burger icon
Win Spirit Review Australia

Privacy Policy

This Privacy Policy explains how Win Spirit, operating through the website https://winspiritplay-au.com (the "Site"), collects, uses, stores, and discloses personal information of visitors and users located in Australia. It applies to all individuals who access or use the Site, including those who read reviews, interact with content, subscribe to communications, or otherwise provide personal data through the Site. By using the Site, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and supersedes any prior versions published on the Site.

Who We Are

OBSERVE: The Site relates to the Win Spirit brand and operates in connection with an offshore online gambling service. The underlying operator is a Curacao-registered private company acting under a gaming licence issued by Antillephone N.V. A Cyprus-based entity acts as payment agent.

EXPAND: For transparency, we clearly distinguish between (a) the Site as an informational and brand-related interface for Australian users and (b) the underlying gambling operator providing the gaming services. We also provide contact details for privacy-related requests.

REFLECT: The following details identify the main entities involved and the contact point for data protection queries.

Operator and Related Entities

  • Brand Name: Win Spirit (used exclusively in connection with the Site at https://winspiritplay-au.com).
  • Operating Company (Gambling Services): Complete Technologies N.V., a private limited liability company (N.V.) incorporated in Curacao.
    • Company Registration Number: 153194
    • Jurisdiction of Registration: Curacao
    • Gaming Licence: Curacao Antillephone N.V., Licence No. 8048/JAZ2014-053 (status indicated as valid via validator; considered current at least through 2026).
    • Licence Validator URL: https://validator.antillephone.com/validate?domain=winspirit.com
  • Payment Agent / Office Address: Churston Building, 1st Floor, 171 Arch. Makariou III Ave, 3027 Limassol, Cyprus (used by Complete Technologies N.V. as a payment agent address).
  • Websites Associated with the Brand:

Contact for Privacy Matters (DPO / Data Protection Contact)

  • Data Protection Contact: Data Protection Officer (DPO), Win Spirit - AU
  • Email (primary for privacy and support): [email protected]
  • Email (general enquiries): [email protected]
  • Postal Contact (for written privacy requests): Data Protection Officer, Win Spirit (Complete Technologies N.V. - Payment Agent), Churston Building, 1st Floor, 171 Arch. Makariou III Ave, 3027 Limassol, Cyprus

Regional Compliance Note: The Site targets users located in Australia but the operator is not licensed in Australia and is regulated offshore in Curacao. Australian consumer protection and gambling regulatory laws may not apply to the gambling services themselves; however, we endeavour to align this Privacy Policy with Australian privacy expectations and relevant international standards.

What Personal Data We Collect

OBSERVE: To operate the Site and associated gambling services, various categories of information are collected, including identification, contact, technical, transactional and behavioural data.

EXPAND: Collection occurs directly from you (e.g. form completion, registration), automatically through your device (e.g. cookies, logs), and via third parties (e.g. payment providers, analytics and affiliate partners).

REFLECT: The following list explains the main categories of data we may process when you interact with Win Spirit through winspiritplay-au.com.

Identification and Contact Data

  • Full name, date of birth, and gender (where provided during account creation or verification).
  • Residential address, country of residence, and proof-of-address documents (e.g. utility bills, bank statements) for KYC/AML purposes.
  • Email addresses (including those used for registration, account management, and marketing communications).
  • Telephone numbers and other contact details you provide.
  • Copies of identification documents (e.g. passport, driver's licence, national ID) collected during KYC checks.

Account and Gambling-Related Data

  • Username, encrypted password and other authentication credentials.
  • Account status, account limits, responsible gambling settings and self-exclusion flags.
  • Game preferences, favourites, session duration and interaction with specific products.
  • Betting, wagering and play history, including game rounds, wins, losses, bonuses used, and tournaments joined.

Payment and Financial Data

  • Payment method details (e.g. masked card numbers, e-wallet ID, bank account identifiers), managed via secure payment partners.
  • Deposit and withdrawal history, including transaction amounts, currencies, timestamps and status.
  • Financial verification documents (e.g. bank statements, source-of-funds evidence) where required by AML and risk rules.

Technical and Usage Data

  • IP address, approximate geolocation inferred from IP, and VPN/proxy indicators.
  • Device information, including device model, operating system, browser type and language settings.
  • Log data, such as access times, pages viewed, session identifiers and referral URLs.
  • Security and system logs (e.g. failed login attempts, unusual access patterns) for fraud and risk monitoring.

Behavioural and Analytics Data

  • Interaction with the Site (page views, clicks, scroll depth, navigation paths).
  • Responses to promotional campaigns, bonus usage, email open and click rates.
  • Segmentation and profiling data used to understand preferences (e.g. frequent game types, typical stake levels).

Cookies and Similar Technologies

  • Session cookies to maintain your login session and ensure continuity across pages.
  • Persistent cookies to remember preferences (language, region) and keep you recognised on return visits.
  • Analytics cookies to measure site performance and user behaviour (e.g. Google Analytics or similar tools).
  • Advertising and affiliate cookies to track campaigns, referrals and conversion events.
  • Related web technologies such as pixels, tags and local storage objects used for similar purposes.

Special Categories and Sensitive Data

  • We generally do not seek to collect sensitive information (e.g. health data, political beliefs). However, some responsible gambling information (e.g. communications about gambling harm) may indirectly reveal aspects of your health or financial stress. Such information is handled with heightened confidentiality.

Legal Basis for Processing

OBSERVE: As an offshore operator serving Australian users, we rely on a blend of contractual necessity, legal obligations, legitimate interests and consent to process your data.

EXPAND: While the primary regulatory framework is that of Curacao, we also reference principles consistent with the EU General Data Protection Regulation (GDPR) and leading international standards to structure our legal bases.

REFLECT: The specific legal grounds for processing depend on the context of processing and are described below.

Contract Performance and Pre-Contractual Steps

  • To register, verify and manage your player account on winspiritplay-au.com.
  • To process deposits, bets, game participation and withdrawals.
  • To provide customer support, handle complaints and manage features like bonuses and loyalty programmes.
  • Without these processing activities, we cannot deliver the gambling services or maintain your account.

Compliance with Legal and Regulatory Obligations

  • Compliance with KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations imposed by the Curacao licensing regime and relevant international standards.
  • Sanctions screening, fraud monitoring and prevention of criminal activity.
  • Bookkeeping, tax, accounting and mandatory record-keeping obligations under applicable laws.
  • Cooperation with lawful requests from regulators or law enforcement authorities in competent jurisdictions.

Legitimate Interests

  • Ensuring the security and integrity of our systems, detecting and preventing fraud, bonus abuse or account compromise.
  • Analysing aggregated usage data to maintain and improve site performance, game offerings and user experience.
  • Personalising content and promotions in a proportionate manner that does not override your fundamental rights and freedoms.
  • Protecting our legal rights, including establishing, exercising or defending legal claims.

Consent

  • Sending direct marketing communications (e.g. promotional emails, SMS) where required under applicable law.
  • Using certain non-essential cookies (e.g. advertising cookies) and similar technologies on your device.
  • Collecting and using optional data you choose to provide (e.g. surveys, feedback forms).
  • You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Purpose of Processing

OBSERVE: Data is processed for operational, security, legal, analytical and marketing purposes.

EXPAND: Given the offshore nature of the service and the Australian focus, particular emphasis is placed on fraud prevention, payment integrity and responsible gambling.

REFLECT: The main purposes are outlined below to ensure transparency.

Provision of Services and Site Operation

  • Creating and maintaining your Win Spirit account and providing access to games, bonuses and promotions.
  • Processing deposits, bets, winnings, withdrawals and chargebacks.
  • Offering multilingual support, account management and technical assistance.
  • Providing the review and informational content of Win Spirit to Australian users.

Service Improvement and Personalisation

  • Monitoring performance of the Site and troubleshooting issues.
  • Conducting analytics on anonymous or pseudonymised data to understand player behaviour and preferences.
  • Testing new features, games and promotional structures before full release.
  • Customising content, offers and recommendations based on your usage patterns.

Marketing and Communications

  • Sending newsletters, promotional offers and loyalty communications (subject to your consent, where required).
  • Informing you about changes to our services, policies and terms.
  • Conducting surveys, feedback requests and satisfaction studies to improve our services.

Risk Management, Fraud Prevention and Responsible Gambling

  • Verifying identity, source of funds and legitimacy of transactions.
  • Detecting suspicious activity, multiple accounts, VPN-based access intended to circumvent blocks and bonus abuse.
  • Implementing responsible gambling measures, such as deposit limits, self-exclusion and monitoring indicators of problematic gambling.

Legal and Regulatory Compliance

  • Meeting obligations under our Curacao licence and AML regulations.
  • Responding to lawful information requests from competent authorities.
  • Establishing, exercising or defending legal claims, including handling disputes with players.

Disclosure & Sharing

OBSERVE: We share personal data with selected partners and authorities where necessary for service provision, compliance and risk management.

EXPAND: Given that Win Spirit operates for Australian users through an offshore structure, data may be disclosed across multiple jurisdictions.

REFLECT: We take contractual and organisational steps to ensure that such sharing is proportionate and subject to appropriate safeguards.

Payment and Financial Partners

  • Banks, card schemes, payment processors, e-wallet providers and other financial institutions that execute deposits and withdrawals.
  • Payment gateways and payment service providers acting as data processors under our instructions.

Technical and Service Providers

  • Hosting and cloud infrastructure providers storing our databases and systems.
  • IT security providers, analytics platforms and monitoring tools.
  • Customer support platforms (ticketing, chat, CRM) handling your enquiries.

Gaming, Affiliate and Marketing Partners

  • Game content providers and platform aggregators supporting casino games and related services.
  • Affiliate partners and advertising networks for campaign tracking and performance measurement (subject to applicable consent for cookies and similar technologies).
  • Email and SMS delivery providers used to send our communications.

Corporate Transactions

  • Potential buyers, investors, advisers or other third parties in connection with any merger, acquisition, restructuring or sale of assets, subject to confidentiality obligations.

Regulators, Law Enforcement and Authorities

  • Curacao licensing authorities (e.g. Antillephone N.V.) for compliance audits and regulatory oversight.
  • Law enforcement agencies and courts in relevant jurisdictions when required by law or necessary to protect our rights or the rights of others.
  • Where Australian authorities (including ACMA) lawfully request information relating to illegal offshore gambling enforcement, we may be legally compelled or permitted to cooperate, depending on jurisdictional rules.

Group and Intra-Company Sharing

  • Other entities under common ownership or control with Complete Technologies N.V. that support operational, financial or compliance functions, subject to intra-group data protection arrangements.

Safeguards for Sharing

  • We enter into data processing agreements with service providers to ensure that they process data only on our instructions and with appropriate security measures.
  • Where required, we use contractual safeguards for international data transfers, as explained below.

International Transfers

OBSERVE: Data flows between Australia, Curacao, Cyprus, EU/EEA and potentially other locations where our service providers are based.

EXPAND: Because our infrastructure and partners are distributed, your data may be stored or processed in multiple jurisdictions with varying data protection laws.

REFLECT: We apply recognised transfer mechanisms and contractual safeguards where feasible to protect your personal data.

Countries and Regions Involved

  • Curacao: Primary licensing and operator jurisdiction (Complete Technologies N.V.).
  • Cyprus: Payment agent and operational office address (Churston Building, Limassol).
  • European Union / EEA: Certain hosting, analytics or payment partners may operate from or through EU/EEA locations.
  • Other Countries: Global cloud providers and technical vendors may process data in the United States, the United Kingdom or other jurisdictions.

Protection Measures

  • Use of industry-standard security (TLS 1.2+ encryption, access controls) during transit and storage.
  • Contractual safeguards such as Standard Contractual Clauses (SCCs) or equivalent terms where required by international standards (e.g. when EU/EEA data protection principles are relevant).
  • Selection of reputable vendors with proven data protection and security practices, including those aligned with ISO 27001 or SOC 2 standards where applicable.

Australian Regulatory Note

  • Your data may not be subject to Australian Privacy Principles (APPs) once it is transferred offshore. By using the Site, you understand that data may be processed in jurisdictions not offering the same level of data protection as Australia, and you consent to such transfers to the extent required by law.

Data Retention

OBSERVE: Personal data is retained for varying periods depending on legal, regulatory and operational needs.

EXPAND: Offshore gambling operators are typically subject to AML and licensing requirements mandating long-term retention of transactional and identity data.

REFLECT: We apply retention schedules designed to keep data no longer than reasonably necessary while allowing us to comply with legal obligations and protect our interests.

General Retention Principles

  • We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and reporting requirements.
  • Where specific statutory retention periods apply (e.g. AML rules), we retain data for at least those minimum periods.
  • After expiry of the relevant period, data is securely deleted, anonymised or archived with restricted access.

Indicative Retention Periods

  • Account and Identification Data: Typically retained for the duration of the account and for up to 5 - 7 years after account closure or last activity, to comply with AML and licensing requirements and to manage potential disputes.
  • Payment and Transaction Data: Retained for at least 7 years from the date of the relevant transaction, in line with financial and tax record-keeping obligations and AML best practices.
  • Technical Logs and Security Data: Retained for 6 - 24 months, depending on the type of log and its relevance to security, fraud and abuse detection.
  • Marketing Data: Retained until you withdraw consent or object to processing, and for a limited period thereafter to record your opt-out preference (generally 2 years from your last interaction with our marketing communications).
  • Responsible Gambling and Complaint Records: Retained for the lifetime of the account and for at least 5 years after closure to evidence compliance and handle any subsequent disputes.

Deletion and Anonymisation

  • When data is no longer needed, we may irreversibly anonymise it for statistical or analytical use.
  • Where you request deletion, we will honour your request subject to overriding legal obligations to retain certain records, particularly AML and transaction data.

Your Rights

OBSERVE: Although our primary regulation is offshore, we structure user rights consistently with internationally recognised privacy standards, including GDPR-style rights, and we consider comparable protections recognised in other privacy regimes.

EXPAND: These rights include access, rectification, erasure, restriction, objection, portability and withdrawal of consent, subject to applicable limitations.

REFLECT: We aim to respond to rights requests transparently and within reasonable timeframes.

Summary of Your Rights

  • Right of Access: You can request confirmation of whether we process your personal data and obtain a copy of such data, along with information about how it is used.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete personal data held about you.
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and no other legal basis applies), or where you successfully object to processing. This right is limited where we must retain data for legal or regulatory reasons.
  • Right to Restrict Processing: You can ask us to restrict the processing of your data (e.g. while we verify accuracy or assess an objection).
  • Right to Object: You can object to processing based on legitimate interests, including profiling. You also have an absolute right to object to direct marketing at any time.
  • Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may request a structured, commonly used and machine-readable copy of your personal data, or ask us to transmit it directly to another controller where technically feasible.
  • Right to Withdraw Consent: Where processing is based on your consent (e.g. marketing, non-essential cookies), you may withdraw your consent at any time, without affecting prior lawful processing.

Procedures for Exercising Your Rights

  1. Submission of Request: Send your request by email to [email protected] or [email protected], or by post to the DPO at the Cyprus address listed above. Clearly state your identity, the right you wish to exercise and relevant details.
  2. Identity Verification: For your security, we may ask for additional information or documentation to verify your identity before acting on your request.
  3. Assessment: We will review your request, assess applicable legal obligations (e.g. requirements to retain AML data) and determine the appropriate response.
  4. Response Timeframe: We aim to respond within 30 days of receiving a valid request. Complex or numerous requests may require more time; in such cases, we will inform you of the extension and the reasons for it.
  5. Fees: We generally handle rights requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, particularly due to their repetitive character.

Limitations

  • Your rights may be restricted where necessary to protect public interests (e.g. crime prevention), our legal obligations (e.g. AML record-keeping) or the rights and freedoms of others.
  • Because our operations are offshore and not subject to all Australian or EU data protection laws, some legal remedies available under those regimes may not formally apply; nevertheless, we endeavour to handle your data in line with these principles.

Cookies & Tracking Technologies

OBSERVE: The Site uses cookies and similar technologies to function properly, enhance user experience and support analytics and marketing.

EXPAND: Certain cookies are essential for site operation, while others are optional and based on your consent.

REFLECT: You can manage cookie preferences through your browser and, where available, our internal settings panel.

Types of Cookies We Use

  • Session Cookies: Temporary cookies that remain only while your browser is open. They enable core functions such as secure login, maintaining session state and navigating between pages.
  • Persistent Cookies: Cookies stored on your device for a defined period (e.g. days or months) to remember your preferences (language, region, login choices) and improve convenience on subsequent visits.
  • First-Party Cookies: Cookies set directly by winspiritplay-au.com to support functionality and security.
  • Third-Party Cookies: Cookies set by analytics, advertising and affiliate partners to measure traffic, track campaign performance and deliver personalised content.

Purposes of Cookies

  • Strictly Necessary / Functional: Required for the Site to operate, including authentication, load balancing, security and basic configuration.
  • Analytics and Performance: Help us understand how visitors use the Site (pages visited, time on site, errors encountered) so we can improve performance and content.
  • Advertising and Affiliate Tracking: Used to track referrals, conversions and measure effectiveness of marketing campaigns, and, where applicable, to tailor advertising.

Managing and Disabling Cookies

  • You can adjust your browser settings to block or delete cookies. Guidance is available in the "Help" section of your browser or via your device's support resources.
  • Note that blocking certain cookies may impact site functionality, including login, gameplay and personalised settings.
  • Where available, we may provide an internal cookie or privacy settings panel enabling you to manage non-essential cookies on winspiritplay-au.com.

Data Security

OBSERVE: Protecting your personal data is a high priority for Win Spirit and the Win Spirit brand.

EXPAND: We apply a layered security approach covering technical, organisational and procedural safeguards.

REFLECT: While no system is completely immune to risk, we implement industry-recognised measures proportionate to the sensitivity of the data processed.

Technical Security Measures

  • Encryption in Transit: Use of TLS 1.2+ or equivalent protocols to encrypt data transmitted between your browser and our servers.
  • Encryption at Rest: Where appropriate, sensitive data (including certain financial and authentication data) is stored using strong encryption standards.
  • Access Controls: Role-based access controls and authentication mechanisms to ensure that only authorised personnel and systems can access personal data.
  • Multi-Factor Authentication (MFA): Use of MFA for critical internal systems and, where available, optional MFA for user accounts.
  • Network Security: Firewalls, intrusion detection/prevention systems and secure network segmentation to reduce exposure to attacks.

Organisational and Procedural Measures

  • Staff Training: Regular training for employees on information security, data protection and phishing awareness.
  • Data Minimisation: Limiting access to personal data to personnel who need it for the performance of their duties.
  • Security Policies: Internal policies and procedures governing secure handling, transfer and deletion of data.
  • Vendor Due Diligence: Assessment of key service providers' security measures and contractual requirements to maintain adequate protection.

Monitoring, Audits and Incident Response

  • Regular Security Assessments: Periodic internal reviews and, where appropriate, external assessments to identify vulnerabilities.
  • Logging and Monitoring: Continuous monitoring of system logs and security events to detect suspicious activities.
  • Incident Response Plan: Documented procedures for handling suspected or actual security incidents, including containment, investigation and remediation.
  • Breach Notification: Where required by applicable law, we will notify relevant authorities and affected individuals of a data breach without undue delay, providing information about the nature of the breach and recommended protective steps.

Compliance with Security Standards

  • While Complete Technologies N.V. does not publicly disclose full certification details, we aim to align our practices with recognised frameworks such as ISO 27001 and SOC 2 where proportionate and feasible.

Complaints & Contacts

OBSERVE: Users must have clear channels to raise questions or complaints about privacy and data protection.

EXPAND: Although the service is not licensed in Australia, we provide structured avenues to escalate concerns and seek redress.

REFLECT: The following outlines our internal complaint procedure and potential external escalation routes.

How to Contact Us

  • Email (primary): [email protected]
  • Email (general): [email protected]
  • Postal Address: Data Protection Officer, Win Spirit (Complete Technologies N.V. - Payment Agent), Churston Building, 1st Floor, 171 Arch. Makariou III Ave, 3027 Limassol, Cyprus

Internal Complaint Procedure

  1. Submission: Send your complaint or enquiry with a clear description of your concerns, relevant dates and any supporting evidence to one of the contact channels above.
  2. Acknowledgement: We will acknowledge receipt of your complaint within 7 business days, where feasible, and provide a reference number for follow-up.
  3. Investigation: The DPO or a designated privacy specialist will review your complaint, consult relevant internal teams and, if necessary, request further information from you.
  4. Response: We aim to provide a substantive response within 30 days from acknowledgement. Complex matters may require more time; in such cases, we will inform you of the delay and expected timeframe.
  5. Further Steps: If you are dissatisfied with our response, you may request escalation to senior management within the operator's organisation.

Escalation to Supervisory or Regulatory Authorities

  • Australia (Regulatory Context):
    • The Australian Communications and Media Authority (ACMA) is responsible for enforcing the Interactive Gambling Act 2001 and maintains a list of illegal offshore gambling websites: https://acma.gov.au/blocked-gambling-websites.
    • Although ACMA does not act as a privacy regulator for offshore operators, you may refer to its public resources for information on illegal offshore gambling and consumer guidance.
  • Other Data Protection Authorities:
    • Because our core operations are outside Australia and the EU, there may be limited direct oversight by EU or Australian privacy regulators. However, you may still seek independent legal advice or approach relevant authorities in your country of residence to understand potential remedies.

Updates

OBSERVE: Privacy laws and our operations may evolve over time, requiring updates to this Privacy Policy.

EXPAND: Transparent change management ensures you are informed about material modifications, particularly when they affect how your data is used.

REFLECT: The procedures below explain how we notify you and what options you have.

Notification of Changes

  • We may update this Privacy Policy periodically to reflect changes in legal requirements, operational practices or technology.
  • For non-material changes (e.g. clarifications, minor edits), we will post the updated version on winspiritplay-au.com with an updated "Last updated" date.
  • For material changes that significantly affect your rights or the way we process your data (e.g. new categories of data, new purposes, or significant new third-party disclosures), we will take additional steps to notify you, which may include:
    • Email notifications to the address associated with your account.
    • Prominent notices or banners on the Site.
    • Alerts within your account dashboard (where applicable).

Advance Notice and User Options

  • Where feasible and required, we will provide at least 30 days' advance notice before material changes take effect.
  • If you do not agree with the updated Privacy Policy, you may:
    • Adjust your privacy or marketing preferences.
    • Request closure of your account and, where appropriate, withdrawal of available funds in accordance with the applicable terms and conditions.
    • Exercise your privacy rights as described in the "Your Rights" section.

Version Control

  • Last updated: January 2026
  • Previous versions may be retained internally for audit and compliance purposes. Where required or appropriate, we may provide a summary of material historical changes on request.