Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed, and protected when you access or use the website slotsgallery-aussie.com operated under the project name Slots Gallery (the "Website"). It applies to all visitors to the Website and, where applicable, to players who register, interact with, or otherwise use services referenced on the Website. By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026.

Who We Are

OBSERVE: The Website targets Australian users but is operated under an offshore online gambling structure. We must identify the corporate entities involved and provide reliable contact details.

EXPAND: The operational group includes a Curaçao-registered gambling operator and an EU-based payment processor. The Website itself is a geo-targeted version associated with Slots Gallery, presented under the domain slotsgallery-aussie.com.

REFLECT: Below we set out the relevant legal entities and contacts for privacy matters.

Operator and Corporate Structure

• Brand / Project Name: Slots Gallery, presented in Australia as Slots Gallery on the Website slotsgallery-aussie.com.
• Official Website: https://slotsgallery-aussie.com
• Operator Company: Hollycorn N.V., a private limited liability company (N.V.).
• Registration Number: 144359.
• Registered & Legal Address: Heelsumstraat 51, E-Commerce Park, Curaçao.
• Licensing: Hollycorn N.V. operates online gambling activities under sub-license no. 8048/JAZ2019-015 issued by Antillephone N.V., Curaçao, currently stated as valid to 31 December 2026.
• Payment Processing Partner: Libergos Ltd, located in Cyprus, acts as a payment processor; its details may appear on your bank statement.

Data Protection Contact

• Data Protection Responsible Person / Department: Data Protection Officer (DPO), Hollycorn N.V.
• Primary Email for Privacy & Support: [email protected]
• General Information Email: [email protected]
• Postal Contact (for privacy correspondence): Data Protection Officer, Hollycorn N.V., Heelsumstraat 51, E-Commerce Park, Curaçao.

If you have any questions about this Privacy Policy or our data handling practices, you may contact the DPO via the above email or postal address.

What Personal Data We Collect

OBSERVE: We collect data needed to provide gambling-related services and to operate an informational and transactional Website. This includes identification, technical, financial, and behavioural data.

EXPAND: Data categories must cover direct identifiers, device and usage data, payment - related information, marketing preferences, and information gathered via cookies and similar technologies.

REFLECT: We group the data we collect as follows.

Identity and Contact Data

• Full name, date of birth, and gender (where provided).
• Residential address, country of residence, and postcode (where provided).
• Email addresses (including those you use to register or subscribe to newsletters).
• Telephone number or mobile number (if you provide it for verification, support, or marketing purposes).
• Copies of identity documents for KYC/AML purposes (e.g., passport, driver licence, national ID, Medicare card where applicable, utility bills, bank statements).

Account and Usage Data

• Username, account ID, and password (stored in encrypted form).
• Account settings, language preferences, and time zone.
• Log-in and log-out times, session duration, and pages visited.
• Betting and gaming history (games played, stakes, wins/losses, frequency and duration of play).
• Interaction history with customer support (chat logs, email correspondence, complaint submissions).

Technical and Device Data

• IP address and approximate geolocation derived from IP.
• Device identifiers (e.g., device ID, operating system, browser type and version, screen resolution).
• Traffic data, including referral URLs, clickstream data, and access timestamps.
• Log files generated by our servers and security systems.

Payment and Financial Data

• Payment method details (e.g., partial card numbers, expiry date, cardholder name, wallet ID), processed via our payment partners such as Libergos Ltd or other acquiring institutions.
• Transaction history, including deposits, withdrawals, chargebacks, refunds, and associated currency.
• Verification data used to confirm payment ownership (e.g., redacted bank statements, screenshots of e-wallet interfaces).

Behavioural and Marketing Data

• Information about how you use our Website, games, and promotional offers.
• Click behaviour on banners, promotions, and links contained in emails or on-site.
• Marketing preferences, subscription status, and records of marketing consents or opt-outs.
• Segmentation and profiling data derived from your activity (e.g., player value segments, risk scores, bonus abuse indicators).

Cookies and Similar Technologies

• Session cookies to maintain your session and keep you logged in.
• Persistent cookies to remember your preferences and recognise returning users.
• Analytics cookies (e.g., for traffic measurement and Website performance analysis).
• Advertising and tracking cookies used to deliver personalised content or measure campaign performance, where permitted by law and your settings.
• Similar technologies such as web beacons, pixels, and local storage used for security, analytics, and marketing purposes.

Legal Basis for Processing

OBSERVE: The Website targets Australian users but operates from outside Australia under Curaçao law. We align our practices with general privacy principles similar to the EU GDPR while noting local Australian privacy expectations.

EXPAND: Our processing rests on several legal grounds: consent, contractual necessity, legal obligations (including KYC/AML), and legitimate interests such as fraud prevention and service improvement.

REFLECT: We explain these grounds so you understand why we process your data.

Consent

• We rely on your explicit consent when you:
  • Accept optional cookies or similar technologies for analytics and advertising (where consent is required).
  • Subscribe to marketing communications (email, SMS, or push notifications).
  • Provide additional optional information in surveys, feedback forms, or profiling questionnaires.
• You may withdraw your consent at any time as described in the "Your Rights" and "Cookies & Tracking Technologies" sections.

Contractual Necessity

• We process your personal data where it is necessary to:
  • Create and manage your player account.
  • Provide gaming and betting services, including access to games, bonuses, and promotions.
  • Process deposits and withdrawals.
  • Provide customer support and resolve account-related queries.
• Without this data, we may be unable to provide some or all of the services you request.

Compliance with Legal and Regulatory Obligations

• We process data to comply with applicable laws and regulatory requirements, including:
  • Know Your Customer (KYC) checks, identity verification, and age verification.
  • Anti-Money Laundering (AML) and counter-terrorist financing obligations.
  • Accounting, tax, and record-keeping requirements under Curaçao law and other relevant regimes.
  • Responding to law enforcement requests, court orders, or regulatory inquiries, including from authorities such as the Australian Communications and Media Authority (ACMA) where legally required.

Legitimate Interests

• We process your data where necessary for our legitimate interests, provided these are not overridden by your rights and interests, including to:
  • Maintain the security and integrity of our systems, prevent fraud and bonus abuse, and detect suspicious activities.
  • Protect our legal rights, pursue or defend legal claims, and manage complaints.
  • Improve and optimise the Website, user experience, and service offerings.
  • Perform non-intrusive analytics, reporting, and statistics about Website usage and performance.
• Where we rely on legitimate interests, we conduct balancing assessments to ensure your privacy is appropriately protected.

Purpose of Processing

OBSERVE: Personal data is processed for core operational purposes and ancillary activities such as marketing and analytics.

EXPAND: Each purpose corresponds to at least one legal basis and one or more data categories collected.

REFLECT: Below we specify the main purposes for which we use your personal data.

Providing and Managing Services

• To register and verify your account and eligibility to use gambling services.
• To operate games, process bets, calculate winnings, and credit or debit your balance.
• To process deposits, withdrawals, and refunds via our payment partners.
• To administer promotions, bonuses, tournaments, and loyalty schemes.

Customer Support and Communication

• To provide technical and customer support via email or other channels.
• To respond to enquiries, complaints, and dispute correspondence.
• To send important service messages such as changes to terms, account notifications, security alerts, or transaction confirmations.

Service Improvement and Analytics

• To analyse performance of the Website, games, and marketing campaigns.
• To understand how visitors use the Website and identify usability or technical issues.
• To develop new features, improve existing services, and tailor content to user preferences.

Marketing and Personalisation

• To send you promotional communications about products, services, and offers from Slots Gallery, subject to your preferences and applicable law.
• To personalise content, bonuses, and promotional messages based on your activity and profile segments.
• To conduct surveys, contests, and market research to better understand user needs.

Fraud Prevention, Security, and Compliance

• To verify identity and age and detect multiple accounts or self-exclusion circumvention.
• To monitor transactions and gameplay for signs of fraud, money laundering, or other unlawful activity.
• To secure our systems, prevent unauthorised access, and detect and respond to security incidents.
• To comply with our legal and regulatory obligations and cooperate with lawful requests from authorities.

Disclosure & Sharing

OBSERVE: We rely on third parties for payments, IT, and regulatory compliance. Data may also be shared with authorities in certain circumstances.

EXPAND: We must specify categories of recipients and circumstances in which data is shared, including cross-border transfers and marketing partners.

REFLECT: Sharing is limited to what is necessary and subject to appropriate safeguards.

Service Providers and Processors

• Payment Partners: Banks, card schemes, payment processors (including Libergos Ltd in Cyprus), e-wallet providers, and other financial institutions that process deposits, withdrawals, and chargebacks.
• IT and Infrastructure Providers: Hosting providers, cloud services, content delivery networks, and technical support vendors who assist in operating and maintaining the Website and related systems.
• Analytics and Security Providers: Companies that provide analytics tools, anti-fraud systems, identity verification services, and cybersecurity solutions.
• Customer Support Tools: Platforms used to manage customer queries, ticketing systems, and communication tools.

Group Companies and Affiliates

• Companies within the Hollycorn N.V. group structure, and related entities that support the operation and marketing of Slots Gallery brands.
• Business partners and affiliates involved in referring traffic or co-marketing arrangements, where necessary for tracking and settlement of affiliate commissions and, where applicable, for delivering personalised marketing (subject to consent requirements).

Regulators, Authorities, and Dispute Bodies

• Regulatory bodies in Curaçao, including Antillephone N.V., and other supervisory authorities overseeing our licence or services.
• Law enforcement agencies, courts, and governmental authorities, including Australian regulators such as the Australian Communications and Media Authority (ACMA), when required by applicable law, court order, or lawful request.
• Alternative dispute resolution providers or independent bodies handling player complaints, where you request or consent to such referral.

Advertising Networks and Third-Party Marketing

• Subject to your consent and local law, we may share limited data (e.g., hashed identifiers, general location, device data) with advertising networks and marketing partners to:
  • Deliver targeted advertisements about our services on third-party platforms.
  • Measure the effectiveness of advertising campaigns and user acquisition channels.
• You can manage your preferences as described in the "Cookies & Tracking Technologies" and "Your Rights" sections.

Corporate Transactions

• In the event of a merger, acquisition, reorganisation, sale of assets, or insolvency involving Hollycorn N.V. or the Slots Gallery brand, personal data may be transferred to prospective or actual purchasers and their advisers.
• In such cases, we will take steps to ensure your rights remain protected and that any new controller continues to handle your data in a manner consistent with this Privacy Policy.

International Transfers

OBSERVE: The data processing infrastructure is primarily located outside Australia, including in Curaçao, the European Economic Area (EEA), and possibly other jurisdictions.

EXPAND: We must explain that data may be transferred internationally and what safeguards are applied, referencing widely used mechanisms such as standard contractual clauses.

REFLECT: While not subject to EU jurisdiction for all users, we adopt internationally recognised safeguards where feasible.

Locations of Processing

• Data may be processed in:
  • Curaçao (primary place of registration and licensing of Hollycorn N.V.).
  • Cyprus and other EEA countries (e.g., where Libergos Ltd or other processors operate).
  • Other countries where our technical and support providers maintain infrastructure or staff (which may include the EEA, the United Kingdom, and other regions).
• Your data may thus be transferred from your country of residence (including Australia) to countries that may have different data protection laws.

Safeguards for International Transfers

• Where required by applicable law, we use appropriate safeguards for international transfers, which may include:
  • Standard Contractual Clauses (SCCs) or similar contractual instruments approved for international data transfers.
  • Contractual obligations requiring processors and partners to maintain adequate technical and organisational security measures.
  • Access controls that limit who can view or process your data, combined with encryption in transit and at rest.
• By using the Website, you acknowledge that your data may be transferred and processed in these jurisdictions, subject to the safeguards set out in this Privacy Policy.

Data Retention

OBSERVE: We must retain data long enough to meet legal, regulatory, and operational needs, but not longer than necessary.

EXPAND: Different data categories are subject to different retention periods, especially in relation to AML/KYC and dispute handling.

REFLECT: The retention approach balances compliance and user privacy.

General Retention Principles

• We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
• When determining retention periods, we consider:
  • The amount, nature, and sensitivity of the data.
  • The potential risk of harm arising from unauthorised use or disclosure.
  • The purposes for which we process the data and whether those purposes can be achieved by other means.
  • Applicable legal, regulatory, tax, accounting, and reporting requirements.

Indicative Retention Periods

• Account and Identity Data: Generally retained for the duration of your account and for up to five (5) years after account closure, to comply with AML, financial record-keeping, and dispute-handling obligations.
• Transaction and Payment Data: Maintained for at least five (5) years from the date of the relevant transaction, or longer if required by financial regulations or in connection with ongoing investigations or disputes.
• Gameplay and Behavioural Data: Typically retained for the duration of the account and for up to five (5) years after closure, to support responsible gambling analysis, dispute resolution, and anti-fraud measures.
• Marketing Data: Retained until you withdraw your consent or opt out from marketing, after which we may retain a limited record of your opt-out for up to three (3) years to ensure compliance with your preferences.
• Technical Logs and Security Data: Retained for a period that is typically between six (6) months and two (2) years, unless needed longer for security investigations or legal purposes.

Deletion and Anonymisation

• When data is no longer required, we will either delete it securely or anonymise it so that it can no longer be associated with you.
• We may retain anonymised or aggregated data indefinitely for statistical, research, and analytical purposes that do not identify you as an individual.
• Where you request erasure of your personal data, we will comply to the extent permitted by law and subject to any retention obligations we may have.

Your Rights

OBSERVE: Although the Website primarily targets Australian users, we aim to align our practices with robust international privacy standards inspired by the EU General Data Protection Regulation (GDPR). Certain references to Mexican privacy law in this template are not directly applicable to users of this Website but illustrate alignment with global privacy best practices.

EXPAND: You are entitled to a range of rights regarding your personal data, subject to applicable local laws and certain limitations.

REFLECT: We describe these rights and how you can exercise them, and we commit to appropriate response timeframes and cost-free handling.

Right of Access

• You may request confirmation as to whether we process your personal data and, where we do, obtain a copy of such data along with basic information about the processing.

Right to Rectification

• You may request correction of inaccurate personal data and completion of incomplete data. Where possible, you can update certain details directly via your account settings.

Right to Erasure

• You may request deletion of your personal data where:
  • The data is no longer necessary for the purposes for which it was collected.
  • You withdraw consent where consent was the sole basis for processing.
  • You have objected to processing and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.
• We may be unable to delete data that we must retain for legal, regulatory, or legitimate business reasons, such as AML obligations or pending disputes.

Right to Restrict Processing

• You may request that we restrict the processing of your data in certain circumstances, for example:
  • While we verify the accuracy of your data.
  • Where processing is unlawful and you oppose erasure.
  • Where we no longer need the data but you require it for legal claims.

Right to Object

• You may object to processing of your personal data based on our legitimate interests, including profiling, where you believe your fundamental rights and freedoms outweigh our interests.
• You have an absolute right to object to direct marketing, including profiling related to marketing. If you object, we will stop using your data for this purpose.

Right to Data Portability

• Where technically feasible and required by law, you may request to receive certain personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Withdraw Consent

• Where we rely on your consent to process your data, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.
• After withdrawal, we may continue to process your data if another legal basis applies (e.g., legal obligations or legitimate interests).

Procedures, Timeframes, and Cost

• To exercise any of the above rights, please contact us at [email protected] or by postal mail to the DPO address specified in the "Who We Are" section.
• We may need to verify your identity before responding to your request, to protect your account and personal data.
• We aim to respond to all legitimate requests within thirty (30) days of receipt. If your request is complex or we receive multiple requests, we may extend this period by a further sixty (60) days, informing you of the delay and the reasons.
• We will generally handle your request free of charge. However, we may charge a reasonable fee or refuse to act on a request that is manifestly unfounded or excessive (for example, repeated requests).

Cookies & Tracking Technologies

OBSERVE: The Website uses cookies and similar technologies to function, secure the service, and enhance user experience.

EXPAND: We distinguish between necessary and optional cookies and explain how you can control them.

REFLECT: Users should understand the impact of cookies and how to manage their preferences.

Types of Cookies We Use

• Strictly Necessary (Session) Cookies:
  • Required for core functions such as page navigation, login, and maintaining a secure session.
  • These are usually session cookies that expire when you close your browser.
• Functional (Persistent) Cookies:
  • Remember your preferences (e.g., language, region, layout choices).
  • May remain on your device for a set period or until deleted manually.
• Analytics Cookies:
  • Help us understand how visitors use the Website, which pages are most popular, and where errors occur.
  • The information is typically aggregated and used to improve Website performance and user experience.
• Advertising and Tracking Cookies:
  • Used to deliver relevant advertisements and measure the effectiveness of marketing campaigns.
  • May be placed by us or third-party advertising networks, subject to your consent and local legal requirements.

Managing Cookies

• Browser Settings: Most web browsers allow you to:
  • View which cookies are stored on your device.
  • Delete cookies individually or all at once.
  • Block or limit cookies from specific sites or all websites.
• In-Site Tools: Where available, we may provide an internal cookie management panel or banner enabling you to:
  • Accept or reject non-essential cookies.
  • Change your cookie preferences at any time.
• Consequences of Disabling Cookies: If you block or delete cookies, some features of the Website may not function correctly, and your user experience may be impaired (e.g., inability to remain logged in or use certain games).

Data Security

OBSERVE: Handling gambling and financial data requires robust security measures.

EXPAND: We implement layered technical and organisational controls aligned with recognised international standards.

REFLECT: While no system is entirely risk-free, we strive to protect your data against unauthorised access, alteration, disclosure, or destruction.

Technical Security Measures

• Encryption in Transit: Data transmitted between your device and our servers is protected by industry-standard Transport Layer Security (TLS) 1.2 or higher.
• Encryption at Rest: Sensitive personal and financial data is stored using strong encryption algorithms and secure key management practices.
• Access Controls: Access to personal data is restricted to authorised personnel who require it for their job duties and is governed by authentication and authorisation mechanisms.
• Network and System Security: Firewalls, intrusion detection and prevention systems, anti-malware protections, and regular patch management are used to safeguard infrastructure.

Organisational Security Measures

• Staff Training: Employees and contractors with access to personal data receive training on data protection, confidentiality, and secure handling practices.
• Policies and Procedures: Internal policies govern data access, retention, incident response, and acceptable use.
• Vendor Management: We select processors and service providers that can demonstrate appropriate security measures and data protection commitments.

Audits, Monitoring, and Incident Response

• We conduct regular internal reviews and, where appropriate, independent assessments of our security controls, taking into account recognised standards such as ISO/IEC 27001 and SOC 2, where applicable to our providers.
• Systems are monitored for suspicious activity, unauthorised access attempts, and performance anomalies.
• In the event of a security incident affecting your personal data, we will:
  • Take immediate steps to contain and investigate the incident.
  • Notify relevant supervisory authorities where required by law.
  • Inform affected users without undue delay where there is a significant risk to their rights or interests, providing guidance on protective steps they can take.

Complaints & Contacts

OBSERVE: Users must be able to raise concerns and complaints about privacy and data protection.

EXPAND: We provide multiple contact channels and outline an internal complaint-handling process, as well as escalation to public authorities.

REFLECT: Transparent complaint mechanisms support accountability and trust.

Contact Channels

• Email (Primary): [email protected] - for privacy enquiries, data subject requests, and general support.
• Email (General Info): [email protected]
• Postal Address: Data Protection Officer, Hollycorn N.V., Heelsumstraat 51, E-Commerce Park, Curaçao.

Internal Complaint Procedure

1. Submission: Send your complaint or enquiry via email or post, clearly stating that it concerns a privacy or data protection issue. Include your name, contact details, account ID (if any), and a detailed description of the concern.
2. Acknowledgement: We will acknowledge receipt of your complaint within seven (7) business days, where practicable.
3. Investigation: The DPO or designated privacy contact will review your complaint, gather relevant information, and, if necessary, contact you for clarification.
4. Response: We aim to provide a substantive response within thirty (30) days of receiving your complaint. If more time is needed due to complexity, we will inform you of the extension and expected timeline.
5. Resolution: We will explain the outcome of our investigation, any corrective actions taken, and your further options if you remain dissatisfied.

Escalation to Supervisory Authorities

• Australian Users: Although we operate from offshore jurisdictions, you may seek guidance or lodge a complaint with Australian authorities such as:
  • Office of the Australian Information Commissioner (OAIC)
    Website: https://www.oaic.gov.au
  • Australian Communications and Media Authority (ACMA) (for issues related to illegal offshore gambling services)
    Website: https://www.acma.gov.au/check-if-gambling-operator-legal
• Other Jurisdictions: If you are located outside Australia, you may also have the right to lodge a complaint with your local data protection authority, where applicable.

Updates

OBSERVE: Our services, regulatory environment, and internal practices evolve over time, necessitating updates to this Privacy Policy.

EXPAND: We implement notification procedures, version control, and advance notice for material changes wherever practicable.

REFLECT: Transparency about changes enables you to make informed decisions about continued use of the Website.

Policy Changes and Notifications

• We may update this Privacy Policy from time to time to reflect:
  • Changes in legal or regulatory requirements.
  • Adjustments to our services, technologies, or business structure.
  • Feedback from users, regulators, or industry developments.
• When we make material changes, we will take appropriate steps to notify you, which may include:
  • Posting a prominent notice on the Website.
  • Displaying banners or alerts within your account area (if applicable).
  • Sending email notifications to the address associated with your account.

Advance Notice and User Options

• Where a change would materially affect your rights or how we process your data, we will, wherever reasonably practicable, provide at least thirty (30) days' advance notice before the change takes effect.
• If you do not agree with the updated Privacy Policy, you may:
  • Adjust your privacy or marketing preferences, where possible.
  • Discontinue use of the Website and, if you hold an account, request account closure and, where applicable, exercise your data rights as described above.

Version Control

• This Privacy Policy is identified as version: v4.0-AU.
• Last updated: January 2026.
• On request, we may provide a summary ("changelog") of significant recent amendments compared to previous versions.