burger icon
Spinstralia Australia
Log In

Privacy Policy

This Privacy Policy explains how Spinstralia, operating the AU-facing online casino service available at spinstraliabet-au.com and related mirror domains (collectively referred to as "Spinstralia", "we", "us", or "our"), collects, uses, discloses and protects your personal data. It applies to all players, account holders and visitors who access our website or interact with our services from Australia or any other location. By using the website, you agree to the practices described in this Privacy Policy. This Privacy Policy is effective and applies to processing activities from 1 January 2026.

Who We Are

Spinstralia is an online gambling brand targeting players in Australia and other markets through the website spinstraliabet-au.com and associated mirror domains used to maintain access where local internet restrictions apply. The gaming platform is operated by a company incorporated in Willemstad, Curaçao under a self-declared Curaçao master licence framework (typically referencing licences such as 365/JAZ or CIL). The precise corporate name, street address and registration number are disclosed in the current version of our Terms & Conditions and related legal pages on the website.

For the purposes of this Privacy Policy, this operating company is referred to as the "Company". While the Company is established in Curaçao and is not licensed in Australia, we commit, as a matter of policy, to align our privacy practices with internationally recognised standards, including the Australian Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR) where it applies, and relevant principles of the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).

Data protection contact (Data Protection Officer / privacy contact):

  • Primary channel: 24/7 live chat available on spinstraliabet-au.com (select "Privacy" or "Data Protection" as the topic where available).
  • Email: Via the dedicated privacy or support email address displayed within your account area or on the "Contact" or "Responsible Gaming" pages of the website. Please indicate "Privacy Request" or "Data Protection Complaint" in the subject line.
  • Postal address for privacy correspondence: Data Protection Officer, Spinstralia (Operating Company), Willemstad, Curaçao (full legal address as listed in the latest Terms & Conditions on the website).

What Personal Data We Collect

We collect and process different categories of personal data when you visit spinstraliabet-au.com, create an account, use our services or interact with us. Depending on your use of the website, we may process the following:

  • Identification and profile data:
    • Full name, date of birth, gender, country of residence, and nationality.
    • Username, account ID, password and security questions/answers.
  • Contact details:
    • Email address, residential address, billing address and postcode.
    • Mobile phone number and other communication identifiers you provide.
  • KYC / verification data (as detailed in our KYC Policy):
    • Colour copies or scans of identification documents (for example, passport, national identity card, driver's licence).
    • Front and back images of payment cards used, with middle digits and CVV/CVC code redacted according to our KYC instructions.
    • Proof of address such as a utility bill or bank statement dated within the last three (3) months.
    • Any additional documents or information we reasonably require to verify your identity, age, source of funds or eligibility to use our services.
  • Account and behavioural / gambling data:
    • Login history, session logs and account settings.
    • Betting and game history, including games played, stakes, wins and losses, bonuses used, wagering progress and gameplay timestamps.
    • Interactions with promotions, loyalty programs and responsible gambling tools (such as self-exclusion or deposit limits).
    • Click-stream data on our website, including pages visited, navigation paths and interaction events.
  • Technical and device data:
    • IP address, approximate geolocation (country/region), browser type and version, operating system, device type and identifiers.
    • Log data such as access dates and times, referring/exit pages, error logs and performance metrics.
    • Information from cookies, pixels, SDKs and similar technologies (see "Cookies & Tracking Technologies" below).
  • Payment and financial data:
    • Payment method type (e.g., credit/debit card, e-wallet, bank transfer, cryptocurrency where available).
    • Partial payment card details (for example, cardholder name, masked card number, expiry date) and wallet identifiers.
    • Deposit and withdrawal amounts, transaction timestamps, transaction identifiers and payment provider responses (approval/decline codes).
    • Information required for anti-money laundering (AML) and counter-terrorism financing (CTF) monitoring.
  • Marketing and communication data:
    • Your preferences regarding newsletters, bonuses, SMS or push notifications.
    • Records of emails, chat transcripts and other communications between you and our support team.
    • Engagement data such as email opens, clicks and unsubscribe actions.
  • Information from cookies and similar technologies:
    • Session identifiers, authentication tokens and user interface preferences.
    • Analytics identifiers used by third-party analytics tools and advertising networks.
    • Affiliate and campaign tags used to attribute traffic and bonuses.

Where you provide information about third parties (for example, when using payment instruments not solely in your name), you confirm that you are authorised to share such data and that they are informed of this Privacy Policy where required by law.

Legal Basis for Processing

Because Spinstralia operates from Curaçao and targets players in Australia and other regions, our data processing is based on a combination of contractual necessity, legal obligations, legitimate interests and, where required, your consent. Where the GDPR, LFPDPPP or similar data protection laws apply, we rely on the following legal bases:

  • Performance of a contract:
    • To create and administer your player account, including verifying your eligibility to use the service.
    • To process deposits, wagers and withdrawals, credit bonuses, and settle bets.
    • To provide customer support and to implement responsible gambling tools that you request.
  • Compliance with legal obligations:
    • To perform "Know Your Customer" (KYC), AML and CTF checks, including verifying your identity, age, location and source of funds.
    • To comply with record-keeping, accounting, financial reporting and tax requirements in relevant jurisdictions.
    • To respond to lawful information requests, court orders or regulatory investigations (for example, from Curaçao authorities, AUSTRAC or other competent authorities).
  • Legitimate interests (balanced against your rights and freedoms):
    • To maintain the security and integrity of our platform, prevent fraud, detect account misuse and reduce the risk of money laundering and bonus abuse.
    • To improve our services, games and user experience through aggregated analytics and performance monitoring.
    • To enforce our Terms & Conditions, including investigating and resolving disputes or enforcing bans or self-exclusion.
    • To protect our legal rights, interests and the rights of our players, affiliates and service providers.
  • Consent:
    • For sending you marketing communications by email, SMS or push notification where prior consent is required.
    • For placing non-essential cookies and similar tracking technologies on your device (for analytics and advertising) where required by local law.
    • For any other processing that is not strictly necessary for contractual or legal reasons and is presented to you as optional.

You may withdraw your consent at any time (see "Your Rights" below). Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal and does not prevent us from processing data under other legal bases where applicable.

Purpose of Processing

We use your personal data for clearly defined purposes that are consistent with this Privacy Policy and applicable law. These purposes include:

  • Providing and operating our services:
    • Setting up, verifying and managing your player account.
    • Processing deposits, wagers, game play, bonuses and withdrawals.
    • Providing customer support, dispute handling and responsible gambling features.
  • Compliance, risk management and fraud prevention:
    • Conducting KYC/AML checks and monitoring transactions for suspicious activity.
    • Detecting and investigating fraud, account takeover, collusion, bonus abuse or other prohibited conduct.
    • Screening for restricted territories and enforcing geographic or self-exclusion restrictions.
  • Improving and personalising the service:
    • Analysing how players use our games and features to improve performance and usability.
    • Customising the website content, language, offers and recommendations based on your preferences and activity.
    • Testing new features, games and promotional structures.
  • Marketing, promotions and loyalty:
    • Sending promotional messages, newsletters and bonus offers, subject to your marketing preferences and consent where required.
    • Administering loyalty programs, tournaments and promotions, including eligibility checks and prize fulfilment.
    • Measuring the effectiveness of campaigns and affiliate traffic (for example, tracking conversions and bonus usage).
  • Legal, regulatory and business purposes:
    • Complying with applicable laws, regulations and licensing or quasi-regulatory requirements in Curaçao and other relevant jurisdictions.
    • Handling legal claims, audits and risk assessments, and protecting our rights and interests.
    • Facilitating corporate transactions such as mergers, acquisitions or restructuring, subject to appropriate safeguards.

Disclosure & Sharing

We do not sell your personal data as a standalone commercial product. However, for the purposes described in this Privacy Policy, we may share your data with carefully selected third parties under contractual and confidentiality safeguards:

  • Payment and banking partners:
    • Banks, card schemes, payment processors, e-wallet providers and other financial institutions that process your deposits and withdrawals.
    • Providers assisting with fraud detection, chargeback management and transaction monitoring.
  • KYC, verification and risk management service providers:
    • Identity verification, document authentication, age verification and geolocation service providers.
    • Providers that assist with AML/CTF screening, sanctions checks and politically exposed persons (PEP) screening.
  • Technology, hosting and security providers:
    • Data centres, cloud hosting, content delivery networks (CDNs) and backup providers.
    • IT support, security monitoring, anti-fraud tools and DDoS protection services.
  • Game providers and platform partners:
    • Third-party game studios and platform aggregators who host or supply casino games accessible through our website.
    • These partners may process your game session data (such as bets and outcomes) as independent or joint controllers where specified.
  • Analytics, marketing and advertising partners:
    • Web analytics providers that help us understand website performance and usage patterns (for example, page views, session duration).
    • Affiliate networks, tracking platforms and campaign tools used to attribute referrals and promotional activities.
    • Advertising networks and remarketing providers who serve tailored ads, where allowed and subject to consent for cookies/trackers.
  • Group companies and business transferees:
    • Other entities within the same corporate group as the Company, where necessary for centralised operations, risk management or regulatory compliance.
    • Potential or actual purchasers, investors or successors in the event of a merger, acquisition, restructuring or sale of assets, subject to appropriate safeguards.
  • Regulators, authorities and law enforcement:
    • Regulatory or governmental bodies in Curaçao, Australia (for example, AUSTRAC or the Australian Communications and Media Authority) and other jurisdictions where we are legally required to provide information.
    • Civil or criminal law enforcement agencies, courts, arbitrators or similar bodies in connection with legal proceedings, investigations or suspected illegal activity.
  • Professional advisers:
    • Lawyers, auditors, accountants and other professional advisers bound by professional duties of confidentiality.

Whenever we share personal data with processors or service providers, we require them to use the information only for the purposes specified by us, to implement appropriate security measures and to comply with applicable data protection requirements.

International Transfers

Because the Company is based in Curaçao and uses global service providers, your personal data may be transferred to and processed in countries outside your country of residence, including outside Australia and, where relevant, outside the European Economic Area (EEA) and Mexico. These countries may have data protection laws that differ from those in your jurisdiction and may not be recognised as providing the same level of protection.

Typical locations of processing include (but are not limited to):

  • Curaçao, where the Company is incorporated and core gaming operations are managed.
  • EU/EEA member states and the United Kingdom, where some hosting, analytics or risk management providers may be located.
  • Other jurisdictions (such as the United States or Asia-Pacific countries) where our cloud, security, analytics or payment partners maintain infrastructure.

Where required by law, we implement appropriate safeguards for cross-border transfers, including:

  • Using Standard Contractual Clauses (SCCs) or comparable model clauses approved by relevant regulators.
  • Requiring recipients to apply robust technical and organisational measures consistent with recognised security standards (for example, ISO 27001 or SOC 2) where applicable.
  • Limiting access to personal data on a need-to-know basis and only for specified purposes.
  • Where appropriate, relying on participation in recognised international data transfer frameworks or adequacy mechanisms (such as the EU - US Data Privacy Framework or similar approved schemes).

By using spinstraliabet-au.com, you acknowledge that your data may be transferred to and processed in Curaçao and other countries outside Australia and that we will take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, to meet our legal and regulatory obligations, to resolve disputes and to enforce our agreements. Retention periods may vary depending on the category of data, the type of account and applicable laws (including AML/CTF legislation). As a general guide:

  • Player account, identification and KYC data:
    • Kept for the duration of your active account and typically for five (5) years after account closure.
    • In some circumstances, particularly for AML/CTF purposes, we may retain certain records (such as transactional and identification data) for up to seven (7) years or longer if legally required.
  • Transaction and gambling history:
    • Kept for the life of the account and generally for five (5) to seven (7) years after closure to comply with financial, tax and AML requirements and to address legal claims.
  • Technical logs and security data:
    • Server logs, IP addresses and security events are usually retained for six (6) months to three (3) years, depending on security and compliance needs.
  • Marketing and communication data:
    • Kept for as long as you remain subscribed to marketing communications and typically deleted or anonymised within two (2) years after you unsubscribe, unless longer retention is needed to demonstrate compliance (for example, proof of consent or opt-out).
  • Cookies and analytics identifiers:
    • Retention depends on the type of cookie (see "Cookies & Tracking Technologies"). Session cookies expire when you close your browser; most persistent cookies last between 30 days and 24 months, unless your browser removes them earlier.

When personal data is no longer required for the purposes for which it was collected, and we are not legally required to retain it, we will either delete it or anonymise it so that it can no longer be associated with you. Deletion from backup systems may occur with a delay in accordance with our backup and disaster recovery procedures.

Your Rights

Depending on your place of residence and applicable law (including, where relevant, the GDPR, the LFPDPPP in Mexico, and the Australian Privacy Act 1988), you may have some or all of the rights set out below in relation to your personal data. We will respect and facilitate these rights to the extent required by applicable law and, where feasible, as a matter of policy even where not legally mandated.

Substantive rights

  • Right of access:
    • You can request confirmation of whether we process your personal data and obtain a copy of the data and information on how it is used.
  • Right to rectification / correction:
    • You can request correction of inaccurate or incomplete personal data, for example by updating your details in your account or contacting support.
  • Right to erasure / cancellation ("right to be forgotten"):
    • You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where consent was the basis) or when processing is unlawful.
    • We may be unable to delete data where we must retain it to comply with legal obligations (for example, AML/CTF record-keeping) or to establish, exercise or defend legal claims.
  • Right to restriction of processing:
    • You may request that we restrict processing of your data (for example, while we verify accuracy or assess an objection), during which time we will store but not actively use your data, except as permitted by law.
  • Right to object:
    • Where we rely on legitimate interests, you may object to processing on grounds relating to your particular situation. We will stop processing unless we demonstrate compelling legitimate grounds or need the data for legal claims.
    • You always have the right to object to direct marketing, including profiling related to marketing. If you do, we will stop using your data for that purpose.
  • Right to data portability (under GDPR and comparable laws):
    • You may request certain personal data in a structured, commonly used and machine-readable format and ask us to transmit it to another controller where technically feasible and legally required.
  • Rights under Mexican law (ARCO rights):
    • If you are protected by the LFPDPPP, you may exercise rights of Access, Rectification, Cancellation and Opposition (ARCO) in line with the descriptions above.
  • Right to withdraw consent:
    • Where processing is based on your consent (for example, marketing communications or certain cookies), you may withdraw consent at any time via your account settings, unsubscribe links in emails, browser controls or by contacting us.

How to exercise your rights

  1. Submit your request:
    • Contact us via the 24/7 live chat on spinstraliabet-au.com or via the privacy/support email address indicated in your account area or on the website.
    • Clearly state the right(s) you wish to exercise (for example, access, rectification, deletion, restriction, objection, data portability, ARCO rights) and provide sufficient information for us to locate your account.
  2. Identity verification:
    • We may request additional information or documentation to verify your identity and ensure that we do not disclose data to unauthorised persons.
  3. Response timeline and cost:
    • We aim to respond to all valid requests within 30 days of receipt. For complex or multiple requests, this period may be extended by an additional 30 days, in which case we will inform you of the extension and reasons.
    • We generally handle rights requests free of charge. However, where permitted by law, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (for example, repeated requests).
  4. Limitations:
    • Your rights may be subject to legal exemptions, for example where disclosure would adversely affect the rights of others or where we must retain data for AML/CTF, tax or other regulatory purposes.

If you are not satisfied with our response, you may lodge a complaint with a data protection authority (see "Complaints & Contacts").

Cookies & Tracking Technologies

We use cookies and similar technologies on spinstraliabet-au.com to enable core functionality, improve performance, analyse usage and support marketing activities. Cookies are small text files stored on your device by your browser. Similar technologies include web beacons, pixels, local storage, SDKs and device identifiers.

Types of cookies we use

  • Session cookies:
    • Temporary cookies that exist only while your browser is open and are deleted when you close it.
    • Used for essential functions such as maintaining your logged-in session, processing bets and securing your account.
  • Persistent cookies:
    • Remain on your device for a defined period or until you delete them.
    • Used to remember your preferences (such as language or layout), to recognise you on subsequent visits and to support analytics and marketing.
  • First-party cookies:
    • Placed by Spinstralia and used to operate our website and improve user experience.
  • Third-party cookies:
    • Placed by third-party service providers, such as analytics tools, advertising networks, affiliate tracking platforms and game providers.
    • These may be used to measure performance, attribute referrals, deliver personalised content or display relevant ads on other sites.

Purposes of cookies

  • Strictly necessary / functional cookies:
    • Required for the operation of the website, including logging in, processing payments, applying security settings and enabling responsible gambling features.
  • Performance and analytics cookies:
    • Help us understand how visitors use the website (such as pages visited and error messages) so we can improve performance and usability.
  • Advertising and affiliate cookies:
    • Used by us and our partners to track campaign performance, attribute bonuses to affiliates and, where permitted, deliver or optimise targeted advertising.

Managing cookies

  • Browser settings:
    • You can configure your browser to refuse all or some cookies, to notify you when a cookie is set or to delete existing cookies. Please refer to your browser's help section for instructions.
  • Internal controls:
    • Where available, you may use in-site cookie banners or preference centres on spinstraliabet-au.com to manage non-essential cookies (including analytics and advertising cookies).
  • Impact of disabling cookies:
    • If you disable or block certain cookies, some features of the website (including login, gameplay or payment functions) may not work correctly or may become unavailable.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration or destruction. While no system can be guaranteed 100% secure, we continuously review and enhance our security controls.

  • Encryption and secure transmission:
    • Data transmitted between your browser and spinstraliabet-au.com is protected using industry-standard Transport Layer Security (TLS 1.2+) encryption.
    • Sensitive data (such as passwords and certain payment information) is encrypted in transit and, where appropriate, at rest.
  • Access controls and authentication:
    • Access to personal data is restricted to authorised personnel and service providers on a need-to-know basis.
    • Administrative access is protected with strong authentication mechanisms, and multi-factor authentication is used for critical systems where feasible.
  • Network and infrastructure security:
    • We use firewalls, intrusion detection and prevention systems, anti-malware tools and other safeguards to protect our infrastructure.
    • Data is hosted in secure facilities operated by reputable providers, often certified under internationally recognised security standards such as ISO 27001 or SOC 2 (via our vendors where applicable).
  • Data minimisation and pseudonymisation:
    • We endeavour to collect only the data necessary for specified purposes and, where feasible, use pseudonymisation and aggregation for analytics and reporting.
  • Staff training and policies:
    • Employees and contractors with access to personal data receive training on data protection, confidentiality and security responsibilities.
    • We maintain internal policies governing acceptable use, access, incident reporting and data handling.
  • Monitoring, testing and audits:
    • We monitor systems for suspicious activities and perform regular security assessments, including vulnerability scans and, where appropriate, penetration testing.
    • We review our controls periodically and adapt them to evolving threats and regulatory expectations.
  • Incident response:
    • We maintain incident response procedures for investigating and mitigating potential data breaches.
    • Where required by law, we will notify you and/or relevant authorities of a data breach that is likely to result in a high risk to your rights and freedoms.

You are responsible for keeping your login credentials confidential and for maintaining adequate security on your own devices. We strongly recommend the use of unique, strong passwords and that you log out after each session.

Complaints & Contacts

If you have questions, concerns or complaints about how we handle your personal data, we encourage you to contact us first so that we can attempt to resolve the issue directly.

How to contact us

  • Live chat: 24/7 support via the on-site live chat on spinstraliabet-au.com. Request that your query be directed to the Data Protection Officer or privacy team.
  • Email: Use the privacy/support email address shown within your account area or on the "Contact" or "Responsible Gaming" pages. Please include your username and clearly describe your concern.
  • Postal mail: Data Protection Officer, Spinstralia (Operating Company), Willemstad, Curaçao (full legal address as stated in the latest Terms & Conditions).

Complaint procedure

  1. Initial handling:
    • Upon receiving your privacy-related complaint, we will acknowledge receipt where feasible and assign it to our privacy team.
  2. Investigation:
    • We will review your complaint, gather relevant information and, if necessary, request additional details from you.
  3. Response:
    • We aim to provide a substantive response within 30 days of receiving all necessary information. For complex matters, this period may be extended, in which case we will notify you of the extension and reasons.
  4. Escalation:
    • If you are not satisfied with our response, you may escalate internally by requesting further review or by addressing your concerns directly to our Data Protection Officer via the channels