Definitions and Key Terms
- Personal Data: Any information that can identify you directly or indirectly, including name, email, address, IP address, or gaming behavior;
- Processing: Any action performed on your data, such as collecting, storing, using, or deleting information;
- Data Controller: The entity (Dama N.V.) that determines how and why your personal data is processed;
- Data Processor: Third-party services that process your data on our behalf according to our instructions;
- Consent: Your freely given, specific, informed agreement to the processing of your personal data;
- GDPR: The General Data Protection Regulation (EU 2016/679) that governs data protection in the European Union.
About Casinonic
- Company Information: casinonicau.net is owned and operated by Dama N.V., a company registered in Curaçao (Registration No. 152125) with offices at Scharlooweg 39, Willemstad, Curaçao. We operate under license OGL/2023/174/0082 from the Curaçao Gaming Control Board.
- Data Protection Officer: We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and serve as your primary contact for privacy-related matters.
- Age Restriction: Our services are exclusively for individuals 18 years and older. We do not knowingly collect data from minors and will take appropriate action if such data collection is discovered.
Contact Information
General Support: [email protected].
Data Protection Officer: [email protected].
Live Chat: Available on our website.
Response Times: We aim to respond to all privacy-related requests within 30 days. Complex requests may require additional time, and we will notify you of any delays.
Your Rights Include:
- Requesting copies of your personal data;
- Correcting inaccurate information;
- Requesting data deletion (subject to legal limitations);
- Opting out of marketing communications;
- Filing complaints with supervisory authorities.
Information We Collect
Account Registration Data
When you register at Casinonic, we collect:
- Identity Information: Full name, username, email address, date of birth, gender;
- Contact Details: Residential address, phone number, preferred communication methods;
- Verification Documents: Government-issued ID, proof of address, financial documentation.
Financial Information
For deposits and withdrawals, we process:
- Payment Details: Bank account information, payment card details, e-wallet credentials;
- Transaction History: Deposit and withdrawal records, payment method preferences;
- Financial Verification: Source of funds documentation, wealth verification when required.
Gaming and Usage Data
During your gaming sessions, we automatically collect:
- Gameplay Statistics: Games played, session duration, betting patterns, win/loss records;
- Technical Information: IP address, device type, browser information, operating system;
- Website Interaction: Pages visited, click patterns, feature usage, login/logout times.
Communication Records
We maintain records of:
- Support Communications: Live chat transcripts, email correspondence, phone call recordings;
- Marketing Preferences: Consent for promotional materials, communication channel preferences.
Responsible Gaming Information
To promote safe gambling, we collect:
- Self-Assessment Data: Responsible gaming questionnaire responses;
- Behavioral Patterns: Gaming frequency, spending patterns, risk indicators;
- Account Limits: Self-imposed limits on deposits, losses, or session time.
How We Use Your Information
Service Delivery
Primary Uses:
- Account creation and management;
- Processing deposits and withdrawals;
- Providing gaming services and customer support;
- Ensuring fair play and game integrity.
Legal and Regulatory Compliance
Required by Law:
- Anti-Money Laundering (AML): Identity verification, transaction monitoring, suspicious activity reporting;
- Know Your Customer (KYC): Age verification, identity confirmation, source of funds validation;
- Responsible Gaming: Problem gambling detection, self-exclusion enforcement;
- Regulatory Reporting: Compliance with gaming authority requirements.
Business Operations
Legitimate Business Interests:
- Fraud Prevention: Account security, bonus abuse detection, transaction monitoring;
- Risk Management: Player profiling, credit assessments, security threat analysis;
- Service Improvement: Website optimization, game recommendations, user experience enhancement.
Marketing Communications
With Your Consent:
- Promotional offers and Casinonic bonuses;
- New game announcements;
- Company news and updates;
- Partner promotions (from trusted gaming providers).
Opt-Out Options: You can withdraw marketing consent at any time through your account settings or by contacting support.
Data Analytics and Profiling
We use automated systems to:
- Risk Assessment: Evaluate account security and compliance risks;
- Personalization: Customize gaming experience and recommendations;
- Business Intelligence: Generate statistical insights (using anonymized data).
Human Oversight: All significant automated decisions are reviewed by our staff before implementation.
Legal Basis for Data Processing
We process your personal data based on the following legal grounds:
| Data Type | Collection Method | Purpose | Legal Basis |
|---|---|---|---|
| Identity and Contact | Registration form | Account creation, customer support | Performance of contract |
| Financial Information | Payment processing | Deposits, withdrawals, KYC compliance | Performance of contract, Legal obligation |
| Verification Documents | Account verification | AML compliance, age verification | Legal obligation |
| Gaming Data | Automated collection | Service provision, regulatory compliance | Performance of contract, Legal obligation |
| Communication Records | Support interactions | Customer service, legal protection | Performance of contract, Legitimate interest |
| Marketing Data | Consent forms | Promotional communications | Consent |
| Technical Data | Cookies, logs | Security, fraud prevention, service improvement | Legitimate interest |
| Responsible Gaming | Self-assessment, behavioral analysis | Player protection, regulatory compliance | Legal obligation, Legitimate interest |
Data sharing and Third Parties
Within Our Corporate Group
We may share your information with other Dama N.V. entities for:
- Consolidated customer support;
- Fraud and bonus abuse prevention;
- Regulatory compliance across all brands;
- Cross-platform promotional offers (with your consent).
Essential Service Providers
Game Providers: Username and IP address shared to deliver gaming content
Payment Processors: Financial information necessary for deposit/withdrawal processing
Verification Services: Identity documents for KYC/AML compliance
Communication Platforms: Contact details for customer support and marketing
Marketing Partners
With your explicit consent, we may share contact information with:
- Email marketing service providers;
- SMS communication platforms;
- Direct mail distribution services;
- Telemarketing agencies (for promotional calls).
Data Protection Standards: All third parties must meet strict security requirements and process data only according to our instructions.
International Data Transfers
Cross-Border Processing: Some of our service providers operate outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:
Safeguards Implemented:
- Standard Contractual Clauses: EU-approved data transfer agreements;
- Adequacy Decisions: Transfers to countries with EU-approved data protection standards;
- Binding Corporate Rules: Internal policies for group company transfers;
- Certification Schemes: Third-party verified security standards.
Transfer Purposes: International transfers may occur for payment processing, game provision, customer support, or regulatory compliance.
Data Retention Periods
Active Accounts
While your account remains active, we retain all necessary data to provide services and ensure compliance.
Closed Accounts
After account closure, retention periods vary by data type:
Financial Records: 5 years minimum (required by AML regulations)
Identity Documents: 5 years after account closure
Transaction History: 5 years for regulatory compliance
Communication Records: 3 years for legal protection
Marketing Data: Deleted immediately unless required for legal purposes
Technical Logs: 1 year for security and fraud prevention
Legal Requirements: Some data must be retained longer to comply with gaming licenses, tax obligations, or legal proceedings.
Anonymized Analytics: We may retain anonymized statistical data indefinitely for business intelligence purposes.
Your Privacy Rights
Under data protection laws, you have the following rights:
Right of Access
What: Request copies of all personal data we hold about you
How: Contact our DPO via email or support ticket
Timeline: Response within 30 days
Cost: Free (additional copies may incur reasonable fees)
Right to Rectification
What: Correct inaccurate or incomplete information
Requirements: You may need to provide supporting documentation
Limitations: Cannot change information required for regulatory compliance
Right to Erasure (“Right to be Forgotten”)
What: Request deletion of your personal data
Limitations: Cannot delete data required by legal obligations (e.g., 5-year AML retention)
Timeline: Immediate deletion where legally permissible
Right to Data Portability
What: Receive your data in a structured, machine-readable format
Scope: Data provided with consent or for contract performance
Format: Common file formats (CSV, JSON, PDF)
Right to Object
Grounds: Object to processing based on legitimate interests
Marketing: Automatic opt-out from all promotional communications
Profiling: Challenge automated decision-making
Right to Restrict Processing
Scenarios:
- Disputing data accuracy;
- Processing is unlawful but deletion is not desired;
- Data needed for legal claims;
- Pending objection assessment.
Right to Withdraw Consent
Marketing Communications: Instant opt-out via account settings
Optional Services: Withdraw consent for non-essential features
Note: Cannot withdraw consent for data required by legal obligations
Right to Complain
Supervisory Authorities: File complaints with your local data protection authority
Internal Complaints: Contact our DPO for grievance resolution
Data Security Measures
Technical Safeguards
Encryption: All sensitive data encrypted in transit and at rest using industry-standard protocols
Access Controls: Multi-factor authentication, role-based access, regular access reviews
Network Security: Firewalls, intrusion detection, secure communication channels
Data Backups: Regular backups with encryption and offsite storage
Organizational Measures
Staff Training: Regular data protection training for all employees
Confidentiality Agreements: All staff sign comprehensive NDAs
Incident Response: Established procedures for data breach detection and response
Regular Audits: Third-party security assessments and penetration testing
Account Security
Your Responsibilities:
- Use strong, unique passwords;
- Enable two-factor authentication when available;
- Never share account credentials;
- Report suspicious activity immediately;
- Keep contact information current.
Breach Notification
In the unlikely event of a data breach:
- Regulatory Notification: Within 72 hours to supervisory authorities;
- Customer Notification: Within 30 days if high risk to your rights;
- Remedial Actions: Immediate steps to contain and resolve the breach.
Automated Decision-Making
Current Practices
Limited Use: We generally avoid fully automated decisions affecting your rights
Human Oversight: Significant automated decisions are reviewed by qualified staff
Transparency: When automated decisions are used, we provide explanation of the logic involved
Automated Systems in Use
Fraud Detection: Algorithmic assessment of suspicious transactions (reviewed by analysts)
Responsible Gaming: Automated flagging of concerning gambling patterns (reviewed by specialists)
Bonus Eligibility: Algorithmic assessment of promotional offer eligibility
Risk Scoring: Automated risk assessment for AML purposes
Your Rights Regarding Automated Decisions
- Request human review of automated decisions;
- Express your perspective on automated assessments;
- Challenge automated decisions that significantly affect you.
Cookies and Tracking technologies
Cookie Policy Reference: For detailed information about our use of cookies, please refer to our separate Cookie Policy.
Essential vs. Optional: We distinguish between cookies necessary for site functionality and those used for analytics or marketing purposes.
Your Cookie Choices: You can manage cookie preferences through your browser settings or our cookie consent tool.
Special Categories of Data
Sensitive Information
We may occasionally process sensitive data categories:
Health-Related Data: Information related to gambling addiction or self-exclusion requests
Ethnic Origin: May be apparent from identity documents (not actively collected)
Enhanced Protections
- Explicit consent obtained when required;
- Restricted access to authorized personnel only;
- Enhanced security measures applied;
- Regular review of necessity and proportionality.
Updates to This Policy
Notification of Changes
Significant Updates: Email notification to all active users
Minor Changes: Website notice and updated policy date
Legal Requirements: Immediate implementation with appropriate user notice
Your Continued Consent
Continued use of our services after a policy update constitutes acceptance of the revised terms and conditions.
Version Control
We maintain records of all policy versions to ensure transparency and compliance.
Governing Law and Disputes
Applicable Law
This Privacy Policy is governed by the laws of Curaçao and applicable European Union data protection regulations.
Dispute Resolution
Primary Contact: Data Protection Officer ([email protected])
Escalation: Curaçao Gaming Control Board
EU Residents: Local supervisory authority in your country of residence
Contact and Support
Data Protection Officer: [email protected].
General Support: [email protected].
Live Chat: Available 24/7 on our website.
Postal Address: Dama N.V., Scharlooweg 39, Willemstad, Curaçao.
Response Commitment: We are committed to addressing your privacy concerns promptly and transparently. Our goal is to respond to all inquiries within 30 days and to resolve any issues to your satisfaction.