burger icon
Moonwin Australia
Log In

Privacy Policy

This Privacy Policy explains how Moonwin, operated via the website https://moonwin-aussie.com, collects, uses, discloses, and protects personal information of players and website visitors. It applies to all users who access or use our services, including browsing our site, opening an account, placing bets, making deposits or withdrawals, or contacting our support. By using our services, you agree to this Privacy Policy as in force from time to time. This Privacy Policy is effective as of 1 January 2026 and replaces any previous versions published on our websites.

Who We Are

OBSERVE: Users must know the legal operator, its address, license, and a clear privacy contact.

EXPAND: We link the operating entities (gaming and payments) and designate a privacy contact point for all data matters.

REFLECT: This section identifies the controller(s) and how you can reach us regarding privacy.

The online casino marketed as Moonwin and accessible at https://moonwin-aussie.com (and related subdomains) is owned and operated by:

  • Dama N.V., a limited liability company incorporated under the laws of Curaçao
    • Registration number: 152125
    • Registered and legal address: Scharlooweg 39, Willemstad, Curaçao
    • Gaming license: 8048/JAZ2020-013, issued by Antillephone N.V. and authorised by the Government of Curaçao
  • For certain fiat payment processing functions, we may act together with, or delegate to:
    • Friolion Limited, a company incorporated in Cyprus (payment processing subsidiary for Dama N.V.).

For the purposes of this Privacy Policy, Dama N.V. is the primary entity responsible for determining the purposes and means of processing your personal data in connection with Moonwin.

Data Protection Contact

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at the above details.

What Personal Data We Collect

OBSERVE: We collect identification, contact, technical, financial, behavioural, and cookie-related data.

EXPAND: Gambling operations require KYC/AML data, device and transaction logs, and responsible gambling indicators.

REFLECT: The categories below help you understand what information we process.

1. Identification and Contact Data

  • Full name, date of birth, gender.
  • Residential address, country of residence, postcode (where collected).
  • Email address(es) and phone number(s).
  • Copies or data extracted from identity documents (e.g., passport, ID card, driver licence), proof of address (e.g., utility bill, bank statement), and where legally required, source-of-funds/source-of-wealth documentation.
  • Username, account ID, and other identifiers created when you open an account.

2. Account and Service Usage Data

  • Account registration date, status, verification/KYC status.
  • Login and logout timestamps, session duration, and activity history in your account area.
  • Your communication preferences (e.g., email marketing opt-in / opt-out, channels, and topics).

3. Technical and Device Data

  • IP address(es) and approximate geolocation derived from IP (country/region).
  • Device information such as device type, operating system, browser type and version, language settings, screen resolution, and unique device identifiers where applicable.
  • Log data related to website access and use, including pages visited, clicks, referring URLs, error logs, and performance statistics.
  • Security-related logs (e.g., failed login attempts, changes to security settings, 2FA usage).

4. Payment and Financial Data

  • Details of deposits and withdrawals (amounts, currencies, time stamps, transaction IDs).
  • Selected payment methods (e.g., Visa/Mastercard, Neosurf, MiFinity, PayID-style bank transfer solutions, and supported cryptocurrencies such as Bitcoin, Ethereum, USDT, Dogecoin).
  • Limited payment instrument details as required to complete transactions (for example, masked card numbers, wallet addresses, or account identifiers). We do not store full card numbers or CVV codes; this information is typically processed by secure third-party payment service providers.
  • Payment verification and anti-fraud data, including risk scores, chargeback information, and records of payment-related communications.

5. Gaming and Behavioural Data

  • Betting and gaming history, including:
    • Games played, stakes placed, wins and losses, bonuses and promotions used.
    • Game session times, frequency of play, and wagering patterns.
  • Interactions with site features, such as navigation behaviour, clicks, links followed, and time spent on specific pages.
  • Responsible gambling data, including self-exclusion decisions, cooling-off periods, deposit/loss limits, and communications about gambling-related concerns.

6. Communication and Support Data

  • Records of communications with customer support (via email, internal messaging, live chat where available).
  • Content of complaints, feedback, and dispute-related correspondence.
  • Subscriptions to newsletters, promotional emails, and opt-out/unsubscribe confirmations.

7. Cookies and Similar Technologies Data

  • Data collected via cookies, web beacons, pixels, and similar technologies (see "Cookies & Tracking Technologies" below), including:
    • Session identifiers, authentication tokens, and preferences (language, region, display settings).
    • Analytics identifiers used by services such as internal analytics tools or third-party analytics providers.
    • Advertising identifiers where we use performance or marketing cookies (subject to consent where required).

Legal Basis for Processing

OBSERVE: We must identify lawful grounds for each type of processing.

EXPAND: As an offshore operator serving Australian users, we adopt principles consistent with the GDPR and leading privacy standards, while also addressing AML/KYC obligations from Curaçao and international practice.

REFLECT: The following legal bases explain why we are permitted to use your data.

1. Performance of a Contract

We process your personal data where it is necessary to enter into and perform our contract with you, including our Terms and Conditions. This includes:

  • Creating and managing your Moonwin account.
  • Providing access to our gaming services, including processing bets, displaying balances, and resolving game results.
  • Processing deposits and withdrawals, including transaction confirmations and payment communications.
  • Providing customer support and responding to your queries.
  • Managing promotions, bonuses, loyalty or VIP programmes, and related benefits.

2. Compliance with Legal Obligations

We process certain data because we are required to do so by applicable laws and regulations, including but not limited to anti-money laundering (AML) and counter-terrorist financing (CTF) requirements, fraud prevention rules, sanctions screening, and accounting, tax, and reporting obligations. This includes:

  • Carrying out Know Your Customer (KYC) verification (identity and address verification, age verification, and where required, source-of-funds/source-of-wealth checks).
  • Monitoring transactions and gaming activity to detect and report suspicious activity under applicable AML/CTF frameworks.
  • Maintaining records for legally prescribed minimum retention periods, including player and transaction records.
  • Cooperating with regulators, law enforcement, courts, and other public authorities where lawfully required, as well as complying with obligations under our Curaçao e-gaming licence (No. 8048/JAZ2020-013).

3. Legitimate Interests

We rely on our legitimate interests, balanced against your privacy rights, to process data for purposes that are necessary to operate, protect, and improve our business. These include:

  • Security and fraud prevention: Protecting our platforms, players, and systems from misuse, fraud, money laundering, bonus abuse, unauthorised access, and other harmful activities.
  • Service improvement and analytics: Analysing aggregated or pseudonymised data to enhance user experience, troubleshoot issues, optimise game offerings, and improve website performance.
  • Business administration: Conducting internal audits, inspections, quality assurance, and management reporting.
  • Enforcement of legal claims: Establishing, exercising, or defending legal claims, managing disputes, and enforcing our Terms and Conditions.

Where we rely on legitimate interests, we implement safeguards to protect your privacy and ensure that such processing is proportionate and minimally intrusive.

4. Consent

In specific situations, we process your personal data on the basis of your consent. This applies in particular to:

  • Sending you marketing communications (e.g., promotional emails, newsletters, and offers) where consent is required under applicable law.
  • Using non-essential cookies and similar tracking technologies for advertising and some analytics purposes (where required by local law or as a best-practice standard).

You may withdraw your consent at any time (see "Your Rights" below). Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Purpose of Processing

OBSERVE: Each processing operation must have a clearly defined purpose.

EXPAND: Gambling operations require purposes that span service provision, security, compliance, marketing, and responsible gambling.

REFLECT: The purposes below are aligned with contract, legal obligations, legitimate interests, and consent.

1. Providing and Operating Our Casino Services

  • Creating and managing user accounts on moonwin-aussie.com.
  • Enabling deposits, bets, participation in casino games, and withdrawals.
  • Processing payments and cryptocurrency transactions, managing balances, and providing transaction histories.
  • Providing multi-language interfaces and tailored settings (e.g., currency, language, game preferences).

2. Customer Support and Communication

  • Responding to user enquiries via email or other communication channels.
  • Handling complaints, chargebacks, disputes, and player feedback.
  • Notifying you of important service messages, such as policy updates, security alerts, and account-related notices (these are transactional, not marketing).

3. Compliance, Risk Management, and Fraud Prevention

  • Carrying out KYC checks to verify identity, age, and eligibility to use our services.
  • Monitoring gaming and transaction behaviour to detect fraudulent or abusive activities, suspicious transactions, or breaches of our Terms and Conditions.
  • Meeting AML/CTF and other regulatory requirements in Curaçao and relevant international standards.
  • Maintaining audit trails, logs, and evidence to support legal and regulatory compliance.

4. Service Quality, Analytics, and Improvement

  • Analysing site usage and game performance to understand how our services are used.
  • Testing and deploying new features, games, payment methods, and security improvements.
  • Customising content, game recommendations, and user experience based on aggregated or pseudonymised behavioural patterns.

5. Marketing and Promotions

  • Sending promotional communications (where allowed and/or with your consent), such as bonuses, free spins, tournaments, and special offers tailored to your profile and activity.
  • Managing loyalty and VIP programmes, including personalised offers and benefits.
  • Measuring the effectiveness of marketing campaigns, affiliate partnerships, and advertising placements.

6. Responsible Gambling

  • Monitoring behaviour to detect potential signs of problem gambling, in line with our responsible gambling commitments.
  • Implementing and managing tools such as deposit and loss limits, reality checks, time-outs, and self-exclusion.
  • Recording and honouring your responsible gambling requests and restrictions.

Disclosure & Sharing

OBSERVE: We must explain with whom we share data and why.

EXPAND: Typical partners include payment processors, game providers, hosting and security providers, regulators, and affiliates.

REFLECT: We share only what is necessary, under appropriate safeguards.

1. Group and Related Companies

  • Dama N.V. and its affiliated entities involved in operating or supporting Moonwin.
  • Friolion Limited and other designated payment processing entities acting on our behalf for fiat payment services.

2. Payment Service Providers and Banks

  • We share necessary payment data with third-party payment processors, banks, card schemes, voucher providers (e.g., Neosurf), e-wallet providers (e.g., MiFinity), and crypto payment processors to:
    • Process deposits and withdrawals;
    • Conduct fraud and AML checks;
    • Handle chargebacks, disputes, and refunds.

3. Game Providers and Platform Partners

  • We use an underlying gaming platform (including, for example, solutions provided by SOFTSWISS and related aggregators) and third-party game studios.
  • These providers may receive limited player identifiers, session data, and game-related information to:
    • Enable game loading, gameplay, and bet resolution;
    • Provide game performance analytics and technical support;
    • Investigate game-related incidents or complaints.

4. Technical, Security, and Infrastructure Providers

  • Hosting providers, content delivery networks (such as Cloudflare or similar), email delivery platforms, customer support tools, analytics services, and security services.
  • These providers process data strictly on our instructions to:
    • Host and secure our websites and databases;
    • Deliver transactional and service emails;
    • Monitor system performance and security incidents.

5. Marketing, Affiliates, and Advertising Networks

  • Affiliates and marketing partners who promote Moonwin, to measure the effectiveness of campaigns and attribute traffic and registrations.
  • Where applicable and permitted, advertising networks and third-party marketing platforms may receive pseudonymised identifiers or cookie data for targeting or retargeting, subject to your consent where required.

6. Regulatory and Public Authorities

  • Regulators and licensing authorities (including Antillephone N.V. and Curaçao authorities) for licence compliance and regulatory reporting.
  • Law enforcement, courts, and government agencies where we are required by law or reasonably believe disclosure is necessary to:
    • Comply with a legal obligation or respond to lawful requests;
    • Protect our rights, property, or safety, or that of our players or others;
    • Investigate suspected illegal or fraudulent activities.

7. Business Transfers

  • In connection with any merger, acquisition, restructuring, sale of assets, or similar corporate transaction, your data may be transferred to the relevant third parties, subject to confidentiality and data protection safeguards.

We do not sell your personal information in the traditional sense of selling customer data lists for unrelated third-party use. All third parties processing your data on our behalf are required to protect it and use it only for the purposes we specify.

International Transfers

OBSERVE: Data may be stored and processed across multiple jurisdictions.

EXPAND: As a Curaçao-licensed operator using international service providers, cross-border data flows are inherent.

REFLECT: We implement appropriate safeguards consistent with leading international standards.

1. Locations of Processing

  • Your data may be processed in:
    • Curaçao (headquarters of Dama N.V. and licensing jurisdiction).
    • Cyprus (where Friolion Limited and certain service providers may be based).
    • EU/EEA countries (where some hosting, payment, or analytics providers are established).
    • Other countries where our carefully selected service providers operate data centres or support teams.

2. Safeguards for International Transfers

  • We use contractual and technical safeguards to protect your personal data when it is transferred internationally, including:
    • Standard Contractual Clauses (SCCs) or equivalent data transfer agreements, where appropriate.
    • Data minimisation, pseudonymisation or encryption, and strict access controls.
    • Careful due diligence on service providers' security standards (for example, providers that align with ISO 27001 or SOC 2-type practices).
  • Regardless of where your data is processed, we apply protections that are consistent with this Privacy Policy.

Data Retention

OBSERVE: Retention must balance legal obligations and storage minimisation.

EXPAND: Gambling and AML laws require longer retention for some records, even after account closure.

REFLECT: We define retention periods by category and purpose.

1. General Retention Principles

  • We retain personal data only for as long as necessary to achieve the purposes for which it was collected, or to meet legal, regulatory, or legitimate business requirements.
  • When data is no longer needed, we securely delete, anonymise, or aggregate it so that it can no longer be linked to you.

2. Typical Retention Periods

  • Account and identification data: Typically retained for the duration of your account and for at least 5 years after account closure, or longer where required by AML/CTF or other applicable regulations.
  • Transaction and gaming records: Generally retained for at least 5 - 7 years after the relevant transaction or activity, to comply with financial and regulatory record-keeping obligations and to handle disputes or audits.
  • KYC/verification documents: Retained for at least 5 years after the end of the business relationship or the date of the last transaction, in line with AML/CTF requirements.
  • Marketing data and preferences: Retained for as long as you remain subscribed or until you withdraw your consent or object to processing, plus a short period to record your opt-out and ensure it is respected.
  • Technical and log data: Retention ranges from a few months up to 2 years, depending on the purpose (e.g., security, troubleshooting, analytics) and legal requirements.
  • Complaint and dispute records: Retained for at least 5 years after the complaint or dispute is resolved, or longer where necessary to establish, exercise, or defend legal claims.

3. Deletion Criteria

  • Expiry of the applicable retention period.
  • Successful fulfilment of the purpose for which the data was collected.
  • Your valid request for erasure, where no overriding legal basis for retention applies.

Your Rights

OBSERVE: Users require clear information about their privacy rights.

EXPAND: Although we are not an EU- or Mexico-based operator, we align our practices with widely recognised standards modelled on the GDPR and comparable data protection frameworks.

REFLECT: The rights below describe how you can control your data.

1. Right of Access

  • You can request confirmation of whether we process your personal data and, if so, receive a copy of your data and information about how we use it.

2. Right to Rectification

  • You can request correction of inaccurate personal data and completion of incomplete data (e.g., updating your contact details or address).

3. Right to Erasure ("Right to be Forgotten")

  • You may request deletion of your personal data in specific circumstances, for example where:
    • The data is no longer necessary for the purposes for which it was collected;
    • You withdraw consent (where consent is the legal basis);
    • You have successfully objected to processing and there is no overriding legitimate interest;
    • The data has been unlawfully processed.
  • We may be unable to delete certain data if we are required to retain it by law (e.g., AML/CTF or financial record-keeping obligations).

4. Right to Restrict Processing

  • You can request that we restrict processing of your personal data in certain situations, for example:
    • When you contest the accuracy of the data, for the period during which we verify it;
    • When processing is unlawful, but you oppose deletion;
    • When we no longer need the data but you require it for legal claims;
    • When you have objected to processing pending verification of our overriding legitimate interests.

5. Right to Object

  • You can object to processing of your personal data that is based on our legitimate interests, on grounds relating to your particular situation. We will stop processing unless we demonstrate compelling legitimate grounds which override your interests, rights, and freedoms or where required for legal claims.
  • You can always object to the use of your data for direct marketing, including profiling related to such marketing. In such cases, processing for marketing purposes will stop.

6. Right to Data Portability

  • You may request to receive certain personal data you have provided to us in a structured, commonly used, and machine-readable format, and have it transmitted to another controller where technically feasible and where the processing is based on consent or on a contract and is carried out by automated means.

7. Right to Withdraw Consent

  • Where processing is based on your consent (for example, marketing communications or some cookies), you can withdraw that consent at any time.
  • Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.

8. Exercise of Rights, Timeframes, and Cost

  • To exercise your rights, please contact us via:
  • We may ask you for information necessary to verify your identity before acting on your request, to protect your account and privacy.
  • We aim to respond to your request within 30 days of receipt. In complex cases, this period may be extended, and we will inform you of any delay and reasons.
  • We generally handle your requests free of charge. However, we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, in line with international best practices.

Note: Because we are primarily regulated in Curaçao and operate offshore with respect to Australia, certain specific rights under EU or Mexican legislation may not apply on a statutory basis. Nonetheless, we voluntarily seek to align with high-level data protection principles.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for secure gaming and analytics.

EXPAND: We categorise cookies by function and duration and explain how to control them.

REFLECT: This section helps you manage your cookie preferences.

1. Types of Cookies We Use

  • Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They are used to:
    • Maintain your login session and keep you signed in during a visit;
    • Enable secure navigation and basic site functionality.
  • Persistent cookies: Cookies that remain on your device for a defined period or until you delete them. They help us:
    • Remember your preferences (e.g., language, region, display settings);
    • Recognise you when you return to the site.
  • First-party cookies: Set by moonwin-aussie.com directly to run our services.
  • Third-party cookies: Set by external providers (e.g., analytics, security, or advertising partners) to:
    • Provide usage statistics and performance metrics;
    • Enhance security (e.g., traffic filtering via CDN services);
    • Support marketing and affiliate tracking.

2. Cookie Purposes

  • Strictly necessary / functional cookies: Required for the website to function correctly and securely (e.g., authentication, fraud detection, load balancing). These cannot usually be disabled via our systems.
  • Preferences cookies: Store user preferences such as language, region, and interface settings, to provide a more personalised experience.
  • Analytics cookies: Help us understand how visitors use our website, which pages are most popular, how users move around the site, and where technical issues may arise. Data is typically aggregated or pseudonymised.
  • Advertising and affiliate cookies: Used to measure performance of advertising campaigns, track affiliate referrals and, where applicable, deliver more relevant promotions, subject to appropriate consent where required.

3. Managing Cookies

  • You can manage or disable cookies through your browser settings. Methods vary between browsers, but typically you can:
    • Block all cookies;
    • Delete existing cookies;
    • Set preferences for specific websites.
  • Disabling certain cookies, especially strictly necessary or functional cookies, may affect the functionality and performance of moonwin-aussie.com and prevent you from using some services (for example, logging in or playing games).
  • Where we provide an internal cookie or privacy settings panel, you may use it to adjust non-essential cookies and marketing preferences.

Data Security

OBSERVE: Online gambling involves financial transactions and sensitive identity data.

EXPAND: We employ layered technical and organisational measures consistent with industry best practice.

REFLECT: While no system is perfectly secure, our controls are designed to reduce risk to an acceptable level.

1. Technical Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using modern cryptographic protocols such as TLS 1.2 or higher, as implemented via our hosting and security providers (e.g., Cloudflare or equivalents).
  • Encryption at rest: Where feasible, sensitive information is encrypted or otherwise protected in our databases and storage systems.
  • Access control: Access to production systems and personal data is restricted to authorised personnel on a need-to-know basis, using unique credentials and, where supported, multi-factor authentication (MFA).
  • Network and application security: Use of firewalls, intrusion detection/prevention systems, DDoS protection, secure coding practices, and regular patching.
  • Backups and resilience: Regular backups and disaster recovery mechanisms to minimise data loss and service interruption.

2. Organisational Measures

  • Policies and training: Staff are bound by confidentiality obligations and receive training on data protection, security, and responsible handling of customer data.
  • Vendor management: We select third-party providers that comply with recognised security standards (for example, providers whose controls are consistent with frameworks such as ISO 27001 or SOC 2-type practices) and include data protection clauses in our contracts.
  • Access governance: Role-based access management and periodic reviews to ensure that permissions remain appropriate.

3. Monitoring and Incident Response

  • We monitor our systems for anomalies, suspicious activities, and potential vulnerabilities.
  • If we become aware of a personal data breach that is likely to result in a significant risk to your rights and freedoms, we will:
    • Investigate and contain the incident;
    • Take appropriate remediation steps;
    • Where required, notify relevant authorities; and
    • Inform affected users without undue delay, including guidance on steps to mitigate potential harm.

Complaints & Contacts

OBSERVE: Users need a clear pathway to raise concerns and escalate them.

EXPAND: We define internal handling first, then possible external escalation to competent authorities.

REFLECT: This framework supports transparency and dispute resolution.

1. Contact Channels

2. Internal Complaint Procedure

  1. Submission: Send us a detailed description of your complaint or concern (including any relevant account information and supporting evidence) using one of the contact channels above, preferably [email protected] for privacy-related issues.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable, typically within 5 business days.
  3. Investigation: We will investigate your complaint, which may involve internal fact-finding, review of records, and communication with you for clarification.
  4. Response: We aim to provide a substantive response within 30 days of receiving your complaint. If we require more time due to complexity, we will inform you about the delay and expected timeframe.
  5. Follow-up: If you are not satisfied with our response, you may request that your case be reviewed by a more senior representative within our compliance or management team.

3. External Escalation

As Dama N.V. is licensed in Curaçao, the primary regulatory oversight concerns gaming operations rather than data protection specifically. However, if you believe that your data protection rights have been infringed, you may consider the following:

  • Local data protection or consumer authority in your country of residence: You may contact the relevant authority in your jurisdiction for guidance or to lodge a complaint in line with its procedures.
  • Regulatory or supervisory bodies linked to our gaming licence: For gambling-related disputes, you may contact Antillephone N.V. using the information available at the current licence validator page linked from our site (for example, via the validator URL displayed in the website footer).

We encourage you to always contact us first so that we have a chance to resolve your issue directly.

Updates

OBSERVE: Privacy policies evolve as services and laws change.

EXPAND: Users must be notified of material changes and given options where appropriate.

REFLECT: This section explains how and when we update this document.

1. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time to reflect:
    • Changes in our services, technologies, or business practices;
    • Adjustments in applicable laws, regulatory expectations, or industry standards;
    • Clarifications to improve understanding.
  • Each version of the Privacy Policy is identified by the "Last updated" date indicated below.

2. Notification of Material Changes

  • Where we make material changes that significantly affect how we process your personal data or your rights, we will take appropriate steps to inform you, which may include:
    • Displaying a prominent notice or banner on moonwin-aussie.com and/or in your account dashboard;
    • Sending an email notification to your registered email address;
    • Providing a summary of key changes or a changelog.
  • Where required or appropriate, we will provide you with at least 30 days' advance notice before material changes take effect, giving you an opportunity to review the new terms.

3. Your Options in Case of Changes

  • If you do not agree with the updated Privacy Policy, you may:
    • Adjust your privacy or marketing preferences (where applicable);
    • Cease using our services and request account closure by contacting [email protected];
    • Exercise any other rights available to you under this Privacy Policy.
  • By continuing to use our services after the effective date of an updated Privacy Policy, you acknowledge that you have read and understood the changes.

Last updated: January 2026