Privacy Policy

This Privacy Policy explains how Velvet Spins, operated through the website velvetspins-aussie.com, collects, uses, discloses and protects personal information of players and website visitors. It applies to all users who access or use our website, register an account, participate in games or promotions, or otherwise interact with our services. By using our services, you acknowledge and agree to the practices described in this Privacy Policy. This Privacy Policy is effective from 1 January 2026 and supersedes any prior versions.

Who We Are

For the purposes of this Privacy Policy, references to "we", "us", "our", "Velvet Spins" or "Velvet Spins" refer to the operator of the website https://velvetspins-aussie.com.

Please note that, as of January 2026, publicly verifiable corporate details (including full legal entity name, registered office and licence jurisdiction) are not disclosed on the website or in accessible public registers. The operator targets players in Australia and New Zealand on a grey-market basis and does not display an active licence from Tier-1 regulators (such as the MGA, UKGC) or a standard Curaçao master licence.

Until such time as full legal entity details are published on our website, all privacy-related enquiries, requests and complaints should be directed to our dedicated data contact channels below. For the purposes of this Policy, these channels act as our data protection contact point (similar to a Data Protection Officer function):

• Primary support and privacy contact: [email protected]
• KYC and identity documents contact: [email protected]
• Website: https://velvetspins-aussie.com
• Terms and Conditions: https://velvetspins-aussie.com/terms-conditions
• Privacy page: https://velvetspins-aussie.com/privacy

Because our legal address and company registration number are not yet publicly disclosed, you should contact us by email for any questions about how your personal information is handled. We may update this section once full legal entity details are available.

What Personal Data We Collect

When you use Velvet Spins via velvetspins-aussie.com, we collect and process various categories of personal and technical data. The specific data processed may depend on how you interact with our services.

Identity and Contact Data

• Full name, date of birth and gender (where provided).
• Residential address, country of residence and postcode.
• Email address and telephone number(s).
• Verification documents provided for KYC or age/identity checks (e.g. copies of passport, driver's licence, national ID, utility bills, bank statements), typically submitted via [email protected] or other secure channels.

Account and Usage Data

• Username, account ID, passwords (stored in hashed form), security questions and answers.
• Account registration details and changes (time, date and method of registration, referral information).
• Game and betting history, including stakes, outcomes, wins/losses, bonus usage, session duration and frequency of play.
• Interaction with customer support (emails, chat logs, complaints, requests and their resolution).

Technical and Device Data

• IP address and approximate geolocation derived from it.
• Device identifiers and characteristics (device type, operating system, browser type and version, language settings, screen resolution).
• Log data relating to your visits and actions on the site (pages viewed, links clicked, time and date of visits, referral URLs).
• Technical error logs and performance data used to diagnose and fix issues.

Payment and Financial Data

• Limited payment instrument data, such as masked card numbers (BIN and last digits), card type and expiry date, or wallet identifiers, as provided to us by payment processors.
• Deposit and withdrawal records, including amounts, currencies, timestamps and transaction identifiers.
• Details of payment methods used (bank transfer, card provider, e-wallet provider, voucher services) as necessary for processing and anti-fraud checks.

Behavioural and Profile Data

• Betting patterns, game preferences and time spent on different games.
• Promotional interactions (emails opened, banners clicked, bonuses claimed, participation in tournaments or loyalty programs).
• Responsible gambling signals and limits you set (deposit limits, loss limits, cool-off or self-exclusion requests) and our interaction with those settings.

Cookies and Similar Technologies

• Cookies, web beacons, pixels and similar tracking technologies to recognise your browser or device, remember preferences and obtain analytics on site usage.
• Unique identifiers associated with cookies or device IDs used for security, fraud-prevention and advertising (where permitted).

You can find more details about cookies in the section "Cookies & Tracking Technologies" below.

Legal Basis for Processing

We process personal data only where we have a lawful basis to do so. These bases are informed by international standards such as the EU General Data Protection Regulation (GDPR), and we aim to align with Australian privacy principles as reflected in the Privacy Act 1988 (Cth) and the Australian Privacy Principles, even though we may not be formally regulated under those laws in every respect.

Performance of a Contract

• To create, maintain and operate your player account, provide access to games, process deposits and withdrawals and manage your participation in promotions, we must process identity, contact, account, payment and usage data.
• Without such data, we would not be able to fulfil the services you request, including paying out winnings and handling customer support.

Compliance with Legal and Regulatory Obligations

• To comply with obligations related to anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, age verification and responsible gambling, we process identity documents, transaction data and behavioural patterns.
• We may retain specific records for minimum periods required or considered prudent under applicable financial and gambling-related standards, even though a clear licensing jurisdiction is not publicly verifiable as of January 2026.

Legitimate Interests

• Security and fraud prevention: Monitoring accounts and transactions to detect and prevent suspicious activity, misuse of bonuses, chargebacks or unauthorised access.
• Improvement of services: Analysing aggregated or pseudonymised usage data to improve platform performance, game offering and user experience.
• Business operations: Maintaining internal records, conducting audits, analysing revenue and managing risk for the ongoing operation of Velvet Spins.

Where we rely on legitimate interests, we balance these interests against your privacy rights and implement safeguards (for example, pseudonymisation, access controls and limited retention).

Consent

• For certain marketing communications (such as promotional emails or SMS), the placement of non-essential cookies and personalised advertising, we obtain your prior consent where required by applicable law.
• You may withdraw your consent at any time via the mechanisms described in the "Your Rights" and "Cookies & Tracking Technologies" sections, or by contacting [email protected].

Purpose of Processing

We process your personal data for the following purposes:

• Provision of casino services:
  • Opening and managing your account, verifying your eligibility to play, providing access to games, processing deposits and withdrawals and paying out winnings.
  • Managing bonuses, loyalty rewards, tournaments and other promotional features.
• Customer support and communication:
  • Responding to your enquiries, complaints or technical issues via email or other channels.
  • Sending important service messages about account security, changes to terms, privacy updates or service disruptions.
• Service improvement and analytics:
  • Analysing how players use our website and games to improve functionality, stability, security and user experience.
  • Conducting statistical analysis on an aggregated or pseudonymised basis to understand performance and trends.
• Marketing and personalisation:
  • Sending you marketing communications about our services, promotions and special offers, where permitted by law and in line with your preferences.
  • Customising content and offers displayed to you on our site or within emails, based on your previous activity and preferences.
• Fraud prevention, risk management and AML/CTF compliance:
  • Monitoring transactions and behaviour to detect suspicious patterns and prevent fraud, money laundering, bonus abuse and other prohibited activity.
  • Verifying your identity, age and location, and carrying out risk assessments where necessary.
• Legal, regulatory and enforcement purposes:
  • Responding to lawful requests from competent authorities, complying with recordkeeping requirements and exercising or defending legal claims.

Disclosure & Sharing

We do not sell your personal data. However, we may share your information with selected third parties where necessary for the purposes described in this Privacy Policy, subject to appropriate safeguards.

Service Providers and Business Partners

• Payment processors and financial institutions: To process deposits, withdrawals, refunds and chargebacks; to verify card or account ownership; and to conduct fraud and risk checks.
• Game and platform providers: Software providers (for example, RealTime Gaming (RTG) and related certified engines) that supply and maintain our gaming content and platform infrastructure. While GLI certification extends to the RTG software engine until at least 2026, it does not directly certify Velvet Spins as an operator.
• IT and infrastructure providers: Hosting, cloud storage, content delivery networks, email delivery and security services that enable us to operate the website and safeguard data.
• Analytics and performance tools: Third-party analytics services to help us understand site usage and improve performance, generally using pseudonymised or aggregated data.

Regulators, Authorities and Dispute Resolution Bodies

• Where required or considered reasonably necessary, we may disclose data to law enforcement, regulatory authorities, tax authorities or courts, based on a lawful request or to protect our rights, property or safety or those of our users or third parties.
• In the event of serious disputes or suspected unlawful activity, data may be shared with fraud-prevention agencies or other operators, to the extent allowed by applicable law.

Affiliates and Advertising Networks

• We may work with marketing affiliates who refer players to velvet-spins-aussie.com. Affiliates generally receive limited information, such as aggregated statistics about players they referred; they do not usually receive full personal details.
• Where we use advertising networks or third-party marketing platforms for targeted advertising, certain pseudonymised identifiers or cookie data may be shared, but only where permitted by law and, where required, based on your consent for marketing cookies.

Corporate Transactions

• In the event of a business restructuring, acquisition, merger or transfer of assets involving Velvet Spins or related entities, personal data may be disclosed to prospective or actual buyers and their advisers, subject to confidentiality obligations and applicable law.

We require all recipients of your data to respect its confidentiality and to process it only for the specified purposes and in accordance with appropriate contractual and technical safeguards.

International Transfers

Because Velvet Spins operates online and uses international hosting and service providers, your personal data may be transferred to, stored in or accessed from countries outside your country of residence, including outside Australia and the European Economic Area (EEA).

• Data may be processed in jurisdictions where our servers, payment processors, game providers, analytics providers or support teams are located. These may include, for example, countries in Europe, Asia, North America or the Caribbean.
• Where we transfer personal data originating from the EEA, UK or other regions with specific transfer rules, we aim to rely on appropriate safeguards such as:
  • standard contractual clauses (SCCs) approved by the European Commission or other relevant authorities; and/or
  • other legally recognised mechanisms providing an adequate level of data protection.
• For users in Australia and New Zealand, we take reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with this Privacy Policy and with generally accepted international privacy standards, even where local law may not provide the same level of protection.

By using velvet-spins-aussie.com, you acknowledge that your personal data may be processed in countries that may have different data protection regimes from your country of residence. In all cases, we seek to implement technical, contractual and organisational safeguards to protect your data.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or to satisfy legal, regulatory, accounting or reporting requirements, and then securely delete or irreversibly anonymise it.

General Retention Periods

• Account and identity data: Typically retained for the lifetime of your account and for up to five (5) years after account closure, to comply with AML/CTF expectations, handle disputes, prevent abuse and maintain necessary business records.
• Transaction and payment records: Usually retained for five (5) to seven (7) years, in line with financial recordkeeping norms and potential legal or tax obligations.
• Game and betting history: Retained while your account is active and for up to five (5) years after closure, primarily for responsible gambling, fraud prevention and dispute resolution purposes.
• Marketing and communications data: Retained while you remain subscribed and for a short period (up to two (2) years) after you opt out, to maintain records of your preferences and consent history.
• Technical logs and security data: Retained for shorter periods, typically six (6) months to three (3) years, depending on the nature of the data and our security needs.

Deletion Criteria

• When the data is no longer required for the specific purposes for which it was collected.
• When statutory or recommended retention periods have expired.
• When you lawfully request deletion and we are not required or permitted to retain it for longer.

In some cases we may retain anonymised or aggregated data that no longer identifies you, for statistical, research or analytical purposes.

Your Rights

We aim to align our privacy practices with widely recognised standards such as the GDPR and with core principles found in other data protection regimes (including Mexican data protection regulations and the Australian Privacy Principles), even though our primary target market is Australia and New Zealand and our licensing jurisdiction is not clearly displayed.

Subject to applicable law and to certain limitations (for example, where we must retain data for AML or legal reasons), you may have the following rights:

Right of Access

• You can request confirmation of whether we process your personal data and, where this is the case, receive a copy of your personal data and certain related information (for example, categories of data, purposes of processing, categories of recipients and retention periods).

Right to Rectification

• You can request that we correct inaccurate personal data or complete incomplete data. You should keep your account information accurate and up to date to ensure correct service delivery and communication.

Right to Erasure ("Right to be Forgotten")

• You can request deletion of your personal data where:
  • the data is no longer necessary for the purposes for which it was collected;
  • you withdraw consent (where processing is based on consent) and there is no other legal ground for processing; or
  • you object to processing and we have no overriding legitimate grounds.
• We may refuse or delay deletion where retention is required or justified by legal, regulatory or security obligations (for example, AML/CTF, fraud prevention, recordkeeping or dispute resolution).

Right to Restrict Processing

• You can request that we restrict processing of your data in certain situations, such as when you contest the accuracy of the data, or when processing is unlawful but you prefer restriction over deletion.

Right to Object

• You can object to processing of your personal data based on our legitimate interests, including profiling, where you believe your rights and freedoms outweigh our interests.
• You have an absolute right to object to the use of your personal data for direct marketing (including related profiling). If you object, we will stop processing your data for marketing purposes.

Right to Data Portability

• Where technically feasible and required by applicable law, you can request that we provide you with certain personal data you have provided to us in a structured, commonly used and machine-readable format, or that we transmit it to another controller.

Right to Withdraw Consent

• If we rely on your consent for specific processing (for example, marketing emails or certain cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Procedures, Timeframes and Charges

• To exercise any of the above rights, contact us at [email protected] and clearly describe your request and the right you wish to exercise. You may be asked to verify your identity before we act on your request.
• We aim to respond to all valid requests within 30 days of receipt. If your request is complex or we receive multiple requests, we may extend this period by a further 30 days, and we will inform you of any such extension.
• In principle, we handle your request free of charge. However, where a request is manifestly unfounded or excessive (for example, repeated requests), we may charge a reasonable fee or refuse to act, as permitted by law.

These rights exist alongside rights you may have under specific national frameworks (for example, Mexican data protection laws or the EU GDPR) where applicable. Our commitment is to provide a level of protection that is substantively in line with those frameworks, even though our main focus is on Australian and New Zealand users.

Cookies & Tracking Technologies

We use cookies and similar technologies on velvetspins-aussie.com to provide, protect and improve our services. Cookies are small text files stored on your device that enable us to recognise your browser and remember certain information.

Types of Cookies We Use

• Session cookies: Temporary cookies that are deleted when you close your browser. They help us keep you logged in during a session, manage game sessions and ensure the website functions correctly.
• Persistent cookies: Cookies that remain on your device for a defined period or until you delete them. They allow us to remember your preferences (such as language settings) and recognise you when you return.
• First-party cookies: Cookies placed by velvetspins-aussie.com to operate the site and collect analytics.
• Third-party cookies: Cookies set by third-party service providers, such as analytics tools, advertising networks or social media plugins.

Purposes of Cookies

• Strictly necessary and functional cookies: Required for essential website functions, such as navigation, access to secure areas, and enabling gameplay and payment flows. These cookies cannot be disabled via our cookie tools because the site cannot function properly without them.
• Analytics and performance cookies: Help us understand how visitors use the site, which pages are most popular and how players interact with games. This information is used in aggregated form to improve our services.
• Advertising and marketing cookies: Used to deliver advertising that is more relevant to you and to measure the effectiveness of our marketing campaigns. These cookies may track your browsing activity across websites, subject to applicable laws and, where required, your consent.

Managing Cookies

• You can manage or disable cookies via your browser settings. Most browsers allow you to:
  • see which cookies are stored and delete them individually;
  • block third-party cookies;
  • block cookies from specific sites;
  • block all cookies; or
  • delete all cookies when closing the browser.
• Disabling or blocking certain cookies (especially strictly necessary ones) may affect the functioning of velvetspins-aussie.com and limit your ability to use some features or games.
• Where available, we may provide an internal preference panel or banner that allows you to accept or reject non-essential cookies (such as analytics or advertising cookies). Your choices will be stored, usually via a cookie.

Data Security

We take the security of your personal data seriously and implement a range of technical and organisational measures designed to protect it against unauthorised access, disclosure, alteration or destruction.

Technical Measures

• Encryption in transit: Data exchanged between your browser and velvetspins-aussie.com is protected by modern encryption protocols (such as TLS 1.2 or higher), aiming to prevent interception and tampering.
• Encryption at rest: Sensitive data is stored using industry-standard encryption, hashing and tokenisation techniques where appropriate (for example, hashed passwords and encrypted sensitive records).
• Access controls: Access to systems and databases is restricted to authorised personnel and systems based on a need-to-know and least-privilege principle.
• Network and infrastructure security: Firewalls, intrusion detection and prevention systems and other security tools are used to monitor and protect our infrastructure from unauthorised access and attacks.

Organisational Measures

• Staff training and awareness: Personnel with access to personal data receive guidance on data protection, confidentiality and security best practices.
• Policies and procedures: Internal policies govern the handling of personal data, incident response, access management and vendor risk management.
• Incident response: We maintain procedures for detecting, investigating and responding to suspected personal data breaches. Where required by law, we will notify affected users and relevant authorities without undue delay.

While we strive to follow recognised international security standards (such as the principles underlying ISO 27001 or SOC 2 frameworks), Velvet Spins has not publicly claimed formal certification under these standards as of January 2026. No method of transmission or storage is entirely secure, and we cannot guarantee absolute security, but we are committed to continuously improving our security controls.

Complaints & Contacts

If you have questions, concerns or complaints about this Privacy Policy or how we handle your personal data, you can contact us using the details below.

Contact Channels

• General and privacy enquiries: [email protected]
• KYC and document submissions: [email protected]

Internal Complaint Procedure

1. Submit your complaint: Send an email to [email protected] with:
   • your full name and account ID (if applicable);
   • a clear description of your concern or complaint; and
   • any relevant supporting documentation or screenshots.
2. Acknowledgement: We aim to acknowledge receipt of your complaint within 5 business days.
3. Investigation: Your complaint will be reviewed by the appropriate support or compliance personnel. We may contact you if further information or clarification is needed.
4. Response: We aim to provide a substantive response within 30 days of receiving all necessary information. If we cannot meet this timeframe due to complexity or volume of complaints, we will inform you of the delay and provide an updated timeline.

Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that your data protection rights have been infringed, you may have the right to lodge a complaint with a relevant data protection or privacy authority. Depending on your place of residence, this may include:

• Australia: Office of the Australian Information Commissioner (OAIC) - see https://www.oaic.gov.au for up-to-date contact details and complaint forms.
• European Union / EEA: Your local Data Protection Authority (DPA) in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement. Contact details are available via the European Data Protection Board at https://edpb.europa.eu.
• Mexico: The Mexican data protection authority (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI), via the channels provided on https://www.inai.org.mx, if Mexican data protection rules are applicable to your situation.

Please note that the ability to lodge a complaint with a particular authority depends on your location, the origin of your data and the scope of that authority's jurisdiction.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we make material changes, we will take reasonable steps to notify you.

Notification Procedures

• Website notice: Posting the updated Privacy Policy on https://velvetspins-aussie.com/privacy with a revised "Last updated" date.
• Email notification: Where changes are material and we have your email address, sending a notice to your registered email address.
• In-account or banner alerts: Displaying notifications or banners in your account area or on the website to draw your attention to significant updates.

Advance Notice and User Options

• For changes that materially affect your rights or the way we use your personal data, we will, where feasible, provide at least 30 days' advance notice before the new policy takes effect.
• If you do not agree with the updated Privacy Policy, you may choose to:
  • discontinue using velvetspins-aussie.com; and
  • request account closure and, where applicable, exercise your rights (such as data deletion or restriction) by contacting [email protected].

Last updated: January 2026