Privacy Policy

This Privacy Policy explains how Primaplay, operating via the website primaplay-aussie.com, collects, uses, stores, discloses and protects personal information of players and website visitors. It applies to all users who access or use our services, including browsing the site, creating an account, depositing or withdrawing funds, and participating in any games or promotions. By using our services, you acknowledge that you have read and understood this Policy. This Privacy Policy is effective from 1 January 2026 and supersedes any prior versions published for this website.

Who We Are

Primaplay is the AU-facing online brand of the global PrimaPlay group, operated through the website https://primaplay-aussie.com. The PrimaPlay group uses a Curaçao gaming structure for liability and licensing purposes. Due to incomplete source data, the exact full legal entity name, registered address, and company registration number of the operating company are not specified in this version of the Policy. When these details are formally confirmed, they will be inserted here and clearly marked in an updated version of this Privacy Policy.

The PrimaPlay group is historically associated with Internet Gaming Services (the corporate group behind iNetBet) and operates from a Curaçao jurisdiction framework under a sub-licence arrangement with Curaçao eGaming. As at early 2026, licence number validation is opaque and the clickable validator is frequently absent. For Australian law purposes, you should treat the service as an offshore, effectively unregulated online casino.

Data Protection Contact

We have designated a data protection contact point responsible for privacy matters and for handling requests related to this Policy and to your personal information.

• Email (support and rights requests): [email protected]
• Email (general and legal enquiries): [email protected]
• Website: https://primaplay-aussie.com
• Postal address: To be confirmed; until then, please direct all communications via email.

For the purposes of this Policy we refer to this contact point as our "Data Protection Officer" (DPO), although under Australian law a formal DPO appointment is not mandatory for all organisations. You may contact the DPO using the details above for any privacy-related questions, complaints, or rights requests.

What Personal Data We Collect

We collect only the information that is necessary to provide our services, meet our legal obligations, protect our legitimate interests (such as fraud prevention) and improve user experience. The categories of personal data we may collect include:

Identity and Contact Data

• Identification details: full name, username, date of birth, gender (where provided), country of residence.
• Contact details: email address, telephone number (if provided), postal address (if requested for verification or payment purposes).
• Verification data: copies or details of identification documents (e.g. passport, ID card, driver's licence), proof of address (e.g. utility bill, bank statement), and any information required for "Know Your Customer" (KYC) and anti-money laundering (AML) checks.

Account and Behavioral Data

• Account information: account ID, registration date, login credentials (stored in encrypted format), account status, communication preferences.
• Gameplay and betting history: game sessions, wagers placed, wins and losses, bonuses claimed, tournament participation, loyalty or VIP activity.
• Website and app behaviour: pages visited, clicks, time spent on specific pages, referral URLs, interaction with banners and promotions, and general usage statistics.

Technical and Log Data

• Technical identifiers: IP address, device identifiers, browser type and version, operating system, screen resolution, language settings, approximate location derived from IP (country, region, city).
• Log data: access dates and times, login and logout records, session duration, error logs, and technical event data required to ensure security and stability.

Payment and Financial Data

• Transaction details: deposits, withdrawals, payment method used, transaction timestamps, currency, and amounts.
• Payment method information: limited and tokenised payment instrument details (e.g. last digits of credit/debit card), e-wallet account identifiers, and related confirmation data, as provided by our payment partners.
• We do not store full card numbers or CVV codes on our systems; such data is processed directly by secure, PCI-compliant payment providers.

Communications and Support Data

• Support interactions: emails sent to [email protected] or [email protected], internal messages, chat logs (if available), and records of requests or complaints.
• Responsible gaming data: self-exclusion requests, account limits, cooling-off requests, and notes related to responsible gambling interactions handled via our support email.

Cookies and Similar Technologies

• Cookies: small text files placed on your device to remember your preferences, maintain your session, and analyse site performance.
• Tracking technologies: web beacons, pixels, tags, and similar tools used for analytics and, where permitted, for marketing and advertising optimisation.

Where we combine non-identifiable technical or behavioural data with personal data, we treat the combined information as personal data for as long as it remains associated with an identifiable individual.

Legal Basis for Processing

Because we operate internationally and may process data of users located in jurisdictions with modern data protection laws (including the EU/EEA), we align our practices with principles similar to the EU General Data Protection Regulation (GDPR), in addition to applicable Australian privacy requirements under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Depending on the context, we rely on the following legal bases:

Performance of a Contract

• To create and manage your player account on primaplay-aussie.com.
• To process deposits, wagers, and withdrawals, manage bonuses and promotions, and provide customer support.
• To verify your age and eligibility to use our services and comply with our Terms & Conditions.

Compliance with Legal Obligations

• To conduct identity verification, KYC and AML checks required by our licensing and regulatory obligations within our operating jurisdiction.
• To prevent, detect, and report suspicious activities, money laundering or fraud to relevant authorities where required.
• To respond to lawful requests, court orders, or regulatory investigations, including those from Curaçao authorities or other competent bodies.

Legitimate Interests

• To maintain the security and integrity of our platform, including monitoring for abuse, cheating, chargebacks, and breaches of our Terms & Conditions.
• To analyse usage data in order to improve our website, games, features, and user experience.
• To manage business operations, including risk management, reporting, auditing and the enforcement or defence of legal claims.
• Where required by local law, we balance these interests against your rights and reasonable expectations and implement safeguards to protect your privacy.

Consent

• To send you direct marketing communications (e.g. emails or SMS about promotions, new games and bonuses) when you have opted in, or where otherwise allowed under applicable anti-spam and privacy laws.
• To use non-essential cookies and similar technologies for analytics and advertising, where consent is required.
• You may withdraw your consent at any time via your account settings (where available) or by contacting us at [email protected]. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

In some cases, multiple legal bases may apply simultaneously (for example, payment transaction data may be processed both to perform the contract and to meet AML requirements).

Purpose of Processing

We process personal data for specific, explicit and legitimate purposes and do not further process it in a manner that is incompatible with those purposes. The main purposes are:

• Providing and operating our services: creating and maintaining your account, enabling gameplay, processing transactions, calculating and paying winnings, administering bonuses and promotions, and providing customer support.
• Compliance and risk management: performing identity verification, KYC and AML checks, enforcing our Terms & Conditions, preventing underage gambling, and detecting prohibited or suspicious activities.
• Service improvement and analytics: monitoring website performance, understanding how users interact with games and features, fixing bugs, optimising our offerings and enhancing overall user experience.
• Marketing and promotions: sending you tailored offers, newsletters, promotions or surveys, subject to your consent or lawful interest; managing affiliate marketing and tracking the effectiveness of campaigns.
• Responsible gambling: managing self-exclusion requests, deposit and loss limits, cooling-off periods and related tools designed to assist safe gambling behaviour.
• Security and fraud prevention: protecting our systems and your account from unauthorised access, fraud, chargebacks, bonus abuse and other forms of misuse.
• Legal and regulatory purposes: responding to regulatory requests, complying with record-keeping obligations, and defending or establishing legal claims.

Disclosure & Sharing

We treat your personal data as confidential. We only disclose it to third parties where necessary for the purposes described in this Policy, where we have a legal obligation or where you have provided consent. Categories of recipients include:

Service Providers and Business Partners

• Payment processors and financial institutions: banks, card schemes, e-wallet providers, voucher providers and other payment services that process deposits, withdrawals and related transactions on our behalf.
• Technical and hosting providers: companies that provide data storage, hosting, content delivery networks, IT support and platform maintenance.
• Game and software providers: real money gaming software suppliers (e.g. RTG and other providers engaged by the PrimaPlay group) for the purpose of delivering games and ensuring game integrity and fairness.
• Analytics and anti-fraud partners: tools and services used to monitor traffic, combat fraud and verify user identities.

Affiliates and Marketing Partners

• Affiliated brands within the wider PrimaPlay or Internet Gaming Services group (including sister sites such as iNetBet) for internal administrative, reporting and risk-management purposes, and to maintain consistent responsible gaming measures.
• Affiliate and advertising networks, subject to applicable consents, for tracking marketing campaign performance and, where allowed, for delivering personalised promotional content.

Regulators and Authorities

• Regulatory authorities and licensing bodies in our operating jurisdiction (e.g. Curaçao eGaming) and other relevant authorities as required to comply with applicable law and our licensing conditions.
• Law enforcement agencies, courts, or government bodies when we are legally required to disclose information or when disclosure is necessary to protect our rights or the rights of others.

Corporate Transactions

• Potential or actual purchasers, investors, or partners (and their professional advisers) in connection with a merger, acquisition, asset sale, restructuring, or similar corporate transaction, subject to confidentiality safeguards and only to the extent necessary.

Where we share data with third-party processors, we require them by contract to process personal data only on our documented instructions, to implement appropriate security measures, and not to use the data for their own independent purposes.

International Transfers

Primaplay operates as an offshore online casino that accepts Australian players while its operational and technical infrastructure may be located outside Australia, including in the European Union (EU), the European Economic Area (EEA), Curaçao and other jurisdictions where our service providers are based.

• Your data may be transferred to and processed in countries that may not offer the same level of data protection as your home jurisdiction. In particular, data may be processed in Curaçao (our primary gaming jurisdiction), EU/EEA member states (where some hosting, analytics and payment partners may be located), and other countries where our group companies or service providers operate.
• Where we transfer personal data from the EU/EEA to countries not recognised as providing an adequate level of protection, we aim to implement appropriate safeguards, such as standard contractual clauses (SCCs) approved by the European Commission or equivalent contractual protections.
• As at early 2026, there is no active EU - US Privacy Shield framework; any transfers to service providers in the United States or similar jurisdictions will rely on SCCs or other legally recognised mechanisms where required.
• Australian privacy law allows for cross-border disclosures provided we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in respect of your personal information, or another exception applies. By using our services, you acknowledge these cross-border transfers.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations, resolving disputes, and enforcing our agreements. Retention periods may vary depending on the category of data and applicable legal requirements in our operating jurisdiction.

• Account and identification data: generally kept for the duration of your account and for up to 5 years after account closure, to comply with AML/KYC obligations, resolve disputes, and prevent fraud or re-registration by banned users.
• Transaction and payment data: retained for at least 5 - 7 years from the date of the relevant transaction or the end of the business relationship, in line with financial and AML record-keeping requirements.
• Gameplay and behavioural data: kept for the lifetime of the account and for a limited period (typically up to 5 years) after closure to assist with responsible gambling history, dispute handling and fraud prevention.
• Marketing data: retained until you withdraw your consent or opt out of marketing communications, after which we will cease sending marketing messages and, where appropriate, retain only minimal data necessary to record your opt-out preference.
• Technical logs and security records: stored for a period necessary to ensure security, investigate incidents and comply with regulatory requests (typically 1 - 5 years, depending on the type of log and jurisdictional requirements).

Once data is no longer required, we will either securely delete or irreversibly anonymise it. If deletion is not immediately possible (for example, because data is archived in backup systems), we will securely store it and isolate it from any further processing until deletion becomes feasible.

Your Rights

We are committed to respecting your privacy rights, taking into account principles derived from GDPR and, where applicable, similar modern data protection frameworks. Although our primary target market is Australia and we operate from Curaçao, we voluntarily align with these high standards where technically and legally feasible. Depending on your jurisdiction and subject to legal limitations, you may have the following rights:

• Right of access: to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of your data together with certain additional information (such as purposes, categories of data and recipients).
• Right to rectification: to request that inaccurate or incomplete personal data be corrected or supplemented. In many cases you can update key details directly through your account settings.
• Right to erasure ("right to be forgotten"): to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (and no other legal ground applies) or where the data has been unlawfully processed. We may need to retain certain data where required by AML, gaming or financial laws.
• Right to restriction of processing: to request that we limit processing of your data in certain circumstances, for example while we verify its accuracy or consider an objection you have raised.
• Right to object: to object, on grounds relating to your particular situation, to processing based on our legitimate interests, and to object at any time to the use of your data for direct marketing (including profiling for marketing purposes). We will then cease such processing unless we demonstrate compelling legitimate grounds or are legally obliged to continue.
• Right to data portability: to receive certain personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit that data to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.
• Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.

Australian privacy law (and, for reference, comparable Latin American frameworks such as Mexico's Federal Law on the Protection of Personal Data Held by Private Parties) is based on similar principles of access, correction, cancellation and objection (often summarised as "ARCO rights"). Although we do not specifically target Mexico, we recognise these concepts and aim to respond to legitimate rights requests from users in a functionally similar way, subject to our legal obligations and technical limitations.

How to Exercise Your Rights

1. Submit a request: contact us at [email protected] with the subject line "Privacy Request" and specify:
   • your full name and registered username;
   • the right(s) you wish to exercise (e.g. access, rectification, deletion);
   • any additional information that will help us locate your data.
2. Verification: to protect your account and personal data, we may ask you for additional information to verify your identity before acting on your request.
3. Response time: we aim to respond to all valid requests within 30 days of receipt. If your request is particularly complex or we receive multiple requests, we may extend this period by a further 30 days; in such cases, we will inform you of the extension and the reasons.
4. Fees: we will not charge a fee for handling your request unless it is manifestly unfounded or excessive (for example, repeated requests with no reasonable basis). If a fee is applicable, we will explain why and provide a cost estimate.
5. Limitations: certain rights may be restricted by applicable law (for instance, we may be unable to delete data that we must retain for AML, tax or regulatory reasons). Where we cannot fully comply with your request, we will explain the reasons, unless we are legally prevented from doing so.

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to ensure its proper functioning, to improve performance, and to support marketing activities in accordance with applicable law. Cookies are small text files stored on your device when you visit our site.

Types of Cookies We Use

• Strictly necessary (session) cookies: essential for the operation of the website and the provision of core services, such as logging in, maintaining your session, processing transactions, and ensuring security. These cookies are usually temporary and are deleted when you close your browser.
• Functional (persistent) cookies: used to remember your preferences (such as language, region, or display settings) and to provide enhanced, more personalised features. These cookies remain on your device for a defined period or until you delete them.
• Analytics cookies: used to collect anonymous or pseudonymous information about how visitors use our site, such as pages visited, time spent and error messages. This helps us understand usage patterns and improve our services.
• Advertising and third-party cookies: set by us or third parties (such as affiliate partners or advertising networks) to deliver relevant advertisements, measure the effectiveness of campaigns, limit how often you see an ad, and help us reward affiliates. These may track your browsing across different websites, subject to applicable consent requirements.

Managing Cookies

• You can manage or disable cookies through your browser settings. Instructions are typically available in the "Help" section of your browser.
• Some browsers and devices offer additional privacy controls, such as "Do Not Track" or tracking protection features. We will respect legally binding preferences where required by local law, but some features of the site may not function correctly if certain cookies are disabled.
• Where a cookie banner or preference centre is provided on primaplay-aussie.com, you can use it to adjust your cookie settings for non-essential cookies at any time.

Please note that disabling or refusing cookies may impact your ability to log in, maintain a session, or use certain features or games on our website.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure or destruction.

Technical Measures

• Encryption in transit: data transmitted between your browser and our servers is protected using Transport Layer Security (TLS 1.2 or higher), helping to prevent interception or tampering.
• Encryption at rest: where technically feasible, sensitive data (including login credentials and certain financial identifiers) is stored using strong cryptographic methods.
• Access controls: access to production systems and databases is restricted to authorised personnel only, based on role and necessity. Strong authentication mechanisms and logging are used to monitor access.
• Network and infrastructure security: firewalls, intrusion detection/prevention systems, and other security tools are used to protect our infrastructure from unauthorised access and attacks.

Organisational Measures

• Staff training: personnel with access to personal data receive training on privacy, security, and responsible handling of sensitive information.
• Policies and procedures: internal policies address data protection, data retention, access management, incident response and acceptable use.
• Vendor due diligence: we assess critical service providers for their security practices and require appropriate contractual safeguards.

Incident Response

• We maintain processes to detect, investigate and respond to potential personal data breaches.
• In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users and, where required, relevant authorities without undue delay and in accordance with applicable law.

While we strive to follow industry best practices and to align, where appropriate, with recognised security frameworks (such as ISO/IEC 27001 principles), no system is completely secure. You are encouraged to keep your account credentials confidential, use strong passwords, and log out after each session.

Complaints & Contacts

If you have questions, concerns or complaints regarding this Privacy Policy or our handling of your personal data, you should contact us first so we can attempt to resolve the issue directly.

How to Contact Us

• Email (primary contact for privacy and support): [email protected]
• Email (general enquiries): [email protected]
• Online: if an online contact or support form is provided on https://primaplay-aussie.com, you may use it to submit your request or complaint.

Complaint Procedure

1. Submission: send us a clear description of your concern, including your account details and any supporting evidence.
2. Acknowledgement: we will acknowledge receipt of your complaint via email as soon as reasonably practicable.
3. Investigation: we will review your complaint, consult relevant internal teams, and, where necessary, request additional information.
4. Response timeframe: we aim to provide a substantive response within 30 days. If we are unable to do so, we will inform you of the delay and the expected timeframe.
5. Escalation: if you are dissatisfied with our response, you may request that the matter be escalated internally for further review.

Escalation to Supervisory Authorities

As an offshore operator serving Australian players, our primary regulatory oversight is linked to our Curaçao licensing framework. However, depending on your location and applicable law, you may have the right to lodge a complaint with a data protection or privacy authority in your jurisdiction.

• Australia: you may contact the Office of the Australian Information Commissioner (OAIC) regarding concerns about handling of your personal information:
  • Website: https://www.oaic.gov.au
• EU/EEA: if you are located in the EU/EEA, you may have the right to lodge a complaint with your local data protection authority.
• Other jurisdictions (including Mexico for reference): users may also have recourse to local privacy or consumer protection authorities where such bodies exist and have jurisdiction. While we do not specifically target Mexico, we acknowledge that Mexican users, if any, may refer to their Federal Institute for Access to Information and Data Protection (INAI) or equivalent authority in accordance with local law.

We encourage you to contact us first so we can attempt to address your concerns promptly and constructively.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or technical developments. Any new version will be posted on https://primaplay-aussie.com and will include a "Last updated" date.

Notification of Changes

• Minor changes: for non-material updates (for example, clarifications, editorial changes, or updates to contact details), we will publish the revised Policy on our website. Your continued use of our services after the effective date will constitute acceptance of the updated Policy.
• Material changes: where we make significant changes to how we process your personal data (such as introducing new processing purposes, changing key data sharing practices, or materially altering user rights), we will provide additional notice:
  • by email to the address registered on your account, where feasible; and/or
  • by prominent notice on the website (e.g. banner or dashboard alert) when you log in.

Advance Notice and Your Options

• For material changes that significantly affect your rights or the way we use your personal data, we will provide, where practicable, at least 30 days' advance notice before the changes take effect.
• If you do not agree with the updated Policy, you may choose to stop using our services and request account closure by contacting [email protected]. We may nevertheless retain certain data as required or permitted by law.

Last updated: January 2026