burger icon
Lucky Ones Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how Lucky Ones Casino, operated through the website https://luckyonescasin-au.com (the "Website"), collects, uses, discloses and protects personal information of players and visitors ("you"). It applies to all use of Lucky Ones Casino by Australian players and other users who access our services via this Website and any related mirror or replacement domains. By creating an account, visiting the Website or using our services, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective from 1 January 2026 and replaces any earlier version.

Who We Are

The online casino available at https://luckyonescasin-au.com is branded as Lucky Ones Casino and is referred to in this Policy as "Lucky Ones Casino", "Lucky Ones Casino", "we", "us" or "our".

Operator and Licensing

  • Operator (Data Controller for gaming services): Dama N.V., a company incorporated under the laws of Curaçao.
  • Company registration number: 152125 (Curaçao commercial register).
  • Gaming licence: E-gaming licence No. 8048/JAZ2020-013, issued by Antillephone N.V., authorised by the Government of Curaçao, valid until at least 31 December 2026.
  • Payments facilitator: Friolion Limited, a limited liability company incorporated in Cyprus and a wholly-owned subsidiary of Dama N.V., acting as a payment agent/processor for certain transactions.

Registered / Legal Address

The full registered address of Dama N.V. and Friolion Limited is held in the respective commercial registers. At the time of drafting this Privacy Policy, the precise street address has not been specified within our Australian-facing materials. We will update this section once a full postal address is formally published on https://luckyonescasin-au.com. Until then, you may request our current registered address via our support channels.

Privacy Contacts and Data Protection Responsibility

  • Primary contact for privacy and data protection queries:
    Email: [email protected]
    (please use the subject line "Privacy / Data Protection" for faster routing to our data protection team)
  • Online contact: 24/7 live chat via the Website and any official mirror domains.
  • Data Protection Responsibility: Our internal Data Protection Team oversees compliance with applicable privacy laws (including Curaçao requirements, the Australian Privacy Act 1988 (Cth) where applicable, and, on an alignment basis, the EU General Data Protection Regulation ("GDPR") and Mexican data protection standards).

What Personal Data We Collect

We collect only the personal information necessary for lawful operation of Lucky Ones Casino, provision of our services, compliance with legal obligations (including anti-money laundering ("AML") and know-your-customer ("KYC") requirements) and legitimate business interests.

Identification and Contact Data

  • Full name, date of birth and gender (where provided).
  • Residential address, billing address, country of residence.
  • Email address (e.g. the one used to register, such as support@... for contact).
  • Telephone number(s), if you choose to provide them.
  • Copies or data from identity documents (ID card, passport, driving licence), proof of address (utility bill, bank statement) and, where required, source-of-funds/source-of-wealth documentation, in line with evolving Curaçao LOK AML/KYC rules.

Account and Gameplay Data

  • Username, account ID and password (stored in hashed form).
  • Account settings, preferences, language and marketing choices.
  • Betting and gameplay history, including games played, stakes, wins/losses, bonuses used, session time and in-game behaviour indicators (e.g. rapid play patterns, repeated deposits) used for responsible gambling monitoring and AML risk assessment.
  • Communication history with support (live chat logs, email correspondence).

Payment and Financial Data

  • Payment method details (such as partially masked card numbers, card type, issuing country, payment wallet identifiers, IBAN or bank details where needed for withdrawals).
  • Deposit and withdrawal records, transaction amounts, timestamps, currency and payment status.
  • Chargebacks, refunds and fraud flags associated with your account.

Technical and Usage Data

  • IP address and approximate geolocation (country, city-level where available).
  • Device identifiers and characteristics (device type, operating system, browser type and version, screen resolution, language settings).
  • Log data: access dates and times, pages visited, referring URLs, clickstream data and actions taken within the Website (e.g. clicking on promotions or account settings).
  • Security logs and telemetry (login attempts, password reset requests, session identifiers, multi-factor authentication events).

Cookies and Similar Technologies

  • Cookies: small text files stored on your device (session and persistent cookies) used for authentication, remembering preferences, analytics and advertising/affiliation.
  • Tracking technologies: web beacons, pixels, tags and local storage used to measure performance, reduce fraud and attribute traffic from affiliates.
  • Third-party tools: analytics and marketing partners may place their own cookies or use similar technologies in connection with our services (see "Cookies & Tracking Technologies" section below).

Special Categories and Minors

We do not intentionally collect special categories of data (such as health data or political opinions) unless strictly necessary for legal purposes (for example, medical certificates provided in the context of responsible gambling interventions) and handled with enhanced safeguards. Our services are not intended for persons under 18 years old, and we do not knowingly collect data from minors.

Legal Basis for Processing

Given our international user base and licensing structure, we align our data processing framework with principles from the Australian Privacy Act 1988 (Cth), the GDPR and relevant Mexican privacy regulations, while complying with mandatory Curaçao requirements (including under the reformed LOK AML framework). Depending on the context, we rely on one or more of the following legal bases:

Performance of a Contract

  • To create, verify and manage your Lucky Ones Casino account.
  • To process deposits, facilitate gameplay, award bonuses and process withdrawals.
  • To provide customer support, handle complaints and manage loyalty or VIP programs.

Compliance with Legal and Regulatory Obligations

  • To perform identity verification checks (KYC), affordability and AML risk assessments, as required by Curaçao legislation (including LOK reforms) and any other applicable AML/CTF laws.
  • To prevent, detect and report fraud, money-laundering, terrorist financing and other criminal activities.
  • To keep appropriate business, tax and accounting records for mandatory retention periods.
  • To comply with orders or requests from regulators, courts, law enforcement or competent authorities in Curaçao or other relevant jurisdictions.

Legitimate Interests

  • To maintain the security and integrity of our platform, including monitoring, logging, testing and improving technical systems.
  • To analyse usage patterns for service improvement, product development and optimisation (e.g. game offering, interface enhancements) in a privacy-conscious manner.
  • To combat chargebacks, account takeover attempts, cyber attacks and abusive or fraudulent behaviour.
  • To operate an affiliate program and measure marketing performance, provided appropriate safeguards and opt-outs are in place.

Consent

  • For sending direct marketing communications (email, SMS, push notifications) where consent is required.
  • For the use of non-essential cookies and similar technologies for advertising or advanced analytics, where local laws require prior consent.
  • For any additional processing not covered by the above legal bases; where we rely on consent, you may withdraw it at any time (see "Your Rights").

Purpose of Processing

We process your personal information only for specific, explicit and legitimate purposes and do not further process it in a manner incompatible with those purposes.

Service Provision and Account Management

  • Creating and maintaining your Lucky Ones Casino account.
  • Providing access to games, tournaments, promotions and loyalty schemes.
  • Processing deposits, withdrawals and other financial transactions.
  • Providing customer support via email and live chat.

Legal Compliance and Risk Management

  • Conducting KYC and AML checks, including ongoing monitoring mandated by Curaçao LOK reforms and other applicable regulations.
  • Enforcing our Terms and Conditions, preventing fraud and managing disputes.
  • Maintaining appropriate records for auditing, regulatory reporting and risk management.

Improvement, Analytics and Personalisation

  • Understanding how players use the Website to improve functionality, usability and content relevance.
  • Measuring performance of games, payment methods and promotional campaigns.
  • Personalising your experience (e.g. recommended games, tailored promotions) while respecting your privacy preferences.

Marketing and Communications

  • Sending service-related messages (transaction confirmations, security alerts, account notices).
  • Sending marketing communications (newsletters, promotions, offers) where permitted by law and, where required, based on your consent.
  • Managing opt-outs and preferences for marketing and cookies.

Fraud Prevention and Responsible Gambling

  • Detecting suspicious transaction patterns, multiple account creation, or bonus abuse.
  • Monitoring betting behaviour to identify potential problem gambling and implementing responsible gambling tools and interventions (limits, self-exclusion).
  • Protecting you, other players, and our platform from harm and unlawful activity.

Disclosure & Sharing

We do not sell your personal information. We share it only in accordance with this Privacy Policy and appropriate safeguards.

Group Companies and Payment Partners

  • Group entities: Dama N.V. and its subsidiary Friolion Limited, to manage payments, compliance and operations.
  • Payment service providers: Banks, card schemes, e-wallets, voucher providers and other payment intermediaries involved in processing deposits and withdrawals, for purposes of payment execution, fraud checks and regulatory compliance.

Service Providers (Processors)

  • IT hosting, cloud infrastructure, content delivery networks (including SSL/Cloudflare providers) and platform providers.
  • Customer support platforms, communications tools and CRM systems.
  • Analytics and business intelligence services, used in a manner consistent with this Policy.
  • Verification and AML/KYC providers (identity verification, sanctions and PEP screening, transaction monitoring).

Regulators, Authorities and Legal Recipients

  • Gaming regulators in Curaçao and any other competent regulatory body, where required.
  • Law enforcement agencies, courts or government authorities when we are legally obliged to do so, or where disclosure is necessary to protect our rights, property or safety or that of our users or the public.
  • Professional advisers (lawyers, auditors, accountants) under appropriate confidentiality obligations.

Affiliates and Advertising Networks

  • Affiliates: To attribute traffic and calculate commissions, using unique tracking links and identifiers.
  • Advertising and marketing partners: Subject to your consent where required, we may share limited pseudonymised information to deliver or measure targeted advertising and campaigns.

Business Transfers

  • In the event of a reorganisation, merger, sale or other corporate transaction involving Dama N.V. or its assets, personal data may be transferred to the acquiring or successor entity, subject to this Privacy Policy or a substantially similar policy providing at least the same level of protection.

International Transfers

As an online casino licensed in Curaçao and serving players in Australia and other regions, your personal information may be transferred to and processed in countries other than the one in which you reside.

Locations of Processing

  • Curaçao - corporate and compliance operations, core gaming platform.
  • Cyprus - payment facilitation via Friolion Limited and potentially some support operations.
  • European Economic Area (EEA) and other countries - where third-party providers (e.g. hosting, analytics, AML tools) are located.
  • Other jurisdictions - where particular technical or support services are provided, always subject to contractual safeguards.

Safeguards

  • We use contractual protections, including data protection agreements and, where processing involves EU/EEA personal data, Standard Contractual Clauses (SCCs) or other recognised transfer mechanisms.
  • We select reputable providers that implement appropriate technical and organisational measures comparable to those required by the GDPR and relevant Mexican data protection regulations.
  • Where applicable, we take into account adequacy decisions and frameworks such as the EU - US Data Privacy Framework or any successor to the Privacy Shield, without claiming participation unless explicitly stated by the relevant provider.

Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, including for the fulfilment of legal, accounting, AML/KYC and reporting obligations, and for the establishment, exercise or defence of legal claims.

General Retention Rules

  • Account and identification data: Normally stored for the duration of your active account and, after closure, for a period typically not exceeding 5 years, unless a longer period is required by AML/CTF, tax or gaming regulations (which may mandate retention of certain data for up to 7 - 10 years in higher-risk cases).
  • Transaction and financial data: Kept for at least 5 years after the relevant transaction or account closure, whichever is later, in line with AML/CTF and accounting rules.
  • Technical logs and security data: Stored for security and audit purposes usually for 24 months from collection, unless an incident investigation or legal requirement mandates longer retention.
  • Marketing data: Retained until you withdraw consent or object to processing, with suppression lists kept to ensure we respect your opt-out.

Deletion and Anonymisation

  • When data is no longer required, we will either securely delete it or irreversibly anonymise it so that it can no longer be associated with you.
  • Where deletion is technically complex (e.g. backups), we will ensure your data is excluded from further processing and securely overwritten in due course.

Your Rights

We respect your privacy rights and aim to give you effective control over your personal information. While our primary regulatory framework is Curaçao law and, where applicable, the Australian Privacy Act 1988 (Cth), we align our practices with the rights framework of the GDPR and relevant Mexican privacy laws, including the Federal Law on Protection of Personal Data Held by Private Parties, to the extent feasible.

Key Rights

  • Right of access: To obtain confirmation whether we process your personal data and receive a copy of it, together with information about our processing.
  • Right to rectification: To ask us to correct inaccurate or incomplete data. You can also update some information directly in your account settings.
  • Right to erasure ("right to be forgotten"): To request deletion of your data where it is no longer necessary, where you withdraw consent (and there is no other legal ground), or where processing is unlawful. We may retain data required for legal obligations (e.g. AML/KYC, transactional records).
  • Right to restriction of processing: To ask us to suspend processing in certain circumstances (e.g. while we verify accuracy or contested legitimate interest).
  • Right to object: To object at any time to processing based on our legitimate interests, including profiling, and to direct marketing. We will stop such processing unless we demonstrate compelling legitimate grounds or legal necessity.
  • Right to data portability: Where applicable, to receive certain data in a structured, commonly used and machine-readable format and to request that we transmit it to another controller, where technically feasible.
  • Right to withdraw consent: Where we rely on consent (e.g. marketing, some cookies), you may withdraw it at any time. This does not affect processing already performed before withdrawal.

Procedures, Timeframes and Costs

  • How to exercise your rights: Contact us at [email protected] with sufficient information to identify your account and your specific request. You may also use live chat to submit an initial request, but we may ask you to confirm by email.
  • Verification: For your security, we may ask for additional information (e.g. ID verification) to confirm your identity before fulfilling a rights request.
  • Response time: We aim to respond to all valid requests as soon as reasonably practicable and no later than 30 days from receipt, in line with GDPR and comparable standards. If your request is complex or we receive many requests, we may extend this period, and we will inform you of any extension.
  • Fees: We typically handle rights requests free of charge. A reasonable fee may be charged or a request refused only where the request is manifestly unfounded or excessive, consistent with applicable law.

Regional Notes (EU/EEA, Mexico, Australia)

  • EU/EEA residents: Where GDPR applies, you have the rights set out in Articles 15 - 21 GDPR. You also have the right to lodge a complaint with your local Data Protection Authority.
  • Mexican residents: We strive to align with key principles and ARCO rights (Access, Rectification, Cancellation and Opposition) under Mexican data protection law. You may exercise these through the same channels described above.
  • Australian residents: Under the Australian Privacy Act and Australian Privacy Principles (APPs), you have the right to access and correct your personal information. Complaints may be raised with us and, if unresolved, with the Office of the Australian Information Commissioner (see "Complaints & Contacts").

Cookies & Tracking Technologies

We use cookies and similar technologies on Lucky Ones Casino to ensure the Website functions properly, to improve performance and to deliver relevant content and offers.

Types of Cookies

  • Strictly necessary cookies: Essential for the Website to operate (e.g. maintaining sessions, logging in securely, processing payments). These cannot generally be disabled via our systems.
  • Functional cookies: Remember your preferences (language, region, layout) and enhance your user experience.
  • Analytics/performance cookies: Help us understand how visitors interact with the Website, which pages are most frequently visited and how campaigns perform, allowing us to improve the service.
  • Advertising and affiliate cookies: Used to deliver and measure marketing campaigns, track referrals from affiliates and prevent fraud or misuse of bonuses. These may be set by third-party partners.
  • Session vs persistent cookies: Session cookies are deleted when you close your browser; persistent cookies remain for a defined period or until you delete them.

Managing Cookies

  • You can manage or disable cookies via your browser settings. Most browsers allow you to refuse all or some cookies and to delete cookies already set.
  • Disabling certain cookies (especially strictly necessary or functional cookies) may affect the functionality of the Website and your ability to use some features (e.g. staying logged in, playing games).
  • Where required by law, we will present a cookie banner or preference centre that allows you to accept or reject non-essential cookies. Your choices can be changed at any time via the same tools or by clearing cookies in your browser.

Data Security

We take the security of your personal information seriously and implement technical and organisational measures designed to protect it against unauthorised access, alteration, disclosure or destruction.

Technical Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using TLS (Transport Layer Security) 1.2 or higher. Our Website is secured with an active SSL certificate and benefits from Cloudflare or comparable content delivery and security services.
  • Encryption at rest (where applicable): Sensitive data (such as password hashes and, where stored, limited payment-related tokens) is protected using industry-standard encryption and hashing algorithms.
  • Access controls: Access to production systems and personal data is restricted to authorised personnel on a need-to-know basis, with role-based access controls and authentication mechanisms such as strong passwords and, where feasible, multi-factor authentication.
  • Network and application security: Firewalls, intrusion detection/prevention systems and regular security patching are used to reduce vulnerabilities and mitigate attacks.

Organisational Measures

  • Policies and training: Staff with access to personal data are required to follow strict confidentiality obligations and receive training on data protection, AML/KYC and information security.
  • Vendor due diligence: We assess our key service providers for their security posture and include appropriate data protection and security obligations in our contracts.
  • Incident response: We maintain incident response procedures to detect, investigate and respond to suspected data breaches. Where required by law, we will notify the relevant supervisory authority and, when necessary, affected individuals within legally prescribed timeframes.

Security Standards

While we do not claim formal certification under specific standards unless expressly stated, our security controls are designed with reference to internationally recognised frameworks such as ISO/IEC 27001 and SOC 2. We continually monitor regulatory developments, including Curaçao's LOK reforms and evolving AML/KYC requirements, and we adjust our controls accordingly through 2026 and beyond.

Complaints & Contacts

If you have concerns about how we handle your personal information, we encourage you to contact us first so we can try to resolve the issue quickly and fairly.

How to Contact Us

  • Email (primary): [email protected] (subject: "Privacy / Complaint").
  • Online: 24/7 live chat available on https://luckyonescasin-au.com and any official mirror domains.
  • Postal address: Our registered corporate address will be provided upon request via email or live chat and will be published in an updated version of this Policy once available for the Australian-facing Website.

Internal Complaint Procedure

  1. Step 1 - Submission: Send us a clear description of your complaint, including relevant dates, account details and any supporting evidence, via email or live chat.
  2. Step 2 - Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable, typically within 5 business days.
  3. Step 3 - Investigation: Our Data Protection Team will investigate your complaint, which may involve reviewing logs, contacting relevant internal departments and, if necessary, requesting further information from you.
  4. Step 4 - Response: We aim to provide a substantive response within 30 days of receiving your complaint. If we require more time due to complexity, we will inform you of the delay and the expected timeframe.
  5. Step 5 - Escalation: If you are not satisfied with our response, you may request further review or escalate your complaint to the relevant supervisory authority as described below.

Escalation to Supervisory Authorities

  • Australia - Office of the Australian Information Commissioner (OAIC): Website: https://www.oaic.gov.au
  • Mexico - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): Website: https://www.inai.org.mx
  • European Union / EEA - Data Protection Authorities: If the GDPR applies to your data, you may lodge a complaint with the supervisory authority in your habitual residence, place of work or place of the alleged infringement. Contact details of EU Data Protection Authorities are available at: https://edpb.europa.eu/about-edpb/board/members_en

Nothing in this section limits any statutory rights you may have under applicable law to bring an action before courts or other competent bodies.

Updates

We may modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, technologies or business operations. Any updated version will be posted on https://luckyonescasin-au.com and will apply from the date indicated below.

Notification of Changes

  • Minor changes: For non-material updates (for example, editorial improvements or clarifications), we will post the revised Policy with an updated "Last updated" date.
  • Material changes: For significant changes affecting how or why we process your data, your rights or our sharing practices, we will provide additional notice by one or more of the following:
    • Email notification to your registered email address;
    • Prominent banner or pop-up on the Website and relevant mirror domains;
    • Notification via your account dashboard.
  • Advance notice: Where practicable and legally required, we will give you at least 30 days' advance notice before material changes become effective.

Your Options Following Updates

  • If you continue to use Lucky Ones Casino after the effective date of an updated Privacy Policy, your continued use will constitute acceptance of the updated Policy.
  • If you do not agree with the changes, you may close your account and/or contact us to discuss your concerns. We will process such requests in line with the "Your Rights" and "Data Retention" sections of this Policy.

Last updated: January 2026