your acceptance of the updated Policy.

30. Policy Changes and Notifications

• Version Control and Last Updated Date
  • This Privacy Policy is version 1.0, last updated on 1 January 2026.
  • We will indicate the date of the latest update at the top of this document.
• Notification Methods
  • We may notify you of material changes by:
    • Sending an email to the primary email address registered on your bitstarzbet-au.com account.
    • Displaying prominent notices or banners on the website or within your account dashboard.
    • Requesting active acknowledgement (e.g., clicking "I agree") for significant updates affecting your rights or obligations.
• Advance Notice for Significant Changes
  • For material changes that significantly affect your rights, we will, where reasonably practicable, provide at least 30 days' advance notice before the changes become effective.
  • In urgent situations (for example, to comply with legal or regulatory requirements or to address security issues), changes may take effect more quickly, and we will inform you as soon as reasonably possible.
• Your Options
  • If you do not agree with the updated Privacy Policy, you may choose to stop using our services and, if you are a registered player, request account closure in accordance with our Terms and Conditions.
  • By continuing to use bitstarzbet-au.com after the effective date of the updated Policy, you acknowledge that you have read and understood the changes and agree to be bound by them.