burger icon
Сasino Сlassic
Log In

Privacy Policy

This Privacy Policy explains how 22aud ("we", "us", "our") collects, uses, discloses and protects personal information of people who visit and use the website https://22aud-casino.games and related services. It applies to registered players and to website visitors who interact with our content, features and customer support. By using our services you acknowledge that you have read this Privacy Policy. This version is effective from 6 November 2025.

Who We Are

Observe: 22aud is an online gambling brand operated under a Curaçao licence and made available to, among others, players located in Australia and other "grey market" regions. The legal entity responsible for your personal information is:

  • Operator (data controller): Gambling Holdings Ltd.
  • Registered / legal address: Heelsumstraat 51, E‑Commerce Park, Curaçao (CW)
  • Legal form: Limited company (Ltd.)
  • Gambling licence: Sub‑licence under Master Licence 365/JAZ issued by Gaming Curaçao

Expand: Gambling Holdings Ltd. operates 22aud under a Curaçao online gambling framework and may use affiliated entities and service providers (including payment and support providers potentially located in the European Union or Cyprus) to process personal information on its behalf. While 22aud targets players in Australia, it is not licensed by any Australian gambling authority, and nothing in this Privacy Policy constitutes a statement that our services are lawful in your jurisdiction.

Reflect: For privacy matters we provide a dedicated point of contact:

  • Data Protection Officer (DPO): Data Protection Officer, Gambling Holdings Ltd.
  • Postal contact: Data Protection Officer, Gambling Holdings Ltd., Heelsumstraat 51, E‑Commerce Park, Curaçao
  • Email: [email protected]
  • Website: https://22aud-casino.games (secure internal messaging or support channels in your account)

What Personal Data We Collect

Observe: When you visit or use 22aud, we collect information that you provide directly, information generated through your use of our services, and information obtained from third parties (such as payment providers and verification partners). The main categories are:

  • Identification and contact data: full name, username, password (stored in hashed form), date of birth, country of residence, address (where provided), email address, and phone number (if you choose to provide one).
  • Verification (KYC/AML) data: copies or data from identity documents (e.g. passport, ID card, driver's licence), proof of address, payment ownership documents, information about your source of funds or source of wealth, and results of checks against sanctions, politically exposed person (PEP) and adverse media databases where required by anti‑money‑laundering (AML) rules.
  • Account and behavioural data: account registration details, login timestamps, session information, game and betting history, wins and losses, bonus use, self‑exclusion or cooling‑off settings, responsible gambling tools usage, clicks and navigation within our website and apps.
  • Payment and transaction data: deposit and withdrawal records, payment method details (such as masked card numbers, bank identifiers or e‑wallet identifiers), currency, amounts, transaction timestamps, and related anti‑fraud checks. We do not store your full card number in plain text.
  • Technical and log data: IP address, approximate location based on IP, device identifiers, operating system, browser type and version, language settings, referral URLs, crash logs and other standard web server and security logs.
  • Communication data: records of interactions with customer support, emails, internal messages, chat transcripts, complaint correspondence, and any information you choose to include in those communications.
  • Cookies and similar technologies data: unique identifiers stored in cookies or local storage, as well as data from web beacons, pixels and similar technologies implemented by us or by authorised third parties for analytics, security and marketing purposes.

Expand: We may also receive limited information about you from our partners (for example payment processors, verification providers or marketing affiliates) where this is necessary to prevent fraud, comply with AML requirements, or measure the performance of our campaigns. We do not intentionally collect sensitive categories of personal data (such as health information) except to the extent strictly required for AML checks (for example, determining whether a person is a PEP).

Reflect: The specific data we collect about you can vary depending on how you interact with 22aud and which services you use. Where information is optional, we will generally indicate this at the point of collection.

Legal Basis for Processing

Observe: Because 22aud serves users in multiple regions, including Australia and other international markets, our processing activities are designed to be compatible with several privacy frameworks, including:

  • Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), where applicable.
  • EU/EEA General Data Protection Regulation (GDPR), where it applies.
  • Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), where it applies.

Expand: Depending on your location and the specific processing activity, we rely on one or more of the following legal grounds:

  • Contract performance: to create and administer your 22aud account, verify your identity, process deposits and withdrawals, provide games, manage bonuses and promotions, and deliver customer support under our Terms & Conditions and other policies published at https://22aud-casino.games.
  • Compliance with legal obligations: to meet AML and counter‑terrorist financing (CTF) requirements, responsible gambling obligations, sanctions screening, accounting and tax requirements, and regulatory reporting (including to Gaming Curaçao and other competent authorities).
  • Legitimate interests: to secure our systems, detect and prevent fraud, verify account integrity, conduct analytics and service optimisation, enforce our Terms & Conditions, defend or exercise legal claims, and operate an effective and sustainable online gaming service. When relying on legitimate interests we balance these interests against your rights and expectations.
  • Consent: for certain activities such as sending direct electronic marketing communications where required by law, placing non‑essential cookies (for analytics or advertising), and performing specific types of profiling for personalised offers. You may withdraw your consent at any time as described in this Policy.

Reflect: In jurisdictions where concepts such as "legal basis" are not expressly defined, we treat the above grounds as describing the circumstances in which our processing is permitted. If a particular processing activity requires your consent under Mexican law or other applicable rules, we will ask for it in a clear and specific way.

Purpose of Processing

Observe: We process personal information only for specified, explicit and legitimate purposes and do not use it in ways that are incompatible with those purposes.

  • Service provision: to operate the 22aud gambling platform, allow you to register and maintain an account, provide access to games, manage your balance, and process deposits, withdrawals and bets.
  • Verification and compliance: to perform KYC checks, verify age and identity, comply with AML/CTF and sanctions rules, prevent bonus abuse, and ensure that our services are not used for unlawful activities.
  • Responsible gambling: to implement and manage self‑exclusion, deposit limits, loss limits, session reminders and other tools designed to support safe play, and to monitor behaviour for potential signs of problematic gambling where permitted by law.
  • Customer support and dispute handling: to answer questions, handle complaints, investigate incidents, and document outcomes.
  • Analytics and improvement: to analyse aggregated and pseudonymised data about how our platform is used, identify technical issues, improve performance and user experience, and develop new features and products.
  • Security and fraud prevention: to protect accounts, detect suspicious or abusive behaviour, combat chargebacks, and safeguard the integrity of our games and systems.
  • Marketing and personalisation: to send you offers, bonuses and news about 22aud (subject to your preferences and consent requirements), and to personalise content, promotions and recommendations based on your interactions.
  • Legal and regulatory purposes: to comply with requests or orders from regulators, courts or other public authorities, to respond to legal claims, and to support audits and inspections related to our Curaçao licence or other applicable regimes.

Reflect: Where we wish to use your data for a new purpose not compatible with the original reason for collection, we will inform you and, where required, seek your additional consent.

Disclosure & Sharing

Observe: We do not sell your personal information. We share it only with carefully selected recipients where necessary for the operation of 22aud, to comply with legal obligations, or with your consent.

  • Group and affiliated companies: entities that are under common ownership or control with Gambling Holdings Ltd., which may support customer support, payment processing or risk management functions from locations such as the European Union or Cyprus.
  • Platform and game providers: third‑party software suppliers that provide casino games, platform technology, hosting, maintenance, and related services under contracts containing data protection and confidentiality obligations.
  • Payment service providers and banks: card processors, e‑wallet providers, banking partners and other financial institutions that handle deposits and withdrawals and assist us with fraud and AML checks.
  • Verification, AML and risk management partners: identity verification companies, credit reference agencies (where allowed), sanctions screening providers, and fraud‑prevention tools.
  • Analytics, cookies and marketing partners: providers of analytics tools, advertising networks and affiliate partners who help us measure traffic and performance, personalise content, and deliver or measure marketing campaigns, in accordance with your cookie and marketing choices.
  • Regulators and public authorities: Gaming Curaçao and other licensing or enforcement bodies, tax and law‑enforcement agencies, courts and dispute resolution bodies, when we are required or allowed by law to disclose information.
  • Professional advisers: lawyers, auditors and consultants who provide legal, accounting or other professional services under confidentiality obligations.
  • Corporate transactions: if we are involved in a merger, acquisition, restructuring or sale of assets, your information may be disclosed to prospective or actual buyers and their advisers, subject to appropriate safeguards.

Expand: In certain situations we may share aggregated or anonymised data that does not identify you directly (for example, statistics on game performance or general traffic patterns). We may also share information with third parties if you explicitly authorise or request us to do so.

Reflect: All third‑party recipients are required to process your information only on our instructions and in accordance with applicable data protection and confidentiality rules, except where they act as independent controllers (for example, regulators or payment institutions subject to their own legal obligations).

International Transfers

Observe: Because 22aud operates online and uses infrastructure and partners in multiple jurisdictions, your personal information may be transferred to and stored in countries other than your country of residence. These may include Curaçao (where Gambling Holdings Ltd. is registered), European Union/EEA member states, Cyprus, and other locations where our technical, payment or support providers are based.

Expand: Different countries have different data protection laws. When we transfer personal information internationally, we implement safeguards designed to provide an equivalent level of protection, including:

  • Contractual safeguards: data processing agreements and, where GDPR applies, the use of EU standard contractual clauses (SCCs) or other approved transfer mechanisms with our non‑EEA partners.
  • Organisational and technical measures: strict access controls, encryption, security monitoring and internal policies that limit access to personal information to authorised personnel on a need‑to‑know basis.
  • Local‑law assessment: assessing, where appropriate, whether local laws in the recipient country may impact the protection of your information and adopting additional safeguards if necessary.

Reflect: For Australian and Mexican residents, cross‑border transfers are carried out in accordance with local rules on international data transfers, including transparency about the countries involved and, where required, obtaining your consent. By using our services you understand that your information will be processed in Curaçao and other countries that may have different privacy standards than those in your home jurisdiction.

Data Retention

Observe: We keep personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, accounting, AML and regulatory requirements, and then either securely delete or irreversibly anonymise it.

  • Account and profile data: typically retained for the duration of your active account and for up to 5 years after closure, to comply with AML and gambling regulatory obligations and to handle potential disputes or legal claims.
  • KYC/AML and transaction data: documents and records used for identity verification, deposits, withdrawals and betting history are generally retained for at least 5 years from the end of the business relationship or from the date of the last transaction, in line with AML best practice and regulatory expectations.
  • Customer support and complaints data: communications and complaint files are usually retained for up to 5 years after the issue has been resolved, or longer if needed for legal purposes.
  • Marketing data: information used for marketing is kept until you withdraw your consent or opt out, or until we identify that you have been inactive for a period (for example 24 months), after which it may be anonymised or deleted.
  • Technical logs and security data: server logs, security logs and similar technical records are typically kept for 12-24 months, unless a longer period is needed in connection with security incidents or investigations.
  • Cookies: retention periods for cookies depend on their type and purpose; session cookies are deleted when you close your browser, while persistent cookies may remain on your device from a few days up to 24 months unless you delete them earlier.

Expand: We may retain certain information for longer where necessary to comply with law, respond to regulatory enquiries, resolve disputes, enforce our agreements or establish, exercise or defend legal claims. Backup copies may remain in our systems for a limited additional period before being overwritten.

Reflect: When retention periods expire, we apply deletion, anonymisation or aggregation techniques to ensure that your information is no longer associated with you or used in a personally identifiable way.

Your Rights

Observe: Depending on where you live and which privacy laws apply, you may have specific rights regarding your personal information. We aim to provide a consistent, high level of protection and, where reasonably practicable, to honour key rights recognised under the GDPR, the Mexican LFPDPPP and the Australian Privacy Act.

  • Right of access: to obtain confirmation of whether we process your personal information and to receive a copy of that information together with relevant details about the processing.
  • Right to rectification/correction: to request that inaccurate or incomplete information about you be corrected or completed.
  • Right to deletion ("erasure"): to request deletion of certain personal information, for example where it is no longer needed, you withdraw consent (where consent is the sole basis), or you believe it has been processed unlawfully. We may retain information where required by AML, gambling or other laws.
  • Right to restriction of processing: to request that we limit the processing of your information in certain circumstances, such as while we verify its accuracy or assess an objection.
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to opt out of direct marketing at any time.
  • Right to data portability: where technically feasible and applicable under GDPR or similar laws, to receive certain information in a structured, commonly used and machine‑readable format and to request that it be transmitted to another controller.
  • Rights related to consent: where we rely on consent (for example for marketing or non‑essential cookies), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Expand: Some rights are not absolute and may be subject to conditions or exceptions under applicable law. For example, we may refuse a deletion request if we must retain the data to comply with AML regulations, gambling licence conditions or legal obligations in Curaçao or other jurisdictions.

How to exercise your rights (procedure):

  1. Submit a request via the secure messaging or support channels available in your 22aud account, or contact our DPO at [email protected].
  2. Provide sufficient information to identify yourself and your account and to allow us to verify your identity (we may request additional verification information for security reasons).
  3. Describe clearly which right you wish to exercise and, if relevant, which processing activities or data types your request concerns.

Reflect: We aim to respond to all valid requests within 30 days of receipt and verification. If your request is complex or we receive numerous requests, we may extend this period by up to an additional 30 days and will inform you of the delay and reasons. We do not charge a fee for handling your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act. You also have the right to lodge a complaint with a competent data protection authority as described in the "Complaints & Contacts" section.

Cookies & Tracking Technologies

Observe: 22aud uses cookies and similar technologies to make our website work, to analyse how it is used, to improve performance, and, where permitted, to support marketing and personalisation.

  • Strictly necessary (session) cookies: essential for the operation of the website and your account, such as enabling login, maintaining sessions, processing payments and ensuring security. These cookies are typically session‑based and expire when you close your browser.
  • Functional (persistent) cookies: used to remember your preferences (such as language, geolocation choice or cookie settings) so that you do not need to reconfigure them each time you visit. These may remain on your device for a defined period.
  • Analytics cookies: first‑party or third‑party cookies that collect aggregated information about how visitors use our site (pages visited, time spent, device types) to help us understand and improve performance and user experience.
  • Advertising and affiliate cookies: used by us and our selected partners to track the effectiveness of marketing campaigns, reward affiliates, and, where permitted, deliver or measure personalised offers.

Expand: We may also use web beacons, pixels, SDKs, device fingerprinting and similar technologies in combination with cookies to support security, analytics and marketing. Third‑party cookies are set and controlled by the relevant third party, and their use is subject to those parties' own privacy policies.

Managing cookies:

  • You can manage your cookie preferences through your browser settings, where you can delete existing cookies and configure your browser to block or alert you about new cookies.
  • Where available, you may also use cookie management tools or banners on our website to choose which categories of cookies (other than strictly necessary) you agree to.
  • Disabling or blocking certain cookies may impact the functionality and performance of the website, and some features or games may not work properly.

Reflect: By continuing to use 22aud after having been presented with a cookie notice, you acknowledge that your information may be collected and processed as described in this section, in line with the choices you have made.

Data Security

Observe: We take security seriously and implement technical and organisational measures designed to protect your personal information against unauthorised access, alteration, disclosure or destruction.

  • Encryption in transit and at rest: data transmitted between your browser and 22aud uses industry‑standard TLS 1.2 or higher. Sensitive information is stored using strong encryption and hashing techniques.
  • Access controls and authentication: access to personal information is restricted to authorised personnel who need it for their job and is protected by multi‑factor authentication, role‑based access controls and logging.
  • Infrastructure and network security: firewalls, intrusion detection and prevention systems, secure configuration, segmentation and regular monitoring are used to protect our systems from external threats.
  • Secure development and testing: we apply security considerations in the design, development and testing of our systems, and we review and update our controls regularly.
  • Staff training and confidentiality: employees and contractors are subject to confidentiality obligations and receive training on data protection, AML and security awareness.
  • Incident response: we maintain procedures to detect, investigate and respond to suspected data breaches or security incidents and, where required by law (for example under the GDPR or Australian Notifiable Data Breaches scheme), we will notify affected individuals and relevant authorities.

Expand: While no system can be guaranteed 100% secure, we continually assess and enhance our controls. We strive to align our security practices with internationally recognised standards such as ISO 27001 and SOC 2, although 22aud is not currently certified under these standards.

Reflect: You also play an important role in keeping your information secure by choosing a strong, unique password, keeping your login details confidential, enabling available security features, and promptly notifying us if you suspect any unauthorised activity on your account.

Complaints & Contacts

Observe: We encourage you to contact us first if you have questions, concerns or complaints about how we handle your personal information.

  • Primary contact for privacy: Data Protection Officer, Gambling Holdings Ltd., Heelsumstraat 51, E‑Commerce Park, Curaçao; email: [email protected].
  • Account support: via the customer support or messaging tools available when logged into your 22aud account on https://22aud-casino.games.

Complaint procedure (internal):

  1. Submit your concern or complaint to our support team or directly to the DPO, providing relevant details and any supporting documentation.
  2. We will acknowledge receipt of your complaint, investigate the matter, and, where appropriate, request additional information to clarify your concerns.
  3. We aim to provide a substantive response within 30 days. If the issue is particularly complex or we require more time, we will inform you of the delay and expected timeframe.

Expand: If you believe that we have not handled your personal information in accordance with applicable law or have not adequately addressed your complaint, you may have the right to escalate your concern to a data protection authority or other relevant body:

  • Australia: Office of the Australian Information Commissioner (OAIC) - see https://www.oaic.gov.au for contact details and complaint procedures.
  • European Union/EEA: your local data protection authority, particularly in the EU/EEA member state of your habitual residence, place of work, or where the alleged infringement occurred.
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - see https://www.inai.org.mx for contact information and guidance on how to file a complaint.

Gaming licence and regulator complaints (not privacy‑specific): For issues related to gambling operations under our Curaçao licence (such as game fairness or payout disputes), you may contact Gaming Curaçao. The current validation page for our licence is available at https://gaming-curacao.com/validator/22audcasino-license-365-jaz. Gaming Curaçao can also be reached via email at [email protected]. Please note that this body is not a dedicated data protection authority, and historical effectiveness of such routes for player disputes is limited.

Reflect: Using internal complaint channels first usually allows for quicker resolution; however, you may contact a supervisory authority at any time if your local law allows.

Updates

Observe: We may update this Privacy Policy from time to time, for example to reflect changes in our services, legal requirements, regulatory guidance or industry best practices.

  • Publication: the latest version will always be available at https://22aud-casino.games/privacy-policy.
  • Notification of material changes: where we make significant changes that materially affect how we process your personal information, we will provide additional notice, which may include email notifications, prominent banners on our website, and/or alerts within your account dashboard.
  • Advance notice: for material changes, we will generally provide at least 30 days' notice before the updated policy takes effect, unless immediate changes are required by law or to protect the security of our services.
  • Your options: if you do not agree with the updated Policy, you may close your account and stop using our services before the changes become effective. Continued use of 22aud after the effective date will constitute your acceptance of the updated Policy.
  • Versioning and changelog: we record the date of the most recent update and, where appropriate, may summarise key material changes. Earlier versions may be made available upon request to the DPO.

Reflect: This Privacy Policy was last updated on 6 November 2025. We encourage you to review it periodically to stay informed about how we protect your information.