burger icon
Cocoa Сasino Casino
Log In

Privacy Policy

This privacy policy explains how your personal information is collected, used, and protected when you interact with cocoacasino via the cocoa-aussy.com website. It applies to all players, visitors, and users who access services through cocoa-aussy.com. The effective date of this policy is 23 June 2025.

Who We Are

OBSERVE: cocoacasino is operated on the cocoa-aussy.com platform by an entity associated with SSC Entertainment N.V., with possible relations to Silverstone Overseas Ltd and AffDynasty Group (clarification ongoing). The current registered gaming license is 8048/JAZ, issued by the Government of Curacao for remote gaming activities, with validity extended until 2025. Full legal address and company registration details are under verification.
EXPAND: As required for AU-facing gambling operators, clear contact and responsibility pathways are provided. The person responsible for data protection, as indicated by available data, is Sophie Foster.
REFLECT: All privacy enquiries regarding cocoacasino (through cocoa-aussy.com) should be directed to the following contacts.

  • Legal Operator: SSC Entertainment N.V. (with review of related entities ongoing)
  • Registered License: 8048/JAZ (Curacao eGaming), validity to 2025
  • Official Website: https://cocoa-aussy.com
  • Responsible Contact: Sophie Foster (Data Protection Responsible Person)
  • Contact Email: To request data-related assistance, please use the website's contact form or refer to Sophie Foster through cocoa-aussy.com support channels.
  • Legal Address: Not presently specified; pending corporate clarification (all privacy matters managed via online channels until update).

Regional Compliance Note: This information meets Australian user transparency standards pending regulatory clarification on overseas license operator details.

What Personal Data We Collect

OBSERVE: Data categories must reflect AU Privacy Act 1988 and iGaming best practices.
EXPAND: Data collected covers both directly provided and automatically observed information, including identifiers, technical logs, behavioral analytics, and third-party cookie tracking.
REFLECT: Data is only collected as necessary to provide core services, comply with regulatory mandates, and improve user experience.

  • Personal Details: Full name, date of birth, email address, postal address, and contact phone numbers as provided during registration or verification.
  • Technical Information: IP address, device type, browser version, operating system, access times, and activity logs.
  • Payment Data: Transaction history, banking/payment card details, withdrawal and deposit records, and KYC documentation where required.
  • Behavioral Data: Account activity, betting and gaming history, website navigation, clicks, page visits, and user interactions.
  • Cookies & Tracking: Session cookies, persistent cookies, third-party analytics and advertising cookies; behavioural identifiers for fraud prevention and marketing optimisation.

Regional Compliance Note: The scope of collected data is limited to what is reasonably required under Australian law and Curacao licensing obligations.

Legal Basis for Processing

OBSERVE: Processing must satisfy Australian privacy law foundations (e.g., consent, contractual necessity, legal obligation, legitimate interests).
EXPAND: Each basis must be transparently explained and mapped to operational realities relevant to remote gambling.
REFLECT: Activities only proceed where a lawful basis exists and is demonstrable.

  1. User Consent: Data processing for marketing, advertising, and informational communication is performed only with your express consent, which may be withdrawn at any time using available account tools or by contacting support.
  2. Contractual Necessity: Most data processing is essential to fulfil the contract between you and cocoacasino (via cocoa-aussy.com), such as account creation, payment processing, and customer support management.
  3. Legal Compliance: Compliance with Curacao licensing, AU anti-money laundering (AML/CTF) requirements, and KYC/age-verification legislation mandates the retention and verification of certain personal data.
  4. Legitimate Interests: We lawfully pursue fraud detection, security monitoring, service improvement, analytics, and safeguarding website integrity. Processing is balanced with your privacy rights and you may object to such use except where legal necessity prevails.

Regional Compliance Note: All legal bases align with the AU Privacy Act and AU ACMA requirements for gambling operators.

Purpose of Processing

OBSERVE: Purposes must meet both user expectations and regulatory requirements for transparency.
EXPAND: Processing purposes relate to technical operation, legal compliance, service enhancement, and responsible gambling obligations.
REFLECT: Data is only processed for legitimate objectives, with all secondary uses separately disclosed or consented.

  • Service Provision: To register, authenticate, and administer user accounts; to process payments, deposits, and withdrawals; and to deliver casino games and services through cocoa-aussy.com.
  • Compliance & Verification: To meet licensing, AML/CTF, and regulatory requirements, including identity and age checks.
  • Service Improvement: To analyse website usage, conduct system testing, and implement technical upgrades for better security and user experience.
  • Marketing & Communication: To send promotional materials, event notifications, and surveys as allowed by your preferences and relevant AU law.
  • Fraud Prevention & Security: To detect and prevent fraud, abuse, unauthorised access, or violations of terms and regulations.

Regional Compliance Note: AU regulations require transparent disclosure of all processing purposes; non-essential marketing use always subject to user opt-out.

Disclosure & Sharing

OBSERVE: Within AU and Curacao frameworks, disclosure must be strictly controlled and fully documented.
EXPAND: Disclosure includes third-party processors, payment providers, regulatory bodies, and (with consent) limited marketing affiliates.
REFLECT: Sharing is limited to what is essential, with contractual safeguards enforced for all recipients.

  • Payment Partners: Data may be shared with reputable payment processors and banking institutions strictly for processing deposits, withdrawals, and verifications. All such partners are contractually bound by confidentiality and security standards.
  • Service Providers: Data may be shared with authorised IT, analytics, customer support, or maintenance partners for the provision of technical and operational services.
  • Regulators & Authorities: As a licensed gambling operator (Curacao, with AU-specific compliance adaptations), we may be lawfully required to provide information to regulators, law enforcement, or financial intelligence units for reporting or compliance checks.
  • Affiliates & Advertising Networks: With your informed consent, select data may be disclosed to affiliates or digital marketing partners for promotional activities; you may opt out at any time via account settings.

Legal Obligation: No personal data is sold or provided to unrelated third parties. All disclosures adhere strictly to AU and international data privacy mandates.

International Transfers

OBSERVE: Operating from Curacao for AU clients necessitates cross-border data flows; AU Privacy Principle 8 (APP 8) applies.
EXPAND: Transfers may occur to jurisdictions with different data protection laws. Safeguards must be specified.
REFLECT: All transfers are protected by strong contractual and technical assurances.

  • Geographic Destinations: Data may be processed in Curacao or other locations where licensed service providers operate (e.g., Europe, Asia, Caribbean).
  • Protection Measures: Wherever data is transferred outside Australia, standard contractual clauses (SCCs) or equivalent legal mechanisms are implemented to protect your rights and privacy.
  • Access Controls: Only those with a clear operational need receive access; all processor relationships are governed by robust data protection agreements.

Regional Compliance Note: By engaging with cocoa-aussy.com, you acknowledge that your data may be transferred internationally yet remains subject to rigorous privacy safeguards aligned with AU standards.

Data Retention

OBSERVE: Data retention periods must meet Australian legal minimums and Curacao licensing standards.
EXPAND: Different categories have distinct lifespans; user-initiated deletion and regulatory preservation both apply.
REFLECT: Data is retained only as long as strictly necessary for its intended and lawful purposes.

  • Personal Account Data: Retained for active account lifespan plus up to 5 years after closure or last activity, in line with AML/CTF and regulatory audit obligations.
  • Financial & Transaction Records: Retained for no longer than 5 years post-account closure, as mandated for fraud monitoring and legal/financial reporting.
  • Cookies & Technical Data: Session cookies are deleted when you close your browser; persistent cookies may remain for up to 2 years or until user deletion.
  • Deletion Criteria: Data is erased upon user request (except where legal retention is required), upon expiration of relevant purpose, or following extended account inactivity (all such actions subject to lawful and regulatory exceptions).

Regional Compliance Note: Retention practices are aligned with AU and Curacao requirements; users may request deletion of data except where ongoing legal retention is mandated.

Your Rights

OBSERVE: User rights under AU law and international standards must be clearly stated.
EXPAND: Rights include access, correction, deletion, objection, restriction, portability, and withdrawal of consent.
REFLECT: Users are empowered to control their information at all times, subject to regulatory exceptions.

  1. Access: You may request a copy of your personal data held by cocoacasino (via cocoa-aussy.com) at any time.
  2. Correction: You may correct inaccurate, incomplete, or outdated personal data through your account portal or by contacting support.
  3. Deletion ("Right to be Forgotten"): You may request deletion of your personal data, except where retention is required by law (e.g., AML/CTF, regulatory reporting).
  4. Restriction: You may restrict processing of your personal data under specific circumstances (e.g., while accuracy is contested or processing is unlawful).
  5. Objection: You may object to direct marketing communications or to processing based on legitimate interests.
  6. Data Portability: You are entitled to receive your personal data in a commonly used, machine-readable format where technically feasible.
  7. Withdraw Consent: You may withdraw consent for marketing or non-essential processing at any time using your account features or by contacting support.

Procedural Steps: All rights requests are processed promptly, with identity verification and compliance checks as required by law. Response is provided within the statutory AU timeframes.

Cookies & Tracking Technologies

OBSERVE: The use of cookies and similar tools is governed by both AU law and industry practice.
EXPAND: Cookie types, purposes, and management options must be specified.
REFLECT: Users have full control over non-essential cookies and can adjust preferences at any time.

  • Session Cookies: Enable essential site functions and expire immediately upon closing your browser. Required for secure account access and navigation.
  • Persistent Cookies: Allow retention of preferences and authentication for up to 2 years, improving user convenience.
  • Third-Party Cookies: Used for analytics (e.g., Google Analytics) and targeted advertising where permitted by your preferences.
  • Management: You can manage or disable cookies via your browser settings or, where available, through in-account privacy panels. Disabling certain cookies may affect core site functionality.

Regional Compliance Note: Explicit consent is required for non-essential cookies; all cookie usage conforms to AU Privacy Act and ePrivacy principles.

Data Security

OBSERVE: Security must meet AU best practice requirements for digital gambling providers.
EXPAND: Technical and organisational measures need detailed articulation.
REFLECT: Ongoing reviews keep protection current and effective.

  1. Encryption: All sensitive data, including personal details and payment information, is protected using up-to-date SSL encryption during transit and at rest.
  2. Access Restrictions: Personal data is accessible only to trained staff or service providers with verified need-to-know, each bound by strict confidentiality obligations.
  3. System Audits: Regular system audits and penetration tests are conducted to identify, prevent, and remediate risks.
  4. Staff Training: All company personnel and support partners receive mandatory privacy awareness and data protection training.
  5. Incident Response: Robust procedures exist to notify users and regulators of any suspected or confirmed data breach in line with AU Notifiable Data Breaches (NDB) obligations.

Legal Protections: Technical and organizational safeguards are reviewed and updated at least annually, or as new threats emerge, in alignment with AU and Curacao standards.

Complaints & Contacts

OBSERVE: AU law requires clear access to complaint and inquiry channels.
EXPAND: The responsible person for privacy matters is identified above; a complaints process is established.
REFLECT: Complaints are handled promptly and transparently, with recourse available if you are dissatisfied.

  • Contact for Privacy Enquiries: All inquiries or complaints about data processing should be directed to Sophie Foster, Data Protection Responsible Person, via the support channel on cocoa-aussy.com.
  • Complaints Procedure: Your complaint will be acknowledged within 7 business days. An initial resolution or update will be provided within 30 days, subject to verification and complexity.
  • Regulatory Escalation: If unsatisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).

Regional Compliance Note: Our complaints handling and response times are aligned with AU data protection and customer care obligations.

Updates

OBSERVE: The policy must be kept current and users clearly notified of all material changes.
EXPAND: Procedures for notification and publication are defined.
REFLECT: Transparency is maintained and user consent is respected where required.

  • Policy Changes: Any updates to this privacy policy will be posted on cocoa-aussy.com with a prominent notice and, where legally required, via direct user communication (e.g., email or account message).
  • Effective Date: The current policy is effective as of 23 June 2025.
  • User Notification: Continued use of the website and services after any change constitutes acceptance of the updated privacy policy.

Legal Disclaimer: This privacy policy is intended to meet Australian privacy standards and remote gambling regulatory expectations. Operator details and jurisdictional status will be updated as soon as corporate clarifications become available. For all privacy concerns, contact Sophie Foster via cocoa-aussy.com.