burger icon
Joo Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how personal information is collected, used, stored, disclosed and protected when you use the online gambling services offered for Australian players under the brand Joo Casino via the website joo-au.com and related URLs and mirrors. It applies to all players, visitors and other individuals who access or interact with our website, mobile versions, games, promotions, customer support and payment services.

By creating an account, placing bets, contacting us or otherwise using the services, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal information as described here. This Privacy Policy is effective from 1 January 2026 and was last substantially reviewed in February 2026.

Who We Are

The online casino service branded as Joo Casino and made available through joo-au.com is operated by:

  • Data controller: Dama N.V., a public limited company incorporated under the laws of Curaçao.
  • Registered and operational address: Dama N.V., Scharlooweg 39, Willemstad, Curaçao.
  • Gaming licence: Dama N.V. operates Joo Casino under sub-licence number 8048/JAZ2020-013, issued by Antillephone N.V. and authorized by the Government of Curaçao.

For certain payment operations and risk management services, Dama N.V. is supported by its wholly-owned subsidiary:

  • Payment processor: Friolion Limited, Leandrou 12A, 3086 Limassol, Cyprus.
  • Role: Provision of payment processing and related services for Dama N.V. brands, including Joo Casino at joo-au.com.

Contact for privacy matters (Data Protection Officer / privacy team):

  • Email: [email protected]
  • Postal contact (primary): DPO, Dama N.V., Scharlooweg 39, Willemstad, Curaçao.
  • Website: https://joo-au.com

Although the service targets Australian players, it is operated and licensed offshore. Joo Casino is not licensed by Australian regulators. This Privacy Policy does not constitute a statement of compliance with Australian gambling law; it addresses primarily data protection and privacy practices.

What Personal Data We Collect

Identification and contact data

  • Basic account data: full name, date of birth, country of residence, address, email address, username, and password.
  • Contact details: telephone number, alternative email address (if provided), preferred language.
  • KYC/AML verification data: copies and details of government-issued identification documents (e.g. passport, driver licence), proof of address (e.g. utility bill, bank statement), and any additional documents required under anti-money-laundering (AML) and responsible gambling rules.

Technical and usage data

  • Device and network data: IP address, device identifiers, operating system, browser type and version, screen resolution, time zone, approximate location derived from IP, and similar technical attributes.
  • Log information: login and logout timestamps, session duration, failed login attempts, changes to account details, security logs and system error logs.
  • Cookies and similar technologies: unique cookie IDs, session identifiers, tracking pixels and tags as further detailed in the "Cookies & Tracking Technologies" section.

Payment and financial data

  • Payment details: limited card or account identifiers (e.g. masked card numbers, IBAN segments), payment method type, crypto wallet details or transaction hashes (for crypto payments), and other information needed to process deposits and withdrawals.
  • Transaction history: records of deposits, withdrawals, bonuses, chargebacks, payment failures, and related financial operations, including currency (e.g. AUD) and payment provider used.

Behavioral and profile data

  • Gaming and betting data: game sessions, bets placed, wins and losses, jackpots, wagering requirements, game preferences, time spent playing and responsible gambling limits set by you.
  • Interaction data: clicks, pages visited, time spent on pages, navigation paths, response to promotions, and communication preferences.
  • Derived or inferred data: risk scores for AML and fraud detection, segmentation for marketing (where permitted), and responsible gambling profiles derived from your activity.

Communication and support data

  • Customer support records: chat transcripts, email correspondence, complaint submissions, call logs (if any), and internal notes prepared by our support staff.
  • Marketing communications: your subscription status and responses to marketing emails, in-site messages and push notifications.

Sensitive and special category data

We generally do not intentionally collect sensitive personal data (such as health information) about you. However, information about problem gambling or self-exclusion that you voluntarily provide may be processed to comply with responsible gambling obligations and to protect you from gambling-related harm.

Legal Basis for Processing

Because Joo Casino serves players in multiple jurisdictions and is operated from Curaçao with payment processing in the EU (Cyprus), we apply European Union General Data Protection Regulation (GDPR)-aligned standards, while also taking into account applicable Australian privacy principles and Mexican data protection regulations where relevant. Depending on the specific processing activity, we rely on the following legal bases:

  • Performance of a contract: We process your personal data when it is necessary to:
    • create and manage your player account;
    • verify your age and identity to allow you to play;
    • provide games, process deposits and withdrawals, and credit winnings;
    • provide customer support and handle your requests or complaints.
  • Compliance with legal obligations: We are required by AML, counter-terrorist financing, fraud prevention and responsible gambling laws and regulations (including those of Curaçao and, where applicable, EU member states and Mexico) to:
    • conduct KYC and age verification checks;
    • monitor and report suspicious transactions;
    • retain certain records for minimum statutory periods;
    • implement self-exclusion and player protection measures.
  • Legitimate interests: Where our interests are not overridden by your rights and freedoms, we process data to:
    • secure our systems and prevent abuse, fraud, money laundering or bonus misuse;
    • ensure the integrity and fairness of games and platform;
    • perform analytics, reporting and service optimisation;
    • defend our legal rights and handle potential disputes.
  • Consent: In some cases we rely on your explicit consent, for example:
    • sending promotional emails, SMS or push notifications not strictly necessary for service delivery;
    • placing or reading non-essential cookies for analytics or advertising;
    • processing particular categories of information you voluntarily disclose (e.g. information about problem gambling) beyond what is required by law.

    You may withdraw consent at any time as described in the "Your Rights" section, without affecting the lawfulness of processing based on consent before withdrawal.

Purpose of Processing

Service provision and account administration

  • Operating the casino: to allow you to register, log in, deposit, play games, participate in promotions, withdraw winnings and manage your account settings on joo-au.com.
  • Verification and compliance: to verify your identity, age and eligibility, and to comply with KYC/AML and responsible gambling requirements imposed by our Curaçao licence and other applicable regulations.
  • Customer support: to respond to your questions, handle complaints and provide technical assistance.

Service improvement and analytics

  • Usage analysis: to understand how players use our website and games, identify technical issues, improve user experience, and optimise game selection, site layout and functionalities.
  • Performance and security monitoring: to monitor system performance, detect anomalies, prevent cheating, and protect the integrity of our services.

Marketing and personalisation

  • Promotional communications: to send newsletters, bonus offers, tournament invitations and other marketing materials, in accordance with your preferences and applicable consent requirements.
  • Personalised content: to tailor promotions, bonuses and game recommendations based on your activity, if permitted under applicable law and subject to your right to object.

Fraud prevention, security and legal protection

  • Risk and fraud management: to detect and prevent fraud, money laundering, abuse of bonuses, account takeover and other illegal or suspicious activities.
  • Legal claims and compliance: to establish, exercise or defend legal claims, respond to lawful requests from regulators or law enforcement, and enforce our Terms and Conditions.

Regulatory and statistical reporting

  • Regulatory reporting: to comply with reporting requirements of our licensing authority in Curaçao and, where applicable, requirements under EU and Mexican data protection frameworks.
  • Aggregated statistics: to produce non-identifiable, aggregated statistics on player behaviour, revenues and game performance for internal management and regulatory purposes.

Disclosure & Sharing

We do not sell your personal data. We may, however, share your information with third parties under strict conditions and only for the purposes described in this Privacy Policy.

Service providers and processors

  • Payment providers and banks: financial institutions, card schemes, crypto payment gateways and other payment processors (including Friolion Limited in Cyprus) that process deposits, withdrawals and related financial operations.
  • Gaming and platform providers: software and platform providers (including those whose systems are certified by independent laboratories such as iTech Labs or GLI) that supply the games and technical infrastructure.
  • IT and security vendors: hosting providers, cloud infrastructure, security monitoring and anti-fraud tools, email delivery providers, analytics and customer support platforms.

Regulators, authorities and dispute bodies

  • Licensing and regulatory authorities: Curaçao licensing and supervisory bodies (such as Antillephone N.V. and the Curaçao Gaming Control Board) and, where applicable, data protection authorities in the EU and Mexico.
  • Law enforcement agencies: when required by applicable law or when necessary to protect our rights, players' safety or the public interest.
  • Alternative dispute resolution bodies: selected ADR or mediation providers engaged to handle player complaints or disputes, where applicable.

Affiliates and business partners

  • Group entities: other companies within the Dama N.V. group that support operations, risk management, compliance and internal reporting.
  • Affiliates and marketing partners: carefully selected partners who promote Joo Casino and joo-au.com, but only where this is compatible with your consent and applicable marketing laws.

Corporate transactions

  • Business transfers: in the event of a merger, acquisition, reorganisation, sale of assets or insolvency, your data may be transferred to the acquiring or successor entity, subject to continued protection consistent with this Privacy Policy.

Whenever we share data with third parties acting as our processors, we require them by contract to keep the data confidential, to use it only for specified purposes and to implement appropriate technical and organisational security measures.

International Transfers

Because Joo Casino is operated internationally, your personal data may be transferred to and processed in countries other than the country in which you reside, including:

  • Curaçao: where Dama N.V. is established and where core operational and compliance functions are based.
  • Cyprus and other EU/EEA countries: where Friolion Limited and certain technology or payment providers are located.
  • Other jurisdictions (including the United States or Mexico): where some of our service providers (e.g. cloud, email, analytics or marketing services) may have their servers or corporate headquarters.

These countries may have data protection laws that differ from those in your country (including Australia). Where data is transferred from the European Economic Area (EEA) or from jurisdictions applying similar rules, we implement appropriate safeguards, such as:

  • standard contractual clauses approved by the European Commission or other recognised transfer mechanisms;
  • transfer to providers located in countries with an adequacy decision, or participating in recognised frameworks (such as the EU - US Data Privacy Framework, where applicable);
  • contractual obligations requiring recipients to protect your data to a standard substantially similar to GDPR and other applicable laws.

By using joo-au.com, you understand that your personal data will be transferred to Curaçao, Cyprus and other jurisdictions as described above. For Australian residents, please note that once your information is transferred offshore, foreign laws may govern access to that information, and overseas recipients may not be subject to the Australian Privacy Principles.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, AML and reporting requirements. Retention periods may vary depending on the type of data and applicable laws.

General retention periods

  • Account and identification data: typically retained for the duration of your account and for up to 5 years after account closure or your last transaction, unless a longer period (up to 7 years) is required by AML or other legal obligations.
  • KYC/AML documents: copies of identity documents, proof of address and related verification records are retained for at least 5 years after the end of the business relationship or as required by applicable AML rules.
  • Payment and transaction records: retained for at least 5 years after the relevant transaction or account closure, to comply with financial and AML regulations and for audit purposes.
  • Gaming and behavioural data: detailed logs are retained while necessary for security, responsible gambling and dispute resolution, generally up to 5 years after activity, and may then be anonymised.
  • Marketing data: information about your marketing preferences is retained until you opt out or withdraw consent, and for a short period afterwards to demonstrate compliance.
  • Customer support and complaint records: retained for the duration of the issue and for at least 3 - 5 years afterwards to resolve disputes and meet legal requirements.

Deletion and anonymisation

  • Deletion upon request: where you validly exercise your right to erasure and no overriding legal basis applies, we will delete or anonymise your personal data without undue delay.
  • Automatic deletion: we periodically review our databases and securely delete or anonymise data that is no longer needed for any lawful purpose.
  • Back-ups: some data may remain in secure back-up copies for a limited additional period, after which it is overwritten or destroyed in the normal course of business.

Your Rights

We strive to align our practices with the EU General Data Protection Regulation (GDPR), relevant Mexican data protection law (notably the Federal Law on Protection of Personal Data Held by Private Parties - LFPDPPP) and, where applicable, Australian privacy requirements. Depending on your location and applicable law, you may have some or all of the following rights:

Access, rectification and portability

  • Right of access: to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of your data and information about the processing.
  • Right to rectification: to have inaccurate or incomplete personal data corrected or updated.
  • Right to data portability (GDPR / similar regimes): to receive certain personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible.

Erasure, cancellation and restriction

  • Right to erasure ("right to be forgotten"): to request deletion of your personal data where it is no longer necessary, where you have withdrawn consent and there is no other legal basis, or where processing is unlawful. We may retain data where required by law (for example, AML record-keeping obligations).
  • Right to cancellation (Mexican ARCO right): under Mexican law, a form of deletion right requiring us to stop processing and remove data when appropriate legal grounds exist.
  • Right to restriction: to request that we limit the processing of your data in specific circumstances (e.g. while the accuracy of the data is being verified or a legal claim is being evaluated).

Objection and opposition to processing

  • Right to object (GDPR) / right to opposition (Mexico): to object to the processing of your data based on legitimate interests, including profiling, and to object at any time to processing for direct marketing purposes. We will then stop such processing unless we demonstrate compelling legitimate grounds or legal obligations to continue.

Consent management and marketing

  • Withdrawal of consent: where processing is based on your consent (for example, receiving promotional emails), you may withdraw consent at any time via your account settings, by following the unsubscribe link in emails, or by contacting us.
  • Marketing opt-out: you may opt out of direct marketing communications at any time. We will continue to send service-related communications that are necessary to perform our contract with you (e.g. transactional emails, important account notices).

How to exercise your rights

  1. Submit your request: Contact us by email at [email protected] from the email associated with your account, or via any dedicated privacy form available on joo-au.com.
  2. Verify your identity: We may ask for additional information to verify your identity (for example, confirming certain account details or providing identification), especially for access and portability requests.
  3. Response timeframe: We aim to respond within 30 days of receiving your request. In complex cases or where we receive multiple requests, we may extend this period by up to an additional 30 days, and will inform you of the extension and reasons.
  4. Fees: Requests are handled free of charge. However, where requests are manifestly unfounded or excessive, especially due to their repetitive character, we may charge a reasonable fee or refuse to act on the request, in line with applicable law.

Some rights may be limited where we must retain data to comply with legal obligations (especially AML/CTF rules) or to establish, exercise or defend legal claims.

Cookies & Tracking Technologies

We use cookies and similar technologies on joo-au.com to ensure the website functions properly, to improve your experience and, where permitted, to support analytics and marketing.

Types of cookies we use

  • Strictly necessary cookies (session and persistent): required for core functions such as logging in, maintaining your session, enabling security features and processing payments. These cookies are essential and cannot be disabled via our cookie tools.
  • Functional cookies: used to remember your preferences, such as language, region and display settings, and to provide enhanced features.
  • Analytics cookies: first-party or third-party cookies (e.g. web analytics services) that collect aggregated information about how visitors use our site, helping us to understand usage patterns and improve performance.
  • Advertising and tracking cookies: cookies and tracking pixels that may be placed by us or third-party advertising networks to deliver relevant advertisements, measure campaign effectiveness and limit the number of times you see an ad. These are used only where allowed by law and subject to your consent.

Managing cookies

  • Browser settings: most web browsers allow you to manage or delete cookies, and to configure your browser to refuse cookies. Please note that blocking strictly necessary cookies may impact the functionality of joo-au.com.
  • Site-level controls: where available, you may use our cookie banner or preference centre to manage categories of cookies (e.g. analytics, advertising) and to withdraw consent at any time.
  • Third-party opt-outs: for some third-party analytics or advertising providers, additional opt-out options may be available through their own tools or industry schemes.

Data Security

We implement technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

Technical safeguards

  • Encryption in transit and at rest: data transmitted between your device and our servers is protected using TLS 1.2 or higher. Sensitive data is stored using strong encryption and hashing techniques where appropriate.
  • Access controls: access to personal data is restricted on a need-to-know basis and is protected through authentication mechanisms, including strong passwords and, where implemented, multi-factor authentication for administrative accounts.
  • Network and system security: firewalls, intrusion detection and prevention systems, anti-malware tools and regular vulnerability scanning help protect our infrastructure.

Organisational safeguards

  • Policies and training: internal data protection and security policies govern how staff handle personal data. Employees and contractors receive training on privacy, security and responsible handling of player information.
  • Vendor due diligence: we select third-party processors with appropriate security standards and, where relevant, rely on providers whose platforms have been independently audited (for example, platform-level certifications or audits such as ISO 27001- or SOC 2-aligned controls at key suppliers).
  • Access logging and monitoring: administrative access and critical operations are logged and monitored to detect suspicious activity.

Incident response

  • Detection and containment: we maintain procedures for detecting, investigating and responding to potential data breaches or security incidents.
  • Notification: where required by law, we will notify the relevant supervisory authorities and affected individuals without undue delay if a personal data breach is likely to result in a high risk to your rights and freedoms.

While we take reasonable measures to protect your data, no system can be guaranteed to be completely secure. You are responsible for keeping your password and account credentials confidential and for using adequate security on your own devices.

Complaints & Contacts

Contacting us

If you have any questions, concerns or complaints about this Privacy Policy or our data processing practices, you can contact us using the following channels:

  • Data Protection Officer / Privacy team email: [email protected]
  • Postal address: Data Protection Officer, Dama N.V., Scharlooweg 39, Willemstad, Curaçao.
  • Website: contact forms or live chat (where available) on https://joo-au.com.

Internal complaint procedure

  1. Submit your complaint: send us a detailed description of your privacy concern, including relevant dates, account details and any supporting documentation.
  2. Acknowledgement: we will acknowledge receipt of your complaint as soon as reasonably practicable, typically within 5 business days.
  3. Investigation: our privacy team will investigate your complaint, which may include reviewing system logs, contacting our service providers or requesting further information from you.
  4. Response: we aim to provide a substantive response within 30 days of receiving your complaint or, if that is not possible, to inform you of the reasons for the delay and the expected timeframe for resolution.

Escalation to supervisory authorities

If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority. Depending on your location and the applicable law, this may include:

  • European Union (for processing involving Friolion Limited or EU-based services):
    • Office of the Commissioner for Personal Data Protection (Cyprus)
    • Website: https://www.dataprotection.gov.cy
    • Email: [email protected]
  • Mexico (for individuals protected under Mexican data protection law):
    • National Institute for Transparency, Access to Information and Personal Data Protection (INAI)
    • Website: https://www.inai.org.mx
  • Australia (for privacy concerns related to Australian residents):

You may also be able to lodge a complaint with another supervisory authority in the EU or your country of residence where GDPR or similar legislation applies.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors.

How we notify you of changes

  • Website publication: the latest version of the Privacy Policy will always be available on joo-au.com. We will indicate the date of the last update at the top or bottom of the document.
  • Email notifications: for material changes that significantly affect your rights or the way we process your data, we will notify you by email (where feasible) using the address associated with your account.
  • On-site notices: we may display banners or notifications in your account area or on the website to highlight important updates.

Effective date and advance notice

  • Advance notice: for significant changes, we will, where practicable, provide at least 30 days' notice before the updated Policy takes effect, so that you can review the changes.
  • Your options: if you do not agree with the updated Privacy Policy, you may choose to stop using the services and request account closure. Continued use of joo-au.com after the effective date of the updated Policy will constitute your acceptance of the changes.

Last updated: February 2026

Summary of recent material changes:

  • Clarified international data transfer mechanisms and references to EU - US Data Privacy Framework where applicable.
  • Expanded explanation of user rights, including Mexican ARCO rights and enhanced details for Australian players.
  • Updated security and retention sections to reflect current practices and extended retention references through 2026.