Contents
1. Who We Are & How to Contact Us
2. What Personal Data We Collect
3. How We Collect Your Data
4. Legal Basis for Processing
5. How We Use Your Data
6. Cookies & Tracking Technologies
7. Sharing Your Data with Third Parties
8. International Data Transfers
9. Data Retention
10. Security Measures
11. Your Rights
12. Changes to This Policy
1
Who We Are & How to Contact Us
WinShark Casino is operated by GBL Solutions N.V., a company registered in Curaçao with its registered office at Abraham de Veerstraat 9, Willemstad, Curaçao. GBL Solutions N.V. is the data controller responsible for your personal data collected through the Platform at winshark-casino-australia.com.
For any questions, requests, or concerns regarding your personal data or this Privacy Policy, please contact us using the details below. We aim to respond to all privacy-related enquiries within 30 calendar days.
Data Controller
Company: GBL Solutions N.V.
Address: Abraham de Veerstraat 9, Willemstad, Curaçao
Licence: Curaçao Gaming Control Board (GCB)
Contact Channels
Live Chat: Available 24/7 on the Platform
Email: Via the Support page on the Platform
Response Time: Within 30 calendar days
2
What Personal Data We Collect
We collect only the personal data that is necessary for the purposes described in this Policy. The categories of personal data we may collect about you are set out below.
Category
Examples
Identity Data
Full legal name, date of birth, gender, nationality, government-issued ID number, copies of identity documents (passport, driver’s licence)
Contact Data
Email address, phone number, residential address, postcode, country of residence
Financial Data
Payment method details (card type, last four digits, expiry), bank account information where applicable, cryptocurrency wallet addresses, transaction history, deposit and withdrawal records, account balance
Gaming Activity Data
Games played, bet amounts, session duration, win/loss records, bonus usage history, wagering activity, game preferences, tournament participation
Technical Data
IP address, device type, operating system, browser type and version, screen resolution, login timestamps, session identifiers, geolocation data (country/region level)
Communications Data
Support chat transcripts, email correspondence, complaint records, survey responses, feedback submitted through the Platform
Responsible Gaming Data
Self-exclusion status, deposit and loss limit settings, cool-off periods, responsible gaming tool usage, referrals to third-party support organisations
ℹ️
We do not collect special categories of sensitive personal data (such as health, race, religion, or political opinions) unless required by applicable law or voluntarily provided by you in the context of a responsible gaming self-assessment.
3
How We Collect Your Data
We collect personal data through several channels:
When you register an account, complete KYC verification, make a deposit or withdrawal, contact our Support team, respond to a survey, claim a bonus, or update your account profile. This is the primary source of your identity, contact, and financial data.
When you browse or use the Platform, we automatically collect Technical Data via cookies, web beacons, log files, and similar tracking technologies. This includes your IP address, device identifiers, browser information, and how you interact with the Platform (pages visited, features used, time spent).
From identity verification and KYC providers (who may supplement the information you provided), payment processors (who confirm transaction status), fraud detection services, and, where applicable, from public registers or credit reference agencies for anti-money laundering compliance purposes.
If you arrived at WinShark Casino via an affiliate link or referral programme, we may receive limited referral data (such as a tracking code) from the referring partner. This data is used solely to attribute your registration for commission purposes and does not include your personal details from the affiliate’s database.
4
Legal Basis for Processing
We are required to have a lawful basis for processing your personal data. Depending on the purpose, we rely on one or more of the following legal bases:
📋
Contractual Necessity
Processing required to open and manage your account, process transactions, and provide the gaming service you have contracted with us for.
⚖️
Legal Obligation
Processing required to comply with applicable laws including anti-money laundering (AML), KYC regulations, tax reporting, and gaming licence conditions.
🎯
Legitimate Interests
Processing for fraud prevention, security monitoring, platform improvement, and responsible gaming – your rights is our priority.
✅
Consent
Where you have opted in to receive promotional communications, personalised offers, or non-essential cookies, you can decline it at any time.
We use the personal data we collect for the following purposes:
Account creation & management
Registering your account, maintaining your profile, and managing your gaming activity
Contractual necessity
Payment processing
Processing your deposits, withdrawals, and refunds securely
Contractual necessity
Identity verification (KYC)
Verifying your identity and age before processing withdrawals or in response to regulatory requirements
Legal obligation
Anti-money laundering (AML) compliance
Monitoring transactions, screening for politically exposed persons (PEPs), and maintaining records as required by AML regulations
Legal obligation
Fraud prevention & security
Detecting and preventing fraudulent activity, multiple account use, chargebacks, and abuse of promotional offers
Legitimate interests
Responsible gaming
Monitoring gaming patterns, applying player-imposed limits, and identifying players who may need support
Legitimate interests
Platform improvement & analytics
Understanding how players use the Platform, improving features, and resolving technical issues
Legitimate interests
Marketing & personalised offers
Sending promotional emails, personalising bonuses and content, and running targeted marketing campaigns — only where you have opted in
Consent
Customer support
Responding to your enquiries, resolving disputes, and maintaining records of our communications
Contractual necessity
6
Cookies & Tracking Technologies
WinShark Casino uses cookies and similar tracking technologies to operate the Platform, remember your preferences, analyse usage patterns, and deliver relevant advertising. A cookie is a small text file placed on your device when you visit a website.
Strictly Necessary Cookies
Required for the Platform to function. They enable core features like user login, session management, account security, and fraud prevention. These cookies cannot be disabled without breaking the Platform. No consent is required.
Analytics & Performance Cookies
Help us understand how players interact with the Platform by collecting anonymous data on pages visited, time spent, and errors encountered. Used to improve the Platform’s performance and user experience. Require your consent.
Functional & Preference Cookies
Remember your preferences such as language selection, game display settings, and interface layout to provide a personalised experience. Require your consent.
Targeting & Advertising Cookies
Set by us and our advertising partners to show you relevant promotional content on and off the Platform. Track your browsing across websites to build a profile of your interests. Require your consent and can be withdrawn at any time.
You can manage your cookie preferences through our Cookie Consent tool, accessible on your first visit to the Platform and at any time via your account settings. Withdrawing consent for non-essential cookies will not affect your ability to use core Platform functions. You may also manage cookies through your browser settings, though blocking all cookies may impair Platform functionality.
7
Sharing Your Data with Third Parties
We do not sell your personal data to third parties. We may share your data with trusted third parties strictly where necessary to operate the Platform, comply with our legal obligations, or protect against fraud. All third parties we engage are contractually required to handle your data securely and use it only for the specified purpose.
To process your deposits and withdrawals. They receive only the financial data necessary to complete the transaction. They operate under their own regulated privacy frameworks (e.g. PCI-DSS for card processors).
KYC & Identity Verification Providers
To verify your identity and documents. These providers check submitted data against public and commercial databases to confirm authenticity and perform age verification and sanctions screening.
Fraud & Risk Management Services
To identify and prevent fraudulent accounts, bonus abuse, money laundering, and other financial crimes. These services receive Technical Data and account behaviour patterns to generate risk assessments.
Game studios and aggregators may receive anonymised session and game performance data for the purpose of technical support, game auditing, and progressive jackpot management. No personal identity data is shared with game providers.
Customer Support Platforms
Live chat and email support tools may process your communications and account data for the purposes of managing support tickets and improving customer service quality.
Regulatory & Law Enforcement Bodies
We may be required by law, court order, or regulatory authority to disclose certain personal data. Such disclosures are made strictly on a need-to-know basis and only to the extent required by the applicable legal obligation.
8
International Data Transfers
GBL Solutions N.V. is incorporated in Curaçao, and your personal data may be transferred to, stored in, or processed in countries outside of Australia. Some of our third-party service providers — including payment processors, KYC providers, and cloud infrastructure providers — may be located in the European Union, the United Kingdom, the United States, or other jurisdictions.
Whenever we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your data in accordance with this Policy. Where required, such safeguards may include standard contractual clauses approved by the relevant regulatory authority, adequacy decisions, or the implementation of equivalent data protection standards by the receiving organisation.
By using the Platform, you acknowledge that your personal data may be transferred outside Australia and that the privacy laws of those countries may differ from those in your country of residence. We are committed to ensuring your data remains protected regardless of where it is processed.
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:
Data Category
Retention Period
Reason
Account & identity data
5 years after account closure
AML, regulatory compliance, dispute resolution
KYC documents
5 years after account closure
AML regulations & licence conditions
Transaction & financial records
7 years after transaction
Financial record-keeping laws
Support communications
3 years after last interaction
Customer service quality & dispute records
Marketing preferences & consent records
Until withdrawn + 3 years
Proof of consent for regulatory purposes
Technical & analytical data (cookies, logs)
Up to 13 months
Platform security & performance analysis
Following the end of the applicable retention period, your data will be securely deleted or anonymised so that it can no longer be linked to you personally. Where deletion is not immediately possible (e.g. due to technical backup systems), we will isolate the data and protect it from further processing until deletion can be completed.
We implement a range of technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:
🔐
SSL / TLS Encryption
All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) to prevent interception.
🗄️
Encrypted Data Storage
Sensitive data including financial information and identity documents is stored using strong encryption at rest.
🔑
Access Controls
Access to personal data is restricted to authorised personnel only, on a strict need-to-know basis, with role-based permissions.
🛡️
Fraud Detection Systems
Automated fraud monitoring tools analyse account activity in real time to detect suspicious patterns and prevent unauthorised access.
📋
Staff Training
All staff with access to personal data receive regular training on data protection obligations and security best practices.
🔔
Breach Notification
In the event of a data breach that poses a risk to your rights, we will notify you without undue delay in accordance with applicable law.
While we take all reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data and you use the Platform at your own risk. If you suspect a security issue related to your account, please contact Support immediately.
Depending on your country of residence and applicable data protection laws, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us via the Support channels listed in Section 1. We will respond within 30 calendar days.
You have the right to request a copy of the personal data we hold about you and to receive information about how it is used. We will provide this in a clear, structured format.
You may request that we correct any personal data we hold about you that is inaccurate or incomplete. Please note that certain data (such as KYC-verified identity data) may require fresh documentation to be amended.
Right to Erasure (“Right to Be Forgotten”)
You may request that we delete your personal data in certain circumstances. This right is not absolute — we may be required to retain certain data to comply with our legal and regulatory obligations (e.g. AML record-keeping).
Right to Restrict Processing
In certain situations, you may ask us to pause processing of your data — for example while you contest its accuracy or while we assess an objection you have raised.
Right to Data Portability
Where we process your data on the basis of consent or contract, and the processing is automated, you may request a copy of your data in a structured, machine-readable format.
You may object to processing based on our legitimate interests, including profiling for marketing purposes. You may also unsubscribe from marketing communications at any time via your Account Settings or by contacting Support.
Right to Withdraw Consent
Where we rely on your consent as the legal basis for processing, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
ℹ️
We will verify your identity before processing any rights request. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive. If we are unable to fulfil your request, we will explain why.
We review and update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or the services we provide. When we make material changes, we will notify you by email (to your registered address) and/or by a notice on the Platform, with a revised effective date prominently displayed at the top of this Policy.
We encourage you to review this Policy regularly to stay informed about how we protect your personal data. Your continued use of the Platform following notification of changes constitutes your acknowledgment of the revised Policy.
If you have any questions about this Privacy Policy, your rights, or how we handle your personal data, please contact us via live chat or email through the Support section of the Platform. We are committed to working through any concerns you have directly and transparently.
🦈
© 2026 WinShark Casino Australia. All rights reserved. Operated by GBL Solutions N.V. under Curaçao Gaming Control Board licence. This Privacy Policy was last updated on 13 February 2026. Previous versions are available upon request.
This Policy should be read alongside our Terms and Conditions. In the event of any conflict between this Privacy Policy and our Terms and Conditions, this Privacy Policy shall prevail in relation to the processing of personal data.
18+ Only · Gamble Responsibly · gamblinghelponline.org.au · 1800 858 858
