Crusino Privacy Policy

Last updated: June 8, 2026

This Privacy Policy explains how Crusino collects, processes, stores and protects personal information when you interact with the platform. The document applies to all users who register, browse or engage with casino services through the website operated by Dama N.V., a company registered under Curaçao gaming jurisdiction with licence number OGL/2023/174/0082. Website operation is managed by Novatrix SRL, registration number 152125, under the supervision of the Curaçao Gaming Control Board. Every interaction with the platform, from account creation to payment processing, generates data that requires lawful handling under applicable privacy frameworks. This policy outlines the scope of data collection, the purposes behind processing activities, the legal foundations for each category of use, and the rights available to users over their personal information. Understanding these procedures helps players make informed decisions about their participation in the casino environment and their control over data that connects to their identity, payment history, account activity and device interactions.

The policy covers all forms of data collected during registration, gameplay, cashier transactions, bonus participation, loyalty progression and customer support interactions. It also addresses technical data generated automatically through browser activity, session tracking and device identification. The framework applies to users from Australia and other eligible regions, excluding restricted territories listed in the Terms of Service, such as Afghanistan, Albania, Belgium, Brazil, Curaçao, France, Netherlands, Spain, Sweden, United Kingdom, United States, Ukraine and Vietnam. Users from restricted countries cannot access the platform, and any attempt to bypass geographical restrictions through VPN or proxy services triggers location verification and account security reviews. The privacy framework connects to compliance obligations under remote gaming licence requirements and anti-money laundering legislation, ensuring that data handling aligns with regulatory expectations and industry standards for transparency, user protection and responsible gaming practices.

Definitions and Interpretation

This section clarifies the terminology used throughout the Privacy Policy to ensure consistent understanding of key concepts. Legal terms are translated into functional language that reflects real user interactions with the platform. Definitions connect to the operational context of casino services, account management, payment processing and data handling procedures.

Personal Data

Personal data refers to any information that identifies or can be used to identify an individual user. This includes identity details such as name, date of birth, government-issued ID numbers, passport information, driver licence details and residential address. It also covers contact data like email addresses, phone numbers and communication preferences. Payment information, including card details, wallet account references, transaction records and bank account identifiers, falls under personal data. Technical data generated during platform use, such as IP addresses, browser type, operating system, session identifiers and device fingerprints, is also considered personal information. Usage data, which tracks gameplay patterns, bet history, bonus participation, loyalty level progression and account activity logs, forms another category of personal data. The definition extends to any information submitted during registration, verification, customer support interactions or responsible gaming tool configuration.

Processing and Controller

Processing refers to any operation performed on personal data, whether automated or manual. This includes collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, restriction, erasure and destruction. Every action that involves personal data, from capturing registration details to analysing gameplay statistics for fraud prevention, qualifies as processing. The data controller is Dama N.V., the entity that determines the purposes and means of processing personal data. The controller holds responsibility for ensuring that data handling complies with applicable privacy legislation and regulatory requirements. Novatrix SRL operates the website on behalf of the controller and executes processing activities under the controller's instruction and oversight.

User and Device

A user is any individual who registers an account, browses the website or interacts with casino services. The term applies to both active players who complete deposits and engage in gameplay, and visitors who explore the platform without registration. Each user must maintain only one account per person, with duplicate accounts prohibited under the one-account policy. Identity details, registration data, payment ownership and account-use patterns are monitored to enforce this restriction. A device refers to any hardware used to access the platform, including desktop computers, laptops, tablets and mobile phones. Device data includes browser type, operating system version, screen resolution, language settings, time zone, IP address and unique device identifiers. The platform supports mobile web access through Android and iOS browsers, with full casino lobby, cashier and account management functionality available without a dedicated app download.

What Personal Data We Collect

Personal data collection occurs at multiple stages of platform interaction, from initial registration through ongoing account activity. The scope of data collected depends on the nature of the user's engagement, with mandatory information required for account creation and additional data gathered during payment processing, verification procedures and gameplay. Understanding what data is collected helps users assess their information footprint and control the details they share.

Identity and Registration Data

Identity data includes full legal name, date of birth, nationality, gender and government-issued identification numbers. During registration, users provide a valid email address, create a password and select a username. Residential address information, including street, suburb, state and postcode, is required to verify location eligibility and comply with geographic restrictions. The platform collects phone numbers for account security, two-factor authentication and direct communication related to verification or withdrawal processing. Users from Australia submit proof of identity through documents such as an Australian passport, driver licence, photo ID card or government-issued identity document. Proof of address requires documents no older than 90 days, including utility bills, bank statements, insurance documents, government letters or driver licences showing current residence details. Registration data also includes the IP address captured at the time of account creation, which helps establish the user's location and detect duplicate accounts.

Payment and Financial Data

Payment data covers all information related to deposits, withdrawals and financial transactions. This includes bank card details such as card number, expiry date, cardholder name and CVV code, although sensitive card information is processed through secure payment gateways rather than stored directly by the platform. E-wallet account identifiers for Skrill, Neteller, MiFinity and MuchBetter are recorded to link transactions to the verified payment method. Bank account details for bank transfer deposits and withdrawals, including account number, BSB code and account holder name, are collected to ensure payment ownership and prevent fraud. Cryptocurrency wallet addresses for Bitcoin, Ethereum, Litecoin, DOGE and USDT are stored for CoinsPaid transactions. Transaction records, including deposit amounts, withdrawal requests, pending payment statuses and completed payout history, are maintained for account management, AML checks and regulatory reporting. Proof of payment documents, such as screenshots of e-wallet accounts, bank statements showing deposit sources and card ownership verification, are collected during KYC procedures. Large or unusual deposits trigger enhanced payment ownership checks, requiring source-of-funds documentation such as bank statements, transaction records and evidence of legitimate fund origins.

Technical and Usage Data

Technical data is generated automatically through browser interactions and device use. This includes IP addresses, browser type and version, operating system, device identifiers, screen resolution, language preferences, time zone settings and referral source. Cookies and similar tracking technologies capture session identifiers, user preferences and navigation patterns across the website. Usage data tracks gameplay activity, including games played, bet amounts, win and loss records, bonus participation, loyalty point accumulation and progression through the 176-level Loyalty Program. Account activity logs record login times, session duration, geographic access patterns and changes to account settings. The platform monitors unusual account behaviour, such as rapid account changes, inconsistent location data or patterns consistent with duplicate account use or fraud. Bonus participation data includes selected promotions, wagering progress, max-bet compliance and bonus conversion status. Responsible gaming tool configuration, such as deposit limits, self-exclusion requests and cooling-off periods, is recorded to enforce player protection measures and ensure that account restrictions are applied correctly.

Why We Use Your Personal Data

Personal data processing serves specific operational, legal and security purposes tied to real platform functionality. Each category of data use connects to a defined need, whether it involves delivering casino services, verifying account ownership, preventing fraud or meeting regulatory obligations. Understanding the reasons behind data processing helps users see how their information supports platform operations and their own account security.

Service Provision and Account Management

Personal data enables the platform to create and maintain user accounts, process deposits and withdrawals, manage bonus participation and track loyalty progression. Registration data establishes account identity and ensures that each player operates a single account in compliance with the one-account policy. Payment information allows the cashier to process deposits through AU-issued Visa and Mastercard cards, Apple Pay, Skrill, Neteller, MiFinity, MuchBetter, Paysafecard, CashToCode, Flexepin, bank transfer and CoinsPaid crypto wallets. Withdrawal processing requires payment ownership verification to ensure that funds reach the verified player payment account. Transaction records support the 3x turnover requirement for pokie deposits and 10x turnover for table games, roulette, video poker and other non-pokie gameplay before withdrawal eligibility. Loyalty data tracks comp point accumulation at 1 point per A$25 wagered on pokies and 1 point per A$200 wagered on live games, determining level progression and automatic reward delivery.

Verification and Fraud Prevention

Verification procedures rely on identity data, payment ownership evidence and address confirmation to ensure account legitimacy and prevent fraud. KYC checks are triggered by withdrawal requests, payment ownership questions, account data changes, expired identity documents, changed residence details, duplicate-account signals and unusual account activity. The platform reviews government-issued ID, passport, identity card, driver licence, proof of address, utility bill, bank statement, insurance document and proof of payment to complete verification. Account verification typically requires up to 24 hours after submitted documents are reviewed. First withdrawal requires identity verification, proof of payment ownership and confirmation that funds reach the verified player payment account. Large deposit review applies to significant or unusual deposits, triggering payment ownership, source-of-funds and account-security checks before balance use or withdrawal. AML procedures examine the legitimate origin of deposited funds, payment ownership, destination payment account details, transaction patterns, duplicate-account screening and fraud-prevention signals.

Analytics and Platform Improvement

Usage data supports analytics that measure game performance, lobby navigation patterns, bonus participation rates and player retention trends. Technical data helps optimise website performance, identify browser compatibility issues and improve mobile web access through Android and iOS browsers. Gameplay statistics inform game catalogue updates, provider selection decisions and the addition of new features such as Bonus Buy filters, Megaways mechanics and live game show content. Session data tracks navigation flow across All Games, Slots, New, Popular, Bonus Buy, Bonus Wagering and Live sections, helping refine lobby organisation and game discovery tools. Analytics do not involve automated decision-making that affects user account status or rights without human review.

Legal Basis for Data Processing

Every processing activity relies on a defined legal foundation that justifies the collection and use of personal data. Understanding the legal basis clarifies why data processing is lawful and how it connects to user actions, contractual obligations and regulatory requirements. The legal framework ensures that data handling complies with privacy legislation applicable to Curaçao-licensed remote gaming operators.

Consent and User Agreement

Consent serves as the legal basis for processing data when users voluntarily agree to share information for specific purposes. During registration, users consent to the collection of identity, contact and payment data necessary for account creation and service access. Marketing communication relies on explicit consent, with users opting in to receive newsletters, bonus announcements and promotional messages. Consent can be withdrawn at any time through account settings or customer support, affecting only non-essential processing such as marketing while preserving core service functionality. Cookie consent, managed through browser settings and the platform's cookie notice, governs the use of tracking technologies for analytics, personalisation and advertising purposes.

Contractual Necessity

Processing personal data is necessary to perform the contract between the user and the platform, covering account creation, deposit processing, gameplay access, withdrawal handling and loyalty progression. Without identity data, the platform cannot establish account ownership or enforce the one-account policy. Payment information is essential to process deposits through AU-issued cards, Apple Pay, e-wallets, voucher methods and CoinsPaid crypto rails, and to complete withdrawals within A$4,000 daily, A$10,000 weekly and A$30,000 monthly account caps. Verification data is required to complete KYC checks triggered by withdrawal requests, ensuring that funds reach the verified player payment account and comply with AML obligations. Contractual necessity justifies processing even without explicit consent because the data is indispensable for delivering the casino services that users request by registering and engaging with the platform.

Legal Obligation and Compliance

The platform processes personal data to comply with legal obligations imposed by the Curaçao Gaming Control Board, anti-money laundering legislation and remote gaming licence conditions under licence number OGL/2023/174/0082. Identity verification, proof of address and payment ownership checks fulfil KYC requirements designed to prevent fraud, underage gambling and money laundering. AML procedures require the platform to examine the legitimate origin of deposited funds, destination payment account details, transaction patterns and source-of-funds documentation for large or unusual deposits. Regulatory reporting obligations may involve sharing user data with the Curaçao Gaming Control Board, financial authorities or law enforcement agencies when required by law. Age verification ensures that only players 18 years and older access casino services, protecting minors from gambling exposure.

How We Share Your Personal Data

Personal data is shared with third parties only when necessary to deliver casino services, meet regulatory obligations or protect account security. The platform does not sell user data to external parties for marketing purposes. Sharing occurs within a controlled framework that ensures recipients handle data responsibly and apply adequate protection measures.

Service Providers and Payment Processors

The platform shares personal data with service providers that support website hosting, payment processing, customer support, analytics and technical infrastructure. Payment processors handle card transactions through AU-issued Visa and Mastercard cards, Apple Pay deposits, e-wallet transfers via Skrill, Neteller, MiFinity and MuchBetter, voucher payments through Paysafecard, CashToCode and Flexepin, and crypto deposits via CoinsPaid. These processors access payment information, transaction records and user identity details to complete deposits and withdrawals while applying their own fraud prevention and AML checks. All service providers operate under contractual agreements that require data protection measures, confidentiality obligations and restrictions on data use beyond the specified processing purpose.

Regulators and Legal Authorities

Personal data is disclosed to the Curaçao Gaming Control Board, the regulator overseeing Crusino's remote gaming licence OGL/2023/174/0082. Regulatory reporting includes identity verification records, transaction data, AML compliance reports and account activity logs required under licensing conditions. Law enforcement agencies, financial authorities and judicial bodies may request data disclosure when legally required through valid court orders, subpoenas or statutory obligations. The platform evaluates each request for legal validity and scope, disclosing only the data necessary to fulfil the legal obligation.

How Long We Keep Your Data

Data retention periods depend on the purpose of processing, legal obligations and operational needs. Personal data is not kept longer than necessary to fulfil the reasons it was collected, and deletion occurs when retention is no longer justified.

Active Account Data

Personal data linked to active accounts is retained as long as the account remains open and in use. This includes identity information, registration data, payment details, transaction records, bonus history, loyalty progression and usage statistics. Active retention supports ongoing service delivery, account management, withdrawal processing and loyalty reward distribution.

Closed Account Data

When an account is permanently closed through customer support, personal data is retained for a defined period to meet regulatory obligations, prevent fraud and support potential dispute resolution. Regulatory requirements under Curaçao gaming jurisdiction mandate the retention of transaction records, verification documents and account activity logs for several years after account closure. Payment data, including card details and e-wallet identifiers, is deleted or anonymised within a shorter timeframe once the account closes, with only transaction records preserved for compliance purposes.

Deletion and Anonymisation

Personal data is deleted or anonymised when retention is no longer required by law or operational necessity. Deletion involves the permanent removal of data from active systems, backups and archives, ensuring that the information cannot be recovered. Anonymisation strips data of identifying details, rendering it impossible to connect information to a specific individual. Users can request data deletion through customer support, subject to legal retention obligations that may prevent immediate removal. Deletion requests are processed within a reasonable timeframe, typically within 30 days, with confirmation provided once the data has been removed.

Your Rights Over Your Data

Users hold specific rights over their personal data, enabling them to access, correct, delete, restrict or transfer information held by the platform. Exercising these rights involves submitting requests through customer support, with responses provided within a defined timeframe.

Access and Portability

Users can request access to the personal data held by the platform, receiving a copy of identity information, registration details, payment records, transaction history, bonus participation, loyalty progression and usage statistics. Access requests are processed through customer support, with data provided in a structured, commonly used and machine-readable format such as PDF or CSV. Data portability allows users to request that their information be transferred to another service provider where technically feasible. Access requests are fulfilled within a reasonable timeframe, typically within 30 days, subject to identity verification to prevent unauthorised disclosure.

Correction and Rectification

Users can request correction of inaccurate or incomplete personal data, ensuring that identity details, contact information, payment records and account settings reflect current and accurate information. Rectification requests are processed through customer support, with changes applied to the account once identity verification confirms the user's authority to modify data. Some data elements, such as identity documents and proof of address, require submission of updated verification materials rather than direct editing by the user.

Deletion and Erasure

Users can request deletion of personal data when it is no longer necessary for the purposes it was collected, when consent is withdrawn, when the user objects to processing, or when the data was processed unlawfully. Deletion requests are subject to legal retention obligations that may prevent immediate removal, particularly for transaction records, verification documents and compliance data required under Curaçao gaming jurisdiction. When deletion is not possible due to legal retention requirements, the platform restricts processing instead, limiting data use to compliance purposes and preventing access for operational activities.

Restriction and Objection

Users can request restriction of processing when data accuracy is contested, when processing is unlawful but deletion is not desired, when the platform no longer needs the data but the user requires it for legal claims, or when the user has objected to processing pending verification of legitimate grounds. Users can object to processing based on legitimate interests, including profiling and analytics, requiring the platform to cease the processing unless compelling legitimate grounds override the user's rights. Objection to direct marketing is always honoured without exception, immediately stopping promotional communication.

How We Protect Your Data

Security measures protect personal data from unauthorised access, disclosure, alteration and destruction. The platform applies technical and organisational safeguards designed to reduce privacy risks and ensure data integrity.

Encryption and Secure Storage

Sensitive personal data, including payment information, identity documents and account credentials, is encrypted during transmission and storage. Encryption protocols such as SSL and TLS protect data exchanged between user devices and platform servers, preventing interception by unauthorised parties. Payment card details are processed through secure payment gateways that comply with PCI DSS standards. Account passwords are hashed using cryptographic algorithms, preventing password recovery even if database access occurs. Identity documents submitted during KYC verification are stored in secure environments with restricted access, subject to encryption and access controls that limit retrieval to authorised personnel.

Access Control and Internal Procedures

Access to personal data is restricted to authorised personnel who require the information to perform their roles, such as customer support, compliance, payment processing and fraud prevention. Role-based access controls ensure that employees can view only the data necessary for their function, preventing unnecessary exposure. Regular security audits, vulnerability assessments and penetration testing identify weaknesses in the platform's security posture, supporting continuous improvement of protection measures.

Fraud Detection and System Monitoring

Automated fraud detection systems monitor account activity, transaction patterns and login behaviour to identify potential security threats such as duplicate accounts, stolen card use, bot activity and attempts to bypass geographic restrictions through VPN or proxy services. Suspicious activity triggers account review, identity verification requests or temporary access restrictions pending investigation. Large deposits trigger payment ownership checks, source-of-funds review and account-security analysis before balance use or withdrawal.

Cookies and Tracking Technologies

Cookies and similar tracking technologies are used to enhance platform functionality, personalise user experience, measure performance and support analytics. Understanding cookie use helps users control their privacy preferences and manage tracking through browser settings.

What Cookies We Use

Cookie Control and Browser Settings

Users can control cookie acceptance through browser settings, choosing to block all cookies, accept only essential cookies or receive notifications before cookies are placed. Disabling cookies may affect platform functionality, particularly session management, account login, cashier access and game launch. Most browsers allow users to delete existing cookies, preventing websites from accessing previously stored information. The platform provides a cookie notice that explains cookie use and offers opt-in or opt-out mechanisms for non-essential cookies.

Third-Party Links and External Services

The platform may include links to external websites, partner services or social media platforms. These links provide access to content or services outside the platform's control, and users should understand that external sites operate under their own privacy policies. Clicking on external links transfers the user to websites operated by independent entities, which may collect personal data through their own registration forms, cookies or tracking technologies. Users are encouraged to review the privacy policies of external websites before submitting personal information or engaging with third-party services.

Children and Minors Policy

The platform is intended exclusively for users aged 18 years and older. Players under the legal gambling age are prohibited from registering accounts, accessing casino services or participating in gameplay. The platform does not knowingly collect personal data from individuals under 18 years of age, and any such data discovered is deleted immediately upon detection. Age verification occurs during registration through date of birth submission and is reinforced during KYC checks that require government-issued identity documents such as an Australian passport, driver licence or photo ID card.

Policy Updates and Changes

This Privacy Policy may be updated periodically to reflect changes in data processing practices, regulatory requirements or platform features. Updates ensure that the policy remains accurate, transparent and aligned with applicable privacy legislation. Users are encouraged to review the policy regularly to stay informed about how personal data is collected, used and protected. Material changes to the policy are communicated through email notifications, website announcements or account messages. The effective date at the top of this document indicates when the current version became applicable. Continued use of the platform after policy updates constitutes acceptance of the revised terms.

Contact Information

Users can submit privacy-related inquiries, data access requests, deletion requests, rectification requests or complaints through customer support channels. The platform provides 24/7 support through live chat, with email follow-up available for complex requests requiring detailed review. Privacy requests should include sufficient information to verify user identity and specify the nature of the request, such as access to specific data categories, correction of inaccurate information or deletion of personal data. The platform responds to privacy requests within a reasonable timeframe, typically within 30 days, subject to the complexity of the request and verification requirements. Users who believe their privacy rights have been violated or who have concerns about data handling practices can contact the platform's data protection team through customer support for investigation and resolution.