1. Jurisdiction and legal basis for data processing
Vegazone processes personal information in accordance with Australian law. The key legislative instrument is the Australian Privacy Act 1988. It establishes 13 mandatory principles and applies to operators whose annual turnover exceeds 3 million AUD. Data processing is carried out on the basis of a lawful basis for processing, meaning there must be a legally permissible reason for each operation performed on the data.
Vegazone acts as a data controller, meaning it determines the purposes and means of processing. The legal bases include the performance of contractual obligations within 30 days from the date of registration, as well as a statutory obligation to retain transactional data for at least 5 years.
The internal compliance framework is updated at least once every 12 months. Oversight of compliance is carried out by the relevant supervisory authority in Australia within the scope of its powers.
2. Categories of data collected and sources
Vegazone collects sensitive data only to the extent necessary to fulfil its obligations. Registration requires 6 mandatory fields: name, date of birth, address, email, phone number, and country of residence. In addition, transaction history is recorded for the entire period of account activity with no limit on the number of operations.
Technical parameters are recorded automatically. IP address logging is used, with logs stored for up to 12 months. Device identification is performed using at least 5 technical parameters: device type, operating system, browser version, system language, and time zone. GeoIP tracking is used with accuracy down to the city level.
Cookie identifiers (unique browser identifiers) are created on the first visit and remain valid from 30 to 365 days. The principle of data minimisation means that excessive information is not requested and is not stored for longer than 90 days in the absence of a legal basis.
3. Purposes of processing and operational procedures
The primary purpose of processing personal information is the performance of contractual obligations, including the processing of bets and transactions. Data processing is also necessary to ensure AML/CTF compliance. All transactions are checked for compliance with legal requirements. This includes automated monitoring of financial operations to prevent fraud and detect suspicious activity.
Player identity verification is carried out as part of the KYC (Know Your Customer) procedure. The system requests verification documents such as copies of passports or driver licences, as well as documents confirming the source of funds.
Regulatory reporting and audit trails are provided upon request by supervisory authorities. All player actions, including bets and deposits, are recorded and analysed in order to assess risks, prevent unlawful activity and ensure compliance. All information is used solely for the purposes of complying with the law, preventing fraud and ensuring the security of gameplay.
4. Disclosure to third parties and cross-border data transfers
Vegazone does not sell or rent players’ personal data. However, the disclosure of personal data may be mandatory in cases provided for by law. For example, when receiving requests from courts, law enforcement agencies or other government bodies, where this is necessary to protect the legitimate interests of the company.
Data may be disclosed to third-party service providers, including payment service operators for transaction processing, such as Wirecard Bank AG, under their privacy policy. These providers are required to comply with data protection standards equivalent to those applied by Vegazone.
Cross-border data transfer may occur where servers located outside Australia are used, with compliance maintained with applicable local and international information protection standards. All such data transfers are carried out strictly in accordance with international agreements and legal requirements. Where required, explicit player consent is obtained for processing data overseas.
5. Retention periods and archiving rules
Player data is retained in accordance with legislative requirements, including rules established to combat money laundering and prevent financial crime. The data retention period is at least 5 years from the date of the last transaction or account closure. This is a mandatory requirement in the context of competition and tax investigations.
After a player account is closed, data will be stored in archive form to comply with statutory obligations. This information may only be used in response to requests from competent authorities for the investigation of financial, tax or criminal matters. Requests for data deletion before the expiry of this period are not accepted.
All transactions and records of player activity are stored in electronic archives protected by secure data storage. These measures are taken to prevent data leaks and unauthorised access, as well as to ensure compliance with all legal requirements. Archived data is processed exclusively for legal purposes and is accessible only to authorised bodies.
6. User rights and contact procedure
In accordance with the Australian Privacy Principles (APPs), players have the right to access their personal information processed by Vegazone. This includes the right to correct or delete data if it is inaccurate or out of date. Players can also request restrictions on data processing in certain cases, for example where processing does not align with the purposes for which the data was originally collected.
If you wish to withdraw your consent to data processing or stop receiving marketing materials, you can do so by contacting customer service at: [email protected]. You may also opt out of receiving promotional messages at any time by sending a request to this email address.
If you believe that your privacy rights have been breached, you have the right to lodge a complaint with the Office of the Australian Information Commissioner. In the event of a dispute, we aim to resolve it within the OAIC complaint procedure, which ensures compliance with all legal requirements and privacy standards.
6. Technical and organisational information security measures
Vegazone takes all reasonable steps to ensure secure data storage and prevent unauthorised access. All personal information is transmitted via secure channels using encryption that meets encrypted transmission standards. Our servers use TLS (Transport Layer Security) technology to protect data in transit, ensuring a high level of security.
Organisational measures also include strict access control: access to personal information is granted only to those employees who require it to perform their duties. These measures include regular audits, monitoring, and staff training.
To prevent data breaches, cybersecurity measures are implemented, including firewalls, intrusion detection systems and other security tools. In the event of a suspected security incident, an immediate investigation is conducted and, where necessary, relevant authorities and affected users are notified. We strictly comply with all legal requirements relating to the protection of personal information.
7. Use of cookies and tracking tools
Vegazone uses cookies to improve service quality and analyse user behaviour on the site. These small text files are placed on the user’s device when visiting the site and contain information that helps us tailor the interface and improve the user experience. For example, cookie identifiers allow us to remember user preferences such as interface language or region, in order to enhance usability.
An important category is functional cookies, which help us analyse how users interact with the site, which pages they visit and which actions they perform. This information is used to optimise site performance. We also use advertising cookies to track the effectiveness of advertising campaigns and to deliver more personalised advertising.
Users can configure their browsers to limit the use of cookies, block them or delete them. However, please note that refusing certain cookies may limit the functionality of the site, including access to personal accounts or gaming services.
8. Changes to this privacy policy
Vegazone reserves the right to update this Privacy Policy from time to time to reflect current legal requirements or to improve service quality. Where changes concern material aspects, such as the purposes of data processing or the third parties to whom data is disclosed, we will notify users by email or via a notice on the site.
Continued use of the site and services after changes have been made to this Privacy Policy will be taken as acceptance of the updated terms. We strongly recommend that users review this policy periodically to stay informed about any updates.
Any questions about changes, as well as requests for clarification of privacy terms, can be sent by email to [email protected]. We aim to keep our users fully informed of any changes and to ensure transparency in relation to the collection, processing and protection of personal information.