burger icon
Boomerang Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how Boomerang Casino, operating through the website betboomerang-au.com ("Boomerang Casino", "we", "us", "our"), collects, uses, discloses and protects your personal information. It applies to players and other visitors who access or use our website, register an account, participate in our games, contact support, or otherwise interact with our services. This Privacy Policy is effective from 1 January 2025 and remains in force until updated or replaced.

Who We Are

OBSERVE: Users need to know the operator's identity and contact details to exercise privacy rights and understand who controls their data.

EXPAND: The Boomerang Casino brand is operated under a Curaçao gaming licence by a corporate group that runs multiple online casinos. Details may change due to ongoing corporate restructurings.

REFLECT: We provide stable points of contact and clarify that this policy applies specifically to the AU-facing domain.

Operator and brand

  • Trading name: Boomerang Casino (Boomerang Casino project)
  • Primary operating domain for AU users: betboomerang-au.com
  • Licensing jurisdiction: Curaçao (online casino and betting services)
  • Game licence reference: Master Licence 8048/JAZ issued by Curaçao eGaming (status reported as active but not locally verified for Australian users)

Corporate information

  • Corporate group: Part of a network historically associated with Rabidi N.V. and/or related entities such as Adonio N.V., which operate multiple sister brands.
  • Registered/operational jurisdiction: Curaçao
  • Headquarters (jurisdictional address): Willemstad, Curaçao (exact street and number not specified in this policy)
  • Company registration number and tax ID: Not publicly specified in the materials available to AU users as of 2026; may be provided upon justified written request where legally required.

Data protection contact

  • Data Protection Contact / Responsible department: Data Protection Officer (DPO), Boomerang Casino
  • Email: [email protected] (please include "Privacy" in the subject line for data protection matters)
  • Postal address for privacy correspondence: Data Protection Officer, Boomerang Casino, Willemstad, Curaçao

Regional compliance note for AU users: Boomerang Casino offers services to Australian residents on an offshore basis and is not licensed by the Australian Communications and Media Authority (ACMA) or any Australian state/territory gambling regulator. Your data is therefore primarily regulated under Curaçao and international standards, and, where applicable, under general principles derived from the EU General Data Protection Regulation (GDPR) as a benchmark for best practice.

What Personal Data We Collect

OBSERVE: We collect different data categories to provide gambling services, manage payments, ensure security, and meet legal obligations.

EXPAND: Data originates from registration forms, gameplay, devices, cookies, payments, and our support interactions. Some data is mandatory for account operation and KYC/AML checks.

REFLECT: Below are the categories we collect, with examples to clarify scope.

Identification and contact data

  • Full name, date of birth, gender (where provided)
  • Residential address and country of residence
  • Email address and phone number
  • Identity verification data (e.g. copies or details of passport, ID card, driving licence, proof of address, screenshots of payment methods) provided for KYC/AML checks and age verification

Account and transactional data

  • Username, encrypted password, security settings
  • Account status (active, self-excluded, closed), self-exclusion and cooling-off records
  • Deposit and withdrawal history, including payment method used, amount, currency, timestamp, and transaction identifiers
  • Bonus participation, wagering progress, loyalty or VIP status, accumulated points or rewards

Payment and financial data

  • Partial payment card data (card type, masked card number, expiry date) - we do not store full card details where our payment processors handle them directly
  • Bank account or PayID identifiers where required for payouts
  • Digital wallet identifiers (e.g. Skrill, Neteller) and crypto wallet addresses where you choose such methods
  • Payment verification documents (e.g. screenshots of online banking or wallet interfaces with redacted balances, where allowed)

Technical and usage data

  • IP address, approximate geolocation derived from IP, device identifiers
  • Browser type and version, operating system, language settings, screen resolution
  • Access logs (date and time of visits, pages viewed, links clicked, session duration)
  • Login history, failed login attempts, security logs

Gameplay and behavioural data

  • Game preferences, game sessions, win/loss records
  • Bets placed, stakes, outcomes, and timestamps
  • Bonus and promotion usage, opt-in/opt-out behaviour
  • Interactions with responsible gambling tools (e.g. deposit limits, loss limits, time reminders, self-exclusion)

Communication data

  • Content of emails, live chat transcripts, and messages sent through any on-site tools
  • Records of complaints, dispute submissions (including with third-party ADR platforms such as AskGamblers), and our responses
  • Marketing preferences and consent records (email, SMS, push notifications, in-site messages)

Cookies and similar technologies

  • Cookies, web beacons, pixels, and similar identifiers placed on your device for session management, security, analytics, and advertising (see "Cookies & Tracking Technologies" below)
  • Information about how you interact with our banners, promotions, and affiliate links

Where we request personal data, failure to provide required information may prevent us from opening or maintaining your account, processing transactions, or complying with our legal obligations.

Legal Basis for Processing

OBSERVE: To process personal data lawfully we rely on specific legal grounds, even where local law does not expressly mirror the GDPR framework.

EXPAND: As an offshore operator serving AU residents, we align with internationally recognised standards, including GDPR-style bases: consent, contract, legitimate interests, and legal obligations, especially for KYC/AML.

REFLECT: We summarise each basis and link it to concrete processing activities.

Performance of a contract

  • Creating and managing your player account, including registration, authentication, and profile maintenance.
  • Enabling you to place bets, participate in games, and use all core casino functions.
  • Processing deposits, withdrawals, bonuses, loyalty rewards, and other financial transactions.
  • Providing customer support, including responding to your requests and resolving operational issues.

Compliance with legal obligations

  • Verifying your age and identity to comply with applicable gambling, KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements under Curaçao and general international standards.
  • Monitoring and reporting suspicious transactions and activities to competent authorities or partners where required.
  • Maintaining records of transactions, self-exclusions, and responsible gambling measures for legally required minimum periods.
  • Co-operating with law-enforcement requests, court orders and regulatory investigations within our jurisdiction.

Legitimate interests

  • Preventing fraud, abuse, bonus misuse, money laundering, and other prohibited conduct.
  • Ensuring the security and integrity of our platform, including network and information-security measures, incident detection and response.
  • Analysing service performance and user behaviour to improve games, features, UX, and customer support.
  • Measuring the effectiveness of marketing campaigns (including affiliate campaigns) and optimising our business operations.
  • Defending and enforcing our legal rights, including debt collection, handling player disputes, and managing legal claims.

Consent

  • Sending direct electronic marketing communications (email, SMS, push notifications) where required by law or best practice, and where you have opted in.
  • Using certain non-essential cookies and similar technologies for advertising and advanced analytics, if consent is requested through banners or settings.
  • Processing optional information that you choose to provide (for example, certain profile details or surveys) beyond what is necessary for our services.

You may withdraw your consent at any time where processing is based on consent (see "Your Rights"). Withdrawal does not affect the lawfulness of processing carried out before withdrawal and does not limit our right to process data under other legal bases.

Purpose of Processing

OBSERVE: Data must be used for clear, specified purposes.

EXPAND: Our main purposes relate to providing gambling services safely, legally, and efficiently, alongside marketing and analytics.

REFLECT: Below we group purposes to show how and why we use your information.

Provision and operation of casino services

  • Registering and maintaining your Boomerang Casino account on betboomerang-au.com.
  • Allowing participation in casino games, promotions and loyalty programs.
  • Processing deposits, bets, winnings, bonus credits, and withdrawals.
  • Providing multi-language support (where available) and resolving technical or account issues.

Compliance, risk management and responsible gambling

  • Conducting identity checks, age verification, and ongoing KYC/AML monitoring.
  • Detecting and preventing fraud, account takeover, payment misuse, collusion, and money laundering.
  • Implementing and managing responsible gambling tools (limits, self-exclusion, time reminders) and documenting their use.
  • Maintaining sufficient records for regulatory, tax and audit purposes.

Service improvement and analytics

  • Analysing aggregated and pseudonymised data about game performance, player behaviour and technical performance.
  • Testing new features, games, and user interfaces.
  • Monitoring system stability and performance, diagnosing errors, and optimising server capacity.

Marketing and personalisation

  • Sending promotional communications about bonuses, tournaments, and special offers where permitted.
  • Displaying tailored content on our site based on your preferences, gameplay history, and device characteristics.
  • Carrying out segmentation and profiling for marketing purposes in a manner consistent with applicable law and any consent settings.

Dispute resolution and legal protection

  • Investigating and responding to complaints or disputes submitted directly to us or via third-party platforms (e.g. AskGamblers' complaint service).
  • Enforcing our Terms and Conditions, including game rules and bonus terms.
  • Establishing, exercising or defending legal claims.

Disclosure & Sharing

OBSERVE: We sometimes share data with third parties to run our business and comply with legal obligations.

EXPAND: Recipients include payment providers, game studios, IT vendors, compliance partners, affiliates, and regulators.

REFLECT: We limit sharing to what is necessary, apply safeguards, and do not sell personal data as a commodity.

Service providers and business partners

  • Payment processors and financial institutions: To process deposits, withdrawals and chargebacks using methods such as cards, PayID, bank transfers, e-wallets, and cryptocurrency providers. Examples include acquiring banks, card schemes and payment gateways.
  • Game and platform providers: Casino software studios and platform aggregators that provide games and related services, which may require player identifiers, session data and gameplay statistics.
  • IT, hosting and security providers: Cloud hosting, DDoS protection, content delivery networks, logging and monitoring services supporting platform operations and security.
  • Verification and AML/KYC providers: Third-party identity verification and risk-scoring providers helping confirm your identity, detect fraud and perform sanction/PEP screening where required.

Affiliates and marketing partners

  • Affiliate networks and marketing platforms: We may share pseudonymised identifiers, referral information and conversion data with advertising and affiliate partners to track the effectiveness of campaigns, subject to applicable consent/opt-out mechanisms.
  • Advertising networks: Subject to your cookie and marketing preferences, we may use advertising technologies (e.g. pixels) that allow third-party networks to deliver or measure targeted advertising.

Regulators, authorities and dispute bodies

  • Licensing and regulatory authorities: Curaçao eGaming or successor regulators may receive data necessary to monitor compliance with licensing conditions and AML/CTF obligations.
  • Law enforcement and courts: We may disclose data where required by applicable law, court order or lawful request, or where necessary to protect our rights, property, safety, or that of others.
  • Alternative dispute resolution (ADR): When you file a complaint via a third-party ADR/ODR platform such as AskGamblers (askgamblers.com/complaints), we may share relevant account, transaction and communication data with them in order to investigate and resolve the dispute.

Group companies and corporate transactions

  • We may share your data with other entities within the same corporate group (e.g. associated companies of Rabidi N.V. or Adonio N.V.) for administrative, compliance, and consolidated reporting purposes, subject to appropriate safeguards.
  • In case of a merger, acquisition, sale of assets, reorganisation, or similar corporate event, your data may be transferred to the relevant successor entity, which will continue to process it under this Privacy Policy or a compatible one.

We do not sell your personal information to third parties in the sense of exchanging it for monetary consideration as a standalone product. Every disclosure is limited to what is necessary for the stated purposes.

International Transfers

OBSERVE: As an offshore operator, we transfer data across borders, including outside Australia and the European Economic Area (EEA).

EXPAND: Data may be stored or processed in Curaçao, EU/EEA countries, and other jurisdictions where our service providers are located.

REFLECT: We implement contractual and technical safeguards consistent with international best practice.

Locations of processing

  • Curaçao: Main operational and licensing jurisdiction where core platform and compliance functions are handled.
  • European Union / EEA: Some game providers, payment processors, analytics vendors, and support tools operate from EU/EEA member states.
  • Other regions: Certain IT, hosting, security and marketing services may be located in other countries, including (but not limited to) the United States, the United Kingdom and Asia-Pacific hosting hubs.

Safeguards for international transfers

  • Where we transfer personal data from the EEA or an equivalent jurisdiction to a country that is not subject to an adequacy decision, we seek to implement appropriate safeguards such as:
    • Standard Contractual Clauses (SCCs) or equivalent data-transfer agreements approved by relevant supervisory authorities; and/or
    • Technical measures such as encryption in transit and at rest, strict access controls, and data minimisation.
  • Even where not legally mandated for AU residents, we aim to apply similar protections as a matter of best practice.

By using betboomerang-au.com, you acknowledge that your data may be transferred and processed outside your country of residence, including in jurisdictions that may have different data-protection standards than those in Australia.

Data Retention

OBSERVE: We must not keep personal data longer than necessary for the purposes for which it is processed.

EXPAND: Retention periods differ depending on regulatory obligations (especially AML/KYC) and operational needs.

REFLECT: We define indicative timeframes and explain what happens when they expire.

General retention principles

  • We store personal data only for as long as necessary to:
    • Provide our services and manage your account;
    • Comply with legal, regulatory, and anti-money laundering obligations; and
    • Resolve disputes and enforce our agreements.
  • When data is no longer needed, we will:
    • Securely delete or anonymise it; or
    • Archive it with restricted access where retention is still required for legal reasons.

Indicative retention periods

  • Account and identification data: Typically stored for the duration of your active account and for up to 5 - 7 years after account closure, to satisfy AML/KYC record-keeping, fraud-prevention, and dispute-resolution obligations.
  • Transaction and gameplay data: Usually retained for at least 5 years after the relevant transaction or game session, or longer if required by law or needed in connection with ongoing disputes or investigations.
  • Self-exclusion and responsible gambling records: Kept for the duration of the exclusion period and for a further minimum of 5 years to prevent circumvention and to comply with responsible-gambling requirements.
  • Marketing data and preferences: Retained until you withdraw consent or object to processing, after which we will add your details to a suppression list to prevent further marketing, while retaining minimal information to honour your opt-out.
  • Customer support and complaint records: Generally stored for at least 5 years after resolution, or longer where necessary for legal claims or regulatory reviews.
  • Technical logs and security data: Kept for periods ranging from several months to 5 years depending on their nature and role in security, audit, and fraud-prevention processes.

Deletion criteria

  • You request deletion and we are legally able to comply (see "Your Rights").
  • The data is no longer necessary for any of the purposes for which it was collected or subsequently processed.
  • Applicable limitation periods for legal claims, tax or regulatory investigations have expired.

Your Rights

OBSERVE: Users need clear information about their rights over their personal data.

EXPAND: While Australian law does not mirror the GDPR exactly and Mexican law is not directly applicable, we align our practices with GDPR standards and, where reasonable, with comparable Latin American principles (such as ARCO rights under Mexican law) as a benchmark for fairness.

REFLECT: Below we describe rights we endeavour to offer, the procedures for exercising them, and our response timeframes.

Overview of rights

  • Right of access: To obtain confirmation whether we process your personal data and to receive a copy of such data along with information about our processing.
  • Right to rectification (correction): To request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): To request deletion of your data in certain circumstances, for example where the data is no longer necessary for the purposes we collected it for, or where processing is based solely on consent that you withdraw.
  • Right to restriction of processing: To request that we limit the processing of your data in specific situations (e.g. while we verify accuracy or assess an objection).
  • Right to object: To object to processing based on our legitimate interests and to direct marketing at any time.
  • Right to data portability: To receive certain personal data in a structured, commonly used and machine-readable format and/or request that we transmit it to another controller where technically feasible.
  • Right to withdraw consent: Where processing is based on consent (e.g. marketing), you may withdraw it at any time without affecting the lawfulness of prior processing.

These rights are functionally aligned with the principles of the EU GDPR and with the "ARCO" rights (Access, Rectification, Cancellation, Opposition) recognised under Mexican data-protection law, even though the primary legal framework for Boomerang Casino is not Mexican. We apply them as a standard of good practice for our global user base.

Limitations to rights

  • We may not be able to delete or restrict data where we are required to retain it by AML/KYC, gambling, tax or other legal obligations, or where it is needed to establish, exercise or defend legal claims.
  • We may require identity verification (for example, additional documentation or security questions) before responding to a rights request to protect your account and personal data.

How to exercise your rights

  1. Submit your request: Contact us by email at [email protected] with "Privacy Request" in the subject line. Clearly state:
    • Your full name, username and registered email address;
    • The specific right(s) you wish to exercise; and
    • Any relevant details that will help us locate your data.
  2. Verification: We may ask you to confirm certain account details or provide identification documents to ensure that we are dealing with the account holder.
  3. Assessment and response: We will review your request in light of our legal obligations and operational requirements.

Response timeframes and fees

  • We aim to respond to your request within 30 days of receipt and verification of your identity.
  • In complex cases or where we receive multiple requests, we may extend this period by an additional 30 days, in which case we will inform you of the extension and the reasons for it.
  • We handle rights requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive, in line with international best practice.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential to running a secure, functional casino and to improving user experience.

EXPAND: We use different types of cookies, including first-party and third-party, each with distinct purposes.

REFLECT: We outline types, uses, and your options for managing them.

Types of cookies we use

  • Strictly necessary (functional) cookies: Session and persistent cookies that are essential for:
    • Maintaining your login session and keeping you signed in;
    • Processing bets, payments and account operations securely;
    • Remembering your consent and privacy settings.
    These cookies cannot be disabled via our cookie tools because the website cannot function properly without them.
  • Performance and analytics cookies: Typically persistent cookies (including some third-party cookies) used to:
    • Collect aggregated statistics on usage (pages visited, session length, device types);
    • Identify performance issues and improve site navigation and features;
    • Measure the effectiveness of marketing campaigns and affiliates.
  • Advertising and targeting cookies: Third-party cookies, pixels and similar technologies used to:
    • Display relevant promotions and bonuses based on your interests;
    • Limit the number of times you see a specific advertisement;
    • Track conversions from our advertisements and affiliate links.
    These will typically only be used with your consent where required.

Managing cookies and tracking

  • You can manage cookies through your browser settings by:
    • Blocking all cookies or certain categories of cookies;
    • Deleting existing cookies from your device; or
    • Setting your browser to notify you before a cookie is stored.
    Please note that blocking or deleting cookies may impact website functionality and your ability to use our services.
  • Where available, we may provide an internal cookie or privacy settings panel allowing you to manage non-essential cookies (such as analytics and advertising cookies) directly on the site.

For more detailed instructions on cookie management, please consult your browser's help documentation. By continuing to use betboomerang-au.com without adjusting your settings, you consent to our use of cookies as described, to the extent permitted by applicable law.

Data Security

OBSERVE: Operating an online casino requires strong technical and organisational security measures.

EXPAND: We protect data during transmission and storage, control access, and maintain incident-response procedures, aligning with recognised security frameworks.

REFLECT: While no system is perfectly secure, we apply layered defences to reduce risks.

Technical measures

  • Encryption in transit: We use TLS 1.2 or higher to encrypt communications between your browser and our servers, helping to protect data from interception.
  • Encryption at rest: Sensitive data is stored using industry-standard encryption or tokenisation methods where appropriate, especially for authentication and payment-related information.
  • Access controls: Access to personal data is restricted to authorised personnel and service providers under role-based access controls, using unique credentials and logging of access events.
  • Authentication and session security: We implement measures such as secure password hashing, session time-outs, and optional multi-factor authentication where available.
  • Network and infrastructure security: Firewalls, intrusion-detection/prevention systems, DDoS protection and regular patching are used to safeguard our infrastructure.

Organisational measures

  • Policies and procedures: We maintain internal data-protection, information-security, and incident-response policies that govern how staff handle personal data.
  • Staff training: Employees with access to personal data receive training on confidentiality, data-protection obligations, and security awareness.
  • Vendor due diligence: We select third-party service providers that commit to appropriate security standards and enter into data-processing or confidentiality agreements where relevant.
  • Audits and testing: We conduct regular internal reviews and may engage external experts to test and evaluate our systems' security posture.

Incident response

  • We maintain processes to detect, assess and respond to suspected personal-data breaches or security incidents.
  • Where required by applicable law, we will notify relevant authorities and, where necessary, affected users without undue delay, describing the nature of the breach, likely consequences, and measures taken or proposed.

We strive to align our practices with internationally recognised security principles such as those reflected in ISO/IEC 27001 and SOC 2-type frameworks, although we may not hold formal certification under every such standard.

Complaints & Contacts

OBSERVE: Users require clear channels for privacy questions and complaints.

EXPAND: As an offshore operator, formal oversight may differ from onshore regimes; nevertheless, we commit to internal review and cooperation with competent authorities where applicable.

REFLECT: We provide procedures, contact methods and escalation paths, recognising that some users may seek assistance from international or specialised regulators and ADR bodies.

Contacting us about privacy

  • Email (primary channel): [email protected] - for all questions, requests and complaints related to privacy and data protection (include "Privacy" in the subject line).
  • Postal address: Data Protection Officer, Boomerang Casino, Willemstad, Curaçao.

Internal complaint procedure

  1. Submit your complaint: Provide a clear description of your concern, your full name, username, and contact details. Indicate relevant dates, any previous correspondence, and the outcome you seek.
  2. Acknowledgement: We will typically acknowledge receipt of your complaint within 7 business days.
  3. Investigation: Your complaint will be reviewed by our Data Protection Officer or a designated privacy specialist. We may contact you for additional information if necessary.
  4. Response: We aim to provide a substantive written response within 30 days of acknowledging your complaint. In complex matters, we may extend this period and will inform you of the extension and reasons.

Alternative dispute resolution and supervisory authorities

  • Alternative dispute resolution (general gambling complaints): For certain disputes (for example, those concerning fairness of games or payments rather than purely privacy issues), you may use third-party ADR platforms such as AskGamblers' complaint service:
    • Website: https://askgamblers.com/complaints
    These bodies are not privacy regulators but can help mediate casino-related disputes in general, and we may share relevant data with them to handle such cases.
  • Data-protection authorities (EU / international): If you believe that your data-protection rights have been violated, you may have the right to lodge a complaint with a supervisory authority in your country of habitual residence, your place of work, or the place of an alleged infringement where such authorities are competent. For EU/EEA-based users, this may be a national Data Protection Authority (DPA) in your Member State.
  • Mexican data-protection authority (referential only): References to Mexican privacy standards (e.g., ARCO rights) in this Policy are for alignment with good practice; our operations are not primarily subject to the Mexican data-protection authority (INAI). Mexican-resident users may nonetheless consult INAI guidance for understanding their general data-protection rights.

This section does not limit any mandatory rights you may have under the laws applicable in your country of residence, to the extent those laws apply to our activities.

Updates

OBSERVE: Privacy practices and legal requirements evolve over time.

EXPAND: We must be able to change this Policy while informing users appropriately and giving them choices where changes are material.

REFLECT: We explain how we will notify you, provide version control, and indicate your options.

Changes to this Privacy Policy

  • We may update this Privacy Policy from time to time to reflect:
    • Changes in our services, technologies, or corporate structure;
    • Updates in applicable laws, regulations, or regulatory guidance; or
    • Feedback from users, partners, or supervisory authorities.
  • Each version will be identified by a "Last updated" date and, where feasible, a brief description of material changes.

Notification methods

  • Website publication: The current version of the Privacy Policy will always be available on betboomerang-au.com.
  • On-site notices: For significant changes, we may display banners or pop-up notifications when you log in, directing you to the updated Policy.
  • Email notifications: Where changes are material and we hold your active contact details, we may send an email summarising key updates and linking to the full text.
  • Account dashboard alerts: We may provide alerts or messages within your account area describing the main modifications.

Advance notice and your options

  • For material changes that significantly affect your rights or how we use your data (for example, introducing new categories of recipients or substantially new purposes), we will, where reasonably practicable, provide at least 30 days' advance notice before the changes take effect.
  • If you do not agree with the updated Policy, you may choose to:
    • Adjust your privacy settings (e.g. marketing preferences, cookies); and/or
    • Close your account and request deletion or restriction of your data, subject to legal retention requirements.
  • Your continued use of betboomerang-au.com after the effective date of an updated Privacy Policy will constitute your acknowledgement of the changes, to the extent permitted by applicable law.

Last updated: January 2026