burger icon
28 Mars Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how 28 Mars Casino, operated via 28marsbet-au.com for the 28 Mars Casino project, collects, uses, discloses and protects personal data of players and website visitors. It applies to anyone who visits, registers an account, places wagers or otherwise interacts with our services through this website. By using the website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective from 1 February 2026 and remains in force until replaced or updated.

Who We Are

28 Mars Casino is an online gaming service made available to users through the domain 28marsbet-au.com. The service is operated on behalf of the 28 Mars Casino project by:

  • Legal entity: Dama N.V.
  • Legal form: Public limited company (N.V.) incorporated under the laws of Curaçao
  • Registered address: Scharlooweg 39, Willemstad, Curaçao
  • Game licence context: Dama N.V. has historically operated under master licence 8048/JAZ2020-013 issued by Antillephone N.V., Curaçao. The specific AU-facing domain 28marsbet-au.com may not be covered by an active validator seal and should be considered to be operating without an Australian gambling licence.

Corporate registration and tax identification numbers are maintained with the Curaçao Chamber of Commerce and will be provided to competent authorities upon lawful request.

Data protection contact:

  • Email (primary): [email protected] (messages marked "Privacy" or "Data Protection" will be forwarded to our internal data protection team)
  • Postal contact: Data Protection Team, Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Nothing in this Privacy Policy should be interpreted as a statement that our gambling services are authorised or licensed in Australia. This document deals only with personal data processing.

What Personal Data We Collect

We collect and process the following categories of personal data when you access or use 28 Mars Casino via 28marsbet-au.com:

  • Identification and contact data: full name, date of birth, country of residence, residential address, email address, telephone number, username, and documents you provide for identity verification (e.g. copies of ID, proof of address, payment method ownership).
  • Account and gameplay data: account ID, registration date, login history, language and currency settings, deposit and withdrawal history, bets and game sessions, wins and losses, bonuses claimed, VIP status and responsible gambling preferences (limits, self-exclusion).
  • Technical and device data: IP address, device identifiers, operating system, browser type and version, time zone, screen resolution, approximate location (based on IP), referral URLs, session timestamps, and log files about system events and errors.
  • Payment and financial data: partial payment card information (masked PAN), cardholder name, payment method details (e-wallet, bank account alias, cryptocurrency wallet identifier where applicable), transaction identifiers, sums and timestamps of payments, chargeback and refund information.
  • Behavioural and usage data: pages visited, buttons and links clicked, time spent on pages, navigation paths, marketing campaign identifiers, interaction with emails (opens, clicks), and responses to promotions.
  • Communication data: contents of chats with customer support, emails you send us, call notes (where applicable), complaints and dispute records, and any other information you voluntarily provide.
  • Cookies and similar technologies: unique cookie identifiers, pixels, local storage and similar technologies that record your preferences, authentication status, and interaction with our website and third-party content. Details are provided in the "Cookies & Tracking Technologies" section.

We generally do not seek to collect special categories of personal data (such as health or political opinions). If such data is provided by you (for example, in responsible gambling communications), we will handle it with enhanced confidentiality and only for the relevant purpose.

Legal Basis for Processing

Our processing of personal data follows internationally recognised principles and, where applicable, is aligned with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR) and relevant Mexican privacy rules. Depending on the context, we rely on the following legal bases:

  • Performance of a contract or steps at your request before entering into a contract: We need to process your data to:
    • create and manage your player account;
    • provide access to games and gaming features;
    • process deposits, wagers and withdrawals;
    • verify your identity and age where required for account operation;
    • provide customer support and handle your requests.
  • Your consent: We rely on your explicit, informed consent for:
    • sending marketing emails, SMS and push notifications;
    • using non-essential cookies and similar technologies for analytics and advertising;
    • processing any sensitive information you voluntarily provide (e.g. health-related data in responsible gambling communications);
    • any other processing activity where consent is clearly requested and recorded.
    You may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legitimate interests: We process data where necessary for our legitimate business interests, balanced against your rights, including:
    • preventing fraud, misuse of bonuses and abuse of our systems;
    • maintaining IT and network security, including detecting suspicious logins or locations;
    • improving our website, services and user experience through analytics;
    • defending and exercising legal claims and managing disputes.
  • Compliance with legal obligations: We may be required under applicable laws and regulations (including anti-money laundering, counter-terrorist financing, sanctions, accounting and taxation rules in relevant jurisdictions) to:
    • perform KYC/AML checks and transaction monitoring;
    • retain certain records for prescribed periods;
    • share data with competent authorities upon lawful request.

For Australian users, we aim to handle personal information in accordance with the Australian Privacy Principles, which require us to collect only information reasonably necessary for our functions and to use and disclose it only for authorised purposes.

Purpose of Processing

We process your personal data only for specific, explicit and legitimate purposes and do not further process it in a way incompatible with those purposes. Key purposes include:

  • Providing and managing casino services:
    • creating, operating and securing your account;
    • allowing deposits, wagers, participation in games and withdrawals;
    • administering bonuses, tournaments and loyalty programs;
    • providing multilingual customer support.
  • Compliance and risk management:
    • performing age, identity and residency verification where necessary;
    • conducting KYC and AML/CTF screening and ongoing monitoring of transactions;
    • detecting fraud, bonus abuse, money laundering and other prohibited activities;
    • responding to lawful requests from competent authorities.
  • Service improvement and analytics:
    • analysing how players use our website and services;
    • testing and optimising the performance and layout of our pages;
    • developing new features and products based on aggregated or pseudonymised data.
  • Marketing and personalisation (with consent where required):
    • sending promotional communications about games, bonuses and special offers;
    • segmenting users into groups based on activity and preferences;
    • measuring the effectiveness of marketing campaigns and affiliates.
  • Responsible gambling:
    • implementing self-exclusion, cooling-off and limit tools at your request;
    • monitoring behaviour to identify potential problem gambling patterns;
    • providing information and support regarding responsible gaming.
  • Legal defence and business operations:
    • managing disputes and complaints;
    • maintaining business and financial records;
    • supporting audits and corporate governance.

Disclosure & Sharing

We do not sell your personal data. We may share or grant access to your data only to the extent necessary and subject to appropriate safeguards, with the following categories of recipients:

  • Payment and financial partners: Banks, payment processors, card schemes, e-wallet providers, cryptocurrency processors and anti-fraud services that enable deposits, withdrawals and transaction monitoring. These partners may process your name, account details, transaction information and device or IP data.
  • Technical and operational service providers: Companies providing hosting, cloud storage, content delivery networks, security services, CRM systems, customer support tools, email/SMS gateways, data analytics platforms and IT maintenance. They act primarily as data processors under our instructions.
  • Game and platform providers: Licensed game studios and platform aggregators supplying casino content, who may receive pseudonymised player identifiers, session data and stake/win information to enable gameplay and RNG operation.
  • Affiliates and marketing partners: Affiliate networks, advertising partners and tracking providers that help measure referral performance and campaign effectiveness. Where required by law, data sharing for advertising is based on your consent and is often pseudonymised.
  • Corporate group entities and professional advisers: Related companies, auditors, lawyers, consultants and accountants who assist with business operations, compliance and dispute resolution, bound by confidentiality obligations.
  • Regulators and public authorities: Where legally required or permitted, we may disclose information to law enforcement, supervisory authorities, courts or other government bodies (for example in Curaçao, the European Union, Mexico or Australia) in response to lawful requests or to protect our rights, property or safety and that of our players.
  • Business transfers: In the context of a reorganisation, merger, acquisition or sale of assets, your data may be transferred to another entity, subject to that entity continuing to protect your data consistent with this Privacy Policy.

Whenever we share data with third parties, we seek to limit it to the minimum necessary and to ensure that appropriate contractual and technical safeguards are in place.

International Transfers

28 Mars Casino is operated by Dama N.V., based in Curaçao, and uses infrastructure and service providers located in multiple countries. As a result, your personal data may be transferred to and processed in jurisdictions whose data protection laws may differ from those in your country.

  • Primary locations: Curaçao (operator location), European Union/European Economic Area, United Kingdom, and other jurisdictions where our hosting, payment and analytics providers maintain servers or operations (which may include the United States and other regions).
  • Safeguards:
    • contractual protections such as standard contractual clauses or equivalent data transfer agreements where required under GDPR-like regimes;
    • technical and organisational measures including encryption, access controls and minimisation of the data transferred;
    • selection of reputable service providers with appropriate security and compliance standards.
  • Australian users: By using 28marsbet-au.com, you acknowledge that your information will be transferred outside Australia and may not be subject to the Australian Privacy Act in the destination country. We will take reasonable steps to ensure that overseas recipients handle your data in a way that is substantially consistent with the Australian Privacy Principles, but we cannot guarantee the same level of legal protection as in Australia.

By creating an account or using the website, you consent to the international transfer of your personal data as described in this section, to the extent that such consent is required under applicable law.

Data Retention

We keep personal data only for as long as it is reasonably necessary to fulfil the purposes described in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Retention periods may vary depending on the category of data and applicable law, but we apply the following general principles:

  • Player account data: Identification and contact information, account details and key gameplay history are kept for the duration of your active account and, normally, for up to 5 years after account closure or your last activity (whichever is later), unless a longer period is required for legal, regulatory or dispute-related reasons.
  • KYC and AML records: Verification documents, transaction monitoring records and related logs are typically retained for 5 - 7 years after the end of the business relationship or the completion of the relevant transaction, in line with AML/CTF and accounting obligations in applicable jurisdictions.
  • Payment and transaction data: Deposit, wager and withdrawal information is retained for at least the statutory limitation period applicable to financial and tax records, usually 5 - 7 years.
  • Marketing data: Information used for marketing (e.g. subscription status, campaign performance) is kept until you withdraw consent or object to marketing, and for a short period thereafter to record and honour your opt-out, usually not exceeding 2 years from your last interaction with our marketing.
  • Technical logs and security data: Server logs, device fingerprints and security event data are generally kept for 6 - 24 months, unless needed longer for security investigations or legal proceedings.
  • Complaint and dispute files: Correspondence and documents relating to complaints, chargebacks or disputes are stored until the issue is resolved and for the applicable limitation period for legal claims, generally up to 7 years.

When data is no longer required, we will either securely delete it, anonymise it (so it is no longer associated with an identifiable individual) or, where deletion is not technically feasible, securely store it and isolate it from further processing. We aim to ensure that no personal data is retained in identifiable form beyond what is necessary up to and including the year 2026, unless a longer retention period is mandated by law.

Your Rights

We respect your privacy rights and, regardless of where you live, we aim to give you meaningful control over your personal data. The exact rights available to you may depend on your country's laws (for example, the Australian Privacy Act, the EU GDPR or Mexican privacy law), but typically include:

  • Right of access: You may request confirmation of whether we hold personal data about you and obtain a copy of such data, together with information about how we process it.
  • Right to rectification (correction): You may request correction of inaccurate or incomplete personal data. In many cases you can update data directly via your account settings.
  • Right to erasure ("right to be forgotten" or cancellation): You may request deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, you have withdrawn consent, or you believe we are processing it unlawfully. We may need to retain certain data despite your request where we have legal obligations (for example, AML/CTF or accounting) or legitimate interests (such as defending legal claims).
  • Right to restriction of processing: You may request that we restrict processing of your data in certain circumstances (for example, while we verify its accuracy or assess an objection).
  • Right to object: Where we process your data based on legitimate interests or for direct marketing, you may object at any time. When you object to direct marketing, we will stop using your data for that purpose.
  • Right to data portability: Where technically feasible and required under laws like GDPR, you may request that we provide certain data in a structured, commonly used and machine-readable format, or transmit it to another controller.
  • Rights related to consent: Where processing is based on your consent, you may withdraw that consent at any time, without affecting prior lawful processing. This includes consent to receive marketing communications or to the use of non-essential cookies.

These rights correspond broadly to the rights of access and correction under the Australian Privacy Act, ARCO rights (Access, Rectification, Cancellation, Opposition) under Mexican law, and rights under the EU/UK GDPR. While 28 Mars Casino is not established in the EU or Mexico, we endeavour to handle requests consistently with these standards where reasonably practicable.

How to exercise your rights:

  1. Send an email to [email protected] with the subject line "Privacy Request".
  2. Specify which right you wish to exercise and provide sufficient details to identify your account (e.g. username, registered email, country of residence).
  3. We may ask you for additional information to verify your identity before acting on the request.

We aim to respond to all valid requests within 30 days of receipt and verification. In complex cases or where permitted by law, this period may be extended, but we will inform you of any extension and the reasons. Requests are handled free of charge, although we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, in line with applicable legal standards.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to provide, protect and enhance your experience on 28marsbet-au.com. Cookies are small text files stored on your device when you visit a website.

  • Types of cookies we use:
    • Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They are used to maintain your login session and keep track of actions during a visit.
    • Persistent cookies: Cookies that remain on your device for a defined period or until you delete them. They help us remember your preferences (such as language or currency) and recognise you on subsequent visits.
    • First-party cookies: Cookies set directly by 28marsbet-au.com to support core site functions.
    • Third-party cookies: Cookies set by external providers (e.g. analytics, marketing, affiliate tracking) to provide statistics and measure campaign performance.
  • Purposes of cookies:
    • Strictly necessary / functional: Enable basic features like secure login, account management, transaction processing and remembering your cookie preferences. These cookies are essential and cannot be disabled via our internal tools.
    • Performance and analytics: Collect aggregated information about how visitors use the website (such as pages visited and errors encountered) to help us improve functionality and user experience.
    • Advertising and affiliation: Support our marketing efforts, including tracking the performance of affiliates and campaigns, and, where permitted, tailoring promotional content.

Managing cookies: You can manage or disable cookies in several ways:

  • through your browser settings (e.g. blocking or deleting cookies, setting "Do Not Track");
  • via any cookie consent or preference tools provided on our website, where available, allowing you to opt out of non-essential categories;
  • by opting out of marketing communications, which may reduce certain tracking for promotional purposes.

Please note that disabling certain cookies, especially strictly necessary or functional cookies, may impact the performance of the website or prevent you from using some services.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, alteration, disclosure or destruction. While no system can be guaranteed to be 100% secure, our measures include:

  • Encryption: Data transmitted between your browser and our servers is protected using industry-standard Transport Layer Security (TLS) protocols (TLS 1.2 or higher). Sensitive data is protected at rest with strong encryption algorithms where appropriate.
  • Access controls: Personal data is accessible only to authorised personnel who need it to perform their duties, based on role-based access control and the principle of least privilege. Access is logged and periodically reviewed.
  • Authentication and account security: We support secure password practices and may implement additional safeguards such as multi-factor authentication for internal systems. We encourage you to use strong, unique passwords and keep your credentials confidential.
  • Network and infrastructure security: Firewalls, intrusion detection and prevention systems, anti-malware tools and other security technologies are used to protect our infrastructure and monitor for suspicious activity.
  • Regular testing and audits: Our systems are subject to technical testing, vulnerability assessment and security reviews. Where relevant, we seek to align our controls with recognised standards such as ISO 27001 and SOC 2 principles, although 28 Mars Casino is not presently certified under these schemes.
  • Staff training and confidentiality: Employees and contractors with access to personal data are required to keep it confidential and receive training on data protection and security obligations.
  • Incident response: We maintain procedures for identifying, investigating and responding to personal data breaches. Where required by applicable law, we will notify affected individuals and/or relevant authorities without undue delay, providing information about the breach and steps taken in response.

Your cooperation is also important. You are responsible for keeping your login credentials secure and for notifying us promptly if you suspect any unauthorised use of your account.

Complaints & Contacts

If you have questions, concerns or complaints about this Privacy Policy or our handling of your personal data, you can contact us using the details below. We take privacy-related complaints seriously and will work with you to resolve them.

Primary contact channels:

  • Email (support & privacy): [email protected]
  • Postal address: Data Protection Team, Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Internal complaint procedure:

  1. Submission: Send your complaint to [email protected], clearly stating that it is a privacy or data protection complaint and providing relevant details (account ID, dates, description of the issue, copies of prior correspondence if any).
  2. Acknowledgement: We will acknowledge receipt of your complaint within 7 days, where contact details are provided.
  3. Investigation: Our data protection team will investigate your complaint, which may involve contacting you for further information.
  4. Response: We aim to provide a substantive response within 30 days of receiving all necessary information. If we cannot meet this timeframe due to complexity, we will inform you of the delay and the expected resolution date.

Escalation to supervisory authorities: If you are not satisfied with our response or believe we are processing your data in violation of applicable law, you may have the right to lodge a complaint with a supervisory authority:

  • Australia (privacy matters): Office of the Australian Information Commissioner (OAIC) - https://www.oaic.gov.au
  • Mexico: National Institute for Transparency, Access to Information and Personal Data Protection (INAI) - https://home.inai.org.mx
  • European Union / EEA: Your local Data Protection Authority (DPA). A list of DPAs is available through the European Data Protection Board (EDPB) website at https://edpb.europa.eu.

Your right to complain to a regulator exists in addition to, and not instead of, your ability to seek remedies through local courts or other competent bodies. Filing a complaint with us first will often allow a faster and more tailored resolution.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or for other operational reasons. When we make material changes, we will take appropriate steps to inform you.

  • Notification methods:
    • posting the updated Privacy Policy on 28marsbet-au.com with a revised "Last updated" date;
    • displaying notices or banners on the website or in your account dashboard;
    • sending email or in-account messages where you have an active account and contact details.
  • Advance notice: For significant changes that affect your rights or the way we use your data, we will, where practicable, provide at least 30 days' notice before the changes take effect. During this period, you may choose to close your account if you do not agree with the updated terms.
  • Version control and changelog: We may maintain an archive or summary of previous versions and material changes (for example, changes in data categories collected, new purposes, or new categories of recipients). You can contact us if you need information about prior versions applicable after 1 January 2026.

Your continued use of 28marsbet-au.com after the effective date of any updated Privacy Policy will constitute your acknowledgement of the changes. If you do not agree to the updated policy, you should stop using the website and request account closure.

Last updated: February 2026