Privacy Policy

This Privacy Policy explains how Ethereum Casino, operated via the website https://ethereum-au.com (the "Site"), collects, uses, discloses and protects personal information of players and other visitors. It applies to all individuals who access or use the Site or our online gambling services, whether they register an account, place bets, or simply browse. By using the Site, you agree to the terms of this Privacy Policy, as amended from time to time. This Privacy Policy is effective as of 1 January 2026.

Who We Are

OBSERVE: The available profile data indicates that Ethereum Casino targets Australian players and operates under or in connection with a Curaçao eGaming master licence 8048/JAZ (Antillephone N.V.), but the specific operating company name, legal address, and registration number are not specified.

EXPAND: For a compliant and transparent privacy notice, we must (a) identify the operator as clearly as the data allows, (b) explain the licensing and regulatory context, and (c) provide functional contact details for privacy queries and complaints, including an email contact and postal channel where possible. We must also clarify that some contacts (e.g., Curaçao eGaming complaint email) are external supervisory/complaint channels, not internal data controllers.

REFLECT: On this basis, we present the controller and contact information in a way that is truthful, non-misleading, and clearly flags any uncertainty pending on-site confirmation.

Data Controller / Operator

The primary entity responsible for determining the purposes and means of processing your personal information in relation to Ethereum Casino and the Site is:

Trading name: Ethereum Casino (operating the project Ethereum Casino via https://ethereum-au.com)
Licensing framework: Online gambling services are operated under a Curaçao eGaming master licence 8048/JAZ issued to Antillephone N.V., with a sublicense held by the underlying operator (specific sublicense number to be confirmed in the Site footer).
Registered office / legal address: Not specified in the available data. The precise legal entity name and address of the operator will be displayed in the footer or "About" section of https://ethereum-au.com. Where there is a discrepancy between this Privacy Policy and the details shown on the Site, the Site details prevail.

Data Protection & Privacy Contact

Ethereum Casino has appointed an internal privacy contact (Data Protection Officer or equivalent function) responsible for handling questions and requests about this Privacy Policy and your personal information.

Privacy contact / DPO email: [email protected] (designated address for privacy and data protection matters)
Website: https://ethereum-au.com
Postal contact: "Privacy Officer, Ethereum Casino (Ethereum Casino), Legal Department" - full mailing address as stated on the Site's "Contact" or "Terms" page. If no address is given, communication should initially be by email.

External complaints contact (licensing context)

Curaçao eGaming / Antillephone N.V. complaints email (generic): [email protected] - this is not the internal Ethereum Casino privacy contact but may be used for licensing-related complaints about the gambling service.
Licence validator: https://validator.antillephone.com - consult the Site footer for a direct validation link matching Ethereum Casino's specific sublicense.

What Personal Data We Collect

OBSERVE: Online casinos typically collect identification data, contact details, KYC/AML documentation, transactional/payment data, technical identifiers, behavioural data, and information generated via cookies or similar technologies.

EXPAND: For Australian-targeted operations under a Curaçao licence, data categories must reflect gambling, anti-fraud, and marketing practices, while remaining proportionate and lawful. We must explain categories, give non-exhaustive examples, and distinguish data you provide from data we generate or obtain from third parties.

REFLECT: The following categories summarise what Ethereum Casino may collect when you use ethereum-au.com or our services.

1. Identification and Contact Data

Account data: Full name, username, password (stored in hashed form), date of birth, gender (where provided), country of residence.
Contact details: Email address, telephone number, postal address (where required), preferred language, communication preferences.
Verification data (KYC/AML): Copies or details of identity documents (e.g., passport, ID card, driver licence), proof of address (utility bill, bank statement), and any information we are legally required to collect to verify your identity and age.

2. Technical and Device Data

Device identifiers: IP address, device type, operating system, browser type and settings, device language, approximate geolocation derived from IP.
Log data: Access dates and times, pages viewed, referral URLs, clickstream data, login history, failed login attempts, session duration.
Security data: Data collected for security and fraud prevention such as device fingerprints, risk scores, multi-factor authentication data, and internal tokens.

3. Payment and Financial Data

Transaction data: Deposits, bets, wins, losses, withdrawals, bonuses, bonus wagering progress, and account balances.
Payment method data: For fiat, details relating to payment instruments (e.g., masked card numbers, issuing bank, e-wallet account ID); for cryptocurrency, wallet addresses, transaction hashes, and related blockchain metadata to the extent linked with your account.
AML/CTF data: Information collected to comply with anti-money laundering and counter-terrorism financing obligations (e.g., source of funds/wealth declarations, enhanced due diligence notes, screening results against sanctions and politically exposed person (PEP) lists).

4. Behavioural and Usage Data

Gaming behaviour: Game preferences, session lengths, betting patterns, stake sizes, game outcomes, interaction with bonuses and promotions.
Site interaction: Clicks, navigation paths, in-page actions, scrolls and interactions with specific features (e.g., search filters, responsible gambling tools).
Marketing interaction: Records of consents, newsletter subscriptions, open and click-through rates in emails, responses to surveys or promotional offers.

5. Cookies and Similar Technologies

Cookies: Small text files stored on your device to remember your settings, authenticate sessions, and measure site performance.
Similar technologies: Web beacons, pixels, tags, SDKs, and local storage used for analytics, fraud detection, and personalised content or advertising where permitted.
Cookie data: Unique cookie IDs, timestamps, referring/exit pages, and aggregated statistics. More detail is provided in the "Cookies & Tracking Technologies" section.

6. Communication Data

Support communications: Records of emails, live chat transcripts, complaint submissions, call recordings (where applicable and permitted by law), and internal notes.
Feedback and surveys: Content of ratings, reviews, or survey responses you provide about our services.

Legal Basis for Processing

OBSERVE: While Ethereum Casino appears to operate under Curaçao licensing and targets Australian users, privacy standards are guided by global norms (e.g., GDPR-like transparency), Australian privacy expectations, and sector-specific obligations (KYC/AML, responsible gambling).

EXPAND: We must specify the legal bases or equivalent justification categories on which we process personal data: contract necessity, consent, legitimate interests, and legal obligations. Some activities (e.g., KYC) are mandatory, whereas marketing requires consent or clear opt-out mechanisms.

REFLECT: The following legal grounds apply depending on the context and the nature of the data and processing.

1. Performance of a Contract

Purpose: To create and manage your Ethereum Casino account, provide access to games, process deposits and withdrawals, settle bets, credit bonuses, and deliver customer support.
Scope: Identification data, contact details, transactional and gameplay data, technical data used to provide and maintain the service.
Consequence of refusal: If you do not provide data that is necessary for account creation or service provision, we may be unable to open or maintain your account or provide gambling services.

2. Compliance with Legal and Regulatory Obligations

Purpose: To comply with applicable laws and regulations, including but not limited to:
- Anti-money laundering (AML) and counter-terrorism financing (CTF) rules;
- Know-your-customer (KYC) and age verification requirements;
- Accounting, tax, and reporting obligations;
- Record-keeping requirements imposed by gaming regulators or other authorities.
Scope: KYC documents, transaction data, AML/CTF and sanctions screening data, account and communication records.
Consequence of refusal: If you do not provide data required by law or regulatory conditions, we must suspend or close your account and/or block transactions.

3. Legitimate Interests

Purpose: To pursue our legitimate business interests, provided these are not overridden by your rights and interests. These interests include:
- Maintaining the security and integrity of our Site and systems;
- Preventing fraud, abuse, and problem gambling behaviours;
- Performing internal analytics and business intelligence to improve games and features;
- Defending and exercising legal claims and managing disputes;
- Ensuring continuity of service, risk management, and internal governance.
Scope: Technical and device data, behavioural data, communications data, limited profiling for risk and security assessment.
Safeguards: We apply appropriate technical and organisational measures, conduct proportionality assessments, and provide you with mechanisms to object where applicable.

4. Consent

Purpose: To conduct activities that are not strictly necessary for providing the services or complying with legal obligations, such as:
- Sending marketing communications by email, SMS, push notifications, or in-account messages;
- Using certain cookies or tracking technologies for advertising or advanced personalisation;
- Participating in surveys or promotional campaigns that involve additional data processing.
Scope: Contact details, marketing preferences, device and behavioural data used for personalised offers.
Your choices: Where required by law, we will ask for your explicit consent and allow you to withdraw it at any time via your account settings, unsubscribe links, or by contacting us. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

Purpose of Processing

OBSERVE: Online casinos use personal data to operate accounts, run games, process payments, fulfil legal duties, market services, analyse performance, and combat fraud.

EXPAND: For Ethereum Casino, we must clearly tie each purpose to the relevant data categories and legal basis, while clarifying that data may support multiple purposes simultaneously (e.g., transaction data for both accounting and AML).

REFLECT: We use your personal information for the following main purposes.

1. Providing and Managing Our Services

Registering and verifying your account, including age and identity checks.
Enabling you to deposit funds, place bets, participate in games, and withdraw winnings.
Operating bonuses, loyalty and VIP programs, and other promotions.
Providing customer support, including troubleshooting, responding to queries, and processing complaints.

2. Compliance, Risk Management and Responsible Gambling

Meeting KYC/AML/CTF and other regulatory obligations under relevant gambling and financial regulations.
Detecting and preventing fraudulent activities, account takeovers, chargebacks, abuse of bonuses, and other prohibited conduct.
Monitoring for indicators of problem or at-risk gambling and implementing responsible gambling tools, such as deposit limits, time-outs, and self-exclusion, where available.
Maintaining audit trails and evidential records for compliance and legal defence.

3. Improving and Developing Our Services

Analysing how players use our Site, games, and features to improve performance, design, and user experience.
Testing new functionalities and services, including A/B testing and feature rollouts.
Aggregating and anonymising data to create statistical reports and business intelligence.

4. Marketing and Personalisation

Sending newsletters and promotional communications about games, tournaments, bonuses, and special offers, subject to your consent or applicable legal permissions.
Customising on-site content, recommendations, and offers based on your preferences and gameplay behaviour, where legally permitted.
Measuring the effectiveness of campaigns and optimising our marketing strategies.

5. Security, Integrity and Legal Protection

Protecting the security of our IT infrastructure, preventing cyber-attacks and unauthorised access.
Investigating and resolving disputes or legal claims involving users, partners, or authorities.
Enforcing our Terms and Conditions and other applicable policies.

Disclosure & Sharing

OBSERVE: To operate, Ethereum Casino necessarily shares some personal data with payment providers, technical and analytics suppliers, regulatory bodies, and partners.

EXPAND: We must list categories of recipients, explain why sharing occurs, distinguish processors from independent controllers, and note that some disclosures are mandatory (e.g., regulators), while some require consent (e.g., marketing networks).

REFLECT: Ethereum Casino discloses or makes personal data available solely as described below, subject to appropriate contractual and security safeguards.

1. Payment and Financial Service Providers

Banks, card schemes, e-wallet providers, cryptocurrency payment processors, and other financial intermediaries that process deposits, withdrawals, and refunds.
These entities typically act as independent controllers, applying their own privacy policies. We share only the data necessary to process your transactions and comply with AML/CTF and fraud-prevention obligations.

2. Technical, Hosting and Security Service Providers

Cloud hosting providers, content delivery networks (CDNs), IT service providers, gaming platform providers, and security/anti-fraud vendors.
These providers generally act as data processors and may access data only under our documented instructions and subject to strict confidentiality and security obligations.

3. Analytics, Advertising and Marketing Partners

Analytics platforms used to understand Site usage and improve our services, typically via aggregated or pseudonymised data.
Marketing and advertising networks that assist in delivering targeted or interest-based advertising, where such processing is permitted and (where required) based on your consent for cookies and marketing.

4. Corporate Affiliates and Business Partners

Entities that are under common ownership or control with the operator, for internal administrative, compliance and reporting purposes.
Affiliates and white-label partners involved in referring you to Ethereum Casino, but only to the extent necessary for verifying referrals, paying commissions, or managing fraud and abuse.

5. Regulators, Authorities and Dispute Bodies

Gaming regulators and supervisory authorities in Curaçao and any other jurisdiction where we are licensed or required to report.
Law enforcement agencies, courts, tax authorities, or other public bodies where disclosure is required by law, court order, or to protect our legal rights, the rights of our customers, or the public.
External complaint or dispute resolution bodies, such as Curaçao eGaming and Antillephone N.V., for handling regulatory complaints.

6. Business Transfers

In the event of a merger, acquisition, sale of assets, restructuring, insolvency, or similar corporate transaction, personal data may be transferred as part of that transaction, subject to confidentiality obligations and, where required, additional safeguards.

International Transfers

OBSERVE: Ethereum Casino is operated under a Curaçao licence and targets users in Australia and potentially other regions. Data may be stored or processed in multiple countries, including those without the same level of data protection as your home jurisdiction.

EXPAND: We must (a) indicate potential destinations (e.g., Curaçao, EU/EEA, US, other cloud locations), (b) specify safeguards such as contractual clauses, and (c) explain that transfers are limited to what is necessary for the purposes outlined above.

REFLECT: The following practices apply to international data transfers linked to Ethereum Casino.

Locations of processing: Your personal data may be processed and stored in:
- Curaçao (regulatory and licensing context);
- EU/EEA member states and/or the United Kingdom (hosting, support, analytics, or payment providers);
- Other jurisdictions, including but not limited to the United States or Asia-Pacific locations, where our cloud, technical, or payment providers operate data centres.
Safeguards for international transfers: Where we transfer personal data across borders, we implement appropriate safeguards, which may include:
- Contractual protections such as standard contractual clauses or equivalent instruments, where applicable;
- Technical safeguards such as strong encryption (in transit and at rest), access controls, and data minimisation;
- Supplier due diligence and ongoing monitoring of our processors' security and compliance posture.
Limited access: Access to your data across jurisdictions is restricted to personnel and service providers who need such access for the purposes described in this Privacy Policy, and who are bound by confidentiality obligations.

Data Retention

OBSERVE: Gambling operators must retain KYC and transactional data for minimum legal periods (often several years) while respecting data minimisation principles and deletion rights.

EXPAND: For Ethereum Casino, we must set indicative retention periods aligned with AML/CTF rules and regulatory practice, while (a) distinguishing between data categories, (b) justifying extended retention for disputes, and (c) explaining the criteria for deletion or anonymisation.

REFLECT: Ethereum Casino applies the following retention standards, subject to applicable law and regulatory guidance.

Account and identification data: We retain your core account data (name, contact details, identification details, KYC verification results) for as long as your account remains active and, after closure, generally for up to 5 - 7 years from the date of your last transaction or account closure, whichever is later, to comply with AML/CTF, regulatory and tax obligations, and to manage potential disputes.
Transaction and gameplay data: Betting history, transaction records, and gameplay logs are typically retained for at least 5 years from the relevant transaction date, or longer where required by applicable law, regulatory conditions, or ongoing investigations.
Marketing and consent records: We keep records of your marketing preferences and related consents or opt-outs for as long as we send you marketing communications and for up to 3 years thereafter to demonstrate compliance.
Technical and log data: Basic server logs and security-related log data are usually retained for 6 - 24 months, depending on the purpose (e.g., security events may require longer retention).
Support and complaints data: Customer support communications and complaint files are retained for the duration of the issue and typically up to 5 years after resolution, in line with limitation periods for legal claims.
Anonymisation: Where possible and appropriate, we anonymise data so it is no longer associated with an identifiable individual. Anonymised data may be retained for longer periods for statistical and analytical purposes.
Deletion criteria: When the purposes for which data was collected no longer apply and retention is no longer required by law or to defend legal claims, we will delete or anonymise the data. You may also request deletion, subject to our legal and regulatory obligations.

Your Rights

OBSERVE: Users increasingly expect privacy rights consistent with international standards (e.g., access, rectification, deletion, objection, portability). The instructions also refer to GDPR and Mexican privacy law alignment, even though Ethereum Casino targets AU and operates under Curaçao licensing.

EXPAND: We must describe user rights in a neutral, high-standard way, reference that where EU or comparable protections apply, similar rights can be exercised, and note that some rights are subject to legal exceptions (AML/CTF, regulatory retention). The references to Mexican law are treated as a benchmark for strong rights, not as a confirmation that Mexican law directly governs the service.

REFLECT: Ethereum Casino respects the following privacy rights, to the extent permitted or required by applicable law.

1. Right of Access

You may request confirmation as to whether we hold personal data about you and receive a copy of such data, along with information on how we process it.

2. Right to Rectification

You may request that we correct or complete inaccurate or incomplete personal data. In many cases, you can update your details directly in your account profile.

3. Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data in certain circumstances (for example where it is no longer needed for the purposes for which it was collected, or you withdraw consent where consent was the only basis).
This right is not absolute. We may be required to retain some data to comply with AML/CTF, gambling, tax, or other legal obligations, or for the establishment, exercise or defence of legal claims.

4. Right to Restriction of Processing

You may ask us to restrict processing of your data in certain cases (e.g., while we verify its accuracy, or where you have objected to processing based on legitimate interests and we are assessing the objection).
During restriction, we will store your data but not otherwise use it except as permitted by law (e.g., for legal claims or protection of others).

5. Right to Object

You may object at any time to processing of your personal data for direct marketing, in which case we will stop such processing.
You may also object to processing based on our legitimate interests. We will assess your objection and cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is necessary for legal claims.

6. Right to Data Portability

Where technically feasible and applicable, you may request to receive certain personal data that you have provided to us in a structured, commonly used and machine-readable format, and to have this data transmitted to another controller.

7. Right to Withdraw Consent

Where processing is based on your consent (for example, email marketing or certain cookies), you may withdraw that consent at any time via your account settings, unsubscribe links in emails, or by contacting us.
Withdrawal will not affect the lawfulness of processing carried out before your withdrawal and may affect your ability to use certain features (e.g., receiving personalised offers).

8. How to Exercise Your Rights

Submission of requests: You can exercise your rights by:
- Emailing our privacy contact at [email protected] from the email address associated with your account; or
- Using any dedicated privacy or contact form on https://ethereum-au.com, if available.
Verification: For security and confidentiality, we may need to verify your identity before fulfilling your request (for example by asking you to log into your account or provide additional identifying information).
Response time: We aim to respond to requests within 30 days of receipt. If your request is complex or numerous, we may extend this period, and we will inform you of the extension and the reasons.
Fees: We handle rights requests free of charge. However, we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, in accordance with applicable law.
Limitations: We may not always be able to fully comply with your request, for example where doing so would conflict with our legal obligations (including AML/CTF or regulatory record-keeping) or the rights of other individuals. In such cases, we will explain the reasons for any refusal or partial fulfilment.

Cookies & Tracking Technologies

OBSERVE: Ethereum Casino uses cookies and related technologies for core functionality, analytics, and potentially marketing and personalisation.

EXPAND: We must categorise cookies (session vs persistent; first-party vs third-party) and purposes (strictly necessary, functional, analytics, advertising), describe management options, and clarify that disabling some cookies may affect the service.

REFLECT: The following principles govern our use of cookies on ethereum-au.com.

1. Types of Cookies We Use

Strictly necessary cookies: Essential for the operation of the Site and our services (e.g., to keep you logged in, maintain session integrity, process payments, and provide security features). These are typically session cookies and cannot be disabled without impacting functionality.
Functional cookies: Remember your preferences and settings, such as language, region, or display options, to provide a more personalised experience.
Analytics and performance cookies: Help us understand how visitors use the Site, which pages are most popular, and how users move between pages. These may be set by us or by third-party analytics providers.
Advertising and targeting cookies: Used, where applicable and permitted by law, to deliver more relevant advertisements, measure campaign effectiveness, and limit the number of times you see a given advertisement.

2. Third-Party Cookies and Technologies

Some cookies are placed by third-party service providers, such as analytics tools, advertising networks, social media platforms or embedded content providers.
These third parties may use information about your visits to this and other websites to provide relevant advertisements or aggregated statistics, in accordance with their own privacy policies.

3. Managing Cookies

Browser settings: Most web browsers allow you to control cookies through their settings (e.g., blocking, deleting, or notifying you about cookies). Please refer to your browser's help section for instructions.
On-site controls: Where available, our Site may provide a cookie banner or settings panel that enables you to manage non-essential cookies (e.g., analytics, advertising) and update your preferences at any time.
Impact of disabling cookies: If you choose to block or delete cookies, some parts of the Site or certain features (such as maintaining a logged-in session, saving preferences, or accessing specific games) may not function properly.

Data Security

OBSERVE: As an online casino handling financial and identification data, Ethereum Casino must apply strong technical and organisational security measures.

EXPAND: We must address encryption, access controls, authentication, training, audits, and incident response, referencing recognised standards as an aspiration or benchmark while avoiding unverified claims of certification.

REFLECT: Ethereum Casino implements a security framework designed to protect your personal data against unauthorised access, alteration, disclosure or destruction.

1. Technical Measures

Encryption in transit: Data transmitted between your device and our systems is protected using industry-standard TLS (Transport Layer Security) protocols (TLS 1.2 or higher), helping to prevent interception or tampering.
Encryption at rest: Where appropriate, sensitive data is encrypted or otherwise pseudonymised at rest within our databases and storage systems.
Access controls: Access to personal data is restricted based on job role and necessity. Strong authentication (including multi-factor authentication where appropriate) is used to reduce the risk of unauthorised access.
System hardening and monitoring: Firewalls, intrusion detection/prevention systems, anti-malware tools, and monitoring solutions are used to detect and mitigate threats.

2. Organisational Measures

Policies and procedures: We maintain internal policies and procedures that cover data protection, information security, access management, and incident response.
Staff training: Personnel with access to personal data receive regular training on confidentiality obligations, secure handling of data, and how to recognise and respond to security incidents.
Vendor management: We conduct due diligence on key service providers and require appropriate security commitments in our contracts with them.

3. Audits and Continuous Improvement

We periodically review our security measures and may engage internal or external experts to conduct assessments, penetration tests, or audits.
Our security framework is aligned with recognised industry practices and may draw on control principles from standards such as ISO 27001 or SOC 2, although formal certification status may vary over time.

4. Incident Response

We maintain procedures for identifying, assessing and responding to data breaches or security incidents.
In the event of a breach affecting your personal data, we will take appropriate steps to contain and remediate the incident, and we will notify you and relevant authorities where required by applicable law.

Complaints & Contacts

OBSERVE: Users require clear channels to ask questions, exercise rights and submit complaints. There must also be escalation to relevant supervisory bodies (e.g., licensing/regulatory authorities).

EXPAND: We must provide step-by-step guidance on how to lodge complaints, response timelines, and external escalation avenues. The profile indicates Curaçao eGaming contacts and validator links; Australian players may also have local consumer protection avenues, though gambling regulation for offshore operators is complex.

REFLECT: Ethereum Casino offers the following avenues for contact and complaint escalation in relation to privacy and data protection.

1. Contacting Us

Privacy and data protection queries:
- Email: [email protected]
- Website: https://ethereum-au.com (use any available contact or support form and indicate that your query concerns privacy or personal data).
General support and account issues: You may contact our customer support through the channels listed on the Site (e.g., live chat, support email). Support may coordinate with our privacy contact as needed.

2. Internal Complaint Procedure

Submit your complaint: Send a detailed description of your concern to [email protected], including:
- Your full name and account ID (if applicable);
- A clear explanation of your complaint or concern;
- Any supporting documentation (screenshots, correspondence, etc.).
Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable, usually within 5 business days.
Investigation and response: We will investigate your complaint and aim to provide a substantive response within 30 days of receipt. If we cannot meet this timeframe due to complexity or workload, we will inform you of the delay and provide an estimated timeframe.
Further steps: If you are not satisfied with our response, you may request that your complaint be escalated internally for further review.

3. External Escalation

Licensing / regulatory complaints (Curaçao context):
- Email: [email protected]
- Licence validation and complaint information: https://validator.antillephone.com (use the specific validation link referenced on ethereum-au.com to confirm the operator's sublicense and any dedicated complaint form).
Other supervisory or consumer authorities: Depending on your country of residence, you may have the right to lodge a complaint with your local data protection authority or consumer protection body. Contact details and jurisdictional competence will vary. You may refer to your national regulator's website for further information.

We encourage you to contact us first so we can try to resolve your concern directly and promptly.

Updates

OBSERVE: Privacy policies must be updated to reflect changes in law, technology, and business practices. Users should be informed of material updates and given options where changes affect consent or rights.

EXPAND: We must set out how Ethereum Casino will notify updates (e.g., email, on-site notices), maintain version control (e.g., "Last updated" date), and provide advance notice for material changes when feasible, along with options to object or close accounts.

REFLECT: The following procedures apply to changes to this Privacy Policy.

Version and effective date: The current version of this Privacy Policy is indicated at the top as "Last updated: 1 January 2026". We may also include a version identifier in the footer of the policy on the Site.
Non-material changes: Minor updates (e.g., clarifications, corrections, or changes that do not materially affect your rights or the way we process your data) may be made without specific notification beyond updating the "Last updated" date.
Material changes: If we make material changes to this Privacy Policy that affect how we process your personal data or your rights (for example, introducing new processing activities, changing legal bases, or expanding categories of recipients), we will:
- Provide notice on the Site (e.g., a banner or prominent notice in your account dashboard); and/or
- Send you an email notification to the address associated with your account.
Advance notice: Where feasible and required by applicable law, we will provide you with at least 30 days' notice before material changes take effect. Continued use of the Site or services after the effective date of the updated policy will constitute your acceptance of the changes.
Your options: If you do not agree with the updated Privacy Policy, you may:
- Adjust your privacy or marketing preferences through your account settings; and/or
- Request closure of your account and, where appropriate, request deletion of your data, subject to our legal and regulatory retention obligations.