Privacy Policy

Effective date: 27 March 2026

This Privacy Policy explains how Star City, StarCity, Star City Casino, Star City Casino AU, Casino Star City, and Star City Casino Australia, operating through starcity-casinoonline.com, collect, use, disclose, store, and protect personal data in connection with the provision of online gambling-related services, website access, account management, responsible gambling controls, payments, and customer support.

For the purposes of applicable privacy and data protection laws, Star City acts as a data controller in relation to the personal information processed through this website. Where service providers process information on our behalf, they act as data processors or independent controllers depending on the nature of the service provided.

This privacy policy is intended for users in Australia and has been drafted with regard to the Privacy Act 1988 (Cth), including the Australian Privacy Principles, and relevant compliance duties connected to anti-money laundering and counter-terrorism financing obligations. In some cases, industry terms such as gdpr, data controller, personal data, data processing, consent withdrawal, and right to erasure are used for clarity where users are familiar with international privacy standards. However, this document is designed for the Australia market.

By registering an account, using the website, submitting documents, making deposits, placing bets, participating in promotions, or otherwise interacting with our services, you acknowledge that your personal data may be processed as described in this Privacy Policy. In cases where consent is required by law, registration or an affirmative action may constitute consent. Where processing is necessary for legal obligation, contract performance, fraud prevention, aml, cft, and kyc checks, such processing may continue even if marketing consent is not given or is later withdrawn.

1. Introduction

Star City provides gambling-related website services that require the collection and use of personal data to operate lawfully, securely, and responsibly. We have legal and regulatory obligations to verify user identity, monitor transactions, prevent fraud, detect suspicious activity, maintain secure records, respond to complaints, and support responsible gambling measures.

As a result, certain categories of personal information must be processed before, during, and after the customer relationship. If you do not provide information necessary for account creation, identity verification, payment processing, or legal compliance, we may be unable to provide some or all services.

We aim to process personal data lawfully, fairly, and transparently, and only to the extent necessary for legitimate operational and compliance purposes.

2. Information We Collect

We may collect personal data directly from you, automatically through your use of the website, and from third-party sources. The types of information we collect include the following.

2.1 Personal details you provide

When you register, contact us, transact, or verify your account, we may collect:

• full name
• date of birth
• residential address
• postal address if different
• email address
• telephone number if provided through account features or verification workflows
• username and account credentials
• copies of identity verification and address verification documents
• payment-related details necessary to process deposits, withdrawals, chargeback reviews, and source-of-funds checks
• any information included in forms, declarations, account limitation requests, or responsible gambling communications

2.2 Correspondence and support records

We may keep records of communications and requests, including:

• emails sent to or received from [email protected]
• complaint details and dispute history
• account review notes
• requests relating to access, correction, or consent withdrawal
• responsible gambling and self-exclusion communications
• fraud alerts, risk notes, and customer service interactions

2.3 Transaction history and account activity

To operate your account and comply with legal requirements, we may collect and maintain:

• deposit and withdrawal records
• betting, wagering, and gameplay activity
• bonuses, promotions, and redemption history
• account balances and adjustments
• rejected transactions and payment verification outcomes
• chargeback, reversal, or refund records
• risk indicators linked to irregular or suspicious account behaviour

2.4 Technical logs and device information

When you use starcity-casinoonline.com, certain information may be collected automatically, such as:

• IP address
• browser type and version
• operating system
• device identifiers
• log-in and log-out timestamps
• cookie identifiers and session information
• pages visited, clickstream data, and referral URLs
• approximate geolocation derived from IP or device data
• security logs used to detect misuse, bots, unauthorized access, or system abuse

2.5 KYC, AML, and CFT verification documents

To satisfy identity verification and financial crime compliance duties, we may collect:

• passport, driver licence, or other government-issued identification
• proof of address documents
• bank statements or payment method evidence where required
• source-of-funds or source-of-wealth documentation
• liveness checks, selfie verification, or facial matching outputs where used by verification partners
• sanctions screening and politically exposed person screening results
• adverse media and fraud database screening information where legally permitted

2.6 Sensitive or higher-risk information

We do not intentionally seek sensitive information unless it is necessary for legal compliance, dispute handling, safer gambling interventions, or fraud investigation. If such information is provided or required by law, it will be handled with additional safeguards where appropriate.

3. How We Use Your Information

We use personal data only where there is a valid legal basis or lawful justification under applicable law. Depending on the context, this may include contract performance, legal obligation, legitimate interests, consent, or protection against unlawful conduct.

We may use your information for the following purposes:

• to create and administer your account
• to verify your identity, age, and eligibility to use gambling services
• to process bets, gameplay, wins, losses, deposits, withdrawals, and related account transactions
• to provide customer support and respond to inquiries
• to enforce our terms, house rules, bonus conditions, and responsible gambling measures
• to conduct aml, cft, and kyc checks
• to detect, investigate, and prevent fraud prevention issues, account takeover, collusion, bonus abuse, money laundering, terrorism financing, or other prohibited activity
• to assess account security and service integrity
• to maintain internal records and audit trails
• to carry out risk management and compliance reporting
• to improve website functionality, user experience, and service improvements through analytics and operational review
• to send service messages, security notifications, and account-related communications
• to manage complaints, disputes, chargebacks, and legal claims
• to comply with court orders, statutory requests, regulatory inquiries, and law enforcement obligations
• to conduct limited research, testing, and reporting using aggregated or de-identified information where possible

Where we rely on consent for a particular activity, such as some forms of marketing communication, you may withdraw that consent at any time. Consent withdrawal does not affect the lawfulness of prior data processing.

4. Marketing Communication

If you agree to receive marketing, we may use your contact details, account activity, and preference data to send information about services, updates, offers, or content that may be relevant to your interests. Marketing use will be limited to what is permitted by applicable law.

Marketing data may include:

• your email address
• language and communication preferences
• records of whether you opened or interacted with messages
• general account segmentation data, such as whether you are an active or inactive user

You can opt out of marketing communication at any time by:

• using the unsubscribe function included in the relevant email, where available
• contacting [email protected] and requesting removal from marketing lists

Please note that even if you opt out of promotional communication, we may still send non-marketing messages that are necessary for account management, security, legal obligation, identity verification, transaction processing, or customer support.

5. Obtaining Personal Information

We obtain personal information through several channels.

5.1 Information collected directly from you

This includes data you submit when you:

• register an account
• complete profile fields
• upload identity verification documents
• make deposits or request withdrawals
• contact support
• participate in surveys, complaints, or account reviews
• request self-exclusion, time-out, or other account restrictions

5.2 Information collected automatically

We may collect technical and usage data when you browse, log in, interact with games, or use payment and account tools on the website.

5.3 Information collected from third parties

We may receive information from:

• identity verification providers
• payment processors and financial institutions
• fraud prevention and security screening providers
• sanctions and politically exposed person screening databases
• analytics and hosting providers
• affiliated companies within our corporate group where relevant to account management or compliance
• publicly available registers or legal databases where permitted by law

We take reasonable steps to ensure third-party information used by us is relevant, accurate, and obtained lawfully.

6. Data Recipients

Access to personal data is restricted to those who need it for legitimate business, technical, security, or compliance reasons. Depending on the purpose, your information may be accessed by:

• authorized employees involved in account management, payments, fraud review, compliance, legal, support, and security
• companies within our group structure where shared services are used for administration, risk control, or compliance oversight
• contracted data processors providing hosting, storage, customer relationship management, analytics, communications, verification, and security tools
• professional advisers, including legal, audit, and compliance consultants where necessary

All access is subject to confidentiality obligations and appropriate internal controls.

7. Releasing Data to Third Parties

We do not sell personal data. We may release or disclose information to third parties only where there is a lawful and necessary reason to do so. This may include the following circumstances:

• to payment processors, banks, e-wallet providers, and financial institutions to complete transactions or investigate payment issues
• to identity verification and kyc providers for age and identity verification
• to aml and cft monitoring partners for financial crime screening and reporting
• to fraud prevention databases, cybersecurity partners, and risk intelligence providers
• to game providers and platform suppliers where necessary to deliver gameplay, validate outcomes, or investigate irregular activity
• to regulators, statutory bodies, law enforcement agencies, courts, or dispute resolution bodies when disclosure is required by legal obligation
• to professional advisers or potential corporate counterparties in connection with audits, claims, restructuring, financing, or business transfer, subject to appropriate safeguards
• to other parties where you have expressly directed or authorized the disclosure

Where personal data is shared with service providers, we require them to process data only for defined purposes and to apply appropriate security standards.

8. International Data Transfers

Because online services may rely on global infrastructure, some personal data may be stored or processed outside Australia. Where this occurs, we take reasonable steps to ensure overseas recipients handle personal data in a manner consistent with applicable privacy requirements, including through contractual protections, vendor due diligence, security reviews, and access controls.

If an overseas recipient is engaged for hosting, analytics, verification, payment support, or security operations, we will seek to ensure that data processing remains limited to necessary and lawful purposes.

9. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including compliance, dispute resolution, fraud prevention, security, tax, accounting, and record-keeping.

Because gambling operators and related service providers may be subject to aml and cft record-keeping obligations, some information must be retained for a minimum period of 5 years after the end of the customer relationship, the completion of a transaction, or the date required by law.

Retention periods may vary depending on the data type and legal risk. For example:

• account registration records may be retained for compliance and audit purposes
• identity verification files may be retained to satisfy kyc and aml obligations
• transaction records may be retained for financial reporting, dispute handling, and regulatory review
• security logs may be retained for incident detection, investigations, and system integrity
• complaint and legal claim records may be retained until the matter is resolved and any relevant limitation period expires

After the applicable retention period ends, and where no overriding legal obligation or legitimate need remains, personal data may be securely deleted, anonymised, or irreversibly de-identified.

Where a right to erasure applies, we will consider requests in accordance with applicable law. However, the right to erasure is not absolute and may be limited where we must retain information to comply with aml, cft, fraud prevention, legal obligation, or dispute resolution requirements.

10. Security of Your Data

Star City uses technical and organisational measures designed to protect personal data against loss, misuse, unauthorized access, alteration, and disclosure. No system is completely secure, but we apply reasonable safeguards proportionate to the sensitivity of the information processed.

These measures may include:

• account protection through unique ID and password controls
• role-based access restrictions for staff and service providers
• encryption of data in transit using ssl or similar secure protocols
• encryption or secure storage controls for selected categories of stored data
• logging and monitoring of account access and security events
• network security controls, firewalls, and anti-malware measures
• vendor due diligence and contractual confidentiality obligations
• internal policies covering incident response, retention, and access governance
• verification procedures before changes to sensitive account details are actioned

You are also responsible for maintaining the confidentiality of your credentials and for notifying us promptly if you believe your account or personal data has been compromised.

11. Cookies and Similar Technologies

We may use cookies, local storage, pixels, and similar technologies to support site functionality, authentication, security, analytics, fraud detection, and user preference management.

These technologies may help us to:

• keep you logged in during a session
• remember certain settings and preferences
• understand website performance and traffic patterns
• identify suspicious behaviour or repeated failed access attempts
• support responsible website administration and service improvements

You may be able to control cookies through your browser settings. However, blocking some technologies may affect site performance, log-in functionality, fraud controls, or other core features.

12. Your Rights and Choices

Subject to applicable law, you may have rights in relation to your personal data, including the right to:

• request access to personal information we hold about you
• request correction of inaccurate, incomplete, or out-of-date information
• request that we update your communication preferences
• withdraw consent where processing is based on consent
• object to or request restriction of certain processing in limited circumstances
• request erasure where no legal or overriding operational basis for retention remains
• complain if you believe your information has been handled improperly

To exercise your rights, please contact [email protected]. We may need to verify your identity before acting on a request. In some situations, we may refuse or limit a request where permitted or required by law, including where the information is needed for legal obligation, account security, fraud prevention, aml, cft, or ongoing dispute handling.

If you are dissatisfied with our response, you may have the right to lodge a complaint with the Office of the Australian Information Commissioner. Information about the OAIC is available at: https://www.oaic.gov.au/

13. Children and Age Restrictions

Our services are not intended for individuals under the age legally permitted to participate in gambling activities in their relevant jurisdiction. We do not knowingly provide gambling services to minors. If we become aware that personal data has been collected in connection with an underage account, we may suspend the account, conduct verification checks, and take steps to delete or restrict the information as required, subject to legal retention duties.

14. Account Restrictions and Responsible Gambling Data

Where required for legal compliance, player protection, or responsible gambling purposes, we may process data relating to account restrictions and behavioural controls. This may include:

• deposit limits
• loss limits
• wagering or stake limits
• session reminders
• cooling-off or time-out requests
• self-exclusion records
• account suspension or closure decisions
• records relevant to affordability, risk review, or safer gambling interventions where permitted by law

These records may be used to apply controls accurately, prevent circumvention, investigate account misuse, and demonstrate compliance with applicable obligations.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, business operations, or risk practices. The most current version will be published on starcity-casinoonline.com with the revised effective date.

Where changes are material, we may take reasonable steps to bring them to your attention through the website or by email where appropriate.

16. Contacting Us

If you have questions about this privacy policy, your personal data, data retention, identity verification, consent withdrawal, or user rights, please contact:

[email protected]

17. Sources and References

This Privacy Policy has been prepared with reference to the following legal and regulatory materials relevant to Australia:

• Privacy Act 1988 (Cth): https://www.legislation.gov.au/
• Australian Privacy Principles: https://www.oaic.gov.au/privacy/australian-privacy-principles
• Office of the Australian Information Commissioner guidance: https://www.oaic.gov.au/
• Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth): https://www.legislation.gov.au/
• AUSTRAC guidance and compliance resources: https://www.austrac.gov.au/

This document is for transparency and operational compliance purposes and should be read together with any applicable website terms, responsible gambling rules, and account conditions made available on starcity-casinoonline.com.