burger icon
ILucki Сasino Casino
Log In

Privacy Policy

This Privacy Policy outlines how ilucki, operating exclusively via iluckiz.com, collects, uses, shares, and protects your personal information. It applies to all players and visitors from Australia using our services or website. The policy enters into effect as of 01 July 2025 and remains valid through 2025.

Who We Are

OBSERVE: This section identifies the legal operator and ensures direct contact points for all privacy-related matters.
EXPAND: The inclusion of detailed company, jurisdiction, and Data Protection Officer (DPO) data supports mandatory AU disclosure compliance and enhances user trust.
REFLECT: Ensuring transparency in the operator's corporate identity and providing meaningful contact options for privacy requests is a foundational AU requirement.

  • Operator Name: Dama N.V., registered under company number 152125.
  • Registered Address: Julianaplein 36, Willemstad, Curaçao.
  • Licensing Jurisdiction: Licensed and regulated by the Government of Curaçao.
  • Parent Company: Dama N.V.; Subsidiary: Friolion Limited.
  • Data Protection Contact: Data Protection Department, reachable at [email protected] or [email protected].

Regional Compliance Note: These details address explicit requirements under AU Privacy Act 1988 and AML/CTF Act compliance frameworks.

What Personal Data We Collect

OBSERVE: AU law (APPs, AML/CTF) sets minimum and explicit requirements for disclosure of collected personal data.
EXPAND: Categories include not only identity data but also financial, technical, and behavioural, with cookies and analytic tracking for regulatory and AML/audit purpose.
REFLECT: Ensuring users understand all data categories maximizes transparency and limits complaint/litigation risk.

  • Identity Data: Full name, date of birth, residential address, username, e-mail address, phone number, government-issued ID documentation.
  • Payment Data: Bank account and payment card details, transaction records, payout and deposit history.
  • Technical Data: IP address, device information, browser type and version, log files, access date and time, language preferences, session tokens.
  • Behavioural Data: Betting and transaction history, website usage patterns, game choices, clickstream information, communications and support logs.
  • Cookies & Tracking: Data from cookies, beacons, similar technologies (see Cookies & Tracking section below).

Regional Compliance Note: AU Privacy Act (APP 1-5) obligates detailed notification of collection practices; data minimization principles applied.

Legal Basis for Processing

OBSERVE: Under AU Privacy Law and gambling regulations, explicit legal justifications for processing must be clearly enumerated.
EXPAND: Application of consent, necessity for service provision, legitimate interests (including AML/fraud), and mandatory legal obligations.
REFLECT: Each processing basis corresponds to a protective and regulatory clause, supporting user and business rights under Australian law.

  • User Consent: We process data based on your explicit, informed consent, especially for marketing and promotional messages. Consent can be withdrawn at any time.
  • Contractual Necessity: Data processing is necessary for the performance of your contract with ilucki via iluckiz.com, including creating and maintaining accounts, processing payments, and providing access to gaming services.
  • Legal Obligations: We are required by AU and Curaçao law (e.g., KYC, AML, taxation, responsible gambling statutes) to collect, verify, and retain certain data. This includes identity verification and record-keeping.
  • Legitimate Interests: Data may be processed for fraud prevention, risk management, analytics, to protect our legal rights, and to improve site security and performance, provided such processing does not override your rights and freedoms.

Regional Compliance Note: All processing bases align with APP 3, AML/CTF obligations, and CRS requirements where relevant.

Purpose of Processing

OBSERVE: AU law mandates a clear explanation for each use of collected personal data.
EXPAND: Addressing purposes for delivery of service, regulatory obligations, user experience, and legitimate business operations.
REFLECT: Full disclosure supports informed Data Subject consent and helps limit scope of disputes.

  • Account Creation & Management: Verifying your identity, setting up, and maintaining your iluckiz.com casino account.
  • Service Provision: Processing deposits/withdrawals, enabling participation in online games, maintaining transaction and gameplay records.
  • Regulatory Compliance: Conducting mandatory KYC and AML checks, tax and regulatory reporting as required under AU law.
  • Fraud Prevention & Security: Detecting, investigating, and mitigating fraudulent or illegal activity.
  • Personalisation & Analytics: Improving user experience via analytics, usage tracking, and personalisation of content and offers.
  • Marketing & Communications: Sending promotional materials and service communications, only where you have given consent (opt-out available at any time).

Regional Compliance Note: All purposes strictly correspond to permitted uses under AU consumer and gambling statutes; marketing is always consent-based.

Disclosure & Sharing

OBSERVE: Users must be told if, when, and with whom their data may be shared. Necessary in AU for informed consent, third-party processor transparency, and cross-border data flow.
EXPAND: Includes all service providers, payment partners, regulators, and third parties with clear justification for each.
REFLECT: Enhances trust and compliance by identifying all data recipients and disclosure scenarios, both mandatory and optional.

  • Payment Processors: Data shared with trusted payment service providers to process deposits/withdrawals according to AU and international standards (PCI DSS compliance required).
  • Service Providers: Technical and customer support partners, hosting providers, and software vendors, all bound by strict confidentiality and data processing agreements.
  • Regulatory Authorities: Disclosure to law enforcement, gaming, AML, and taxation authorities as required by applicable AU and Curaçao laws.
  • Affiliates & Marketing Partners: With your explicit consent, your data may be shared with selected affiliate and advertising networks for promotional purposes.
  • Corporate Transactions: In the event of mergers, acquisitions, or re-organisations, data may be shared as part of business transfers, subject to this policy's protections.

Regional Compliance Note: All disclosures are performed in accordance with the Australian Privacy Principles (APP 6) and AML/CTF data reporting rules.

International Transfers

OBSERVE: AU law (APP 8) compels casinos operating in AU to explain all offshore data transfers and the safeguards used.
EXPAND: Data may be transferred from Australia to Curaçao and other regions (including IT/service support locations) in accordance with regulated cross-border standards.
REFLECT: Implementation of recognised safeguards minimises international privacy risks.

  • Transfer Destinations: Data may be transferred to Curaçao (primary data processing jurisdiction of Dama N.V.), the European Economic Area (EEA), and other countries where service providers operate.
  • Protection Measures: All cross-border data transfers are secured using Standard Contractual Clauses (SCCs), robust encryption, contractual confidentiality agreements, and technical safeguards in accordance with APP 8 and international best practice.
  • Third-Party Processors: All partners in receipt of your data are contractually required to uphold privacy and data security standards equivalent to those applied in Australia.

Regional Compliance Note: If further information about international transfers or copies of SCCs is required, request this via [email protected].

Data Retention

OBSERVE: Under AU Privacy and AML/CTF law, both duration and criteria for data retention must be disclosed.
EXPAND: Distinctions between data categories and circumstances (KYC vs. marketing vs. technical logs) are essential for lawful retention.
REFLECT: Precise definition of deletion criteria supports lawful processing and user trust.

  • Personal Identification Data: Retained for no more than five (5) years following account closure or last account activity, unless shorter retention is required by law or deletion is requested (where permitted under AU law).
  • Financial, AML & Transactional Data: Retained for up to five (5) years following the completion of each transaction, in line with statutory record-keeping requirements under the AU Anti-Money Laundering and Counter-Terrorism Financing Act.
  • Marketing Data: Retained until you withdraw your consent or opt out of marketing communications, at which point your data is deleted or anonymised without undue delay.
  • Technical Logs and Analytical Data: Retained as necessary for security, dispute resolution, or up to two (2) years, after which they are deleted or anonymised.
  • Deletion Criteria: Data is erased (or securely anonymised) when retention is no longer necessary for the purposes listed above or upon valid data erasure request, subject to mandatory retention exceptions.

Regional Compliance Note: All retention and deletion practices are fully aligned with AU law as of 2025 and apply to all iluckiz.com users.

Your Rights

OBSERVE: The AU Privacy Act grants users actionable rights over data held by service providers, which must be communicated clearly.
EXPAND: Rights extend to access, correction, erasure, restriction, portability, objection, and marketing opt-out.
REFLECT: Documenting these reinforces user control and supports regulatory compliance.

  1. Right of Access: You may request a copy of the personal data that ilucki holds about you at any time.
  2. Right to Correction: You are entitled to request that inaccurate, outdated, or incomplete personal data be rectified promptly.
  3. Right to Erasure: You can request the erasure of your data, except where retention is legally mandated (e.g., for AML record-keeping, dispute resolution).
  4. Right to Restrict Processing: You may request to limit how your data is used in specific circumstances as set out in the Privacy Act and AML regulations.
  5. Right to Object: You can object to certain forms of data processing, including direct marketing, at any time.
  6. Right to Data Portability: Where applicable, you may request your data in a structured, commonly used, machine-readable format and have it transferred to another service.
  7. Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw such consent at any time, without affecting processing prior to withdrawal.

Regional Compliance Note: You may exercise these rights by contacting our Data Protection Department at [email protected]. Additional KYC verification may apply for security purposes.

Cookies & Tracking Technologies

OBSERVE: AU law requires clear, actionable explanations of cookies and user opt-out/management procedures.
EXPAND: Explanation covers types of cookies, their use, and user control options within site and at browser level.
REFLECT: Detailed cookie notice limits legal risk and ensures user transparency.

  • Session Cookies: Temporary cookies essential for core functionality, deleted when you close your browser.
  • Persistent Cookies: Remain on your device to remember preferences and enhance site performance, until manually deleted or expiry.
  • Third-Party Cookies: Set by analytics (such as Google Analytics), advertising networks, or affiliate partners to measure site usage and deliver promotional content. These are only used with your explicit consent.
  • Purposes: Security, analytics, personalisation, and marketing.
  • Managing Cookies: You can manage or disable cookies at any time via your browser's privacy/settings menu or, where available, using the website's cookie management panel.

Regional Compliance Note: Use of non-essential cookies is opt-in. Cookie management options comply with Australian legal requirements for consumer privacy and explicit consent.

Data Security

OBSERVE: AU law obligates implementation and disclosure of both technical and organisational security measures.
EXPAND: This includes encryption, SSL, access controls, third-party audits, and mandatory staff training.
REFLECT: Stating these measures affirms our ongoing commitment to user data protection.

  • Encryption & Transmission Security: All data in transit is protected via SSL/TLS encryption. Sensitive data (such as financial or identity information) is further encrypted at rest.
  • Access Controls: Data access is strictly restricted to authorised personnel only, based on role-specific need and verified through login audits.
  • Third-Party Audits & Testing: Regular security audits and penetration testing are conducted to maintain compliance and integrity.
  • Staff Training: All staff undergo annual privacy and information security training as per regulatory best practice.
  • Incident Response: Established procedures are in place for prompt breach detection, user notification, and mitigation, in line with mandatory AU Notifiable Data Breaches (NDB) scheme.

Regional Compliance Note: These measures fully comply with Australian Privacy Principle 11 and AU Notifiable Data Breaches regime as of 2025.

Complaints & Contacts

OBSERVE: Clear, efficient procedures and contact points for complaints or privacy queries are required by AU law.
EXPAND: The section details all user complaint procedures and roles of responsible contacts.
REFLECT: Well-defined processes facilitate prompt and compliant dispute resolution and user trust.

  • Data Protection Contact: For all privacy policy questions, data requests, or complaints, please contact the Data Protection Department at [email protected] or [email protected]. Mark your message as "Privacy Inquiry".
  • Alternative Contacts: For general communications: [email protected]; For press: [email protected].
  • Complaint Procedure:
    1. Contact us via email and provide as much detail as possible about your concern.
    2. We will acknowledge receipt of your complaint within five (5) business days.
    3. We undertake to investigate and respond substantively within thirty (30) calendar days.
    4. If you are dissatisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

Regional Compliance Note: This process satisfies all obligations under the AU Privacy Act (Part V) for privacy complaints and user inquiries as of 2025.

Updates

OBSERVE: AU privacy policy standards require clear notification procedures and revision dating.
EXPAND: The section explains user notification, opt-out options, and formal record of last revision.
REFLECT: Ensuring users are informed when changes arise supports transparent, lawful practice.

  • Notification of Changes: ilucki reserves the right to update this Privacy Policy at any time to reflect changes in legal, regulatory, or operational requirements for iluckiz.com. Significant amendments will be notified to account holders by email and/or a prominent website notice at least seven (7) days prior to enforcement.
  • Version Control: This policy was last revised and published on 01 July 2025. The next scheduled review will occur by July 2025 or sooner if required by legal developments.
  • Continued Use: Continued use of iluckiz.com indicates your acknowledgment and acceptance of any changes made to this policy.

Regional Compliance Note: All procedures for notifying changes comply with the Australian Privacy Act and best practice as at 2025.