Casinonic is the controller of personal information processed through the websites and online services for Austria. The brand complies with the EU General Data Protection Regulation (GDPR) and Austria’s Datenschutzgesetz.

Personal data collected

• Identity and verification: name, date of birth, nationality, address, KYC documents, photographs or video for verification, and identifiers from government documents where required by law.
• Contact details: email, phone number, postal address.
• Account and usage: username, gameplay and betting history, limits and self-exclusion settings, preferences, communications.
• Payments and transactions: deposit and withdrawal records, bank or card tokens provided by payment processors, IBAN or e-wallet identifiers. Full card details are not stored on the platform.
• Technical data: device information, IP address, log files, cookies, online identifiers, browser settings, location inferred from IP.
• Compliance data: results of sanctions and politically exposed person checks, anti-money laundering indicators, risk flags.

Why the data is collected

• To provide and manage accounts, verify age and identity, and deliver the requested services.
• To process payments, prevent fraud, support responsible gambling, and meet AML and counter-terrorism financing obligations.
• To operate, maintain, and improve websites and apps, including security and performance.
• To communicate service updates and, where consent is given, send marketing relevant to the services.

Protection measures

• Encryption in transit and at rest, secure key management, and hardened server configurations.
• Strict access controls, multi-factor authentication for staff, and role-based permissions.
• Network segmentation, monitoring, and logging tied to incident response procedures.
• Supplier due diligence, confidentiality contracts, and regular security testing and audits.
• Data minimisation, pseudonymisation where appropriate, and secure disposal routines.

User rights under GDPR

• Access, rectification, erasure, restriction, and portability.
• Objection to processing based on legitimate interests and to direct marketing.
• Withdrawal of consent at any time, without affecting prior lawful processing.
• Complaint to the Austrian Data Protection Authority.

Contact

• Data Protection Officer: [email protected]
• Postal correspondence: see the imprint or contact page on the websites for the current address.
• If Casinonic is established outside the EEA, an EU representative is appointed. Contact details are available on the websites.

Personal data is used only for lawful and transparent purposes:

• Account set-up and service delivery: creating profiles, enabling gameplay and betting, and providing customer support under a contract with the user.
• Transactions: processing deposits and withdrawals, payment reconciliation, and chargeback handling through authorised providers.
• Responsible gambling: applying limits, self-exclusion, affordability and risk assessments based on legal obligations and legitimate interests.
• Security and fraud prevention: identity verification, AML screening, sanctions checks, and incident investigation to comply with law.
• Service improvement and analytics: understanding usage patterns to improve performance and functionality. Analytics rely on legitimate interests and privacy-friendly settings.
• Marketing and personalisation: sending communications about services only where consent exists, and honouring opt-outs at any time.
• Legal and regulatory compliance: record-keeping, audits, reporting to regulators and authorities, dispute resolution, and enforcing terms.

Automated decision-making may occur for fraud detection, AML, and risk scoring. Safeguards, including human review on request, are applied where required by law.

Users can exercise rights or make a data request by contacting [email protected]. A response will be provided within one month, or within an extended period where permitted by GDPR.

How to access, update, or delete data

• Access: request a copy of the personal data held, together with information about processing.
• Correction: request corrections to inaccurate or incomplete information.
• Deletion: request erasure where the information is no longer required, consent is withdrawn and no other legal basis applies, or processing is unlawful. Certain records must be retained to meet AML, tax, or regulatory duties.
• Restriction and objection: request a pause in processing or object to processing based on legitimate interests or for direct marketing.
• Portability: request transfer of certain data to another provider in a structured, commonly used format.

Procedure

• Identity evidence may be requested to protect user accounts and prevent unauthorised disclosure.
• Requests are logged and processed using secure workflows. Outcomes and reasons will be communicated in writing.
• By using Casinonic, users consent to security checks and to the processing of payment information by authorised payment providers for transactions and fraud prevention.

The services are intended for adults aged 18 years and over. Registration and betting by minors are prohibited.

The operator cannot reliably confirm age without documents. Evidence of age may be requested during verification and at any time while the account remains active.

If a parent or guardian notifies the operator that a minor has submitted personal information, the account will be closed promptly and the information deleted where permitted by law. Records required for legal compliance may be retained in a restricted archive.

Personal information may be processed in other countries where technology, payment, identity verification, or support partners operate. Appropriate safeguards are applied, including adequacy decisions, standard contractual clauses, encryption, and supplier audits. A copy of the relevant safeguards can be provided on request where legally permissible.

Using the websites indicates consent to such transfers in addition to the applicable GDPR transfer mechanisms. All partners are required to protect confidentiality and to use the information only for documented purposes consistent with this policy and the contracts in place.

This policy is a legal document that governs how personal data is handled. A disclaimer may clarify, limit, or expand the scope of specific rules to the extent permitted by law. The disclaimer applies when the user accepts the policy through signature, electronic acceptance, or accession during registration or continued use of the services.

If there is any conflict between translations of this policy, the current English (Australia) version available on the websites prevails unless local law requires otherwise.

Cookies are small text files stored on a device that help websites remember user actions and preferences. Similar technologies such as SDKs, pixels, and local storage may also be used.

Purpose of cookies

• Statistics and analytics: measuring usage and performance to improve services.
• Behaviour analysis and security: detecting anomalies, preventing fraud, and keeping sessions safe.
• Personalisation: remembering settings such as language and display preferences.
• Site improvement: diagnosing errors and enhancing features.

Retention and control

• Standard cookie retention is up to 1 year unless a shorter period is needed.
• Users can manage preferences through the cookie banner and browser settings. Blocking some cookies may affect functionality.
• Third-party cookies may be set by analytics and advertising providers. Refer to the Cookie Notice for details about categories and providers.

Using the services constitutes full acceptance of this Privacy Policy, including any updates published on the websites. The current version posted online prevails over any prior versions.

If changes materially affect how personal data is used, reasonable notice will be provided and consent will be sought again where required by law.

Personal information may be shared with third parties when required by law, to establish or defend legal claims, to enforce agreements, or to deliver services. Categories include payment processors, banks and card schemes, identity verification and AML screening providers, fraud prevention and risk scoring services, hosting and IT support, analytics, customer service tools, marketing service providers where consent exists, regulators, auditors, and dispute resolution bodies.

Where a list of current third parties is published on the websites, that list describes the purpose and scope of sharing. If a list is not available, users will be informed of the purpose and scope at the time of collection. Providing data constitutes consent to share it for these documented purposes, subject to applicable law. Some partners act as independent controllers and apply their own privacy policies.

The websites may contain links to external sites that are not operated by the brand. Those sites have their own privacy policies and security practices. Responsibility for how those operators collect, use, and disclose personal information rests with them.

Users should review the privacy notices of any external sites visited and consider the risks before providing personal data.