burger icon
Gamdom Australia
Log In

Privacy Policy

Effective date: 6 November 2026.

This Privacy Policy explains how Gamdom (operating via https://gamdombet-au.com) collects, uses, discloses, stores, and protects personal information. A privacy policy is required to provide transparency, meet legal obligations (including Australia's Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where applicable), and help users understand choices and rights in relation to their data.

This Policy applies to:

  • Website visitors: people who browse or interact with gamdombet-au.com (including via cookies and similar technologies).
  • Players: people who register an account and use gambling/entertainment services, including KYC/AML checks, payments, and gameplay features.

Who We Are

OBSERVE: The operator information available for the Gamdom service identifies the licensed operator as Smein Hosting N.V., operating under a Curaçao license referenced as 365/JAZ with sub-license GLH-OCCHKTW0702132020.

EXPAND: Because specific corporate registration number, tax identification, and legal address were not specified in the provided profile data, we provide the known operator identity and license references and set out how users can request missing corporate particulars. In Australia, transparency about who controls personal information is a core expectation under the APPs, and providing clear contact routes is essential for complaints and access requests.

REFLECT: For users of gamdombet-au.com, the entity responsible for handling privacy inquiries and requests is the operator and its privacy function as described below.

  • Operator (legal entity): Smein Hosting N.V. (Naamloze Vennootschap; N.V.).
  • License reference: Curaçao eGaming master license regime 365/JAZ; sub-license GLH-OCCHKTW0702132020 (online gambling services).
  • Registered/legal address: Not specified in the provided casino profile data. You may request the operator's registered address and corporate registration details using the contact route below.
  • Company registration number / tax ID: Not specified in the provided casino profile data.

Data protection contact (DPO / Privacy Team):

  • Email: Not specified in the provided casino profile data. Use the support/contact channel available within your gamdombet-au.com account area to route a request to the Privacy Team / DPO function (or submit a written request by post as described in "Complaints & Contacts").
  • Phone: Not specified in the provided casino profile data.
  • Web: https://gamdombet-au.com

Regional compliance note (Australia): The provided project data indicates that the service may be considered an "illegal offshore gambling service" under Australia's Interactive Gambling Act 2001 (Cth) and may be subject to enforcement actions (including ISP blocking) coordinated by the Australian Communications and Media Authority (ACMA). This Privacy Policy addresses information handling practices; it does not constitute legal advice about the legality of access in any jurisdiction.

What Personal Data We Collect

OBSERVE: The service necessarily processes data to create and administer accounts, provide gameplay, facilitate payments, conduct KYC/AML checks (see KYC / AML policy), prevent fraud, and meet regulatory and risk controls typical for gambling services.

EXPAND: Under Australian privacy expectations, data minimisation and purpose limitation require that categories be stated clearly and tied to operational purposes. Offshore gambling platforms often involve higher fraud and financial crime risk, so collection of technical identifiers, device data, and transaction history is commonly necessary for integrity and AML controls.

REFLECT: We describe the main categories below; the exact fields collected depend on how you interact with gamdombet-au.com and which features you use.

  • Identity & contact data: full name, username, date of birth, email address, telephone number (if provided), country/region information, and other profile information you choose to submit.
  • Verification (KYC) data: identity documents, selfies/liveness checks, proof of address, sanctions/PEP screening results, and verification metadata (submission time, verification status). KYC processing is described in the KYC/AML policy.
  • Financial & payment data: deposit and withdrawal amounts, payment method identifiers, wallet addresses (where relevant), transaction references, chargeback/return information, and payment risk signals. We do not intentionally collect full card numbers if a third-party payment provider processes them, but we may receive masked details and transaction tokens.
  • Gameplay & behavioral data: betting and wagering history, game outcomes, session activity, clicks and navigation, promotions/bonus participation, suspected collusion or abuse indicators, and responsible gambling signals.
  • Technical & device data: IP address, device identifiers, browser type and settings, operating system, time zone, language, referral URLs, app/site logs, crash reports, and security telemetry.
  • Communications: support requests, chat/email content, call notes (if calls are supported), complaint records, and messages relating to disputes.
  • Cookies & similar technologies: cookie identifiers, pixel tags, SDK identifiers (where applicable), and preferences linked to your browser or device (see "Cookies & Tracking Technologies").

Legal Basis for Processing

OBSERVE: For an Australia-facing service, the principal legal framing is compliance with the Privacy Act 1988 (Cth) (including APPs where applicable), together with contractual necessity to provide services and legal obligations relating to AML/CFT, fraud prevention, and record-keeping. The section prompt also requires describing GDPR-style lawful bases.

EXPAND: While GDPR may not apply to all users, aligning to GDPR concepts provides a structured explanation of why processing occurs. In practice, gambling services rely heavily on contract necessity and legitimate interests, with consent used for marketing/optional cookies. Where local laws require or permit processing (e.g., AML screening), consent is generally not the correct basis because it can be withdrawn without affecting mandatory compliance steps.

REFLECT: We process personal information on one or more of the following grounds (using internationally recognized categories), applied in a manner consistent with Australian privacy principles where applicable:

  • Consent: where you choose to receive marketing communications, enable certain non-essential cookies, or opt into optional features. You can withdraw consent at any time (see "Your Rights").
  • Contract performance: to create and manage your gamdombet-au.com account, provide gameplay services (including provably fair features described at provably fair), process deposits/withdrawals, apply bonuses, and provide customer support.
  • Legitimate interests: to maintain platform security, prevent fraud and abuse, conduct integrity monitoring, perform analytics to improve services, defend legal claims, and manage business operations. We balance these interests against your privacy impacts and apply safeguards.
  • Legal obligations: to comply with KYC/AML requirements, sanctions screening, record-keeping, responding to lawful requests, and cooperating with regulators and competent authorities where required.

Purpose of Processing

OBSERVE: The data is used to provide casino services, improve service, marketing mailings, analytics, and fraud prevention.

EXPAND: For gambling platforms, "providing services" also includes responsible gambling controls (e.g., self-exclusion) and payment/identity integrity checks. "Improving service" should include performance monitoring and user experience, while analytics and marketing must be separated and consented where required, particularly for non-essential tracking.

REFLECT: We use personal information for the purposes below, and only to the extent necessary for each purpose:

  • Service delivery: account registration, authentication, gameplay delivery, bonus administration, provably fair verification support, and customer service.
  • Payments & financial operations: processing deposits/withdrawals, verifying payment methods, managing disputes and chargebacks, and maintaining transaction records.
  • Compliance & integrity: KYC/AML checks, sanctions screening, age verification, preventing fraud, collusion, bonus abuse, and other prohibited activity.
  • Platform security: monitoring, logging, and protecting accounts and systems against unauthorized access or attacks.
  • Analytics & improvement: understanding how users navigate gamdombet-au.com, improving performance, fixing bugs, and developing features.
  • Marketing communications: sending newsletters and promotional messages where permitted and/or with your consent, including managing opt-outs and suppression lists.

Disclosure & Sharing

OBSERVE: The service may disclose data to payment partners, service providers, regulators, affiliates, and advertising networks (with consent).

EXPAND: Disclosures must be limited to what is necessary and should clarify typical recipient categories (processors vs. controllers), and circumstances (e.g., legal requests, corporate transactions). For Australia, cross-border disclosure obligations (APP 8) and transparency expectations mean users should be told that offshore recipients may exist and what safeguards are used.

REFLECT: We share personal information only as needed for the purposes described in this Policy, including with:

  • Payment partners: payment processors, banking partners, and transaction monitoring providers to process deposits/withdrawals, manage chargebacks, and prevent fraud.
  • Verification and risk providers: KYC identity verification vendors, sanctions/PEP screening providers, and fraud prevention tools to meet compliance and integrity requirements.
  • IT and operational service providers: hosting, cloud infrastructure, analytics providers, customer support tooling, security monitoring, and communications vendors acting under instructions and contractual safeguards.
  • Regulators and authorities: competent authorities, law enforcement, courts, and regulators where we are required or permitted to disclose under law, or to respond to lawful requests. Regulatory context references include ACMA information at https://acma.gov.au and licensing context at https://gamingcontrolcuracao.org.
  • Affiliates and business partners: where applicable for attribution, promotions, or service delivery, subject to confidentiality and data protection commitments.
  • Advertising networks (with consent where required): third-party marketing/advertising partners may receive identifiers (e.g., cookie IDs) to measure campaigns or deliver targeted ads, where you have enabled advertising cookies or where lawful.

Protective clause: We do not sell personal information as a standalone commercial product. When we share data with third parties, we require contractual protections appropriate to the role (processor/service provider vs. independent recipient), including confidentiality, security, and limits on use.

International Transfers

OBSERVE: The operator is associated with Curaçao licensing; service providers and infrastructure are commonly located in multiple regions. The prompt requests countries/regions and protections (SCCs, Privacy Shield, etc.).

EXPAND: For an Australia-facing website, cross-border transfers are likely (e.g., Curaçao, EU/UK, US, other cloud regions). Privacy Shield is no longer a blanket solution under EU law; for EU-to-US transfers, modern mechanisms include the EU-US Data Privacy Framework (where applicable) and SCCs with supplementary measures. Under Australian APP 8, entities must take reasonable steps to ensure overseas recipients do not breach the APPs (subject to exceptions).

REFLECT: Your personal information may be transferred to, stored in, or accessed from jurisdictions outside Australia, including where the operator, group functions, or service providers are located.

  • Likely transfer regions: Curaçao (operator/licensing context), and other jurisdictions where hosting, security, analytics, payment, and support providers operate (which may include the European Economic Area, the United Kingdom, and the United States).
  • Transfer safeguards: we use one or more of the following protections, depending on the transfer:
    • Contractual safeguards: data protection addenda and (where relevant) Standard Contractual Clauses (SCCs) and equivalent contractual protections.
    • Risk-based supplementary measures: encryption in transit and at rest, access controls, and minimization of shared data.
    • Regulatory frameworks: where applicable, reliance on recognized adequacy mechanisms or certified frameworks available at the time of transfer.

Regional compliance note (Australia): Where APP 8 applies, we take reasonable steps to ensure overseas recipients handle personal information consistently with the APPs, unless an exception applies (for example, where you consent after being informed, or where disclosure is required/authorized by law).

Data Retention

OBSERVE: The prompt requires retention periods by category, with an example of "no more than 5 years after account closure," plus deletion criteria.

EXPAND: Gambling and AML obligations often require longer retention for transaction and verification records (commonly 5 - 7+ years depending on applicable regime). Because exact statutory retention periods are jurisdiction- and regulator-dependent, the policy should give clear default ranges and explain that longer retention may apply where required for compliance, disputes, or legal claims.

REFLECT: We retain personal information only for as long as necessary for the purposes described in this Policy, unless a longer period is required or permitted by law (including AML/CFT, financial record-keeping, and dispute resolution).

  • Account and profile data: retained while your account is active and for up to 5 years after account closure or last activity, unless legal or operational needs require longer (e.g., disputes, fraud investigations).
  • KYC/AML verification records: typically retained for up to 5 years after account closure or completion of the relevant checks, and longer where required for compliance, audits, or ongoing investigations.
  • Payment and transaction data: typically retained for up to 7 years from the transaction date to support financial compliance, chargeback handling, and audit requirements (or longer if required by law).
  • Gameplay and betting history: retained for up to 5 years after account closure or last activity, and longer where needed for integrity monitoring, dispute handling, or legal claims.
  • Technical logs and security telemetry: generally retained from 90 days to 24 months depending on the log type, security needs, and incident response requirements.
  • Marketing preferences and suppression lists: retained while you maintain preferences and for a reasonable period after opting out to ensure we respect your choices.

Deletion and anonymization criteria: We delete, anonymize, or securely archive personal information when (i) it is no longer needed for the original purposes, (ii) you request deletion and no legal exception applies, or (iii) required retention periods expire. Some information may be retained in a restricted-access archive to comply with legal obligations or to establish, exercise, or defend legal claims.

Your Rights

OBSERVE: The prompt requires detailed GDPR and Mexican privacy law alignment (including specific references), procedures, response timeframes (30 days), and free-of-charge guarantees. The page is for AU, so this must be framed carefully to avoid misleading users while still meeting the requirement.

EXPAND: Under Australian law, individuals generally have rights to access and correction (APP 12 and APP 13) and to make complaints. GDPR adds portability, restriction, objection, and erasure in certain cases; Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) provides ARCO rights (Acceso, Rectificación, Cancelación, Oposición) and revocation of consent, overseen by the INAI. Because the operator and user base may be cross-border, the policy can state that the platform aims to honor these rights where applicable and as a best-practice baseline, while clarifying that some rights are jurisdiction-dependent and may be limited by legal obligations (AML, fraud, record-keeping).

REFLECT: We provide the rights summary and a clear process to exercise them, with a 30-day target for substantive response, while preserving mandatory compliance and security controls.

Rights We Support (Australia + International Alignment)

  • Access: you can request confirmation of whether we process your personal information and request a copy of the information we hold about you (subject to legal exceptions, security, and the privacy of others).
  • Correction: you can request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information.
  • Deletion / cancellation: you can request deletion or cancellation of certain information where it is no longer necessary, where consent has been withdrawn (and no other basis applies), or where required by applicable law; we may refuse or limit deletion where retention is required for AML/CFT, disputes, or legal claims.
  • Restriction / limitation: you can request that we limit processing in certain circumstances (for example, while a correction request is assessed), where applicable.
  • Objection: you can object to processing based on legitimate interests in certain circumstances, and you can object to direct marketing at any time.
  • Data portability: where applicable, you can request a copy of certain information in a structured, commonly used format.
  • Withdraw marketing consent: you can unsubscribe from marketing emails at any time using the opt-out link or by updating your preferences (where available).

Mexican Privacy Law (LFPDPPP) Alignment (Where Relevant)

OBSERVE: The prompt requires referencing Mexican regulations and including procedures.

EXPAND: Mexican law recognizes ARCO rights and consent revocation. The supervisory authority is the INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales). Users in Mexico (or where LFPDPPP applies) should be told how to submit ARCO requests and how identity will be verified to prevent unauthorized disclosure.

REFLECT: Where the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) applies, you may exercise ARCO rights (Acceso, Rectificación, Cancelación y Oposición) and revoke consent, subject to legal exceptions. You may also escalate unresolved matters to INAI:

  • INAI website: https://www.inai.org.mx

How to Exercise Your Rights

  1. Submit a request: send a request through your account's support/contact pathway on gamdombet-au.com, clearly stating the right you wish to exercise (access, correction, deletion, etc.). If you cannot access your account, submit a written request by post (see "Complaints & Contacts").
  2. Verify identity: we may request additional information to confirm your identity and protect your account (for example, account verification questions or KYC re-check). This is to prevent unauthorized access.
  3. Clarify scope: if needed, we will ask you to clarify the data or processing activity you are concerned about to process your request efficiently.
  4. Response timeframe: we aim to provide a substantive response within 30 days. If the request is complex or involves multiple systems/providers, we may need more time; we will notify you of the reason and expected timeframe.
  5. Fees: requests are generally handled free of charge. We may charge a reasonable administrative fee where permitted by law for manifestly unfounded, excessive, or repetitive requests, and we will explain any fee in advance.

Important limitation: Some rights may be limited where we must retain or process information to comply with legal obligations (including KYC/AML), to maintain security, or to establish, exercise, or defend legal claims.

Cookies & Tracking Technologies

OBSERVE: The site uses cookies and similar technologies; the prompt requires types (session, persistent, third-party), purposes (functional, analytics, advertising), and controls (browser settings, internal panel).

EXPAND: For compliance and transparency, distinguish essential vs. non-essential cookies, explain third-party involvement, and provide practical opt-out methods. Australia does not have a single cookie law equivalent to the EU ePrivacy Directive, but transparency and consent-based marketing expectations still apply, and users should be offered controls.

REFLECT: We use cookies and similar technologies to operate gamdombet-au.com, secure accounts, remember preferences, understand usage, and (where enabled) support advertising measurement.

Types of Cookies

  • Session cookies: temporary cookies that expire when you close your browser; used for session management and security.
  • Persistent cookies: remain on your device for a set period; used to remember preferences and recognize returning users.
  • Third-party cookies: set by third-party providers (e.g., analytics or advertising partners) to provide services such as measurement or fraud prevention, subject to your settings and applicable law.

Cookie Purposes

  • Strictly necessary / functional: enable core site functions such as login, account security, load balancing, and fraud prevention.
  • Preferences: remember choices such as language or interface settings.
  • Analytics: help us understand how visitors use the site so we can improve performance and user experience.
  • Advertising (where enabled): help measure campaigns and deliver relevant advertising, typically requiring consent where applicable.

How to Manage Cookies

  • Browser controls: you can block or delete cookies via your browser settings. Note that disabling strictly necessary cookies may prevent parts of gamdombet-au.com from working correctly.
  • Internal controls: where available, use the cookie/preferences controls within the site interface to manage non-essential cookies and marketing settings.
  • Third-party opt-outs: some third parties provide their own opt-out mechanisms; where used, we encourage reviewing their privacy notices.

Data Security

OBSERVE: The prompt requires comprehensive security measures including TLS 1.2+, encryption at rest/in transit, MFA, access controls, audits, training, incident response, and alignment with ISO 27001 / SOC 2 where applicable.

EXPAND: Security statements must be accurate and avoid guaranteeing absolute security. It is appropriate to describe "reasonable and appropriate" measures, layered controls, least privilege, monitoring, and breach response. For gambling and financial transactions, strong authentication and fraud detection are essential. Include incident response and notification framing, but avoid promising specific legal notification timelines across all jurisdictions; instead commit to complying with applicable law.

REFLECT: We implement a risk-based security program designed to protect personal information against unauthorized access, alteration, disclosure, or destruction, while recognizing that no online system can be guaranteed 100% secure.

  • Encryption in transit: we use TLS 1.2 or higher to protect data transmitted between your device and our services.
  • Encryption at rest: where appropriate, we apply encryption or equivalent protections for stored data and backups, with secure key management controls.
  • Account protection: authentication controls, detection of suspicious logins, and support for multi-factor authentication (MFA) where available.
  • Access controls: role-based access, least-privilege permissions, logging of administrative access, and segregation of environments where appropriate.
  • Security monitoring & testing: vulnerability management, periodic security reviews, and monitoring for abuse, fraud, and system anomalies.
  • Staff training: security and privacy awareness training for personnel who handle personal information.
  • Incident response: documented procedures to detect, investigate, contain, remediate, and learn from security incidents, including coordination with relevant vendors and authorities where required.

Standards note: Where applicable to our vendors and internal control environment, we may align practices with internationally recognized frameworks such as ISO/IEC 27001 and/or SOC 2-type controls. The specific certifications in the provided profile data were not specified; requests for supporting information may be submitted through the privacy contact process.

Complaints & Contacts

OBSERVE: The prompt requires complaint channels (email, phone, online forms, postal address), step-by-step procedure with response times, and escalation to Mexican and EU supervisory authorities with direct contact information. Provided data includes self-exclusion functionality location and indicates email/phone/address not specified.

EXPAND: Even with missing contact details, we must provide a workable pathway: account-based support route plus postal mail placeholder, and specify what users should include. For escalations, include INAI and an EU contact route (EDPB directory), while clarifying that the appropriate authority depends on residency and applicability. For AU complaints, OAIC is the privacy regulator; include it as it's essential for AU context even though not explicitly requested, but the "no extra sections" rule still allows inclusion inside this section.

REFLECT: We provide an internal complaint process first, with escalation options to relevant authorities depending on where you live and which laws apply.

How to Contact Us

  • Online (recommended): submit a privacy complaint or request via the support/contact pathway available within your gamdombet-au.com account.
  • Self-exclusion and responsible gambling tools: available in the user interface at Profile -> Transactions -> Self-Exclusion (timeframes: 6 months to Permanent), which may also generate records relevant to privacy inquiries.
  • Email (Privacy Team / DPO): Not specified in the provided casino profile data. Use the in-account support route to ensure routing to the privacy function.
  • Phone: Not specified in the provided casino profile data.
  • Postal address: Not specified in the provided casino profile data. If you require postal submission, request the current postal address via in-account support, and we will provide it.

Complaint Procedure and Timelines

  1. Step 1 - Submit: Provide your account identifier (username/email), a description of the issue, relevant dates, and the resolution you want (e.g., access, correction, deletion, restriction, marketing opt-out).
  2. Step 2 - Acknowledgment: We aim to acknowledge receipt within 7 days.
  3. Step 3 - Investigation: We review logs, account records, and vendor processing where relevant, and may request additional information to verify identity and clarify scope.
  4. Step 4 - Outcome: We aim to provide a substantive response within 30 days. If more time is needed, we will explain why and provide an updated timeframe.
  5. Step 5 - Escalation: If you are not satisfied, you may request an internal review, and/or escalate to the relevant supervisory authority depending on jurisdiction.

Escalation to Supervisory Authorities

  • Australia (privacy regulator): Office of the Australian Information Commissioner (OAIC) - https://www.oaic.gov.au
  • Mexico (data protection authority): INAI - https://www.inai.org.mx
  • European Union (where GDPR applies): You may contact your local supervisory authority. A directory of EU supervisory authorities is available via the European Data Protection Board (EDPB): https://edpb.europa.eu/about-edpb/about-edpb/members_en

Jurisdiction note: The appropriate authority depends on where you live and which data protection laws apply to the processing in question.

Updates

OBSERVE: The prompt requires notification procedures, version control with "Last updated: ", changelog of material changes, advance notice minimum 30 days for significant changes, and user options to object or close accounts. Also required: extend dates/timeframes to 2026.

EXPAND: The provided last_updated is 2025-11-06; extend to 2026 and present month/year. Include a simple changelog and define what counts as "material." Provide notice channels: email, banners, dashboard alerts.

REFLECT: We commit to transparent updates with advance notice for significant changes and provide user options.

Last updated: November 2026.

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or operational needs.

How We Notify You

  • Email notice: where we have your email address and the change is significant, we may notify you by email.
  • Website banner: we may display a banner or notice on gamdombet-au.com for material changes.
  • Account dashboard alerts: we may post notices within your account area where available.

Advance Notice and Your Options

  • Minimum notice for significant changes: we will provide at least 30 days advance notice for material changes that meaningfully affect your rights or how we use personal information (for example, new categories of data, new sharing practices, or new purposes not compatible with prior purposes).
  • Your options: if you do not agree to a material change, you may (i) object where applicable, (ii) withdraw relevant consents (e.g., marketing), and/or (iii) close your account (subject to legal retention and compliance obligations).

Changelog of Material Changes

  • November 2026: Policy effective date updated to 2026; expanded international transfer safeguards wording; clarified retention periods and complaint escalation pathways (OAIC, INAI, EU supervisory authority directory); strengthened security controls description (TLS 1.2+, encryption, MFA, incident response).