Privacy Policy

Last updated: March 28, 2026.

Introduction

This Privacy Policy explains how BonzaWin collects, uses, discloses, transfers, and protects your personal information when you access, create an account with, or otherwise use our online gaming platform (BonzaWin) in Australia. By using our website, services, or related functionality, you acknowledge that you have read and understood the practices described in this Privacy Policy and agree to the collection, use, and disclosure of your information as set out below. If you do not agree with this Privacy Policy, please do not access or use our services.

BonzaWin is committed to respecting your privacy and complying with applicable data‑protection laws in Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as international frameworks such as the EU General Data Protection Regulation (GDPR) where relevant to users in the European Economic Area (EEA). Where GDPR‑type obligations apply, you may also have certain individual rights under that Regulation, such as the right to access your data, request correction, or object to certain processing activities, subject to applicable law and legitimate security requirements related to anti‑fraud and licensing obligations.

Types of information we collect

We may collect two broad categories of information: personal information and non‑personal information.

Personal information

Personal information means any information that can be used to identify you, either directly or in combination with other data. The categories of personal information we may collect include:

• Identification and contact details: such as your full name, date of birth, gender, residential address, email address, phone number, and username or customer ID.
• Account and financial‑related information (for registered users): including your account details, username and password (hashed and encrypted), payment information (such as card details, bank‑account numbers, or alternative payment‑method identifiers entered via secure third‑party providers), withdrawal and deposit history, and transaction records.
• Identity and verification data: where required by law or our licensing obligations, we may collect copies of identity documents (e.g, passport, driver’s licence, national ID), proof of address documents, and biometric or other verification data collected through secure third‑party systems.
• Usage and technical information: information about how you use our services, including your IP address, device type, operating system, browser type, referrer URL, the pages you view, click‑through paths, session duration, and other technical log data.
• Marketing and communication preferences: information about how you prefer to be contacted (e.g, email, SMS), whether you have opted in or out of marketing communications, and record of your interactions with our marketing messages.
• Customer‑support information: records of your support requests, chat logs, emails, and any information you voluntarily provide to our support team.
• Location and regulatory information: where permitted by law, information about your approximate location (such as country or region) to ensure compliance with local gaming and advertising regulations, age‑verification rules, and licensing requirements.

Where required by law or by our internal policies, we may also collect special‑category data (such as health‑ or financial‑related information) only to the extent necessary for responsible‑gambling assessments, age verification, or fraud prevention, and always in accordance with applicable data‑protection rules.

Non‑personal information

Non‑personal information is information that cannot, by itself, identify you. This may include:

• Aggregated or anonymised usage statistics, such as total number of users, most‑played games, or average session length.
• Device‑generated identifiers and cookies, provided they are not linked to your personal identity.
• Information about your interactions with our website or services that has been de‑identified or aggregated so that individuals cannot reasonably be identified from it.

We may use non‑personal information for analytics, product‑improvement purposes, and internal reporting, including benchmarking against industry averages and preparing statistical reports for stakeholders.

How we collect your information

We collect information in several ways:

• Directly from you: when you register an account, update your profile, make deposits or withdrawals, contact customer support, participate in promotions, or respond to surveys or marketing messages.
• Automatically via technology: through cookies, web beacons, log files, and similar technologies when you access or use our website or services. This may include tracking your behaviour on the site, such as login attempts, page views, and navigation patterns.
• From third parties: including payment service providers, identity‑verification services, marketing and analytics partners, and, in some cases, public or regulatory databases, where legally permitted. These third parties may provide us with data for identity verification, fraud prevention, marketing, or optimisation purposes.

Where we obtain information from third parties, we take steps to ensure that those parties are compliant with applicable data‑protection and privacy laws, and that the information is used in a manner consistent with this Privacy Policy and your reasonable expectations.

Use of your personal information

We use your personal information for the following purposes:

• To provide and operate our services: including creating and managing your account, enabling deposits and withdrawals, processing payments, delivering games and related features, and maintaining the security and integrity of our platform.
• To verify your identity and comply with legal obligations: such as age verification, identity‑proofing, anti‑money‑laundering (AML) checks, and responsible‑gambling requirements prescribed by Australian and international regulators.
• To prevent fraud and enhance security: we may use your information to detect, investigate, and prevent fraudulent or suspicious activity, to implement security measures, and to respond to incidents or breaches in accordance with applicable law.
• To communicate with you: including sending service‑related messages, account notifications (such as changes to terms, login alerts, or balance updates), and support responses.
• To personalise and improve our services: by analysing your behaviour on the platform, we may tailor content, game recommendations, and promotional offers to your interests and preferences, subject to your communication preferences.
• To send marketing and promotional communications: where you have consented or where permissible under local law, we may send you information about new games, bonuses, promotions, or other offers via email, SMS, or in‑site messages. You may opt out of marketing communications at any time.
• For internal reporting and analytics: to monitor site performance, understand user behaviour, and improve the user experience and our business operations.
• To comply with legal and regulatory requirements: including responding to lawful requests from law‑enforcement or regulatory authorities, maintaining records for audit purposes, and ensuring compliance with gaming‑licensing rules and anti‑fraud legislation.

In all cases, we process your personal information only where we have a lawful basis under applicable data‑protection laws, such as your consent, the performance of a contract with you, compliance with a legal obligation, or pursuit of a legitimate interest (for example, fraud prevention or service improvement). Where required by law, we will obtain explicit consent before processing certain types of sensitive data or for specific uses such as targeted marketing.

Legal basis and international data‑protection principles

BonzaWin processes your personal information in a manner aligned with the principles of accountability, lawfulness, fairness, and transparency. We also respect the principles of purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality, consistent with international data‑protection standards such as the GDPR and Australian Privacy Principles.

Where GDPR‑type rules apply, we will clearly indicate the specific lawful basis for processing (such as consent, contractual necessity, legal obligation, or legitimate interest) and, upon request, provide you with further information about the processing operations. Where data is transferred to countries outside the EEA (for example, to service providers or infrastructure hosted in other jurisdictions), we ensure that appropriate safeguards are in place, such as international data‑transfer mechanisms approved under GDPR or equivalent mechanisms in other jurisdictions.

Applicant and data‑subject rights

Depending on your jurisdiction and applicable law, you may have a number of rights in relation to your personal information, which may include:

• The right to access your personal information and obtain a copy of the data we hold about you.
• The right to request correction or updating of inaccurate or incomplete data.
• The right to request deletion or erasure of your data, subject to legal or regulatory obligations to retain some information.
• The right to restrict or object to certain processing activities, such as direct marketing or certain profiling activities.
• The right to data portability, where legally applicable, allowing you to receive your data in a structured, commonly used, machine‑readable format and, where technically feasible, to have it transmitted to another controller.
• The right to withdraw consent at any time, where our processing is based on your consent (for example, for certain marketing activities).

To exercise any of these rights, please contact us using the contact details provided in this Privacy Policy. We will respond to your request within the timeframes required by applicable law, and may ask you to verify your identity to protect your privacy and security. Some rights may be limited or not available in certain circumstances, particularly where the information is necessary for regulatory compliance, fraud prevention, or the performance of our contractual obligations to you.

Disclosure and sharing of information

We may share your personal information with third parties in the following circumstances:

• Service providers: such as payment processors, identity‑verification and KYC providers, hosting and infrastructure providers, marketing and analytics services, and customer‑support platforms. These providers process your data on our behalf under strict contractual obligations to protect your information and comply with applicable privacy laws.
• Regulatory and law‑enforcement authorities: when we are required by law to disclose information, for example to comply with court orders, AML/KYC requirements, or other regulatory obligations.
• Business partners and affiliates: where you participate in joint promotions or loyalty programmes, we may share limited information (such as participation data or account activity) with trusted partners, subject to your consent or where otherwise permitted by law.
• Corporate transactions: in the event of a merger, acquisition, sale of assets, or restructuring, we may transfer your personal information to the relevant third party, subject to applicable data‑protection laws and appropriate safeguards.

We will not sell your personal information to third parties for their own independent marketing purposes without your explicit consent, except where allowed by law and in compliance with applicable regulations.

Cookies and similar technologies

We use cookies and similar technologies to understand how you use our website, to personalise your experience, and to improve our services. Cookies are small text files that are stored on your device when you visit our website. We may use:

• Essential cookies: necessary for the operation of our website (for example, to remember your login status or shopping‑basket contents).
• Analytical and performance cookies: to collect information about how visitors use our site, such as which pages are visited most often and how users move through the site.
• Functional cookies: to enable enhanced features, such as remembering your preferences or language settings.
• Advertising and targeting cookies: to deliver relevant advertisements and track the effectiveness of marketing campaigns, where you have consented or where otherwise permitted by law.

You may manage or disable cookies through your browser settings or via the cookie‑consent tools provided on our website. Please note that disabling certain cookies may affect the functionality or performance of some features on our site.

Data security and retention

We take the security of your personal information seriously and implement a range of technical and organisational measures to protect your data from unauthorised access, loss, misuse, or alteration. These measures may include:

• Encryption of sensitive data both in transit and at rest.
• Secure authentication mechanisms and access‑control policies limiting access to your data only to authorised personnel and service providers.
• Regular security testing, vulnerability assessments, and monitoring of systems and networks.
• Policies and procedures for responding to data breaches in accordance with applicable law.

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, including meeting legal, regulatory, auditing, and business‑requirement obligations. Retention periods may vary depending on the type of information and applicable legal requirements. For example, financial‑transaction records may need to be retained for several years in certain jurisdictions, even after you close your account.

Once retention requirements are satisfied or your relationship with us has ended and all applicable legal obligations are met, we will securely delete or anonymise your personal information.

Children’s privacy

BonzaWin is not intended for use by individuals under the legal gambling age in their jurisdiction. In Australia, we comply with age‑verification and responsible‑gambling requirements to ensure that our services are not accessible to minors. If we become aware that we have collected personal information from a child in violation of applicable law, we will take reasonable steps to remove or delete that information, unless required to retain it by law or for fraud‑prevention purposes.

We encourage parents and guardians to monitor the online activities of children and to teach them about safe and responsible internet use. If you believe that a child has been using our services in contravention of age‑restrictions, please contact our support team so that we can take appropriate action.

International data transfers

Some of the personal information we collect may be transferred to, processed in, or stored in countries other than Australia. For example, certain cloud‑hosting providers, payment processors, or analytics services may operate in jurisdictions outside Australia. Where such transfers occur, we ensure that appropriate safeguards are in place, such as:

• Use of service providers that comply with recognized international data‑protection standards.
• Application of contractual clauses or frameworks approved under GDPR or equivalent mechanisms designed to protect data moving across borders.
• Implementation of technical and organisational security measures consistent with applicable laws.

If you are located in the EEA or another jurisdiction with specific data‑transfer rules, you may be entitled to information about the safeguards we use for cross‑border transfers. You may contact us using the details set out in this Privacy Policy to request further information on the safeguards applied in respect of your data.

Your choices and managing your preferences

You have choices about how your personal information is used and shared. You may:

• Opt out of marketing communications: by following the unsubscribe instructions in our emails, adjusting your communication preferences in your account settings, or contacting our support team.
• Manage cookies and tracking: through your browser settings or via the cookie‑consent interface on our website.
• Update your account information: by logging into your account and editing your profile or contact details.
• Request access, correction, or deletion: as outlined in the section on your rights under applicable data‑protection laws.

We will implement your choices where lawfully possible, but note that certain information may be necessary to provide our services, maintain security, or comply with legal or regulatory obligations. In some cases, exercising a particular choice (for example, deletion of certain data) may affect the features or services available to you.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. When we make significant changes, we will notify you by email or by posting an updated version of this Privacy Policy on our website, together with the effective date of the change. Your continued use of our services after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms.

We recommend that you review this Privacy Policy periodically to stay informed about how we handle your personal information.

Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or your rights under applicable data‑protection laws, please contact us at:

BonzaWin Customer Support.

Email: [email protected].

We will do our best to respond to your inquiries promptly and in accordance with applicable law. If you are not satisfied with our response, you may also have the right to lodge a complaint with the relevant data‑protection or privacy‑regulation authority in your jurisdiction, such as the Office of the Australian Information Commissioner (OAIC) in Australia or the relevant supervisory authority under the GDPR for users in the EEA.