Privacy Policy

h4win ("we", "us", "our") operates the h4win-australia.com website (the "Platform"), providing online gaming and casino services targeted at users in Australia. This Privacy Policy outlines how we collect, use, store, protect, and disclose your personal information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We prioritize your privacy, ensuring transparent and secure handling of your data while delivering responsible gaming experiences; by accessing our Platform, you agree to these practices.oaic.

Information We Collect

We gather personal information essential for operating our gaming platform, verifying identities, processing transactions, and complying with Australian regulations like the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). This includes basic identifiers such as your full name, date of birth, email address, phone number, residential address, and government-issued ID details for age and identity verification, as required before account creation.austrac.

Financial data covers payment methods, bank details, transaction history, deposits, withdrawals, and source of funds information to prevent fraud and meet AUSTRAC obligations. Sensitive information, handled with extra care under APP 3, may include gaming history, betting patterns, self-exclusion preferences, and health-related data for responsible gambling support, always collected only where necessary and with your consent where applicable.

Technical and usage data automatically collected via cookies, IP addresses, device IDs, browser types, location data (approximated for geo-restrictions), session durations, and game preferences helps optimize performance and detect unusual activity. We also log communications like support tickets, live chat records, and marketing opt-ins to improve service quality. For non-registered visitors, we collect anonymized analytics via tools like Google Analytics, respecting APP 2 where pseudonymity is possible.

Children under 18 are prohibited from using our Platform; we do not knowingly collect their data and will delete any discovered information immediately upon parental notification. All collections are lawful, fair, and minimally invasive per APP 3 and 5, with notifications provided at collection points like registration forms.vgccc.vic.

How We Collect Information

Most data is collected directly from you during registration, KYC (Know Your Customer) verification, deposits/withdrawals, gameplay, and support interactions. For example, uploading ID documents for AML/CTF compliance occurs via secure upload portals before any gaming commences.austrac.gov.

Indirectly, we use cookies, web beacons, and similar technologies for analytics, personalization, and security — essential cookies enable core functions, while optional ones track preferences (manage via cookie banner). Third-party processors like payment gateways (e.g, Visa, PayPal) or affiliates may share data with us under strict contracts per APP 6 and 8.sclaustralia.

Server logs capture IP addresses and timestamps for security audits. Public sources or credit reference agencies provide supplemental verification data only for fraud prevention, always with your implied consent through Platform use. We never collect more than reasonably necessary, adhering to data minimization principles.oaic.gov.

Purposes of Data Processing

Your information enables account management, game delivery, payment processing, and personalized promotions while ensuring regulatory compliance. Under APP 6, we use it for identity verification, transaction facilitation, fraud detection via behavioral analytics, and responsible gambling tools like deposit limits and self-exclusion.oaic.

Marketing communications (opt-in only per APP 7) promote bonuses or updates, with easy unsubscribe links. Aggregate anonymized data supports platform improvements and compliance reporting to bodies like AUSTRAC or state regulators (e.g, NSW Gaming and Racing Administration). In emergencies, data may aid harm prevention, such as flagging excessive losses.casinocanberra.

Gaming analytics refine user experience without harmful profiling. Legal obligations, like record-keeping for 7 years under AML/CTF, dictate retention. No automated decisions solely determine access; human oversight applies.oaic.gov.

Legal Basis for Processing relies on contractual necessity (e.g, fulfilling bets), legal obligations (AML/CTF, age verification), legitimate interests (fraud prevention, site security), and consent (marketing, cookies). Sensitive data requires explicit consent or vital interests for responsible gambling.

For EU/EEA users (if applicable), GDPR Art. 6 parallels apply: performance of contract (Art. 6(1)(b)), compliance with law (Art. 6(1)(c)), legitimate interests (Art. 6(1)(f)). We balance interests via DPIAs (Data Protection Impact Assessments) for high-risk.

Sharing and Disclosure

We disclose data only as necessary: to service providers (hosting, payments, analytics) bound by APP 8 safeguards and Australian law; regulators (AUSTRAC, OAIC); or law enforcement upon valid request. Affiliates within our group share for operational efficiency, remaining APP-compliant.austrac.

No sales of data occur. In mergers/acquisitions, buyers inherit data under equivalent protections. Cross-border transfers (e.g, to cloud servers) use Standard Contractual Clauses or adequacy decisions, ensuring APP 8 protections — EU recipients comply with GDPR Chapter V.

Responsible gambling data shares with national self-exclusion registers (e.g, BetStop) only with consent or as required. Public disclosures are aggregated/anonymized.

Data Security

Per APP 11, we implement robust measures: encryption (TLS 1.3 for transit, AES-256 at rest), firewalls, regular penetration testing, access controls (RBAC), and multi-factor authentication. Employee training and audit logs minimize insider risks.oaic.gov.

Payment data tokenizes via PCI DSS-compliant processors. Incident response plans activate for breaches, including forensic analysis. We retain data only as needed (e.g, transaction records 7 years) then securely delete/de-identify per APP 11.2.austrac.

Your Rights and Choices

Under APPs 12-13 and GDPR (if applicable), request access, correction, deletion, or restriction via [email protected] — we respond within 30 days, free unless vexatious. Opt-out of marketing anytime; withdraw cookie consent via settings.oaic.gov.

Portability available for structured data (GDPR Art. 20). Anonymity/pseudonymity offered where practicable (APP 2), except for KYC. Complaints escalate to our Privacy Officer, then OAIC (oaic.gov.au).oaic.gov.

Responsible gambling controls: set limits, timeouts, self-exclude (multi-year options linking to BetStop). Track via account.

Cookies and Tracking

We use essential cookies for functionality, performance cookies for optimization, and marketing cookies for targeted ads (with consent). Third-party cookies from Google Analytics/Ads are anonymized (IP masking). Manage via browser or our banner; disabling may impair.

Do Not Track (DNT) signals honored where possible. Cookie policy linked in footer details categories, durations.

Data Retention

Data held as long as your account exists or obligations require (e.g, 7 years for AML/CTF). Inactive accounts dormant after 2 years, deleted after notice. Deletion requests honored unless legally barred; backups purge within 90 days.austrac.

Notifiable Data Breaches

Under the Notifiable Data Breaches (NDB) scheme (Part IIIC Privacy Act), eligible breaches (unauthorized access/disclosure likely causing serious harm) trigger assessment within 30 days. If confirmed, we notify OAIC and affected users promptly with breach details, risks, and mitigation (e.g, password resets, monitoring). Public statements if direct notice impractical.

Examples: hacked databases exposing IDs/financials. Remediation always attempted first. Annual breach reports to OAIC as.

International Users and GDPR

While Australia-focused, if you access from EU/EEA, GDPR applies extraterritorially. DPO contact: [email protected]. Rights include objection (Art. 21), erasure (Art. 17). Transfers use SCCs; adequacy for Australia noted.

Third-Party Links

Platform links to partners (e.g, payment sites); we control neither their privacy nor data flows — review their.

Children's Privacy

No services for under-18s; verification enforces this. Incidental collection deleted; parents contact us for removal.vgccc.vic.gov.

Changes to This Policy

Updates post here with effective date; material changes emailed to registered users. Continued use post-change implies acceptance. Review regularly.oaic.gov.

Responsible Gambling Integration

Data supports harm minimization: session/loss limits, reality checks, self-exclusion. Behavioral indicators flag interventions; data shared only for welfare (e.g, with counselors). Compliance with state codes (e.g, Victorian Responsible Gambling Code).vgccc.vic.

Contact Us

Privacy Officer: [email protected]. Expect response within 30 days per APP 1. For complaints: OAIC at 1300 363 992 or oaic.gov.au/privacy/complaints. Postal inquiries welcomed.oaic.gov.

Last updated: March 31, 2026