Privacy Policy
winwin9 is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our online gaming services at winwin9-australia.com, in full compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Information We Collect
We gather various types of personal information to deliver secure, personalized gaming experiences and meet regulatory obligations. This includes personal identification details provided during registration, such as your full name, date of birth, residential address in Australia, email address, phone number, and government-issued ID like a driver's license or passport for age and identity verification.austrac.
Financial information covers payment methods, bank account details, transaction histories, deposits, withdrawals, and cryptocurrency addresses where applicable, essential for processing gaming transactions securely. Technical data automatically collected includes IP addresses, device types, browser details, operating systems, and approximate location data to optimize platform performance and detect fraud.casinocanberra.
Gaming and behavioral data encompasses bets placed, games played, session durations, win/loss records, and preferences, which help personalize offers and support responsible gambling initiatives. We also collect sensitive information like source of funds for anti-money laundering (AML) compliance under AUSTRAC requirements.
For non-registered visitors, we collect minimal data via cookies and logs, such as visit timestamps and pages viewed, without identifying individuals unless interaction.
| Data Category | Examples | Collection Method | Purpose |
|---|---|---|---|
| Personal Identity | Name, DOB, address, phone, email, ID documents | Registration forms, verification uploads | Account setup, KYC/AML compliance amlhouse |
| Financial | Bank details, transactions, payment history | Deposit/withdrawal processes | Transaction processing, audits amlhouse |
| Technical | IP, device ID, browser, cookies | Automatic logs | Security, analytics securiti |
| Gaming Activity | Bets, sessions, preferences | Platform usage | Personalization, responsible gaming stresstelijf |
| Sensitive | Source of funds, affordability checks | Questionnaires, third-party checks | Regulatory compliance austrac.gov |
We never collect unnecessary data and ensure collection is lawful, fair, and directly from you where practicable, per APP 3.thelawhandbook.
How We Use Your Information
Your data enables core services like account creation, identity verification, and transaction processing under our contract with you. We analyze gaming patterns to recommend games, apply bonuses, and enforce limits for responsible gambling, aligning with state regulations.pmc.ncbi.nlm.
Security uses include fraud detection via IP monitoring and anomaly alerts, preventing unauthorized access. Marketing relies on consent for emails about promotions, with opt-out options always available.
Compliance drives uses like AUSTRAC reporting for AML/CTF, tax filings, and activity statements under the National Consumer Protection Framework. Aggregated, anonymized data improves platform features and informs business decisions without identifying individuals.
We process data based on necessity: contract performance for services, legal obligations for compliance, legitimate interests for security/marketing (balanced against your rights), and consent where required.
Legal Basis for Processing follows APPs: contractual necessity for gaming services and payments; statutory requirements under AML/CTF Act 2006, Interactive Gambling Act 2001, and Privacy Act 1988. Legitimate interests cover fraud prevention and site optimization, with periodic assessments ensuring no override of your rights.
Consent is explicit for non-essential marketing or optional features, withdrawable anytime via account settings or email to [email protected]. For EU visitors (rare), GDPR applies extraterritorially if targeting occurs, mirroring APP protections.
Sharing and Disclosure
We share data only as needed with trusted parties under strict agreements. Payment processors (e.g, compliant banks) handle transactions; verification services check IDs; software providers maintain games.
Regulators like AUSTRAC receive AML reports; state authorities get licensing data; law enforcement accesses for investigations. No sales of data occur; affiliates may see anonymized stats.
In mergers, data transfers with notice and equivalent protections. Emergencies allow disclosure to protect life/health.
| Recipient Type | Examples | Safeguards |
|---|---|---|
| Service Providers | Payments, verification, hosting | DPAs, audits thebandfieldgroup |
| Regulators | AUSTRAC, tax office | Legal mandates amlhouse |
| Law Enforcement | Police, courts | Warrants/court orders thelawhandbook |
Data Security Measures
Robust protections include SSL/TLS encryption for transmissions/storage, firewalls, intrusion detection, and multi-factor authentication (MFA). Regular penetration tests, vulnerability scans, and third-party audits ensure standards like PCI DSS for payments.
Organizational controls: employee training, access logs (role-based), background checks, and breach response plans with OAIC notification if required. Backups are encrypted offsite; physical servers secured.
Despite efforts, no system is impenetrable — use strong passwords and report issues promptly.
Cookies and Tracking
Cookies enhance functionality: essential (sessions/security), performance (usage analytics), functional (preferences), marketing (ads). We notify via banner per APP 5; consent managed via settings.
Third-party cookies from analytics/marketing partners; disable via browser, but may limit features. No tracking without.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Site operation | Session |
| Performance | Analytics | 2 years stresstelijf |
| Marketing | Ads | Until opt-out |
Your Rights Under APPs
Access your data via account dashboard or request to [email protected] (response in 30 days). Correct inaccuracies; delete where possible (e.g, post-retention), subject to legal holds.
Object to marketing (immediate stop); restrict processing during disputes; portability for account data. Anonymity/pseudonymity where practicable (not for regulated gaming) per APP 2.
Complain to OAIC; we investigate first. Minors' data handled with parental.
Data Retention and Deletion
Retention matches purpose: transactions/AML records 7 years post-closure; technical 2 years; gaming 5 years. Delete securely (e.g, overwriting) post-period unless needed.
Requests trigger review; automated tools purge inactive data.
International Transfers
Data stays in Australia primarily; transfers (e.g, US cloud) use contracts ensuring APP-equivalent protections. No EU adequacy, but safeguards apply; informed for GDPR.
Children's Privacy
Services for 18+ only; no knowing collection from children. Parents notified/ data deleted if.
Data Breaches
Notifiable breaches reported to OAIC/eligible users promptly, with mitigation.
Responsible Gambling Data
Activity data supports self-exclusion, limits, and statements; shared only for welfare.pmc.ncbi.nlm.nih.
Changes to This Policy
Updates posted here with date; major changes emailed. Continued use = acceptance. Last updated: March 30, 2026.
Contact Us
Questions? Email [email protected] or Data Protection Officer at the same address. We'll respond within 30 days.
