Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed and protected when you visit and use the website ilucki-au.com (the "Site") in connection with the brand I Lucki and the iLucki online casino services. It applies to all visitors to the Site, registered players, prospective players, and any other individuals whose data is processed in relation to our services. This Privacy Policy is effective from 1 January 2025 and is intended to remain in force (with updates as needed) through at least 31 December 2026, unless replaced by a revised version published on this page.

Who We Are

OBSERVE: Users need to know the legal identity and contact points of the operator responsible for their data.

EXPAND: The operator of the online gambling services offered through ilucki-au.com is an offshore entity licensed in Curaçao, with an associated payment processor in the EU. A clear contact for privacy matters must be provided.

REFLECT: We therefore identify the controlling entities and give practical contact details for privacy queries and complaints.

The online casino services marketed through I Lucki and provided via the domain ilucki-au.com (the "Services") are operated by:

Operator: Dama N.V., a limited liability company incorporated under the laws of Curaçao.
Company registration number: 152125.
Legal and registered address: Scharlooweg 39, Willemstad, Curaçao.
Primary gambling licence: Antillephone N.V. licence No. 8048/JAZ2020-013, Curaçao (as verified in 2024 and assumed active through 2026 unless revoked).

For certain payment processing activities, we use our affiliated company:

Payment processor: Strukin Ltd, a company incorporated in Cyprus, acting as a payment processing subsidiary for Dama N.V.

Data protection contact / DPO-equivalent:

Email (primary privacy / support contact): [email protected]
Email (general information and legal enquiries): [email protected]
Postal contact (for written privacy requests): Data Protection Officer, Dama N.V., Scharlooweg 39, Willemstad, Curaçao (please mark the envelope "Privacy Request").

At this time no dedicated Australian office or representative is appointed. All privacy-related communication for users in Australia should be directed to the above contacts.

What Personal Data We Collect

OBSERVE: Operation of an online casino requires identification, account management, payment handling, and risk monitoring, all of which involve multiple categories of data.

EXPAND: In addition to basic registration details, we process technical identifiers, payment and transactional data, behavioural and device analytics, as well as data captured by cookies and similar technologies.

REFLECT: Below we group the data we collect into categories so you can understand what is processed and for what typical contexts.

1. Identification and Contact Data

Full name, date of birth, and gender (where provided).
Residential address and country of residence.
Email address(es) and phone number(s).
Copies or details of identity documents, proof of address, or other KYC/AML documentation you submit.

2. Account and Service Data

Username, encrypted password, security questions and answers.
Account preferences, language settings, time zone.
Communication preferences (e.g. marketing opt-in/opt-out choices).

3. Technical and Usage Data

IP address, approximate geolocation derived from IP, and ISP information.
Device identifiers, browser type and version, operating system, screen resolution.
Log files relating to access time, session duration, pages viewed, clicks and navigation paths.
Information about the links you click in our emails and interactions with site elements.

4. Payment and Transaction Data

Payment method details (e.g. partial card numbers or other identifiers as permitted, payment wallet identifiers, bank account details where applicable).
Deposit and withdrawal history, including amounts, currencies, timestamps and status.
Associated payment processor reference numbers and anti-fraud scores.

5. Gaming and Behavioural Data

Betting and game history (games played, stakes, wins and losses, session times).
Bonus usage, participation in promotions, tournaments and loyalty or VIP schemes.
Responsible gambling and risk markers (self-exclusion, limits set, unusual patterns).

6. Communication Data

Records of emails sent to and from [email protected], [email protected], [email protected] and other official emails.
Live chat logs, internal support tickets and complaint correspondence.
Consent records (when and how you gave or withdrew specific consents).

7. Cookies and Similar Technologies

Session identifiers and authentication tokens.
Persistent cookies storing preferences and tracking your return visits.
Third-party analytics and advertising cookies that help us measure traffic and performance, subject to your consent where required.

Legal Basis for Processing

OBSERVE: As an offshore operator serving users in jurisdictions that recognise consent, contract and legitimate interest concepts, we must clearly set out the grounds on which data is processed.

EXPAND: Our operations rely on contractual necessity to operate accounts, legal obligations relating to gambling, anti-money laundering and record-keeping, as well as legitimate interests in running and protecting our business and users.

REFLECT: The following legal bases, aligned with general data protection principles and comparable standards (including GDPR-style frameworks), underpin our processing.

1. Performance of a Contract

To create, verify and manage your I Lucki / ilucki-au.com player account.
To process deposits, wagers, game outcomes and withdrawals.
To provide customer support and handle your requests.

2. Compliance with Legal and Regulatory Obligations

To satisfy KYC (Know Your Customer), AML (Anti-Money Laundering) and CTF (Counter-Terrorism Financing) requirements, including identity verification and transaction monitoring.
To retain records for accounting, tax, anti-fraud and regulatory audits in Curaçao and other applicable jurisdictions.
To comply with orders or lawful information requests from competent authorities or courts.

3. Legitimate Interests

To operate, secure and improve ilucki-au.com, including troubleshooting, data analysis, testing and research.
To prevent, detect and investigate fraud, abuse, security incidents, bonus misuse and other prohibited conduct.
To personalise the gaming experience, propose relevant games and offers (within the boundaries of your marketing preferences).
To protect our legal rights, respond to claims, and manage business risks.

4. Consent

For certain types of direct electronic marketing (such as promotional emails or SMS) where required by applicable law.
For the use of non-essential cookies and similar technologies (particularly advertising cookies) where local rules require consent.
For specific additional data uses that are not covered by the above bases, in which case the purpose and consent mechanism will be clearly explained.

You may withdraw your consent at any time, without affecting processing that has already occurred on the basis of consent before its withdrawal.

Purpose of Processing

OBSERVE: Players must understand how their information is used beyond mere collection.

EXPAND: In the context of offshore online gambling, purposes extend from provision of services to risk control, analytics, and marketing.

REFLECT: We group purposes to make them transparent and proportionate.

1. Provision and Administration of Services

Registering, authenticating and managing user accounts on ilucki-au.com.
Processing deposits, wagers, wins, withdrawals and bonuses.
Providing customer support and responding to queries and complaints.
Operating loyalty, VIP and promotional programs associated with I Lucki.

2. Compliance and Risk Management

Conducting identity checks, age verification, and ongoing due diligence.
Detecting and preventing money laundering, terrorist financing, fraud, collusion, and game manipulation.
Monitoring compliance with our Terms and Conditions, bonus rules, and applicable laws.

3. Service Improvement and Analytics

Analysing website traffic and player behaviour to optimise site performance and user experience.
Evaluating game popularity, payout patterns and system performance.
Developing new features, games and promotional structures based on aggregated, pseudonymised or anonymised data where feasible.

4. Marketing and Personalisation

Sending newsletters, promotions and tailored offers, subject to your marketing preferences and applicable consent requirements.
Serving personalised content and recommendations within the Site.
Measuring the effectiveness of marketing campaigns and affiliate traffic.

5. Security, Integrity and Legal Protection

Ensuring the security and integrity of our systems and data.
Investigating suspicious activity, enforcing our rights, and defending against legal claims.
Maintaining audit trails and evidence necessary for compliance, dispute resolution and law enforcement cooperation.

Disclosure & Sharing

OBSERVE: Running an online casino requires cooperation with banks, payment providers, IT vendors, and regulators.

EXPAND: Data sharing should be limited to what is necessary and subject to appropriate safeguards, taking into account cross-border transfers and offshore licensing frameworks.

REFLECT: We therefore describe categories of recipients, typical scenarios for sharing, and the protections applied.

1. Group Companies and Affiliates

Dama N.V. and its subsidiaries or affiliates, including Strukin Ltd, may share information strictly for purposes connected to providing and supporting the Services (e.g. payment processing, risk management, consolidated reporting).

2. Payment Service Providers and Banks

Card schemes, banks, e-wallet providers, crypto-exchanges, payment gateways and payment processors receive necessary payment and transactional data to perform deposits and withdrawals, verify card ownership, conduct fraud checks and comply with their regulatory obligations.

3. Service Providers and Contractors

IT and hosting providers, security and anti-fraud vendors, analytics and business intelligence platforms, email and SMS delivery services, customer support tools, and other technical providers engaged to support our operations.
These providers process data only on our instructions and under appropriate contractual safeguards.

4. Regulatory Authorities and Law Enforcement

Curaçao licensing and supervisory authorities, and where applicable other competent authorities, may receive information in connection with audits, investigations, and compliance with legal obligations.
Where legally compelled, we may disclose personal information to courts, law enforcement agencies or government bodies, including outside of Curaçao, provided such disclosure is lawful.

5. Business Partners, Affiliates and Advertising Networks

Affiliate partners who refer traffic to ilucki-au.com may receive limited data (e.g. aggregated statistics and conversion information) necessary to calculate commissions and evaluate campaigns.
Advertising and marketing networks may receive information through cookies and similar technologies to measure performance, subject to your consent where required.

6. Corporate Transactions

In the event of a merger, acquisition, sale of assets, restructuring or similar corporate transaction involving Dama N.V. or ilucki-au.com, personal data may be disclosed to prospective or actual buyers, their advisers and relevant third parties, subject to confidentiality obligations and in line with applicable data protection requirements.

We do not sell personal data as a standalone commercial activity. All disclosures are undertaken with appropriate care and in accordance with applicable legal standards.

International Transfers

OBSERVE: Processing occurs primarily under Curaçao jurisdiction, but uses infrastructure and partners located globally.

EXPAND: This results in cross-border transfers of personal data to countries that may have different data protection laws than your country of residence, including EU/EEA Member States and other third countries.

REFLECT: We therefore outline typical transfer locations and the safeguards we use.

1. Locations of Processing

Curaçao: Headquarters and licensing jurisdiction of Dama N.V.
Cyprus and other EEA states: Location of Strukin Ltd and certain payment and IT service providers.
Other regions: Subject to business needs, certain service providers (e.g. cloud hosting, anti-fraud and analytics) may operate from, or store data in, other countries, including but not limited to the European Union, the United Kingdom and the United States.

2. Transfer Safeguards

Where required by applicable data protection standards, we use contractual protections such as Standard Contractual Clauses (SCCs) or equivalent data transfer agreements when engaging processors located in jurisdictions without an adequacy decision.
We seek to ensure that all third parties maintain an appropriate level of information security and confidentiality, regardless of location.
Transfers are limited to what is strictly necessary for the purposes described in this Privacy Policy.

By using ilucki-au.com, you acknowledge that your data may be processed in, and transferred to, countries outside your country of residence, as described above, subject to these safeguards.

Data Retention

OBSERVE: Gambling operators are subject to legal retention duties, but data should not be stored indefinitely.

EXPAND: Retention depends on the type of data and purpose, especially for AML, transactional and complaint records.

REFLECT: We therefore apply differentiated retention periods, aligned with regulatory expectations and business needs, while respecting data minimisation principles.

1. General Retention Principles

Data is kept only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
When retention is no longer justified, data is securely deleted, anonymised or aggregated.

2. Typical Retention Periods

Account and identification data: Generally retained for the duration of your active account and for up to 5 - 7 years after closure to comply with AML, financial and regulatory record-keeping requirements.
Transactional and gaming data: Typically retained for up to 7 years from the date of the relevant transaction or activity, in line with audit and legal requirements.
Customer support and complaint records: Retained for the life of the account and for at least 5 years after the last interaction related to a complaint or dispute.
Marketing data: Retained while you remain subscribed to marketing communications, plus a short period (generally up to 2 years) to document consent history and ensure suppression of future mailings when you unsubscribe.
Technical logs and security-related data: Retained for shorter operational periods where feasible (often 6 - 24 months), unless necessary to investigate incidents or comply with specific obligations.

3. Deletion Criteria

Expiration of the applicable retention period.
Successful completion of your verified deletion request, where no overriding legal obligation prevents erasure.
Transformation into anonymised or aggregated statistics that no longer identify individual users.

Your Rights

OBSERVE: Users increasingly expect GDPR-level transparency and control even where such frameworks do not apply directly.

EXPAND: We therefore align our practices with key principles found in modern data protection laws, including the EU General Data Protection Regulation (GDPR) and comparable Latin American frameworks (such as Mexico's Federal Law on the Protection of Personal Data Held by Private Parties), without conceding formal jurisdiction where it does not apply.

REFLECT: The following rights may be exercised subject to applicable law, our role as controller, and our legitimate regulatory obligations.

1. Right of Access

You may request confirmation as to whether we process your personal data and obtain a copy of such data, together with information about its sources, purposes, categories and recipients.

2. Right to Rectification

You may request correction of inaccurate or incomplete personal data, for example updating your contact details or correcting spelling errors in your name.

3. Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (if consent was the only basis), or where processing is unlawful.
We may retain certain data where necessary to comply with AML, tax, gambling or other legal obligations, or to establish, exercise or defend legal claims.

4. Right to Restriction of Processing

You may request that we restrict processing of your data in specific circumstances, for example while we verify its accuracy or assess an objection you have raised.

5. Right to Object

You may object at any time to processing based on our legitimate interests, including profiling for risk or marketing purposes, on grounds relating to your particular situation.
You have an unconditional right to object to the use of your data for direct marketing; upon such objection, we will stop using your data for that purpose.

6. Right to Data Portability

Where technically feasible and where processing is based on consent or contract and carried out by automated means, you may request a copy of certain data in a structured, commonly used and machine-readable format or its transfer to another service provider.

7. Right to Withdraw Consent

If we rely on your consent for specific processing (e.g. certain marketing or cookies), you may withdraw that consent at any time through your account settings, unsubscribe links, or by contacting us. This does not affect processing carried out before withdrawal.

8. Procedures, Timeframes and Cost

How to exercise your rights: Send a clear request to [email protected] or [email protected], or by post to our address, indicating:
- your full name and registered account details;
- the right(s) you wish to exercise; and
- any relevant context to help us identify the data concerned.
Verification: We may request additional information, including identity confirmation, to ensure we only disclose data to the correct individual.
Response time: We aim to respond to all valid requests within 30 days of receipt. Complex or multiple requests may require an extension, in which case we will inform you of the reasons and provide an estimated timeframe.
Cost: Requests are handled free of charge, unless they are manifestly unfounded or excessive (for example, repeated requests). In such cases, we may charge a reasonable fee or refuse the request in line with applicable standards.

These rights are subject to legal limitations and may be balanced against our obligations (for example, to retain certain records for AML or regulatory purposes) and the rights and freedoms of others.

Cookies & Tracking Technologies

OBSERVE: Cookies are central to authentication, security and analytics on a gambling website.

EXPAND: We distinguish among session, persistent and third-party cookies, as well as by function: strictly necessary, functional, analytics and advertising.

REFLECT: Transparency on cookie use allows users to make informed choices and adjust their settings.

1. Types of Cookies We Use

Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They are used for login sessions, maintaining your game state and preventing CSRF-type attacks.
Persistent cookies: Cookies stored on your device between sessions to remember preferences (such as language, region, and saved credentials where permitted) and to recognise you when you return.
First-party cookies: Set directly by ilucki-au.com to support core functionality and security.
Third-party cookies: Set by service providers (e.g. analytics, anti-fraud, marketing networks) to help us understand site usage and the performance of campaigns.

2. Purposes of Cookies

Strictly necessary / security: Required for the Site to function, including authentication, session management, fraud prevention and load balancing. These cannot be reasonably disabled.
Functional: To store your settings and preferences (e.g. language, currency, display options) and enhance usability.
Analytics and performance: To collect aggregated information about how visitors use ilucki-au.com (pages visited, error messages, performance metrics) and help us improve the Site.
Advertising and affiliation: To track the effectiveness of our advertising, affiliate links, and promotional campaigns, and, where applicable, to deliver or measure targeted offers, subject to your consent where required.

3. Managing Cookies

You can manage or delete cookies through your browser settings. Options typically allow you to:
- block all cookies;
- block cookies from specific sites;
- delete cookies when closing the browser; and
- receive a warning before cookies are stored.
Disabling certain cookies, especially strictly necessary ones, may impair the performance of ilucki-au.com or prevent you from accessing some features, including logging in and playing games.
Where available, we may provide in-site tools or banners allowing you to manage preferences for non-essential cookies and marketing.

Data Security

OBSERVE: Online gambling platforms handle sensitive financial and identification data, making security a fundamental requirement.

EXPAND: Security must cover encryption, access control, monitoring, staff training, and incident response, as well as alignment with recognised standards.

REFLECT: Although no system can be perfectly secure, we implement technical and organisational measures designed to protect your data against unauthorised access, alteration, disclosure or destruction.

1. Technical Measures

Encryption in transit: All communications between your browser and ilucki-au.com are protected using industry-standard TLS (Transport Layer Security) version 1.2 or higher.
Encryption at rest: Sensitive data, including passwords and certain financial identifiers, is stored using strong cryptographic methods aligned with industry best practices.
Access controls: Access to production systems and databases is restricted to authorised personnel on a need-to-know basis, using role-based access control, strong authentication and, where feasible, multi-factor authentication.
Network and system security: Firewalls, intrusion detection and prevention systems, and other protective technologies are used to monitor and defend our infrastructure.

2. Organisational Measures

Policies and training: Staff with access to personal data receive training on confidentiality obligations, information security and responsible handling of personal data.
Vendor management: Third-party service providers are required to maintain appropriate security measures and are bound by data processing and confidentiality agreements.
Regular reviews: We conduct periodic assessments, audits and tests of our security controls, and adapt them in light of evolving threats and technologies.

3. Incident Response

We maintain procedures to detect, investigate and respond to potential data breaches or security incidents.
In the event of a security incident involving personal data, we will take steps to mitigate its effects and, where required by applicable standards, notify affected individuals and/or relevant authorities without undue delay.

While we strive to protect your personal data, you are responsible for maintaining the confidentiality of your account credentials and for ensuring that your device and internet connection are secure.

Complaints & Contacts

OBSERVE: Users need clear channels to raise privacy concerns and escalate them if unsatisfied.

EXPAND: Although we are not established in Australia or the EU, we follow good-practice models, providing internal complaint handling and pointing users to relevant supervisory bodies where applicable.

REFLECT: The following outlines how to contact us, how complaints are processed, and possible escalation options.

1. Contacting Us

Primary privacy and support email: [email protected]
General and legal enquiries: [email protected]
Postal address: Data Protection Officer, Dama N.V., Scharlooweg 39, Willemstad, Curaçao (mark: "Privacy / Complaint").

2. Internal Complaint Procedure

Submission: Send your complaint, including:
- your full name and account username (if applicable);
- a clear description of the privacy concern; and
- any supporting documentation or screenshots.
Acknowledgment: We aim to acknowledge receipt of your complaint within 5 business days.
Investigation: The matter will be reviewed by our support and, where appropriate, legal and security teams. We may request additional information if necessary.
Response: We endeavour to provide a substantive response within 30 days of receiving all relevant information. If we cannot meet this deadline due to complexity, we will inform you of the delay and provide an updated timeframe.
Resolution and follow-up: If you are not satisfied with our response, you may request that the matter be escalated internally for further review.

3. Escalation to Supervisory Authorities

Depending on your place of residence and the applicable laws, you may have the right to lodge a complaint with a data protection authority or consumer regulator. Without limiting your rights under any specific law, examples include:

Australia: Office of the Australian Information Commissioner (OAIC) - although we are an offshore operator, Australian users may seek guidance or lodge a complaint about privacy matters affecting them:
- Website: https://www.oaic.gov.au
European Union / EEA: If you are located in the EU/EEA and local data protection law applies, you may have the right to contact your local Data Protection Authority. Contact details can be found via the European Data Protection Board:
- Website: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Mexico: Users in Mexico may refer to the National Institute for Transparency, Access to Information and Protection of Personal Data (INAI) regarding rights under the Federal Law on the Protection of Personal Data Held by Private Parties:
- Website: https://www.inai.org.mx

The above references are provided for transparency and do not constitute an admission that any particular jurisdiction's law applies to Dama N.V. in every case. Your statutory rights, if any, will depend on your specific circumstances and applicable law.

Updates

OBSERVE: Privacy frameworks evolve and business practices may change over time.

EXPAND: Any material changes must be communicated transparently, with reasonable notice where they significantly impact users.

REFLECT: We therefore maintain version control, provide notices, and allow users to object or discontinue use.

1. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, guidance, or our processing activities relating to ilucki-au.com and I Lucki.
Each version will be identified by the "Last updated" date stated below.

2. Notification Procedures

Minor changes: For non-material amendments (for example, clarifications, formatting or updates to contact details), we may simply post the revised Privacy Policy on this page.
Material changes: Where we intend to make material changes that significantly affect how your data is processed, we will:
- provide notice via email (where feasible) to the address associated with your account;
- display a prominent notice or banner on ilucki-au.com; and/or
- provide a notification within your account dashboard.
Where reasonably practicable, material changes will be announced at least 30 days before they take effect.

3. Your Options in Case of Changes

If you disagree with the updated Privacy Policy, you may choose to close your account and stop using the Services before the changes take effect.
Continued use of ilucki-au.com after the effective date of changes will be deemed acceptance of the updated Privacy Policy, to the extent permitted by applicable law.

Last updated: November 2025 (with the intention that this version remains applicable, subject to updates, through at least 2026).