Privacy Policy

This Privacy Policy explains how Goldwin Casino collects, uses, discloses, and protects personal information of players and visitors who access and use the services offered via goldwin-au.com (the "Website") in connection with Goldwin Casino. It applies to registered players, prospective players, and all other visitors to the Website. By using the Website or creating an account, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective and deemed updated as of 1 January 2026, and supersedes all prior versions published on the Website.

Who We Are

OBSERVE: Goldwin Casino operates online gambling services for Australian players from an offshore jurisdiction using a licensed operator and related payment entities.

EXPAND: For privacy purposes, users must know the legal entities responsible for processing their data and how to contact them, including a dedicated privacy contact.

REFLECT: We set out below the operator, group entities, and contact channels for data protection matters.

Operator / Data Controller

Trading name: Goldwin Casino (operated as Goldwin Casino via https://goldwin-au.com)
Operator company: GLD Group B.V.
Legal form: Private limited company (B.V.) under Curaçao law
Registered office / legal seat: Curaçao (precise registered address not specified in this notice; may be updated on the Website from time to time)
Registration / licence: Licensed for remote gambling under Curaçao eGaming master licence number 1668/JAZ (sub-licence)
Operator jurisdiction: Curaçao

Group & Payment Processor

Payment processing subsidiary: GLD International Limited, a limited company incorporated in Cyprus
Role: Provision of payment processing and related services in support of the operator
Regional offices: Curaçao and Cyprus (addresses may be provided or updated on the Website or on request)

Data Protection Contact

Goldwin Casino has appointed an internal contact point for privacy and data protection matters (the "Data Protection Officer" or "DPO" function).

Email (primary privacy contact): [email protected]
Email (support-related privacy requests): [email protected]
Email (complaints and escalations): [email protected]
Website: https://goldwin-au.com

If you are unsure which contact to use, please write to [email protected] and your request will be routed internally.

What Personal Data We Collect

OBSERVE: Operating an online casino requires personal, technical, financial, and behavioural data to provide services, meet legal duties, prevent fraud, and improve user experience.

EXPAND: Data is collected directly from you, automatically via technology, and from third parties such as payment providers and verification services.

REFLECT: The categories of personal data we process include, but are not limited to, the following.

Account and Identification Data

Basic profile data: Full name, date of birth, gender (if provided), country of residence, address (where collected), username, and password.
Contact data: Email address, telephone number(s), preferred language of communication.
Verification / KYC data: Copies or details of identity documents (passport, ID card, driver's licence), proof of address (utility bills, bank statements), and any additional documentation or information requested to satisfy "Know Your Customer" (KYC) and anti-money laundering (AML) requirements.

Technical and Usage Data

Device and connection data: IP address, approximate location based on IP, device identifiers, browser type and version, operating system, screen resolution, and similar device-related identifiers.
Log data: Dates and times of access, pages viewed, clickstream data, session duration, referral URLs, and error or crash logs.
Security-related data: Login history, failed login attempts, password reset tokens, multi-factor authentication status where enabled.

Payment and Financial Data

Transaction data: Deposits, wagers, wins, losses, withdrawals, bonuses claimed and used, payment method used, transaction timestamps, and currency (including AUD).
Payment method details: Limited card details (such as masked card number and expiry date), e-wallet or voucher identifiers (e.g., Neosurf code), PayID identifiers, bank account details where necessary for withdrawals, and related billing information.
Payment verification data: Confirmation information from payment processors and banks, chargeback information, and risk/fraud assessments received from payment partners.

Behavioural and Profile Data

Gaming activity: Game preferences, bets placed, stakes, frequency and duration of sessions, bonuses used, tournaments entered, and other in-game behaviour.
Interaction data: Click behaviour, navigation patterns on the Website, response to offers, opening and interaction with marketing emails (e.g., open rates, link clicks).
Responsible gambling data: Self-exclusion decisions, cooling-off periods, betting limits and other tools used, triggers of responsible gambling interventions, communications relating to problem gambling or harm minimisation.

Communications and Support Data

Customer support records: Emails and messages sent to [email protected], live chat logs, complaint submissions sent to [email protected], and any recordings of calls if implemented and where lawful.
Feedback and surveys: Responses to player surveys, feedback forms, and other voluntary information you choose to provide.

Cookies and Similar Technologies

Cookies: Small text files stored on your device to enable core functionality, security, analytics, and personalised content.
Similar technologies: Web beacons, pixels, tags, and local storage used to track interactions with our Website and marketing communications.

For more information, see the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

OBSERVE: As an offshore operator targeting Australian users, Goldwin Casino must rely on lawful grounds similar to those recognised under international data protection standards (including consent, contract, legal obligation, and legitimate interests).

EXPAND: Different processing activities may rely on different legal bases, and in some cases multiple bases may apply simultaneously.

REFLECT: The principal legal bases on which we process personal data are as follows.

Performance of a Contract

To create, manage, and maintain your player account.
To provide access to casino games and related services on goldwin-au.com.
To process deposits, wagers, wins, withdrawals, bonuses, and loyalty benefits.
To provide customer support and resolve technical issues or account problems.

Compliance with Legal and Regulatory Obligations

To comply with KYC, AML, counter-terrorism financing, and other relevant regulatory obligations in Curaçao and, where applicable, in other jurisdictions.
To conduct age verification, identity verification, and ongoing monitoring to prevent illegal or unauthorised use of our services.
To respond to lawful requests from regulators, tax authorities, law enforcement agencies, and courts.
To maintain appropriate business records and financial accounts for the periods required by applicable law.

Legitimate Interests

Security and fraud prevention: Detecting and preventing fraud, money laundering, abuse of bonuses, account takeover, and other misuse of our services.
Service improvement: Analysing how the Website is used to improve usability, performance, product offering, and customer support.
Business operations: Managing our business, including IT operations, auditing, risk management, and reporting.
Direct marketing to existing customers: Sending promotions and offers about similar products and services, subject to your right to opt out at any time.

Consent

Where required by applicable law for certain types of cookies or analytics tools.
For certain electronic marketing communications (for example, SMS marketing where separate consent is required) or where you are not an existing customer.
For processing of certain optional data you choose to provide (for example, special preferences) where such data is not strictly necessary for the services.

You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal can be done through your account settings (where available) or by contacting us at [email protected].

Purpose of Processing

OBSERVE: Personal data is processed for clearly defined purposes aligned with operating an online casino and fulfilling legal obligations.

EXPAND: Each category of data serves one or more specific purposes, which we describe transparently.

REFLECT: We process your data only to the extent necessary for the following purposes.

Provision of services: To register and operate your player account, enable gameplay, process deposits and withdrawals, manage bonuses and loyalty programs, and provide customer support.
Account administration: To communicate with you about your account status, security alerts, policy changes, and service announcements.
Responsible gambling: To implement self-exclusion, limits, and other safer gambling tools and to monitor patterns indicative of problem gambling.
Marketing and personalisation: To send promotional offers, newsletters, and tailored content (subject to your preferences), and to personalise the Website experience and game recommendations.
Analytics and service improvement: To analyse aggregate and individual usage, measure performance of games and promotions, and improve our products, website design, and support.
Fraud detection and security: To prevent and detect fraud, abuse, account compromise, and any breach of our Terms and Conditions or applicable laws.
Compliance and legal protection: To comply with legal and regulatory requirements (including AML and KYC), to maintain appropriate records, and to establish, exercise, or defend legal claims.

Disclosure & Sharing

OBSERVE: To provide services and meet regulatory obligations, Goldwin Casino must share personal data with carefully selected third parties under appropriate safeguards.

EXPAND: These parties include payment processors, technical service providers, group companies, regulators, and, where you consent, marketing or affiliate partners.

REFLECT: We do not sell your personal data; we share it only as described below and always subject to confidentiality and security obligations.

Group Companies and Internal Recipients

Operator: GLD Group B.V. (Curaçao) as the primary operator and controller of player data.
Payment processor: GLD International Limited (Cyprus) and other affiliated entities performing payment and risk functions.
Intra-group services: IT, security, customer support, finance, and compliance teams, where access is strictly on a need-to-know basis.

Payment Partners and Financial Institutions

Banks, card schemes, PayID providers, voucher providers (e.g., Neosurf), e-wallets, and other payment service providers that process deposits and withdrawals.
Third-party fraud and risk management providers assisting in transaction monitoring, chargeback handling, and AML checks.

Service Providers and Vendors

Technology providers: Hosting providers, game providers, security and DDoS protection services, analytics tools, email delivery platforms, and CRM systems.
Support and operational services: Customer support outsourcing (if used), KYC/identity verification providers, and document validation services.
These providers act as processors on our behalf and are bound by contractual obligations to process personal data only in accordance with our instructions and applicable law.

Regulators, Authorities, and Legal Counterparties

Regulatory authorities and licensing bodies in Curaçao and, where relevant, other jurisdictions, when required by law or licence conditions.
Law enforcement agencies, courts, and government or tax authorities when we are legally obliged to disclose information or when necessary to protect our rights or the rights of others.
External advisers (lawyers, auditors, consultants) where necessary to obtain professional advice or manage legal disputes.

Affiliates, Marketing, and Advertising Partners

Affiliate partners that refer players to Goldwin Casino, for the limited purpose of tracking referrals and paying commissions (typically via anonymous or pseudonymous identifiers).
Marketing networks and advertising platforms where you have provided consent for such sharing, or where permitted by applicable law, to deliver targeted advertising or measure campaign effectiveness.

Business Transfers

In connection with any proposed or actual merger, acquisition, sale of assets, restructuring, or insolvency event, your data may be disclosed to potential or actual buyers or their advisers, subject to appropriate confidentiality obligations and only to the extent necessary.

Whenever we share personal data with third parties, we take reasonable steps to ensure that they provide adequate protection for your data in line with this Privacy Policy and applicable laws.

International Transfers

OBSERVE: Data collected via Goldwin Casino is processed in multiple jurisdictions, including Curaçao and Cyprus, and may be stored or accessed from other regions.

EXPAND: Some of these jurisdictions may not provide the same level of data protection as your home country; therefore, we implement contractual and organisational safeguards.

REFLECT: By using our services, you acknowledge that your data may be transferred internationally under the protections described below.

Primary processing locations: Your personal data is primarily processed in Curaçao (operator location) and Cyprus (payment processing and certain support functions).
Additional locations: Depending on our service providers' infrastructure, data may be stored or accessed from the European Economic Area (EEA), the United Kingdom, and other countries where our technical or support providers are located.
Safeguards for international transfers:
- Where required, we use contractual safeguards such as standard data protection clauses approved by relevant authorities (e.g., EU Standard Contractual Clauses) for transfers from the EEA/UK.
- We perform due diligence on our service providers to ensure they maintain appropriate technical and organisational measures for data protection.
- Access to your data across borders is restricted to personnel who need such access for the purposes described in this Privacy Policy.
Access from Australia: As an offshore operator, we provide services remotely to players located in Australia; accessing the Website from Australia naturally involves transferring data between Australia and our processing locations.

If you require more information about the specific safeguards in place for international transfers, you may contact us at [email protected].

Data Retention

OBSERVE: Retention periods must balance legal, regulatory, and business needs with data minimisation principles.

EXPAND: Gambling and financial regulations often require data to be kept for a minimum period, especially for AML and transactional records.

REFLECT: We retain personal data only for as long as necessary for the purposes described, after which it is securely deleted or anonymised.

Player account data: Core account information (such as identification, contact details, and account history) is generally retained for up to 5 years after account closure, or longer where required by applicable law or where needed to resolve ongoing disputes or investigations.
KYC and AML records: Identity documents, verification records, and AML monitoring data are retained for at least 5 years from the end of the business relationship or the date of the last transaction, in line with applicable AML requirements, and may be retained longer if legally required.
Transaction and financial data: Deposits, wagers, winnings/losses, withdrawals, and related financial records are retained for 5 - 7 years to comply with accounting, tax, and regulatory obligations.
Marketing data: Data used for marketing (such as email address and marketing preferences) is kept until you opt out of marketing, withdraw consent (where applicable), or your account is closed and the applicable retention periods expire.
Customer support records: Communications with support and complaint records are generally retained for up to 5 years after closure of the request, unless longer retention is necessary for legal or regulatory reasons.
Technical and analytics data: Log data and analytics information may be retired or anonymised after shorter periods (typically 6 - 24 months), except where needed for security investigations or legal proceedings.

When the retention period expires, we will either securely delete your personal data or irreversibly anonymise it so that it can no longer be associated with you. In some cases, technical or backup constraints may delay deletion; in those cases, data will be securely isolated from active use until deletion is possible.

Your Rights

OBSERVE: International data protection standards, such as those reflected in the GDPR and similar regimes, recognise a set of rights for individuals regarding their personal data.

EXPAND: Although Goldwin Casino is operated from Curaçao and focuses on Australian players, we aim to align our practices with these standards to provide a high level of transparency and control.

REFLECT: Subject to applicable law and certain limitations, you can exercise the following rights in relation to your personal data.

Right of Access

You may request confirmation as to whether we process your personal data and receive a copy of such data, together with information about how we use it.

Right to Rectification

You may request correction of inaccurate data and completion of incomplete data. In many cases, you can update certain details directly in your account settings.

Right to Erasure

You may request deletion of your personal data in certain circumstances (for example, where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis applies).
We may need to retain certain data notwithstanding your request, where required by AML, gambling, tax, or other laws, or where necessary for the establishment, exercise, or defence of legal claims.

Right to Restrict Processing

You may request that we restrict processing of your data, for example while we verify its accuracy or where you have objected to processing and we are considering your objection.

Right to Object

You may object to processing based on our legitimate interests, on grounds relating to your particular situation. We will stop the processing unless we have compelling legitimate grounds which override your interests, rights, and freedoms or where processing is necessary for legal claims.
You have an absolute right to object at any time to the use of your data for direct marketing. If you object, we will stop using your data for this purpose without undue delay.

Right to Data Portability

Where technically feasible and where the legal basis is consent or contract, you may request that we provide certain personal data to you or to another controller in a structured, commonly used, and machine-readable format.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
You can typically manage marketing consents via email unsubscribe links or by contacting us.

Exercising Your Rights

How to submit a request: You may exercise your rights by contacting us at [email protected] or [email protected], or via any dedicated tools provided within your account (if available).
Information we may request: To protect your privacy, we may need to verify your identity before acting on your request. This may include asking you to log in to your account or provide additional information.
Response time: We aim to respond to all valid requests within 30 days from receipt. If your request is complex or we receive numerous requests, we may extend this period by a further 30 days and will inform you of any such extension.
Cost: We will not charge a fee for handling your request, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

Where relevant local data protection regulations apply (including GDPR-like or comparable regimes), we will take them into account when assessing and responding to your request.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar technologies are essential to deliver a secure and user-friendly gaming experience and are also used for analytics and marketing.

EXPAND: Some cookies are strictly necessary, while others are optional and may require consent under certain regimes.

REFLECT: We provide an overview of the types of cookies we use and how you can manage them.

Types of Cookies We Use

Strictly necessary cookies (session cookies): These cookies are essential for the operation of the Website and for enabling you to log in, navigate the platform, place bets, and use account features. They are typically deleted when you close your browser.
Functional cookies (persistent cookies): These cookies remember your preferences (such as language, region, and login status) to provide an enhanced, more personalised experience. They remain on your device for a defined period or until you delete them.
Analytics and performance cookies: These cookies collect aggregated information about how visitors use the Website (such as pages visited, time spent, and error messages) to help us improve performance and usability. They may be set by us or by third-party analytics providers working on our behalf.
Advertising and targeting cookies (third-party): These cookies may be set by us or our advertising and affiliate partners to track the effectiveness of campaigns, to avoid showing you the same advertisements repeatedly, and to deliver content that is more relevant to your interests. They may follow you across different websites and devices.

Managing Cookies

Browser settings: Most browsers allow you to view, delete, or block cookies, and to set preferences for certain sites. Blocking some cookies may affect the functionality of the Website.
Internal tools: Where available, you may use cookie or privacy preferences on the Website to manage non-essential cookies, including analytics and advertising cookies.
Opting out of marketing cookies: You may opt out of certain third-party advertising cookies via the tools provided by those third parties or via online industry schemes where available in your region.

For more detailed information about our use of cookies and similar technologies, we may provide a separate Cookie Policy or update this section from time to time.

Data Security

OBSERVE: Operating an online gambling service involves processing sensitive financial and behavioural data, requiring strong security controls.

EXPAND: Security must cover data in transit and at rest, access controls, monitoring, staff training, and incident response.

REFLECT: While no system can be guaranteed 100% secure, Goldwin Casino implements robust measures aligned with recognised good practice.

Technical and Organisational Measures

Encryption in transit: Data transmitted between your browser and our servers is protected using industry-standard Transport Layer Security (TLS) protocols (TLS 1.2 or higher), helping to prevent interception or tampering.
Encryption at rest: Where appropriate, stored data (including certain financial and identification data) is encrypted or otherwise pseudonymised to reduce risk in the event of unauthorised access.
Access controls: Access to personal data is restricted to authorised personnel who require it for their job functions and is governed by role-based access control, authentication mechanisms, and logging.
Authentication and account security: We use secure password hashing and may support additional security features such as multi-factor authentication where implemented.
Network and infrastructure security: Firewalls, intrusion detection and prevention systems, DDoS mitigation, and regular patching and monitoring of servers and applications.

Governance, Training, and Audits

Policies and procedures: Internal policies govern data protection, access, retention, and incident management.
Staff training: Employees with access to personal data receive periodic training on confidentiality, security best practices, and regulatory obligations relevant to gambling operations.
Audits and assessments: We periodically review our systems and controls, and may engage external experts to perform security assessments and penetration tests.

Incident Response

In the event of a suspected or actual data breach, we follow internal incident response procedures aimed at:
- Identifying and containing the incident.
- Assessing the impact on our systems and on affected individuals.
- Implementing remediation measures to prevent recurrence.
- Where required by applicable law, notifying relevant authorities and affected individuals without undue delay.

While we strive to protect your personal data, you are responsible for maintaining the confidentiality of your account credentials and for using appropriate care when accessing your account from shared or public devices.

Complaints & Contacts

OBSERVE: Players must have clear channels to ask questions, exercise their rights, and submit complaints about privacy and data protection.

EXPAND: A structured process with target response times and escalation paths improves transparency and trust.

REFLECT: The following mechanisms are available for queries and complaints regarding this Privacy Policy or our handling of personal data.

Contact Channels

General and privacy enquiries: [email protected]
Customer support (including account or technical issues): [email protected]
Complaints and escalations: [email protected]
Website: https://goldwin-au.com

Complaint Procedure

Submission: Send your complaint or query to [email protected], clearly marking it as a "Privacy / Data Protection Complaint", and provide sufficient details for us to understand your concerns.
Acknowledgement: We aim to acknowledge receipt of your complaint within 5 business days.
Investigation: Your complaint will be reviewed by the relevant internal team, which may include our data protection contact and compliance personnel. We may request additional information if necessary.
Response: We will provide a substantive response to your complaint within 30 days where possible. If we are unable to respond within that timeframe, we will inform you of the delay and the reasons.
Escalation: If you are not satisfied with our response, you may request that your complaint be escalated to a higher level of management within Goldwin Casino.

Depending on your location and applicable law, you may also have the right to lodge a complaint with a data protection or privacy supervisory authority in your country of residence or in the jurisdiction where you believe a violation has occurred. Contact details for such authorities differ by jurisdiction; you should consult the official website of the relevant national or regional data protection authority for up-to-date information.

Updates

OBSERVE: Our services, regulatory environment, and technical measures evolve over time, requiring updates to this Privacy Policy.

EXPAND: Changes, especially material ones, should be communicated clearly and in advance where practicable.

REFLECT: The following rules apply to updates of this Privacy Policy.

Notification of Changes

Publication: Any updated version of this Privacy Policy will be posted on https://goldwin-au.com, replacing previous versions.
Email notifications: For material changes (for example, new purposes of processing or significant changes to data sharing practices), we will endeavour to notify registered players by email using the address associated with their account.
On-site notifications: We may display banners, pop-ups, or dashboard alerts on the Website to draw attention to important updates.

Advance Notice and Effective Date

Where a change is material and reasonably foreseeable, we will aim to provide at least 30 days' advance notice before the new version takes effect, unless a shorter period is required to comply with legal or regulatory obligations.
The "Last updated" date at the bottom of this Privacy Policy indicates when it was most recently revised.

Your Options

If you do not agree with the updated Privacy Policy, you should cease using the Website and may request account closure by contacting [email protected].
Continued use of the Website after the effective date of the updated Privacy Policy will constitute your acceptance of the changes, to the extent permitted by applicable law.

Last updated: January 2026