Privacy Policy

Popmolly Online Casino – Privacy Policy for Australian Users

1. Introduction and Overview

Popmolly (“we”, “us”, “our”, or “the Company”) is an online casino and iGaming platform operated under a licence issued by the Government of Curaçao. This Privacy Policy sets out the manner in which Popmolly collects, processes, stores, shares, and protects the personal data of individuals who access or use our services, including all games, payment facilities, customer support functions, and promotional activities offered through our platform. This policy is designed to comply with applicable data protection principles and the regulatory obligations relevant to iGaming operators serving users in Australia, including alignment with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. By registering an account, accessing our platform, or using any of our services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with any part of this policy, you must not use our services.

2. About the Operator and Regulatory Status

Popmolly operates as a licensed online casino under the jurisdiction of Curaçao. The Curaçao licence authorises the Company to offer online gambling services, including but not limited to casino games, live dealer games, pokies, table games, and related iGaming products. While Popmolly holds a Curaçao licence, the Company recognises its obligations to users in Australia and applies data handling standards consistent with applicable Australian privacy law and responsible gambling frameworks. The Company is committed to operating transparently and in accordance with the highest standards of data governance applicable to the iGaming industry.

3. Scope of This Policy

This Privacy Policy applies to all personal data collected from individuals who visit the Popmolly website, create an account, deposit funds, participate in games, claim bonuses or promotions, or interact with our customer support team. It also applies to data collected through cookies, tracking technologies, and third-party integrations used to support the operation of our platform. This policy does not apply to third-party websites that may be linked from our platform. Users are encouraged to review the privacy policies of any third-party services they access independently.

4. Data We Collect

Popmolly collects personal data from users through various means at different stages of their interaction with the platform. The categories of data we collect include:

• Full legal name, date of birth, residential address, nationality, and contact information including email address and telephone number collected during the account registration process
• Government-issued identification documents such as passports, driver’s licences, and utility bills collected for the purpose of identity verification and Know Your Customer (KYC) compliance
• Financial information including bank account details, credit and debit card numbers, e-wallet account identifiers, and transaction history collected to facilitate deposits and withdrawals
• Source of funds documentation and wealth declarations collected as part of Anti-Money Laundering (AML) obligations
• Technical data including IP addresses, device identifiers, browser type and version, operating system, session timestamps, and geolocation data collected automatically when you access our platform
• Gameplay data including game history, wagering amounts, win and loss records, session durations, and betting patterns collected to support account management and responsible gambling monitoring
• Marketing preferences and communication history collected when you opt in to receive promotional materials or interact with our customer support team
• Cookie data and similar tracking technologies as described further in Section 11 of this policy

5. Purpose of Data Processing

Popmolly processes personal data for the following lawful purposes:

• Account creation, management, and authentication to ensure that users can securely access and operate their accounts on the platform
• Verification of user identity through KYC procedures to comply with applicable regulatory requirements and to prevent the use of false identities on the platform
• Processing of financial transactions including deposits, withdrawals, and the management of bonus credits
• Detection, investigation, and prevention of fraudulent activity, money laundering, terrorist financing, and other financial crimes as required under AML compliance obligations
• Compliance with legal and regulatory obligations imposed by the Curaçao licensing authority and any applicable Australian law including mandatory reporting obligations
• Communication with users regarding their accounts, transactions, security alerts, and changes to our terms or policies
• Sending marketing communications, promotional offers, bonus notifications, and personalised content to users who have provided consent or who have not opted out of such communications
• Conducting responsible gambling assessments, monitoring for signs of problem gambling behaviour, and facilitating self-exclusion or deposit limit requests
• Improving platform functionality, user experience, and service performance through analytical data review
• Resolving disputes, responding to complaints, and maintaining records for legal and audit purposes

6. Legal Basis for Processing

Popmolly processes personal data on the following legal grounds depending on the nature of the processing activity:

• Performance of a contract, where processing is necessary to provide the services requested by the user including account management and payment processing
• Compliance with a legal obligation, where processing is required to meet AML, KYC, and regulatory reporting requirements
• Legitimate interests of the Company, where processing is necessary for fraud prevention, platform security, and business analytics, provided that such interests are not overridden by the rights of the data subject
• Consent of the user, where processing relates to optional marketing communications or the use of non-essential cookies, which may be withdrawn at any time

7. Data Sharing and Disclosure

Popmolly does not sell personal data to third parties. However, the Company may share personal data with the following categories of recipients where necessary and lawful:

• Payment service providers and financial institutions engaged to process deposits and withdrawals on behalf of users
• Identity verification and KYC service providers engaged to perform document checks, age verification, and fraud screening
• AML compliance platforms and screening services used to monitor transactions and assess risk in accordance with applicable financial crime prevention obligations
• Regulatory and licensing authorities including the Curaçao licensing body and, where required by applicable law, Australian regulatory agencies or law enforcement bodies
• Legal advisors, auditors, and compliance consultants engaged to support the Company’s legal and regulatory obligations
• Technology and infrastructure providers including cloud hosting services and cybersecurity partners engaged to maintain the security and availability of the platform
• Marketing and analytics partners engaged to deliver promotional communications and measure platform performance, subject to appropriate data processing agreements

All third-party service providers engaged by Popmolly are required to handle personal data in accordance with applicable data protection standards and are prohibited from using such data for any purpose other than the specific purpose for which it was disclosed.

8. International Data Transfers

As an internationally operating iGaming platform, Popmolly may transfer personal data to countries outside of Australia, including to service providers located in the European Union, the United Kingdom, and other jurisdictions. Where such transfers occur, the Company takes appropriate measures to ensure that personal data is protected to a standard consistent with Australian privacy law, including the use of contractual safeguards and data processing agreements with receiving parties.

9. Data Retention

Popmolly retains personal data for as long as is necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, and audit obligations. In particular:

• Account data and identity verification records are retained for a minimum period of five years following the closure of a user’s account, in accordance with AML record-keeping requirements
• Transaction records and financial data are retained for a minimum of five years to satisfy regulatory reporting and audit requirements
• Marketing data is retained until the user withdraws consent or requests deletion, subject to any overriding legal obligation
• Technical logs and cookie data are retained for periods consistent with their operational purpose, typically not exceeding twelve months

10. User Rights

Users in Australia and other applicable jurisdictions have the following rights in relation to their personal data:

• The right to access personal data held by Popmolly and to receive a copy of that data in a readable format upon submitting a verified request
• The right to request correction of inaccurate or incomplete personal data held by the Company
• The right to request deletion of personal data where it is no longer necessary for the purposes for which it was collected, subject to any overriding legal or regulatory obligation to retain such data
• The right to restrict the processing of personal data in certain circumstances, including where the accuracy of the data is contested or where the processing is unlawful
• The right to withdraw consent to marketing communications at any time by using the unsubscribe mechanism provided in any marketing email or by contacting customer support
• The right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe that your privacy rights have been breached

To exercise any of the above rights, users may submit a written request through the official contact channels provided on the Popmolly platform. The Company will respond to verified requests within a reasonable timeframe consistent with applicable law.

11. Cookie Policy

Popmolly uses cookies and similar tracking technologies on its platform to support functionality, security, and performance analysis. The following categories of cookies are used:

• Essential cookies, which are strictly necessary for the operation of the platform including user authentication, session management, and security functions, and which cannot be disabled without affecting the usability of the service
• Analytical cookies, which collect aggregated and anonymised data about how users interact with the platform including pages visited, session duration, and navigation paths, used to improve the performance and user experience of the service
• Marketing cookies, which may be used with the consent of the user to deliver personalised promotional content and to measure the effectiveness of marketing campaigns

Users may manage their cookie preferences through the cookie consent tool provided on the platform. Disabling non-essential cookies may affect the availability of certain features. By continuing to use the platform without adjusting cookie settings, users consent to the use of cookies as described in this section.

12. Security of Personal Data

Popmolly implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of sensitive data in transit and at rest, access controls limiting data access to authorised personnel only, regular security assessments and penetration testing, and incident response procedures to address potential data breaches. In the event of a data breach that is likely to result in a risk to the rights and freedoms of users, Popmolly will notify affected users and relevant regulatory authorities in accordance with applicable legal requirements.

13. Responsible Gambling and Data Processing

As part of its responsible gambling obligations, Popmolly processes certain personal and gameplay data to identify and respond to indicators of problem gambling behaviour. This includes monitoring wagering patterns, session frequency, and account activity to assess whether a user may be experiencing gambling-related harm. Where such indicators are identified, the Company may proactively contact the user, apply account restrictions, or facilitate access to responsible gambling resources. Users may also voluntarily request self-exclusion, deposit limits, or account cooling-off periods, and the Company will process such requests promptly and retain relevant records to ensure compliance with the user’s stated restrictions.

14. Minors and Age Verification

Popmolly does not knowingly collect personal data from individuals under the age of eighteen years. Access to the platform is restricted to adults, and the Company applies age verification procedures as part of its KYC process to ensure compliance with this requirement. If the Company becomes aware that personal data has been collected from a minor, such data will be deleted promptly and the relevant account will be closed.

15. Changes to This Privacy Policy

Popmolly reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or the Company’s data processing practices. Users will be notified of material changes through a notice on the platform or by direct communication where appropriate. Continued use of the platform following the publication of an updated policy constitutes acceptance of the revised terms. Users are encouraged to review this policy periodically to remain informed of how their personal data is being handled.

16. Contact and Complaints

Users who have questions, concerns, or complaints regarding the handling of their personal data by Popmolly may contact the Company’s data protection team through the official support channels available on the platform. The Company is committed to resolving privacy-related concerns in a timely and transparent manner. Users who are not satisfied with the Company’s response may escalate their complaint to the Office of the Australian Information Commissioner (OAIC) or to the relevant regulatory authority under the Curaçao licensing framework.

17. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Curaçao as the primary licensing jurisdiction of Popmolly, and is further subject to the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles to the extent applicable to the Company’s operations in Australia. In the event of any conflict between applicable laws, the Company will apply the standard that provides the greater level of protection to the user’s personal data.