PlayCroco Data and Privacy Policy

Who We Are and What This Document Covers

PlayCroco Casino operates under a licence issued by the Gaming Control Board of Curaçao. This policy governs how we collect, store, use and disclose personal information from players who access our services from Australia. Honesty requires stating that operating an online gambling platform demands significant data collection — identity verification, transaction records and behavioural data are all part of how licensed casinos function legally. This is fact, not marketing.

The Australian Privacy Act 1988 applies to us insofar as we handle the personal information of Australian residents. We also comply with the Landsverordening bescherming persoonsgegevens (LBP) of Curaçao, which governs data protection obligations within our licensing jurisdiction. Where these frameworks impose different standards, we apply the more protective standard in your favour.

What Information We Collect

We collect personal information that falls into distinct categories, each serving a defined purpose. Identification data includes your full legal name, date of birth, residential address, nationality and copies of government-issued identity documents. Contact information includes your email address and telephone number. Financial data includes your payment method details, deposit records, withdrawal requests and transaction history. Technical data includes your IP address, device identifiers, browser type, session timestamps and geolocation data.

We also collect behavioural data — your wagering history, game preferences, session durations and betting patterns. This is fact, not marketing: this data is required under GCB licensing conditions to support responsible gambling monitoring and AML compliance. It cannot be opted out of while you maintain an active account.

Why We Collect Your Information

Your data is collected for purposes that are either legally required or operationally necessary. Identity verification is conducted to comply with Know Your Customer obligations mandated by GCB licensing conditions and AUSTRAC reporting requirements applicable to Australian players. We verify your age, identity and source of funds before permitting significant withdrawals or continued play.

Transaction processing requires payment data to execute deposits and withdrawals through our payment partners. Fraud prevention requires pattern analysis across account activity, device data and financial records. Responsible gambling monitoring requires us to track session frequency, deposit velocity and wagering escalation. Regulatory compliance requires us to retain records of all player interactions, transactions and identity verifications for a minimum of five years following account closure.

We send you operational communications — account notices, verification requests, security alerts — without exception. Marketing communications are sent only where you have explicitly opted in, and you may withdraw that consent at any time by contacting us at [email protected].

Legal Basis for Processing

Under the LBP framework applicable to our Curaçao licence, we process your data on three grounds. First, contractual necessity: processing is required to deliver the gambling services you have contracted to receive. Second, legal obligation: GCB licensing conditions, AML requirements and AUSTRAC obligations compel specific forms of data collection and retention. Third, legitimate interests: fraud prevention and platform security represent legitimate interests that do not override your fundamental rights when applied proportionately.

Where we rely on your consent — for marketing communications only — you retain the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

How We Share Your Information

We do not sell personal information. Sharing occurs only in defined circumstances. Our payment processing partners receive financial data necessary to execute transactions — they are contractually bound to equivalent data protection standards. Our KYC and identity verification providers receive identity documents and personal details necessary to complete verification checks. Regulatory authorities, including the GCB, AUSTRAC and, where required by law, Australian law enforcement, may receive data pursuant to lawful requests or our reporting obligations.

Third-party service providers who assist with platform operations — hosting, security, analytics — receive data only to the extent necessary to perform their contracted functions, and are bound by data processing agreements that restrict further use.

Data Retention

Identity verification records are retained for five years following account closure, in compliance with GCB licensing conditions and AML obligations. Transaction records are retained for seven years to meet financial regulatory requirements. Marketing consent records are retained for as long as necessary to demonstrate compliance with applicable law.

When retention periods expire, data is securely deleted or anonymised. Anonymised data may be retained indefinitely for aggregate analysis.

Your Rights as an Australian Resident

Under the Privacy Act 1988 and the Australian Privacy Principles, you have specific rights regarding your personal information. You have the right to access the personal information we hold about you. You have the right to request correction of inaccurate or incomplete information. You have the right to make a complaint if you believe your privacy rights have been breached.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Data Security

We implement technical and organisational security measures proportionate to the sensitivity of the data we hold. These include TLS encryption for data in transit, AES-256 encryption for sensitive data at rest, access controls restricting internal data access to authorised personnel, and regular penetration testing of our platform infrastructure.

Honesty requires stating that no system is impenetrable. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the relevant supervisory authority in accordance with applicable legal obligations.

Cookies and Tracking Technologies

Our use of cookies is governed by our Cookie Policy, which is available on our website. In summary: we use cookies that are strictly necessary for platform function, cookies that analyse usage to improve our services, and cookies that support fraud prevention and security. You may manage non-essential cookie preferences through our cookie management tool.

Changes to This Policy

We update this policy when our data practices change or when regulatory requirements evolve. We will notify you of material changes by email to your registered address at least 14 days before those changes take effect. Continued use of our services following notification constitutes acceptance of the revised policy.