Richard Casino Privacy Policy (Australia)
This policy explains how Richard Casino collects, uses, stores and shares personal information about Australian players. It is written to align with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles, and to be readable by a punter in a single sitting rather than a lawyer in three. Where Australian law goes further than other jurisdictions we serve, the Australian rule wins.
Scope and Who We Are
"We", "us" and "Richard Casino" refer to the operator behind au-richardcasino2026.com, holding a Curacao licence and serving registered Australian players over 18. This policy covers our website, mobile app, customer support channels, marketing communications, and any payment or KYC processes you complete with us.
The Information We Collect
We collect three categories of personal information, and we don't collect anything outside these unless you actively give it to us.
- Account information. Name, date of birth, residential address, email, mobile number, chosen username, password (hashed), and AU$ as your default currency.
- Verification information (KYC). Driver's licence, passport or Medicare card; proof of address (utility bill or bank statement); a selfie for liveness checks where risk scoring requires it; payment-method ownership proof.
- Activity information. Game-play history, deposit and withdrawal history, IP address at login, device fingerprint, cookie preferences, support chat transcripts, marketing-channel responses.
Australian Privacy Principle 3 limits us to information reasonably necessary for our functions. We don't collect medical data, biometric data outside the liveness check, sexual orientation, religious affiliation or political opinions.
Why We Collect It (Purpose, APP 6)
Each category serves a defined purpose. We don't repurpose data — if we want to use information for a new reason later, we ask you again.
- Account information — to open and run your account, accept deposits and pay withdrawals in AU$.
- KYC information — to comply with AUSTRAC anti-money-laundering obligations, verify age (18+), and prevent fraud and self-exclusion breaches.
- Activity information — to detect bonus abuse, identify problem-gambling indicators, run analytics that improve the lobby, and where you've opted in, to send marketing.
Lawful Basis and Consent
Australian privacy law uses a "reasonable expectations" framework rather than the EU's strict consent model, but we still ask for explicit opt-in to marketing and to non-essential cookies. KYC is collected because we are legally required to verify your identity before a withdrawal — you may decline, in which case we cannot process payouts, but the data is not used for marketing.
How Long We Keep It
| Category | Retention | Reason |
|---|---|---|
| Account profile | For the life of the account, then 7 years | AUSTRAC AML record-keeping |
| KYC documents | 7 years from account closure | AUSTRAC and Curacao licensing |
| Transaction logs | 7 years from transaction | AUSTRAC and tax compliance |
| Marketing consent log | 3 years after withdrawal of consent | Spam Act 2003 audit |
| Support chat transcripts | 2 years | Quality and dispute resolution |
| Cookie analytics | 2 years (truncated IP) | Trend analysis |
After retention windows expire, we delete or de-identify records on a rolling monthly cycle.
Who We Share Information With
We disclose personal information only to parties listed below, only for the stated purpose, under written agreements requiring equivalent privacy standards.
- Payments providers — to process AU$ deposits and withdrawals through PayID, POLi, BPAY, Neosurf, Visa, Mastercard.
- KYC verification provider — to confirm document authenticity and run liveness checks.
- Game studios (Pragmatic Play, BGaming, Hacksaw, Nolimit, Evolution and others) — only your in-game session ID and stake; never your name or contact details.
- Cloud hosting — encrypted at rest in EU and AU regions; encryption keys held by us.
- Regulators and law enforcement — when legally compelled or as part of an AUSTRAC SMR.
- Responsible-gambling registers — BetStop check on every account creation and reactivation.
Cross-Border Disclosure (APP 8)
Some of our processors are based outside Australia — payments providers in the EU, KYC partners in the EU and UK. Before sharing, we satisfy ourselves that the receiving entity meets standards substantially similar to the APPs, or we obtain your specific consent. By using Richard Casino you accept that personal information may be processed outside Australia for the purposes set out above.
Security and Breach Notification
Passwords are hashed with bcrypt; payments and KYC documents are encrypted in transit (TLS 1.3) and at rest (AES-256). Internal access is on a need-to-know basis with logged audit trails. If a breach occurs that is likely to cause serious harm, we will notify affected players and the Office of the Australian Information Commissioner within 72 hours, in line with the Notifiable Data Breaches scheme.
Your Rights Under the APPs
- Access (APP 12). Email [email protected] for a copy of your personal information; we respond inside thirty days.
- Correction (APP 13). If something is inaccurate, write to the same address; corrections are made within fourteen days.
- Marketing opt-out. Click unsubscribe in any marketing email or text STOP to any SMS — opt-outs are honoured inside five business days.
- Anonymity (APP 2). Available where lawful and practical — but not for KYC or transactions, where the law requires we know who you are.
- Complaint. Raise it with us first; if unresolved within thirty days, escalate to the OAIC at oaic.gov.au or 1300 363 992.
Children
Richard Casino is for adults aged eighteen and over. We don't knowingly collect personal information from minors. Accounts found to belong to under-eighteens are closed immediately and any deposit refunded in full. Parents who suspect a minor in their household has registered should email [email protected] with the email address used.
Cookies, Tracking and Analytics
For the technical detail on cookies — categories, third parties, retention and how to switch them off in any major browser — see our Cookies Policy. The short version: only strictly necessary cookies fire by default; everything else waits for your consent banner choice.
Changes to This Policy
We update this policy when our practices, providers or the law change. Material changes are flagged at the top of the page for thirty days and emailed to verified account holders. The version date below is authoritative.
Contact
For privacy questions, requests or complaints: [email protected]. For account closure or self-exclusion: [email protected]. For everything else, live chat is open 24/7. The OAIC's contact details for unresolved matters: oaic.gov.au · 1300 363 992 · GPO Box 5288, Sydney NSW 2001.
Version date: 2026-05-08.