burger icon
Stay Сasino Casino
Log In

Privacy Policy

The privacy policy outlines how personal information of users, including players and website visitors of staycasino at stay-casino.games, is collected, processed, stored, and protected. It applies to all users in Australia interacting with stay-casino.games and is effective as of 01 January 2025.

Who We Are

OBSERVE: The operating entity for staycasino on stay-casino.games is Hollycorn N.V., a company registered and incorporated under the laws of Curaçao. Relevant data required for AU legal compliance and user redress has been catalogued per jurisdictional guidelines.

EXPAND: Jurisdictional exposure includes Australia (clients), Curaçao (office and licensing), and Cyprus (subsidiary/agent) through Libergos Ltd. This facilitates obligations under international data protection principles and AU Privacy Act 1988 (Cth). All contact channels, including those for privacy-related questions, are defined for transparency and regulatory verification.

REFLECT: Full corporate and contact disclosure fosters trust, meets legal transparency duties, and provides clear recourse for privacy issues or complaints.

  • Operator Legal Name: Hollycorn N.V. (Legal entity type: N.V.)
    Company Registration Number: 144359
  • Registered & Head Office Address: Scharlooweg 39, Willemstad, Curaçao
  • Subsidiary/Agent for AU Market: Libergos Ltd., Boumpoulinas, 1-3, BOUBOULINA BUILDING, Flat/Office 42, 1060, Nicosia, Cyprus (Registration Number: ΗΕ 371971)
  • Gaming License Details: License Number: OGL/2023/176/0095, Issued by Curaçao Gaming Control Board, valid until 31 December 2025
  • Data Protection Contact (DPO): Samuel Lewis, [email protected], [email protected]
  • Official Website: https://stay-casino.games

What Personal Data We Collect

OBSERVE: Data processed includes direct identifiers, transactional details, technical information, and online behavioral data, consistent with AU regulatory requirements and international best practices in the gambling sector.

EXPAND: Collection extends to all touchpoints via the website, customer support, transaction systems, and analytic platforms. Data may also be collected from third parties to meet obligations such as KYC/AML.

REFLECT: Clear data categorization enables informed decision-making and allows users to exercise privacy controls as mandated by the AU Privacy Principles.

  • Personal Identification Data: Full name, date of birth, address, nationality, e-mail address, telephone number, account credentials, government-issued identification documents.
  • Technical Data: IP address, device information, operating system, browser type and version, log files, access times, language preferences, geolocation data (where permitted by law).
  • Payment and Financial Data: Credit/debit card details, bank account information, cryptocurrency wallet addresses, transaction records, withdrawal and deposit histories.
  • Behavioral and Usage Data: Betting and gaming history, account activity logs, page views, clickstream data, gameplay statistics, interaction with site features.
  • Cookies and Similar Technologies: Session cookies, persistent cookies, third-party analytics and advertising tracking technologies (see further below).
  • Compliance and Verification Data: Documents and information submitted for KYC/AML verification, correspondence with support.

Legal Basis for Processing

OBSERVE: Under the AU Privacy Act and international standards, processing of personal data must have a valid legal ground. The following principles are systematically observed and mapped.

EXPAND: Circumstances requiring explicit or implied consent, protection of legitimate business interests, and mandatory legal compliance (e.g., anti-fraud, transaction monitoring, reporting to authorities) are all addressed. Obligations extend to multi-jurisdictional processing, especially where cross-border data flow occurs.

REFLECT: All relevant legal justifications for processing user data are specified to ensure users understand their rights and the rationale for data use.

  1. User Consent: Processing based on users' voluntary and informed agreement to terms (account creation, marketing preferences). Consent may be withdrawn at any time via user account or by contacting the DPO.
  2. Contract Fulfilment: Data processing necessary to deliver services as described in user agreements (e.g., account management, transaction processing, withdrawals, responsible gambling requests).
  3. Legitimate Interests: Protection of business operations, enhancement of user experience, fraud detection and prevention, risk management, and analytics.
  4. Legal Obligations: Mandatory compliance with applicable laws, especially KYC/AML verification, reporting to regulators, anti-fraud measures, financial record-keeping and investigation of unlawful activity.

Regional Compliance Note: AU regional variations may require more explicit opt-in for marketing and transparent mechanisms for consent withdrawal. All grounds are aligned with the Australian Privacy Principles.

Purpose of Processing

OBSERVE: In alignment with industry best practices and AU legal mandates, data is only processed in direct connection with legitimate and declared purposes.

EXPAND: Differentiation between service provision, regulatory necessity, marketing, and analytical improvement is made clear to aid user understanding and ensure transparency.

REFLECT: All purposes are exhaustively listed, respecting data minimization and limitation principles stipulated by Australian practice.

  • Service Provision: Enabling opening, verification, management, and maintenance of player accounts; facilitating deposits, withdrawals, and participation in all games and products offered via stay-casino.games.
  • Legal and Regulatory Compliance: Satisfying obligations under anti-money laundering (AML), Know Your Customer (KYC) laws, and reporting suspicious transactions to regulatory authorities.
  • Marketing and Communications: Sending promotional material, newsletters, special offers, and service updates (with appropriate user consent and opt-out mechanisms).
  • Analytics and Service Improvement: Analyzing behavioral trends, optimizing user interfaces, monitoring system performance, and developing new products for improved user experience.
  • Fraud Prevention and Security: Detecting and investigating fraudulent or suspicious activities, account takeovers, or unauthorized access to preserve system integrity.

Disclosure & Sharing

OBSERVE: Categories and contexts for data sharing are drawn from operational requirements, legal duties, and user-provided consent per AU and international law.

EXPAND: Data may be shared with third-party payment providers, technical vendors, relevant regulators, and marketing partners, only where justified and with appropriate safeguards. User consent is sought for disclosure outside these strictly necessary contexts.

REFLECT: All potential recipients and bases for sharing are thoroughly documented, enabling transparency and legal defensibility in all disclosures.

  • Payment Partners & Financial Institutions: For processing transactions, verifying payment details, and facilitating financial settlements (subject to contractual safeguards).
  • Authorized Service Providers: IT support, cloud hosting, analytics, security specialists, and marketing agencies, strictly for the purposes outlined above and subject to confidentiality agreements.
  • Regulatory Authorities: Where legally required, data is disclosed to regulatory and governmental bodies (e.g., Curaçao Gaming Control Board, AU financial intelligence units).
  • Affiliates & Subsidiaries: Libergos Ltd. (Cyprus) and other group entities within the Hollycorn N.V. structure, as needed for operational support, compliance, or service improvement, in strict accordance with legal standards.
  • Advertising Networks (With Consent): Only where users have given specific, active consent for marketing and third-party advertising, in line with AU direct marketing laws.
  • Legal Representatives & Auditors: For audits, litigation, or legal advice, as strictly necessary.

International Transfers

OBSERVE: Data originating from AU users may be transferred to Curaçao, Cyprus, the European Economic Area, or other relevant jurisdictions necessary for service delivery or compliance.

EXPAND: All transfers are subject to rigorous safeguards, such as standard contractual clauses (SCCs), as recognized under EU law, or equivalent mechanisms ensuring adequate protection.

REFLECT: International transfer protocols are explicitly described, meeting AU Cross-border Disclosure of Personal Information Principle (APP 8), ensuring that users' data is subject to comparable safeguards as would apply in Australia.

  • Countries of Transfer: Curaçao, Cyprus (Libergos Ltd.), other EEA locations, and service providers' countries as required for technical operations (e.g., cloud service hosts).
  • Protective Guarantees: Data transfer agreements using Standard Contractual Clauses or other recognized protective mechanisms; periodic review of third-party provider security and compliance; limitation of data transfer to only essential information for described purposes.
  • User Rights: Users may enquire about specific transfer safeguards and request further details by contacting the DPO ([email protected]).

Data Retention

OBSERVE: Data retention practices are mapped to AU, EU, and Curaçao gaming regulatory standards, balancing minimum retention for compliance with the right to erasure.

EXPAND: Distinct retention periods apply to different data categories, and deletion is mandatory upon expiration or withdrawal of processing purpose unless legally restricted (e.g., investigation or dispute hold).

REFLECT: Procedures maximize regulatory compliance and user control, providing for secure and irreversible destruction upon expiry or validated request.

  • Personal Account and Transaction Data: Retained for up to 5 years after account closure or last transaction, as required for auditing, anti-fraud, and AML recordkeeping obligations.
  • Behavioral and Technical Data: Generally retained for 2 years unless required longer by regulatory or investigative necessities.
  • Marketing Data: Retained until withdrawal of marketing consent or unsubscription, or a maximum of 1 year following the last marketing activity.
  • Cookie Data: Retention periods vary depending on cookie type; see 'Cookies & Tracking Technologies' below.
  • Criteria for Deletion: Deletion occurs upon expiry of statutory or business need, validated user request, or fulfillment/termination of processing purpose, as permitted by law.
  • Exceptions: Data subject to ongoing dispute, investigation, or where required by a court order may be retained in frozen (restricted) form until lawful resolution.

Regional Compliance Note: AU anti-money laundering and privacy laws require extended retention in defined circumstances; all retention limits have been aligned through 2025 for regulatory harmonization.

Your Rights

OBSERVE: Users of stay-casino.games are entitled to comprehensive rights over their personal information under the Australian Privacy Principles (APPs).

EXPAND: These include the right to access, correct, restrict, erase, object to processing, data portability, and manage marketing consent. Processes are in place for users to exercise these rights efficiently and without undue burden.

REFLECT: User empowerment is central to privacy compliance. Methods to exercise rights are specified below, ensuring users are aware and able to request prompt action.

  • Right of Access: Request a copy of personal data held and processed by staycasino; the request may be made via e-mail to the DPO or support channel.
  • Right to Correction: Users may request correction of inaccurate or outdated information by contacting support or via account settings.
  • Right to Deletion ("Right to be Forgotten"): Submit a request for data erasure, subject to any overriding legal obligations for retention.
  • Restriction of Processing: In certain circumstances, users may request temporary suspension of processing activities (e.g., during dispute resolution or challenge of data accuracy).
  • Objection to Processing: Object to processing for specific purposes, such as direct marketing.
  • Data Portability: Obtain a copy of provided data in a commonly used format for transmission to another service provider.
  • Marketing Consent Withdrawal: Opt-out of direct marketing communications at any time, either through account settings, direct e-mail to DPO, or unsubscribe links in communications.

All rights requests will be acknowledged within a reasonable period, with formal response or resolution provided within required AU regulatory timeframes.

Cookies & Tracking Technologies

OBSERVE: Utilization of cookies and similar technologies follows transparency and user control commitments, as required under AU law and global ePrivacy practices.

EXPAND: Differentiation of cookies by type and purpose, including session, persistent, and third-party cookies, is maintained. Clear options for user management and deactivation are available.

REFLECT: Full disclosure assists users in managing their digital footprint, safeguarding privacy, and meeting legal requirements.

  • Session Cookies: Temporary files for site functionality and user authentication, automatically removed when browser is closed.
  • Persistent Cookies: Remain on the user's device for a defined period (up to 12 months), enabling features like "remember me", user preferences, and analytics.
  • Third-Party Cookies: Set by analytic, advertising, or social media partners (e.g., Google Analytics, affiliate tracking) for user statistics, targeting, and ad measurement.
  • Purposes: Functional (site navigation, authentication), analytical (performance tracking, error management), advertising (personalized offers, remarketing), and user experience optimization.
  • Management: Cookies can be controlled or disabled via browser settings. Some site features may require essential cookies for full functionality. Internal privacy dashboard/tools may further allow users to manage cookie consent and tracking preferences.

For a detailed cookie breakdown, users may review the Cookies Policy.

Data Security

OBSERVE: Staycasino applies comprehensive technical and organizational measures consistent with AU privacy law, industry standards, and Curaçao licensing requirements.

EXPAND: Security controls span digital, physical, administrative, and personnel-linked processes. Regular reviews and audits ensure ongoing reliability and threat adaptation.

REFLECT: Data integrity, confidentiality, and resilience are prioritized, and user trust is reinforced by proactive security statements and legal disclaimers.

  • Technical Protections: Use of Secure Socket Layer (SSL) encryption for all site traffic; encrypted data storage; advanced firewall systems; regular vulnerability assessments and penetration testing.
  • Organizational Protections: Strict access controls and role-based authority for staff; mandatory staff training on data privacy and incident management; operational procedures for breach detection, containment, and notification.
  • Audit & Continuous Improvement: Scheduled security audits and compliance reviews against regulatory standards; third-party security evaluations.
  • Incident Response: Clear protocols for identifying and reporting suspected or actual data breaches, including mandatory notification to regulatory authorities and affected users as required by AU Notifiable Data Breaches (NDB) scheme.

Regional Compliance Note: All security measures are aligned with current AU best practices and satisfy Curaçao Gaming Control Board requirements through 2025.

Complaints & Contacts

OBSERVE: Dedicated procedures are maintained for user inquiries, complaints regarding data handling, and the exercise of privacy rights, in alignment with AU dispute resolution protocols.

EXPAND: The Data Protection Officer (DPO) and privacy team are available for all privacy-related issues, including making complaints, seeking clarification, and escalating unresolved concerns. Complaints are addressed promptly and in accordance with AU legal timeframes. Unresolved issues can be reported to the Office of the Australian Information Commissioner (OAIC).

REFLECT: Users are kept informed and empowered to initiate complaint procedures at any time, reinforcing legal obligations and fostering user trust.

  • Contact for Data Protection: Samuel Lewis - Data Protection Officer
    [email protected], [email protected]
  • Complaint Procedure:
    1. Contact the DPO by e-mail or through the support portal with a concise description of your concern.
    2. Acknowledge receipt of the complaint within 5 business days; investigate and aim to resolve substantively within 30 calendar days.
    3. If dissatisfied, users may contact the OAIC (https://www.oaic.gov.au).

Updates

OBSERVE: All policy changes are subject to review cycles and user notification protocols.

EXPAND: Updates reflecting legal, regulatory, or service changes are notified to users via prominent website location and, if material, direct e-mail or on-site pop-up messages.

REFLECT: Transparency in policy updates enables users to remain fully informed at all times. Continued use of stay-casino.games after updates constitutes acceptance of any changes.

  • Notification Methods: Revised policy posted on the privacy page, on-site alerts for significant changes, and/or direct emails where appropriate.
  • Effective Date of Latest Revision: 01 January 2025