burger icon
Luckydreams Australia
Log In

Privacy Policy

This Privacy Policy explains how Luckydreams, operated via https://luckydreamsbet-au.com (the "Website"), collects, uses, discloses and protects your personal information. It applies to all Website visitors, registered players and any other individuals whose data we process in connection with our online casino and betting services tailored to users in Australia.

This Privacy Policy is effective as of 1 January 2026 and forms part of the terms governing your use of the Website. By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy.

Who We Are

Operator and legal entity. The Website is owned and operated by Dama N.V., a company registered under the laws of Curaçao and part of a multi-brand iGaming group.

  • Registered company name: Dama N.V.
  • Registration number: 152125
  • Registered address: Scharlooweg 39, Willemstad, Curaçao
  • Gaming licence: E-gaming licence No. 8048/JAZ2020-013 issued to Dama N.V. via Antillephone N.V., authorised by the Government of Curaçao (status subject to the ongoing Curaçao LOK reform and transition process).

For the purposes of this Privacy Policy, Dama N.V. acts as the controller of your personal data in connection with your use of Luckydreams via https://luckydreamsbet-au.com.

Contact for privacy matters

We have a dedicated data protection function responsible for privacy and data protection compliance.

  • Data protection contact: Data Protection Team, Dama N.V.
  • Postal address: Data Protection Team, Dama N.V., Scharlooweg 39, Willemstad, Curaçao
  • Online contact: via the customer support and/or contact forms available on the Website and in your account area

If specific email or telephone contact details for privacy queries are published in the "Contact Us" or "Privacy" sections of the Website, you may use those in addition to the above channels.

What Personal Data We Collect

Account and identity data

  • Identification data: full name, date of birth, gender (if provided), country of residence, address details.
  • Contact data: email address, mobile/telephone number, preferred language.
  • KYC / verification data: copies and details of identification documents (passport, ID card, driver's licence), proof of address (utility bill, bank statement), source-of-funds or source-of-wealth information, and any other documents you provide for Know Your Customer (KYC) and anti-money laundering (AML) checks.

Technical and usage data

  • Technical data: IP address, device identifiers, operating system, browser type and version, time zone, language settings, screen resolution, and similar technical information collected from your device.
  • Usage and log data: access dates and times, pages viewed, referring URLs, clicks, session duration, login/log-out timestamps, account settings changes, and error logs.

Payment and transactional data

  • Payment data: limited card details (such as card type and last four digits), e-wallet or payment account identifiers, PayID references, Neosurf voucher references, payment instructions and related metadata (we do not store full card numbers where this is handled by third-party payment processors).
  • Transaction data: deposits, withdrawals, bonuses claimed, chargebacks, reversals, account balances, and records required for accounting and AML purposes.

Behavioural and gambling data

  • Gameplay and betting history: games played, stakes, wins/losses, jackpots, tournament participation, session length and frequency of play.
  • Responsible gambling data: limits you set (deposit, loss, wager, time limits), self-exclusion details, reality checks, and any interactions relating to responsible gambling.
  • Profile and preference data: language preferences, favourite games, marketing and communication preferences.

Communications and support data

  • Customer support interactions: records of live chats, emails, messages submitted through contact forms or complaint portals (including third-party portals such as AskGamblers), call logs if calls are available, and follow-up actions.
  • Dispute and complaint data: information contained in complaints, dispute files, and related correspondence with regulators, ADR bodies or other third parties.

Cookies and similar technologies

  • Cookies: small text files stored on your device when you use the Website, including session cookies, persistent cookies and cookies set by third parties (for example, analytics or advertising partners).
  • Similar technologies: web beacons, tracking pixels, local storage, SDKs or similar technologies used to recognise your browser or device, remember your preferences, and analyse service performance.

For more detail on how we use cookies and how you can manage them, see the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

Although Luckydreams is operated from Curaçao and targets users in Australia on an offshore basis, we aim to align our data handling practices with internationally recognised standards such as the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR) and comparable frameworks. We process your personal data on the following legal bases (or their closest equivalents under applicable law):

  • Performance of a contract: We process your data where it is necessary to:
    • register and maintain your player account;
    • provide access to games, promotions and other services on the Website;
    • process deposits, withdrawals and payouts;
    • provide customer support and handle your requests; and
    • enforce our Terms and Conditions and other relevant policies.
  • Compliance with legal obligations: We must process certain data to comply with laws and regulatory requirements, including:
    • identity verification (KYC) and age verification;
    • anti-money laundering (AML), counter-terrorist financing (CTF) and fraud prevention obligations;
    • accounting, taxation and corporate record-keeping duties;
    • obligations arising from our Curaçao gaming licence and, where applicable, from requests by supervisory or enforcement authorities (for example, under Australian law enforcement or regulatory requests related to the Interactive Gambling Act 2001).
  • Legitimate interests: We process data where this is necessary for our legitimate business interests, provided that such interests are not overridden by your rights and freedoms. These interests include:
    • securing our systems and preventing abuse of the Website;
    • detecting and preventing fraud, bonus abuse and other prohibited activities;
    • performing internal analytics, reporting and service optimisation;
    • protecting our legal rights, including the establishment, exercise or defence of legal claims.
  • Consent: In certain circumstances we rely on your consent, for example:
    • sending electronic marketing communications that are not covered by another legal basis;
    • using certain optional cookies or similar technologies (for example, advertising cookies) where required;
    • sharing data with particular third-party partners for marketing or promotional purposes.
    You may withdraw your consent at any time, as described in the "Your Rights" and "Cookies & Tracking Technologies" sections.
  • Vital interests and protection of others: In rare situations, we may process data to protect your vital interests or the vital interests of others (for example, in relation to serious problem gambling or threats of self-harm) and to assist relevant authorities where legally permitted.

Purpose of Processing

Provision and operation of services

  • Account management: creating, verifying and administering your player account, including KYC checks, password management, and account settings.
  • Service delivery: enabling you to access games, tournaments, bonuses, loyalty programs and other features offered via Luckydreams.
  • Payments: processing deposits, withdrawals, refunds and payouts, and reconciling transactions with our payment partners.

Legal and regulatory compliance

  • KYC/AML/CTF: conducting identity, age, source-of-funds and risk assessments; monitoring transactions; and maintaining records to comply with AML/CTF and other regulatory obligations.
  • Responsible gambling: monitoring gameplay and limits, implementing account restrictions, and documenting responsible gambling interactions.
  • Regulatory and licence requirements: fulfilling conditions of our Curaçao licence and responding to lawful requests from regulators and law enforcement.

Security, fraud prevention and risk management

  • Security: protecting the integrity and security of our systems, networks and accounts.
  • Fraud and abuse prevention: detecting and preventing fraud, bonus abuse, collusion, money laundering, misuse of promotions, and other prohibited behaviours.
  • Incident management: investigating, documenting and resolving security incidents, breaches and technical issues.

Service improvement and analytics

  • Analytics: analysing aggregated and pseudonymised data to understand usage patterns, game performance and user behaviour.
  • Optimisation: improving the Website's layout, navigation, features, localisation for Australian players, and overall user experience.
  • Product development: developing new games, features and services based on player behaviour and feedback.

Marketing and communications

  • Direct marketing: sending emails, on-site messages, SMS or push notifications about promotions, bonuses and new features, where permitted by law and your preferences.
  • Personalisation: tailoring content, offers and recommendations based on your activity and preferences.
  • Service communications: notifying you of changes to our Terms and Conditions, this Privacy Policy, important account information or security alerts.

Disclosure & Sharing

We do not sell your personal data. We may share your data with carefully selected third parties for the purposes described in this Privacy Policy, subject to appropriate safeguards.

Service providers and business partners

  • Payment service providers: banks, card schemes, PayID processors, Neosurf and other payment intermediaries for processing deposits and withdrawals and preventing fraud.
  • Identity and KYC providers: third-party verification services used to authenticate identity, age, address and source-of-funds information.
  • IT and hosting providers: data centres, cloud infrastructure, content delivery networks and technical support providers.
  • Game providers: game studios and platform providers whose games are offered through the Website and who may need limited technical and transactional data for game delivery, fairness verification and compliance.
  • Analytics and performance tools: providers of analytics, error monitoring and performance optimisation services (using aggregated or pseudonymised data where possible).

Group entities, affiliates and marketing partners

  • Group entities: other entities within the Dama N.V. group, to the extent necessary for internal administration, compliance, risk management and reporting.
  • Affiliate partners: marketing affiliates that refer players to Luckydreams. We may share limited information (for example, conversion and revenue data) so they can verify referrals and performance.
  • Advertising networks and marketing platforms: where you have consented to marketing cookies or similar technologies, we may share pseudonymised identifiers with advertising partners for audience measurement and personalised advertising.

Regulators, authorities and dispute resolution bodies

  • Licensing and regulatory authorities: Antillephone N.V. and other Curaçao authorities responsible for supervising our licence, as well as law enforcement bodies and regulators in other jurisdictions where legally required (which may include Australian authorities such as the Australian Communications and Media Authority (ACMA) or other enforcement bodies).
  • Dispute resolution bodies: third-party mediation and complaint portals, such as AskGamblers (https://askgamblers.com/submit-complaint), where you choose to submit a complaint and consent to us sharing your case-related information.
  • Courts and legal advisers: lawyers, consultants, insurers and courts, to establish, exercise or defend legal claims or to respond to legal processes.

Corporate transactions

  • In connection with any merger, acquisition, restructuring, sale of assets or similar corporate transaction involving Dama N.V. or the Luckydreams brand, your data may be disclosed to prospective or actual buyers and their advisers, subject to confidentiality obligations and applicable law.

Whenever we share your data with third parties, we require them to process your data only as necessary for the relevant purpose, in accordance with applicable data protection laws and under appropriate confidentiality and security obligations.

International Transfers

Because Luckydreams is operated globally by Dama N.V. from Curaçao, your personal data may be transferred to, stored in, or accessed from countries outside your country of residence, including:

  • Curaçao: our main operational and licensing base.
  • European Economic Area (EEA) and other regions: where our service providers, game developers, IT vendors or group entities are located or store data.
  • Other third countries: where our partners (such as analytics providers or payment processors) operate data centres or support services.

These countries may have different data protection laws from those in Australia, the European Union or Mexico. Where we transfer personal data internationally, we implement appropriate safeguards, which may include:

  • contractual safeguards such as standard contractual clauses or equivalent model clauses approved under applicable data protection laws;
  • implementing technical safeguards (encryption, pseudonymisation) and strict access controls;
  • conducting risk assessments of cross-border transfers and limiting transfers to what is necessary for the relevant purpose;
  • requiring our service providers to comply with robust security and privacy standards, including ISO 27001 or SOC 2 aligned practices where relevant.

By using the Website, you acknowledge that your data may be processed in these countries as described, subject to the safeguards above and to applicable legal requirements (such as the Australian Privacy Principles on cross-border disclosure and comparable international standards).

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy or to comply with legal, regulatory, accounting or reporting obligations. Retention periods may vary depending on the type of data and the context of processing.

General retention guidelines

  • Account and identity data: retained for the duration of your account and thereafter typically for up to 5 years after account closure, unless a longer period is required for AML/CTF, regulatory or legal reasons.
  • KYC and AML records: retained for the period required by applicable AML/CTF regulations and Curaçao licensing conditions, which may be longer than 5 years after the end of the customer relationship or the relevant transaction.
  • Transaction and payment data: retained for at least the minimum period required by accounting, tax and AML laws (often between 5 and 10 years), and as necessary to handle disputes and chargebacks.
  • Gameplay and behavioural data: retained while your account is active and for a reasonable period afterward (typically up to 5 years) for responsible gambling, risk management and dispute resolution purposes, or as required by law.
  • Marketing data: retained until you opt out of marketing communications, withdraw your consent or close your account, and for a short period thereafter to record your opt-out status.
  • Technical logs and security data: retained for shorter periods, usually between a few months and 2 years, unless needed longer to investigate incidents or comply with legal obligations.

Deletion and anonymisation

  • When data is no longer required, we will either securely delete it or irreversibly anonymise it so that it can no longer be linked to you.
  • We may retain anonymised or aggregated data indefinitely for analytics, reporting and service improvement, provided it does not identify you personally.
  • In certain cases we may be unable to delete specific data because of legal obligations (for example, AML/CTF record-keeping), in which case we will restrict processing to storage and security only.

Your Rights

We aim to respect and facilitate data subject rights in a way that is substantially aligned with the GDPR (EU) and Mexican data protection law, in particular the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), even though our core operations are based in Curaçao and we target Australian players on an offshore basis. The availability and extent of these rights may depend on the laws applicable to you, but in general we provide the following rights, subject to legal limitations:

Key rights

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of such data, together with information about how we process it.
  • Right to rectification: to request correction of inaccurate or incomplete personal data. You may also update certain details directly in your account settings.
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where it is no longer necessary for the purposes collected, where you withdraw consent (and no other legal basis applies), or where the data was processed unlawfully. We may need to retain some data to comply with AML/CTF and other legal obligations or to defend legal claims.
  • Right to restriction of processing: to ask us to limit processing of your data in certain circumstances (for example, while we verify data accuracy or assess an objection).
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to opt out of direct marketing at any time.
  • Right to data portability: where applicable, to receive certain personal data you have provided to us in a structured, commonly used and machine-readable format and to request that we transmit it to another controller, where technically feasible.
  • Right to withdraw consent: where processing is based on your consent (for example, certain marketing or cookie uses), you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

How to exercise your rights

  1. Submit a request: You can exercise your rights by contacting us through the customer support channels or contact forms available on the Website, or by writing to the postal address provided in the "Who We Are" or "Complaints & Contacts" sections.
  2. Verify your identity: To protect your data, we may need to verify your identity before acting on your request, for example by requesting additional information or using existing KYC data.
  3. Response time: We endeavour to respond to your request within 30 days of receipt. If your request is particularly complex or we receive multiple requests, we may extend this period in accordance with applicable law, informing you of the extension and reasons.
  4. Costs: We will generally handle your request free of charge. However, where allowed by law, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (for example, repetitive requests).

Some rights may be restricted where necessary to comply with legal obligations (for example, AML/CTF laws requiring retention of specific records), protect the rights and freedoms of others, or safeguard legal claims.

Regulatory alignment and authorities

  • GDPR alignment: Our practices regarding transparency, legal bases, data minimisation, security and rights are designed to be broadly compatible with GDPR principles, even where GDPR does not apply directly.
  • Mexican law alignment: We recognise core rights under Mexican privacy regulations (including ARCO rights: Access, Rectification, Cancellation, Opposition) and aim to honour equivalent rights where applicable.
  • Supervisory authorities: In addition to contacting us, you may have the right to lodge a complaint with:
    • the competent EU supervisory authority in your habitual residence, place of work or place of the alleged infringement (if GDPR applies to you);
    • the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) in Mexico (https://www.inai.org.mx), if Mexican law applies to you; and/or
    • the Office of the Australian Information Commissioner (OAIC) (https://www.oaic.gov.au) in relation to privacy issues connected with Australia.

Cookies & Tracking Technologies

We use cookies and similar technologies to operate, secure and improve the Website and to personalise content and advertising, where permitted. Cookies may be set by us (first-party cookies) or by third parties (third-party cookies).

Types of cookies we use

  • Strictly necessary (session) cookies: essential for the operation of the Website and to enable core functions such as page navigation, login, gameplay, payment processing and security. These cookies are usually session-based and expire when you close your browser.
  • Functional (persistent) cookies: remember your choices and preferences (such as language, region, saved settings) and enhance your user experience. They may remain on your device for a defined period or until you delete them.
  • Analytics cookies: help us understand how visitors use the Website (for example, which pages are visited most often, error messages, performance metrics) so we can improve our services. Data collected is typically aggregated and may use pseudonymised identifiers.
  • Advertising and marketing cookies: used, where permitted and where you have consented if required, to deliver relevant advertising, limit the number of times you see an ad, measure campaign effectiveness, and personalise content. These may be set by us or our advertising partners.

Managing cookies

  • Browser settings: Most browsers allow you to block or delete cookies, or to alert you before a cookie is stored. Please consult your browser's help section or documentation for instructions.
  • In-site controls: Where available, you may use our cookie banner or internal cookie management tool to customise your cookie preferences, including opting out of non-essential cookies.
  • Effect of disabling cookies: If you disable or reject certain cookies, parts of the Website (particularly login or gameplay features) may not function properly.

Using the Website with your browser settings adjusted to accept cookies constitutes consent to our use of cookies as described in this Privacy Policy, to the extent such consent is required under applicable law.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, alteration, disclosure or destruction.

Technical measures

  • Encryption in transit: data transmitted between your browser and our servers is protected using Transport Layer Security (TLS) 1.2 or higher (commonly referred to as HTTPS), where supported.
  • Encryption at rest: sensitive data is stored using industry-standard encryption or hashing mechanisms, particularly for passwords and certain financial data, in line with best practices.
  • Access controls: access to personal data is restricted to authorised personnel and service providers on a need-to-know basis, using unique accounts, strong authentication and, where appropriate, multi-factor authentication.
  • Network and system security: firewalls, intrusion detection/prevention systems, anti-malware tools and security monitoring are used to protect our infrastructure.

Organisational measures

  • Policies and training: employees and contractors with access to personal data are subject to confidentiality obligations and receive training on data protection, security and responsible handling of player information.
  • Vendor management: we select service providers that demonstrate appropriate security standards (for example, alignment with ISO 27001 or SOC 2 principles where relevant) and we impose contractual obligations regarding security and confidentiality.
  • Data minimisation: we collect and retain only the data that is necessary for the purposes described in this Privacy Policy and implement measures to limit internal access.

Incident response

  • We maintain procedures for identifying, assessing and responding to suspected data breaches or security incidents.
  • Where required by applicable law, we will notify relevant authorities and affected individuals of a data breach without undue delay, providing information on the nature of the breach, potential consequences and steps taken or proposed to address it.

Despite our efforts, no system can be guaranteed as completely secure. You play an important role in keeping your data safe by maintaining the confidentiality of your login details, choosing strong passwords and immediately notifying us if you suspect unauthorised use of your account.

Complaints & Contacts

How to contact us

  • Data protection contact: Data Protection Team, Dama N.V.
  • Postal address: Dama N.V., Scharlooweg 39, Willemstad, Curaçao (please mark correspondence "Privacy / Data Protection").
  • Online contact: via the customer support and contact forms accessible on the Website, including logged-in account support tools.

For general account or gaming-related queries, please use the regular customer support channels indicated on the Website (such as live chat or on-site messaging).

Complaint procedure

  1. Internal resolution: If you have concerns about how we handle your personal data, please contact us first using the channels above. Provide as much detail as possible (your username, contact details and a clear description of the issue).
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable.
  3. Investigation and response: We will investigate your complaint and aim to provide a substantive response within 30 days. Where we cannot meet this timeframe due to complexity or volume, we will inform you of the delay and expected new timeframe.
  4. Further information: We may ask you for additional information or clarification to fully address your concerns.

External dispute and regulatory escalation

  • Alternative dispute resolution (ADR): For complaints related to our services that you also wish to raise through an external platform, you may use third-party portals such as AskGamblers at https://askgamblers.com/submit-complaint, which may facilitate communication between you and us. Using such services does not limit your legal rights.
  • Data protection authorities: If you are not satisfied with our response or believe your privacy rights have been violated, you may have the right to lodge a complaint with:
    • the Office of the Australian Information Commissioner (OAIC) for issues connected with Australia:
    • the competent EU data protection authority in your Member State of residence, place of work or place of the alleged infringement (if GDPR applies to you); and/or
    • the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) in Mexico (if Mexican law applies to you):
      • Website: https://www.inai.org.mx

We encourage you to contact us first so we can try to resolve your concerns directly and efficiently.

Updates

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, technologies, services, legal requirements or regulatory guidance (including developments in Australian law, Curaçao regulations and international standards such as GDPR and Mexican privacy law).

Notification of changes

  • On-site notification: The latest version of this Privacy Policy will always be available on the Website, with the effective date indicated at the top or bottom of the page.
  • Email and in-account notices: For material changes, we will endeavour to notify you in advance via email (where feasible) and/or through prominent notices in your account dashboard or on the Website (for example, banners or pop-ups).
  • Advance notice: Where required by law or where the change is material and affects your rights, we will provide at least 30 days' notice before the new version takes effect, unless an earlier change is necessary to comply with legal or regulatory demands.

Version control and changelog

  • Version identification: Each version of this Privacy Policy will include a "Last updated" date indicating when it came into effect.
  • Changelog: For significant changes, we may provide a summary of key modifications (for example, new data uses, new categories of recipients or changes to your rights) either within the Policy, in a separate changelog, or in the notification message.

Last updated: January 2026.

If you do not agree with an updated version of this Privacy Policy, you should stop using the Website and may request closure of your account. Continued use of the Website after the effective date of a new version will be taken as your acknowledgement of the updated Privacy Policy, to the extent permitted by applicable law.