Privacy Policy

1. General provisions and scope of application

This privacy policy governs how Vegazone Casino, in its capacity as data controller (the party that determines the purposes and means of processing personal data), collects and processes players’ personal data when they access and use the vegazonepokies.com for online gambling in the context of online gambling privacy. It applies to all data operations related to registration, maintenance of a gaming account, financial transactions and the use of additional services, regardless of the device and communication channel.

Data processing is organised having regard to the requirements of the Australian Privacy Act 1988 and the structure of the Australian Privacy Principles, of which 13 have currently been established, as well as the supervisory approaches of the OAIC as the competent regulator. Within casino data protection, we determine a specific lawful basis for processing for each category of information and record it in operational documentation to ensure that decisions can be verified during internal audit checks. To minimise regulatory risks, the principle of data minimisation is used, where only the amount of data necessary is requested for the purposes of: identifying and servicing the player in accordance with gambling rules; complying with Australian law, including financial monitoring; documenting risk management actions for at least 5 years.

By using the vegazonepokies.com, the player agrees to the application of this policy to their data.

2. Categories of personal data processed

Vegazone Casino processes player personal information as PII (personally identifiable information — data that can be used to uniquely identify a player). This includes the name, date of birth, contact details and account data that the user provides when registering on the vegazonepokies.com.

As part of the account registration details, sensitive information, identification documents, as well as technical and financial data sets such as geolocation data, IP address logs and payment transaction data may also be processed if this is required to configure the account and confirm transactions.

3. Purposes and legal bases for processing

The main data processing purposes are to enable Vegazone Casino to maintain the player’s account, process bets and payouts, and document key operations in the accounting systems of the vegazonepokies.com. At the same time, the data is used to configure services, cross-check financial records and confirm the player’s right to use the services under the applicable laws of Australia.

A separate block is formed by AML/CTF obligations, where information is used to meet anti-money laundering and counter-terrorism financing requirements in conjunction with customer due diligence and internal procedures for verifying sources of funds. As part of these procedures, KYC is applied (a customer identification procedure that includes systematic collection, storage and verification of documents, as well as comparing them with other available data). Fraud prevention measures and other methods of controlling the permissibility of operations are applied to prevent breaches and technical failures.

For internal risk control, data is included in risk assessment and covered by the established record-keeping requirements for at least 5 years.

4. Marketing, analytics and profiling

Vegazone Casino may use the player’s contact details provided when using the vegazonepokies.com to send marketing communications about services, promotions and changes to the rules. The frequency of such communications is limited by internal mailing parameters (for example, no more than 12 issues per month per address), and topic categories are defined in the account settings and in the operating procedures of the support service.

Profiling and analytics are used in parallel, where data about actions on the website is aggregated into anonymised and segmented reports. These reports are needed to assess interface usability, system load and the distribution of interest across different sections of the casino. In this context, an opt-out option is applied (the player’s ability to decline marketing communications by changing settings or contacting support), which is implemented via the communication channels specified in the contacts section.

Implementation of data subject rights in this block means that the player has the right to request information about which categories of data have been used for marketing segmentation and to request that such processing be restricted for specific communication channels. Records of these requests are kept for at least 2 years to document compliance with Australian law and for internal quality control of responses.

For some communications and analytics, Vegazone engages third-party service providers that supply tools for mailings, statistics and preference management. Their access to data is restricted to technical tasks and is formalised through data processing agreements, which include specific clauses on withdrawal of consent mechanisms, retention periods and the reporting format for operations performed with players’ contact data.

5. Cookies, tracking and technical logs

When visiting the vegazonepokies.com, Vegazone Casino uses cookies and tracking technologies (cookies are small text files in the browser that record technical session parameters and user choices). These tools help stabilise the connection, measure load and link specific actions to an anonymous technical profile.

Some settings are tied to security safeguards and are used together with encryption standards and pseudonymisation mechanisms so that statistics do not allow the player’s identity to be uniquely reconstructed. For transparency, we treat this as an element of legitimate interests, and we also record every access request for cookie data for at least 365 days in the request log.

6. Disclosure to third parties and cross-border transfer

Vegazone Casino may disclose personal data to a limited range of third parties where this is directly related to the operation of the vegazonepokies.com and the provision of services to the player. Each such party is designated as a data processor (an external recipient that processes data only in accordance with the casino’s documented instructions and is not permitted to use it for its own purposes).

This group includes payment organisations, hosting providers, communication tools, as well as specialised contractors for analytics and IT support. Any cross-border data transfer is formalised through contractual mechanisms that set out:

  •  the list of permitted data operations;
  •  the types of protection applied and role-based access restrictions;
  • the timeframes and format for deletion or return of data upon completion of services;
  • the procedure for providing copies of logs on request from the casino.

Interactions with regulatory authorities and other supervisory bodies are highlighted separately, where information is provided within the scope of the statutory powers of these bodies.

Data may also be disclosed in response to a law enforcement request if the request is made in the form prescribed by law and covers specific categories of information. In such cases, information is selected based on the principle of the minimum necessary volume and is additionally checked against internal anti-money laundering compliance policies to avoid including records that are not relevant to the subject matter of the official request and the current investigation.

7. Data retention periods and storage principles

Vegazone Casino sets a separate data retention period for each category of personal data (a defined period after which data must be deleted or anonymised in accordance with pre-established rules). The basic retention period for financial and KYC records is at least 5 years from the date of the last transaction on the account or from closure of the account on the vegazonepokies.com, arising from AML/CTF obligations and regulatory requirements.

Record-keeping requirements also apply, under which certain access logs and service correspondence may be retained for more than 7 years to provide documentary evidence of decisions taken. The principle of data minimisation is implemented through periodic reviews of data sets (at least once every 12 months) and removal of data that is no longer needed for reporting or for protecting the casino’s legitimate interests.

8. Player rights and how to exercise them

The player acts as a data subject (a person to whom the processed data relates directly or indirectly and who has a set of statutory rights in relation to that data). These rights apply to all information associated with the use of Vegazone Casino and the vegazonepokies.com, including registration data, activity history and correspondence with support. Rights are exercised by contacting support at [email protected], specifying the type of request and providing sufficient identity verification based on account data.

The standard list includes:

  • a request for a copy of the data held and a brief description of the purposes of processing;
  • a correction request for inaccurate or outdated information, with up-to-date data attached;
  • a request to restrict certain processing operations where they are not related to mandatory reporting;
  • an objection to the use of data for marketing mailings, with updated subscription status recorded;
  • the transfer of part of the data in a machine-readable format, where technically feasible.

For systematic recording of requests and monitoring of response times, a complaints handling process operates (an internal procedure for receiving, registering and reviewing data-related requests, including complaints), and information about each request is stored for at least 24 months. If a request is related to possible improper processing or a potential incident, it is further analysed for features of a data breach notification and, if necessary, escalated to those responsible for data security.

9. Security measures and incident management

Vegazone Casino implements data protection using a multi-layered model that includes network filters, infrastructure segmentation and access rights management. Every access to systems where player data on the vegazonepokies.com is stored is logged and matched to the staff member’s role. Operations related to changes in payment details and account settings are monitored separately.

Technical protection is built around encryption of communication channels and storage, regular software updates and independent vulnerability testing at least once every 12 months. A security incident (an event that has led or could lead to unauthorised access, alteration, leakage or blocking of data) is understood as any recorded access control failure or suspicious anomaly in the logs. In such situations, a notification, internal investigation and, where required, engagement with the competent authorities are carried out in accordance with the timeframes prescribed by law.