Privacy Policy

Introduction

This Privacy Policy explains how Darwin (referred to in this Policy as “Darwin”, “we”, “us”, or “our”) collects, uses, stores, discloses, and protects personal information when you visit or use darwincasino.net (the “Website”) and our related gambling and account services (the “Services”).

Darwin is committed to handling personal information in a transparent and secure manner. We process personal information to provide online gambling services, to manage your account, to meet our legal and regulatory obligations (including anti-money laundering and counter-terrorism financing requirements), and to prevent fraud and misuse.

This Privacy Policy is intended to align with:

• The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
• Where applicable (for example, if you are located in the European Economic Area or the United Kingdom), principles consistent with the General Data Protection Regulation (GDPR), including data minimisation, purpose limitation, and security safeguards.

By creating an account, placing bets, or otherwise using the Services, you acknowledge that your personal information will be handled as described in this Privacy Policy. Where we rely on consent for specific processing activities (such as certain marketing communications), you may withdraw consent at any time as described below.

If you have any questions about this Privacy Policy or how Darwin handles personal information, you can contact us at [email protected].

Sources and references:

• Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs), Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au/privacy/australian-privacy-principles
• AUSTRAC guidance on AML/CTF obligations (Australia): https://www.austrac.gov.au/
• GDPR (Regulation (EU) 2016/679) (for reference where applicable): https://eur-lex.europa.eu/eli/reg/2016/679/oj

Information We Collect

We collect personal information that is reasonably necessary for our functions and activities as a gambling service provider, and to meet legal, regulatory, and security requirements. The categories of information we may collect include:

1) Personal details and account information

• Full name
• Date of birth
• Gender (where provided)
• Residential address
• Email address
• Username and account identifiers
• Country of residence and/or nationality (where required for compliance)
• Self-exclusion status or responsible gambling controls you apply (where relevant)

2) Correspondence and support communications

• Messages you send to us via email
• Records of requests, complaints, disputes, and resolutions
• Verification of account ownership when you contact support

3) Transaction, betting, and account activity information

• Deposits, withdrawals, payment history, chargeback-related information
• Betting activity and gameplay records (for example, wagers, wins/losses, game sessions)
• Bonuses, promotions, and loyalty-related activity (where applicable)
• Account status changes, including restrictions, closures, and re-openings

4) Verification (KYC) and compliance information

To meet legal obligations (including AML/CFT, fraud prevention, and age verification), we may collect and process:

• Identity documents (for example, passport, driver’s licence, proof-of-age card)
• Proof of address (for example, utility bill or bank statement)
• Source of funds / source of wealth information where required
• Payment method verification evidence (for example, redacted card images where permitted, ownership confirmation)
• Screening outcomes (for example, sanctions/PEP/adverse media screening results where required by compliance policies)

5) Technical logs and device information

When you access the Website, we may collect technical information such as:

• IP address and approximate geolocation derived from IP
• Device type, operating system, browser type, language settings
• Unique device identifiers and session identifiers
• Website access logs, timestamps, pages viewed, and referral URLs
• Security logs to detect suspicious activity

6) Cookies and similar technologies

We may use cookies or similar technologies to operate the Website, maintain sessions, improve performance, and support security measures. Depending on your device/browser settings, you may be able to restrict cookies; however, some functions may not work properly if cookies are disabled.

How We Use Your Information

Darwin uses personal information for specific purposes connected to providing gambling services and meeting legal obligations. We process only what is necessary for these purposes and take steps to keep information accurate and up to date.

Core service delivery and account management

We use information to:

• Create, administer, and secure your Darwin account
• Verify eligibility to use the Services (including age and identity checks)
• Process deposits and withdrawals
• Facilitate betting activity and game participation
• Provide account notifications and service messages

Customer support and service communications

We use information to:

• Respond to your enquiries and support requests
• Investigate and resolve complaints and disputes
• Maintain records of communications for quality and compliance

AML/CFT compliance, responsible gambling, and legal obligations

We use information to:

• Comply with applicable AML/CFT requirements, including customer due diligence and ongoing monitoring
• Conduct identity verification (KYC)
• Detect and prevent suspicious transactions and prohibited activity
• Comply with lawful requests from courts, regulators, and law enforcement
• Support responsible gambling measures and risk management (including identifying potentially harmful gambling patterns where required by policy or law)

Fraud prevention, security, and integrity of the Services

We use information to:

• Monitor for account takeover attempts, collusion, bonus abuse, or other fraudulent behaviour
• Secure the Website and prevent cyberattacks
• Enforce our Terms and any relevant rules (including restrictions on multiple accounts, prohibited jurisdictions, or payment misuse)

Research, analytics, and service improvements

We use information to:

• Diagnose technical issues and improve Website performance
• Improve user experience and service reliability
• Conduct internal reporting and operational analysis (using aggregated or de-identified information where practicable)

Legal bases / grounds for processing (Australia and GDPR-aligned principles)

In Australia, personal information is handled under the Privacy Act 1988 (Cth) and APPs, which focus on fair and lawful collection and use for functions/activities and permitted purposes.

Where GDPR-style grounds are relevant (for example, due to your location), we may rely on:

• Performance of a contract (providing the Services and managing your account)
• Compliance with a legal obligation (AML/CFT, identity verification, record-keeping)
• Legitimate interests (security, fraud prevention, improving services), balanced against your rights
• Consent (certain marketing communications and preference-based features)

Marketing Communication

Darwin may use limited personal information to send marketing communications where permitted by law and where appropriate for our legitimate interests or where you have provided consent.

What marketing information may be used

• Email address
• Account status (for example, active/inactive)
• General usage patterns (for example, interest-based segmentation at a high level)
• Marketing preferences and opt-out status

How to opt out / unsubscribe

You can opt out of marketing at any time by:

• Using the unsubscribe option included in marketing emails (where provided), and/or
• Contacting [email protected] from your registered email address.

Opting out of marketing will not affect:

• Essential service communications (for example, password resets, security alerts, legal notices, or transaction confirmations)
• Compliance-related communications (for example, KYC requests or AML/CFT follow-ups)

Obtaining Personal Information

We collect personal information through the following methods.

Information you provide directly

You may provide personal information when you:

• Register an account
• Complete profile details
• Submit documents for KYC/verification
• Make deposits or request withdrawals
• Communicate with us via [email protected]

Information collected automatically

We may collect certain technical information automatically through:

• Server logs and security monitoring tools
• Cookies and similar technologies used for session management and fraud prevention

Information from third-party providers

Where permitted by law and necessary to provide Services or meet obligations, we may receive personal information from third parties such as:

• Payment processors and financial institutions (deposit/withdrawal processing, payment verification, chargeback handling)
• Identity verification and KYC providers
• Fraud prevention and cybersecurity vendors
• Compliance screening providers (for sanctions/PEP checks where required)
• Game providers/platform partners (game session identifiers, gameplay event logs needed for game operation and dispute handling)

We expect third parties to handle personal information securely and in accordance with applicable laws and contractual safeguards.

Data Recipients

Access to personal information is restricted to authorised persons and service providers on a need-to-know basis.

Internal recipients

Personal information may be accessed by authorised staff or contractors involved in:

• Customer support and account administration
• Payments and finance operations
• Compliance (including AML/CFT and KYC review)
• Security, fraud prevention, and risk teams
• Technical operations and maintenance

External recipients (data processors and service providers)

We may disclose personal information to third parties that assist us in operating the Services, including:

• Payment service providers and banking partners
• Identity verification and document validation service providers
• Fraud prevention, security, and risk management service providers
• Game providers and platform vendors (to provide games and ensure integrity)
• IT hosting, storage, and infrastructure providers
• Professional advisers (for example, auditors, legal advisers) where necessary

Third-party service providers are engaged under arrangements requiring appropriate confidentiality and security protections.

Releasing Data to Third Parties

Darwin may share or disclose personal information in limited circumstances, including the following.

1) To provide the Services you request

We may share information with service providers to:

• Process payments and withdrawals
• Deliver game content and enable gameplay
• Investigate game-related issues, technical faults, or player disputes

2) For legal and regulatory compliance

We may disclose personal information when required or authorised by law, including:

• Responding to lawful requests from regulators, courts, or law enforcement agencies
• Meeting reporting, record-keeping, and verification obligations connected with AML/CFT compliance

3) To protect rights, safety, and integrity

We may disclose information where necessary to:

• Prevent or investigate suspected fraud, money laundering, payment misuse, or cybercrime
• Enforce our Terms and protect our legal rights
• Protect users and the public from harm

4) Business changes

If Darwin is involved in a corporate restructuring, merger, acquisition, or sale of assets, personal information may be disclosed as part of that transaction, subject to appropriate confidentiality and security measures and any notice required by law.

Cross-border disclosures

Some service providers may store or process information outside Australia. Where cross-border disclosure occurs, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs (including APP 8), such as contractual protections and due diligence on vendors.

Data Retention

Darwin retains personal information only for as long as necessary to provide the Services and to meet legal, regulatory, and legitimate business requirements.

AML/CFT and compliance retention

Where personal information is collected for AML/CFT compliance, identity verification, transaction monitoring, dispute handling, and related record-keeping, we generally retain relevant records for at least 5 years. This retention period is commonly required for compliance programs and regulatory expectations, and may be extended where:

• There is an ongoing investigation (fraud, AML/CFT, or security)
• A dispute is unresolved
• We are required to retain information by law, court order, or regulator request

Right to erasure after the retention period

Where applicable and permitted by law, you may request deletion of your personal information after the mandatory retention period has expired. In Australia, the Privacy Act and APPs provide for access and correction rights, and we will also consider deletion requests where it is lawful and reasonable to do so, including where data is no longer needed for any purpose for which it may be used or disclosed under the APPs.

To request deletion or account closure-related actions, contact [email protected].

Security of Your Data

Darwin takes reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Security measures are designed to be appropriate to the sensitivity of the information, including KYC documents and financial data.

Measures may include:

Technical measures

• Encryption in transit using HTTPS/SSL where supported by your device and browser
• Access controls and authentication mechanisms (for example, user ID and password protections)
• Logging and monitoring to detect suspicious activity
• Segmentation and least-privilege principles for systems holding sensitive information

Organisational measures

• Role-based access controls and staff confidentiality obligations
• Procedures for KYC handling and secure review
• Policies and training for data protection, security, and incident handling
• Vendor due diligence and contractual safeguards for data processors

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your login credentials and for contacting us promptly if you suspect unauthorised access to your account.

Your Rights & Contacting Us

Your privacy rights (Australia)

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you generally have the right to:

• Request access to personal information we hold about you (subject to certain exceptions)
• Request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information
• Make a complaint about how we handle personal information

To exercise these rights, contact [email protected]. We may need to verify your identity before processing your request.

GDPR-style rights (where applicable)

If GDPR applies to your circumstances, you may also have rights including:

• Right to be informed and to obtain a copy of your personal data
• Right to rectification
• Right to erasure (right to be forgotten), subject to legal obligations
• Right to restrict processing
• Right to data portability (where applicable)
• Right to object to processing based on legitimate interests
• Right to withdraw consent (where processing is based on consent)

Marketing preferences

You can opt out of marketing as described in the Marketing Communication section. We will action opt-out requests as soon as reasonably practicable.

Complaints

If you are concerned about how Darwin handles your personal information, you can contact us at [email protected] and we will aim to respond within a reasonable timeframe.

You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• OAIC privacy complaints information: https://www.oaic.gov.au/privacy/privacy-complaints

Contact details

For all privacy-related requests, including access, correction, deletion requests (where lawful), and marketing opt-outs, contact:

• Email: [email protected]

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or the Services. The updated version will be posted on darwincasino.net. Where required by law, we will take reasonable steps to notify you of material changes.