Ricky
Login Register

Ricky Casino Privacy Policy

Last updated: 19 May 2026.


This policy explains what personal information Ricky Casino collects, why it's collected, how long it's kept, who it can be shared with, and what rights an Australian player has over it. We have chosen to align with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), even though our licensing is Curaçao-based and AU domestic law does not strictly require it. Each section below cross-references the relevant APP so an Aussie player can audit our practice against the statute.

1. What Information Is Collected (APP 3 — Collection)

At sign-up and during play we collect:

  • Identity data — full name, date of birth, residential address, nationality.

  • Contact data — email, mobile phone number.

  • Financial data — payment method identifier (PayID handle, BPAY biller code, card BIN, crypto wallet address), transaction amounts, currency.

  • Verification data — government-issued photo ID, proof of address (utility bill or bank statement <90 days), and a selfie for liveness check.

  • Technical data — IP address, device fingerprint, browser user-agent, session timestamps.

  • Gameplay data — game launches, bet amounts, outcomes, time-on-platform.

We do not collect health information, racial or ethnic origin, religious affiliation, sexual orientation, biometric templates beyond a one-pass liveness selfie, or any other sensitive information as defined in Section 6 of the Privacy Act.

2. Why Each Category Is Collected (APP 3, APP 6 — Use)

Data

Purpose

Lawful basis

Identity

KYC, age verification, AML

Licence obligations + contract

Contact

Service emails, account security alerts

Contract

Financial

Deposit, withdrawal, dispute resolution

Contract

Verification

Anti-fraud, sanctions screening

Licence + AML/CTF alignment

Technical

Session security, fraud detection

Legitimate interest

Gameplay

Bonus eligibility, responsible-gambling triggers, regulatory reporting

Contract + licence

Marketing emails are sent only with opt-in consent (APP 7), tickable at sign-up and revocable from the dashboard at any time. We do not pass personal data to advertising networks for targeting.

3. How Information Is Collected (APP 3.5)

Directly from you at registration, deposit, withdrawal request, and KYC submission. Indirectly from device telemetry during session, and from licensed third-party providers (payment processor and KYC verifier) confirming identity and transaction status.

4. Information Recipients (APP 6, APP 8 — Disclosure)

Two named external processors handle data on our behalf, under contractual data-processing terms:

  • Payment processor — handles card, bank-rail, and crypto transactions. Receives only the data needed to settle a deposit or withdrawal: identifier, amount, currency, transaction reference.

  • KYC verification provider — performs document OCR, face-match, and PEP/sanctions screening. Receives ID document images, selfie, and the corresponding profile data.

Beyond those two, we disclose personal data only when:

  • Required by a court order or valid regulator request.

  • Required by AML or counter-terrorism financing law for suspicious activity reporting.

  • Necessary for fraud prevention or to enforce our terms.

We do not sell personal data. We do not share data with affiliate marketers, ad networks, or data brokers.

5. Cross-Border Transfer (APP 8)

Both processors are headquartered outside Australia (typically in the EU). By signing up you consent to this transfer. Both processors are bound by contractual safeguards equivalent to the APP standard. We do not transfer personal data to processors operating outside the EU/EEA without prior review and additional contractual cover.

6. Data Retention (APP 11.2 — Destruction)

We retain personal data for seven years after your last account activity. The seven-year window aligns with the AU AML/CTF retention standard, which is longer than the minimum Curaçao licensing requires. Choosing the longer floor protects both the player (dispute history available) and the operator (full audit trail). After seven years, identity and verification data are deleted; aggregated, anonymised gameplay data may be retained for statistical purposes.


If you request account closure, deposits, withdrawals, and login become disabled immediately. Identity records persist for the retention window.

7. Information Security (APP 11.1)

  • TLS 1.2+ on every connection between your device and our servers.

  • Account passwords stored using bcrypt with per-account salt.

  • KYC documents stored encrypted at rest with key separation.

  • Access to player data inside the operator is role-gated and audited; no full-database export rights exist outside the security and AML teams.

  • Annual penetration testing by an independent CREST-certified provider.

No system is invulnerable. If a breach affecting your data is detected, you will be notified by email within 72 hours under the operator's chosen alignment with the Notifiable Data Breaches scheme.

8. Your Rights (APP 12, APP 13)

You have the right to:

  • Access a copy of the personal data we hold about you. Request via [email protected] with subject [DATA ACCESS]. Response within 30 days.

  • Correct inaccurate data. Update from your dashboard for editable fields; for verification data, email support with the corrected document.

  • Withdraw consent for marketing communications. One-click in the dashboard or via the unsubscribe footer of any marketing email.

  • Lodge a complaint about how we handle your data. Two routes:

    • Operator complaints — [email protected].

    • OAIC (Office of the Australian Information Commissioner) — oaic.gov.au. The OAIC accepts complaints against any operator handling AU residents' data; jurisdiction is broader than offshore licensing implies.

    • Curaçao Gaming Authority — for licensing-related grievances.

9. Cookies and Similar Technologies

We use first-party cookies for session management, language preference, and fraud detection. We use a minimal set of third-party analytics cookies (page-level, anonymised IP) for site performance only — no behavioural advertising cookies. The cookie banner on first visit lets you decline analytics; functional and security cookies cannot be disabled without breaking authentication.

10. Children's Data

Ricky Casino services are for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we discover that an underage user has registered, the account is closed, deposits refunded (less any payouts made), and identity data deleted ahead of the standard retention window.

11. Changes to This Policy

Material changes are communicated by email to your registered address at least 14 days before they take effect. The "Last updated" date at the top of this page is the canonical version marker.

12. Contact

Privacy inquiries: [email protected].

General support: [email protected].

Operator: Dama N.V., Julianaplein 36, Willemstad, Curaçao.