Ozwin Casino Privacy Policy
This Ozwin privacy policy explains what personal information we collect, why we collect it, where it lives, and how long we keep it. The policy is written to align with the Australian Privacy Principles (APP1-APP13) set out in Schedule 1 to the Privacy Act 1988 (Cth). Where a section maps to a specific APP, the APP number is referenced inline so a reader can audit compliance lineage at a glance. Last updated: 2026-05-06.
1. About This Policy (APP1 - Open and Transparent Management)
Ozwin Casino ("we", "us", "our") operates an online casino service for adult players, including residents of Australia. We are bound by the Privacy Act 1988 in respect of personal information of Australian individuals collected in connection with our service. This policy is the open and transparent statement required by APP1.2.
If you have questions about this policy or our handling of your personal information, contact us via the Contact & Support page. The Privacy Officer reads every privacy enquiry tagged "Privacy" in the subject line.
2. What We Collect (APP3 - Solicited Personal Information)
We collect only the personal information reasonably necessary to operate the service.
| Category | Examples | When collected |
|---|---|---|
| Identity | Full name, date of birth, AU residential address, phone, email | At account registration |
| KYC documents | Driver's licence or passport, utility bill or bank statement under 90 days, selfie | At first withdrawal trigger |
| Financial | Deposit method details, transaction history, withdrawal destination | On every transaction |
| Behavioural | Game-play history, session length, deposit-limit settings, support tickets | Throughout your account life |
| Technical | IP address, browser fingerprint, device type, geolocation country, page interactions | On every visit |
We do not knowingly collect sensitive information as defined by APP1.4 (race, political opinion, religion, sexual orientation, health) and we ask that you do not submit it.
3. Why We Collect It (APP5 - Notification of Collection)
The lawful purposes for which we collect, hold and use your personal information are:
- Verifying your age and identity, so we comply with anti-money-laundering and counter-terrorism-financing (AML/CTF) obligations and our Curacao licence conditions.
- Operating your account - registering you, processing deposits and withdrawals, applying bonuses, calculating loyalty tier.
- Detecting fraud, multi-accounting, bonus abuse and collusion.
- Responding to your enquiries and complaints.
- Honouring your responsible-gambling settings, including self-exclusion requests.
- Sending service communications and, where you have consented, marketing communications which you can unsubscribe from at any time.
If we ever propose to use your personal information for a purpose materially different from those listed above, we will tell you and seek consent where APP6 requires it.
4. Where It Lives and Who Sees It (APP8 - Cross-Border Disclosure)
Personal information may be stored on infrastructure located outside Australia, including in the European Union and Curacao. By using the service you acknowledge cross-border transfer for the purposes set out above. We take reasonable steps under APP8.1 to ensure recipients of your information do not breach the APPs in relation to that information.
We disclose personal information only to:
- Our software provider (Realtime Gaming) for game integrity and fraud detection.
- Our payment processors and banking partners, strictly to execute the transactions you instruct.
- Our KYC verification provider, strictly to verify the documents you upload.
- Regulators and law-enforcement bodies where required by valid legal process.
- Our independent dispute-resolution partner where you escalate a complaint.
We do not sell your personal information.
5. How Long We Keep It
| Data type | Retention | Reason |
|---|---|---|
| Account profile | Active life of account + 7 years | AML/CTF Act 2006 record-keeping obligations |
| KYC documents | 7 years post account closure | AML/CTF Act 2006 |
| Transaction records | 7 years | Tax and regulatory record-keeping |
| Marketing consent records | Until withdrawn + 2 years | Spam Act 2003 evidentiary trail |
| Support tickets | 3 years from closure | Service quality review |
6. Your Rights and How to Exercise Them (APP12 - Access, APP13 - Correction)
Under APP12 you have the right to request access to the personal information we hold about you. Under APP13 you have the right to ask us to correct information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
To exercise these rights, send a Data Subject Access Request to our Privacy Officer via the contact page with subject line "Privacy - Access Request" or "Privacy - Correction Request". We commit to respond within 30 calendar days. Where we refuse access in part - for example, where granting access would reveal the personal information of another player - we will explain in writing why.
You may also request closure of your account at any time. Account closure removes your access to the service; data retention obligations described above continue to apply for the periods listed.
7. Cookies and Similar Tracking
We use a small number of cookies. Each is listed with its purpose and retention.
| Cookie | Purpose | Retention |
|---|---|---|
| session | Maintain your logged-in session | Session only |
| language | Remember your language and locale (en-AU) | 12 months |
| csrf-token | Anti-cross-site-request-forgery security | Session only |
| analytics | Aggregate page-view counts (no individual tracking) | 13 months |
| consent | Record your cookie consent choices | 12 months |
You can clear cookies in your browser at any time. Doing so will log you out of your account.
8. Security
We protect personal information using 128-bit SSL/TLS encryption in transit, encrypted-at-rest storage of KYC documents, role-based access controls inside our operations team, and routine vulnerability testing of the platform. No transmission over the internet can be guaranteed perfectly secure; we encourage you to use a strong, unique password and enable any second-factor authentication options offered.
9. Complaints (APP1.4)
If you believe we have breached the APPs, you may complain to the Privacy Officer in the first instance. We will acknowledge within 5 business days and aim to resolve within 30. If you remain unsatisfied, you may refer the matter to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
10. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top reflects the version in force. Material changes will be notified to registered players by email or in-account notice at least 14 days before they take effect.