burger icon
Gw Casino Review Australia
Log In

Privacy Policy

This privacy policy explains how Gw Casino, operated via the website https://gw-au.com (the "Website", "we", "us", "our"), collects, uses, discloses and protects personal information of Website visitors and players who create or use an account for gambling services offered through mirrors of gw.casino and related domains. It applies to all natural persons who access or use our Website from Australia or elsewhere, whether or not they register an account. By using the Website, you acknowledge that you have read this policy. This policy is effective from 1 January 2026 and supersedes any previous versions published on this Website.

Who We Are

OBSERVE: Users need to know which entity is responsible for their data and how to contact it. Some corporate details are not transparently disclosed; we must state this clearly and avoid misrepresentation while still providing contact details.

EXPAND: Gw Casino is commonly associated with an offshore operator, believed to be a private entity registered in Curaçao, often referenced as Digi Markets N.V. Corporate transparency is limited and certain registration details and legal address are not publicly confirmed. The brand targets Australian players from offshore and has been subject to enforcement activity by Australian regulators, including blocking action by the Australian Communications and Media Authority (ACMA) under the Interactive Gambling Act 2001.

REFLECT: For privacy purposes we identify the controller in functional terms, disclose what is known, and provide working contact channels for privacy matters.

The Website gw-au.com, hosting Gw Casino content, is operated on behalf of the "Gw Casino" brand by an offshore private entity believed to be established under the laws of Curaçao, potentially trading as Digi Markets N.V. (exact company registration number, tax number and formal legal address are not specified or publicly verified as at 2026).

For the purposes of this Privacy Policy, the "data controller" is the entity that determines the purposes and means of processing personal data in connection with the Gw Casino gambling services and the associated review and marketing content on gw-au.com.

Data protection contact / DPO-equivalent

  • E-mail (primary for privacy matters): [email protected]
  • E-mail (support-related privacy queries): [email protected]
  • Postal / legal address: not specified; any correspondence should initially be sent via e-mail. If a postal address is required for a specific request, we will provide one by return communication.
  • Telephone: not provided; all privacy communication is handled in writing to ensure traceability.

While we strive to comply with generally accepted privacy and security standards, you should be aware that Gw Casino operates from outside Australia and is not licensed in Australia; ACMA has taken enforcement action including blocking associated domains. This does not remove our obligation to handle your information lawfully and fairly, but it may affect which supervisory authorities have jurisdiction.

What Personal Data We Collect

OBSERVE: To provide gambling and review services, we necessarily collect identification, technical, payment and behavioural data, plus cookies. Some data categories are optional and depend on user interaction.

EXPAND: Personal data may be provided directly by you (registration forms, support requests), generated by your activity (betting history, transaction logs), or collected automatically (cookies, analytics, IP addresses). We must distinguish categories and give examples so users can understand what is involved.

REFLECT: We set out the key categories below. The exact data collected may vary by product, jurisdiction, and whether you interact only with the review pages on gw-au.com or additionally register and play on Gw Casino gambling mirrors.

Identification and contact data

  • Full name, date of birth, gender (where provided).
  • Residential address, country of residence, and proof of address copies where requested.
  • E-mail address (e.g. the address you use to create an account or subscribe to newsletters).
  • Mobile and/or landline phone number (if provided).
  • Verification documents and data (e.g. scans/photos of ID documents, selfies for verification, utility bills, or other KYC documentation).

Account and transactional data

  • Username, internal user ID, password hash (never the plain password).
  • Account preferences and settings, language, time zone.
  • Deposit and withdrawal history (amounts, timestamps, payment method used, currency).
  • Bonuses claimed, wagering progress, and related bonus restrictions.

Payment and financial data

  • Payment method details (such as partially masked card numbers, card expiry date, issuing bank, e-wallet identifiers, crypto wallet address).
  • Payment confirmations from processors, including transaction IDs and status codes.
  • Billing address details where required by payment providers or anti-money laundering (AML) checks.

Technical and usage data

  • IP address(es) and approximate geolocation derived from IP.
  • Device identifiers, browser type and version, operating system, screen resolution, language settings.
  • Log files, including access time, pages visited, referral URL, clickstream data.
  • Session identifiers, security tokens, and similar data used to keep you logged in and protect your account.

Behavioural and gambling activity data

  • Game selections, playing times and durations.
  • Stake sizes, bet outcomes, wins and losses.
  • Interaction data with our Website content (e.g. which review pages are read, which promotional banners are clicked).
  • Risk and behaviour indicators used for responsible gambling and anti-fraud monitoring.

Communications and support data

  • Records of e-mails and messages sent to [email protected] or [email protected].
  • Internal notes relating to handling of your requests, complaints, or disputes.
  • Marketing preferences and opt-in/opt-out records.

Cookies and similar technologies

  • HTTP cookies (session and persistent), local storage objects and similar identifiers.
  • Analytics tags, pixels and beacons used to measure traffic and performance.
  • Advertising cookies and identifiers (where permitted by your consent and applicable law).

Legal Basis for Processing

OBSERVE: Different purposes require different legal bases, especially when dealing with identification, payments, marketing and risk management.

EXPAND: Although Gw Casino is offshore and not established in the EU, we generally align with principles similar to the EU GDPR and leading international standards. For Australian users, we also consider principles found in the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) as guidance, even though the operator is not an Australian APP entity. Some references in this policy are also framed in terms commonly used in the EU/EEA and other jurisdictions.

REFLECT: We specify, for clarity and user protection, which main legal bases we rely on for typical processing operations.

Performance of a contract

  • To create, manage and operate your Gw Casino account.
  • To process deposits, bets, game participation, and withdrawals.
  • To provide customer support and communicate about service-related matters.

Compliance with legal obligations

  • To perform identity checks, age verification and ongoing KYC procedures.
  • To conduct AML and counter-terrorism financing screening and monitoring, where required by the laws of the licensing or operating jurisdiction (e.g. Curaçao or other applicable offshore regulations).
  • To respond to lawful requests from competent authorities (such as regulators or law enforcement) within applicable jurisdictions.
  • To maintain records required by tax, corporate, gambling, or financial legislation.

Legitimate interests

  • To secure our systems, prevent fraud, detect suspicious activity and protect the integrity of games.
  • To manage business operations, including analytics, performance monitoring and service improvement.
  • To protect our legal rights and defend against legal claims or regulatory investigations, including in Australia where ACMA has taken enforcement action against mirror sites.
  • To send certain non-promotional communications (e.g. changes to terms, service interruptions, security alerts).

Consent

  • To send electronic direct marketing communications (e-mails, SMS, push notifications) where required by applicable law.
  • To place non-essential cookies or use similar technologies for advertising or advanced analytics on your devices.
  • To share certain information with affiliates and advertising partners for personalised offers (where consent is required under local law).

If we rely on consent, you can withdraw it at any time (see "Your Rights" below). Withdrawal of consent does not affect processing already carried out prior to withdrawal.

Purpose of Processing

OBSERVE: Users need to understand why their data is processed in practical terms.

EXPAND: The same data may be used for multiple compatible purposes, such as service provision and security. Clearly articulating each purpose helps demonstrate necessity and proportionality.

REFLECT: We group purposes logically so you can understand how they relate to your interactions with Gw Casino and Gw Casino gambling services.

Service provision and account management

  • Creating, verifying and administering your gambling account and related profiles.
  • Enabling you to deposit funds, place bets, participate in games, and withdraw winnings.
  • Providing the review and informational content on gw-au.com, including presenting you with tailored information about Gw Casino features and promotions.

Customer support and communication

  • Responding to queries sent to [email protected] or [email protected].
  • Notifying you about account activity, changes to terms or policies, and relevant service updates.
  • Handling complaints, disputes and responsible gambling requests.

Legal, regulatory and risk management

  • Conducting identity, age and AML checks where required by law.
  • Monitoring transactions and behaviour for fraud, money laundering, bonus abuse or other prohibited conduct.
  • Cooperating with law enforcement, courts and regulators (including ACMA and any relevant foreign regulators), where legally required.

Analytics, improvement and personalisation

  • Analysing Website usage, game performance and user behaviour to improve our services and user experience.
  • Testing and optimising Website design, content placement, promotional banners and communication strategies.
  • Personalising certain content or offers within allowed legal and consent frameworks.

Marketing and promotions

  • Sending you promotional offers, newsletters, bonus information and surveys, where permitted by law and your preferences.
  • Using cookies and similar technologies to deliver more relevant advertising (where applicable and subject to your consent).
  • Working with selected affiliates and advertising partners to measure the effectiveness of marketing campaigns related to Gw Casino on gw-au.com.

Disclosure & Sharing

OBSERVE: Gw Casino uses third-party providers for payments, gaming content, analytics and marketing. Some sharing is necessary and some is optional.

EXPAND: Because the service operates offshore, data may be shared across several jurisdictions, including with regulators and enforcement bodies. We must make this explicit and specify general categories of recipients.

REFLECT: We outline typical data recipients and applicable safeguards while noting that we do not sell personal data as a standalone asset.

Typical categories of recipients

  • Payment service providers: Banks, card schemes, e-wallet operators, cryptocurrency processors and other payment intermediaries that process your deposits and withdrawals.
  • Game and platform providers: Licensed game studios and platform vendors that supply casino games and related infrastructure, who may process limited technical and transactional data to operate games and RNG systems (e.g. providers covered by a GLI RNG certificate).
  • Technical service providers: Hosting companies, content delivery networks, IT security vendors, analytics platforms and customer support tools.
  • Marketing and affiliate partners: Agencies and affiliates that promote Gw Casino and Gw Casino, subject to contractual limitations and, where necessary, your consent.
  • Professional advisers: Lawyers, auditors, consultants and similar professionals engaged to support our business and defend our rights.
  • Regulators and authorities: Gambling regulators, financial intelligence units, law enforcement and other public authorities, including but not limited to those in Curaçao and, where applicable, Australian authorities such as ACMA when acting within their jurisdiction.

Grounds for disclosure

  • Where necessary to provide the services you request (e.g. sharing your payment details with a payment processor).
  • Where required or permitted by law, regulation or court order.
  • Where we reasonably believe disclosure is necessary to protect our rights, investigate suspected illegality, or enforce our terms.
  • Where you have given your explicit consent to a particular transfer or disclosure.

We do not sell your personal data as such; however, we may share aggregated or anonymised data that does not directly identify you with research organisations, partners or the public, for example in relation to offshore gambling trends described in reports like the "Offshore Gambling and Consumer Protection, Gambling Research Australia, 2021".

International Transfers

OBSERVE: The service is offshore and regularly transfers data across borders.

EXPAND: Data may be stored or processed in countries with varying levels of data protection, such as Curaçao or other locations where servers or service providers are based. For some users, additional safeguards analogous to EU Standard Contractual Clauses (SCCs) may be appropriate.

REFLECT: We must be transparent about cross-border transfers and explain the measures we use to protect your data, even if no single regime (like the GDPR) formally applies.

Locations of processing

  • Primary operational and corporate functions are handled from offshore jurisdictions, most likely including Curaçao.
  • Hosting, backup, analytics and support services may be based in the European Economic Area (EEA), the United Kingdom, the United States, or other countries.
  • Access to data by personnel may occur from multiple locations worldwide, subject to internal access controls.

Protection measures

  • Where we transfer personal data to processors or partners in jurisdictions that do not provide an equivalent level of data protection, we endeavour to use appropriate contractual safeguards, such as clauses modelled on internationally recognised standard contractual clauses or equivalent contractual provisions.
  • We require service providers to implement adequate technical and organisational security measures and to process personal data only in accordance with our documented instructions.
  • Access to personal data is restricted to staff and contractors who need it for legitimate business purposes and are bound by confidentiality obligations.

By using the Website and Gw Casino services, you acknowledge that your personal data may be transferred and processed outside your country of residence, including to countries that may have different data protection laws than your own. Where required by applicable law, we will seek your explicit consent for such transfers.

Data Retention

OBSERVE: We must keep data long enough for legal and contractual reasons but not longer than necessary.

EXPAND: Gambling and AML regulations usually require multi-year retention of transactional and identification data. Marketing-related data can often be kept for shorter periods or until consent is withdrawn.

REFLECT: We define indicative retention periods and criteria, noting that legal requirements may vary by jurisdiction.

General principles

  • We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting or reporting requirements.
  • We consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing, and whether we can achieve those purposes through other means.

Indicative retention periods

  • Account and identification data: Typically retained for up to 5 - 7 years after account closure or last activity, to comply with AML and gambling regulatory obligations, prevent fraud and resolve potential disputes.
  • Transactional and betting data: Typically retained for 5 - 7 years after the relevant transaction, for accounting, taxation, AML and regulatory purposes.
  • Customer support records: Typically retained for 3 - 5 years after the issue is resolved, depending on the nature of the matter and applicable limitation periods.
  • Marketing data: Retained until you opt out of marketing or for up to 2 years after your last interaction with our marketing communications, whichever occurs first, unless longer retention is legally required.
  • Technical logs and security data: Retained for 6 - 24 months, depending on the log type and use (e.g. security vs. general analytics), unless longer retention is required for incident investigation.

Deletion and anonymisation

  • When personal data is no longer required, we will either securely delete or irreversibly anonymise it so that it can no longer be linked to you.
  • We may continue to use anonymised or aggregated data indefinitely for statistical, research or business analysis purposes.
  • If you submit a valid deletion request, we will assess whether we can delete your data or must retain certain elements to comply with our legal obligations (see "Your Rights" below).

Your Rights

OBSERVE: Users expect rights similar to those under modern data protection laws. The prompt also references GDPR and Mexican privacy law, though the service is offshore and targets Australians.

EXPAND: While Gw Casino is not established in the EU or Mexico, we choose to generally align with core principles reflected in the EU General Data Protection Regulation (GDPR) and in modern Latin American data protection frameworks (including Mexico's Federal Law on the Protection of Personal Data Held by Private Parties) as a benchmark for good practice.

REFLECT: We describe a harmonised set of rights and procedures, clarify that enforcement may depend on jurisdiction, and commit to handling requests transparently and free of charge wherever reasonably possible.

Overview of your rights

  • Right of access: You may request confirmation of whether we hold personal data about you and, if so, receive a copy along with information about how we use it.
  • Right to rectification: You may request that inaccurate or incomplete personal data be corrected or completed.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data where it is no longer necessary, where you have withdrawn consent (if applicable), or where processing is unlawful, subject to legal retention obligations.
  • Right to restriction of processing: You may request that we limit processing of your data in certain circumstances (for example, while we verify accuracy or assess an objection).
  • Right to object: You may object to processing based on our legitimate interests, including profiling, and you may always object to direct marketing at any time.
  • Right to data portability: Where technically feasible and applicable, you may request a copy of certain personal data in a structured, commonly used and machine-readable format, and ask us to transmit it to another controller.
  • Right to withdraw consent: Where processing is based on your consent (e.g. certain marketing or cookies), you may withdraw that consent at any time, without affecting prior lawful processing.

How to exercise your rights

  1. Submit a request: Send an e-mail to [email protected] with the subject line "Privacy Request - ". You may also contact [email protected], but using the info address will help us route your request more efficiently.
  2. Provide identification: To protect your data, we may ask for information necessary to verify your identity (such as your username, registration e-mail address, or other details we already hold). We will not request excessive additional data.
  3. Clarify scope: Indicate what data or processing your request relates to (for example, "all marketing communications", "copy of my betting history from 2024 - 2026", or "deletion of closed account").
  4. Assessment and response: We will review your request and respond within 30 days of receipt. Where requests are complex or numerous, we may extend this period by an additional 30 days, in which case we will inform you of the extension and reasons.

Cost and limitations

  • We will not charge a fee for handling ordinary rights requests. However, where permitted by law, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive or repetitive.
  • Your rights may be limited, for example, where complying with your request would adversely affect the rights and freedoms of others, interfere with legal or regulatory obligations (including AML and gambling regulations), or prejudice ongoing investigations.

Note: While this section reflects principles similar to the GDPR and modern Latin American privacy laws (including Mexican regulations), the actual supervisory authority and avenues of redress available to you will depend on your country of residence and the applicable law (see "Complaints & Contacts").

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for functionality and used for analytics and marketing.

EXPAND: Some cookies are strictly necessary, while others require consent depending on jurisdiction. Users should be informed how to manage cookies.

REFLECT: We categorise cookies by type and purpose and explain management options.

Types of cookies we use

  • Session cookies: Temporary cookies that exist only while your browser is open. They enable core functions such as keeping you logged in and remembering your selections during a session.
  • Persistent cookies: Cookies stored on your device for a defined period. They help remember your preferences and recognise you when you return to the Website.
  • First-party cookies: Cookies placed directly by gw-au.com to support website functionality, security and basic analytics.
  • Third-party cookies: Cookies placed by external providers (e.g. analytics platforms, advertising networks, affiliate tracking systems) that help us measure performance and, where allowed, offer targeted promotions.

Purposes of cookies

  • Strictly necessary / functional: Required for the Website and gambling services to function correctly, including security features, user authentication, and basic site preferences.
  • Analytics and performance: Used to understand how visitors use the Website (which pages are visited, how long users stay, technical performance). This helps us improve content and usability.
  • Advertising and affiliation: Used to track effectiveness of marketing campaigns, prevent bonus abuse, and, where permitted, display more relevant advertising and promotional offers related to Gw Casino.

Managing cookies

  • You can manage or delete cookies through your web browser settings. Most browsers allow you to block cookies, delete existing ones, or set notifications when sites attempt to place cookies on your device.
  • If we offer an internal cookie or privacy preference panel on gw-au.com, you can use it to adjust non-essential cookie settings (e.g. analytics and advertising cookies), while strictly necessary cookies will remain active to ensure proper functioning.
  • Blocking or deleting certain cookies may impact your experience and could prevent you from using some features, such as staying logged in or accessing personalised content.

Data Security

OBSERVE: Gambling sites process sensitive financial and behavioural data; robust security is essential.

EXPAND: Security includes technical, organisational and procedural measures. Reference to international standards helps indicate the level of protection.

REFLECT: We describe layered defences, acknowledging that no system is perfectly secure but demonstrating reasonable care.

Technical measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using industry-standard TLS (Transport Layer Security) protocols, typically TLS 1.2 or higher, to reduce the risk of interception.
  • Encryption at rest: Sensitive data (such as passwords, certain financial identifiers and verification documents) is stored using hashing, tokenisation or encryption techniques, with access controlled by strict internal policies.
  • Access controls: Access to production systems and databases is restricted on a need-to-know basis, protected by strong authentication methods (including multi-factor authentication where feasible) and logged for audit purposes.
  • Network and application security: Firewalls, intrusion detection/prevention systems, anti-malware solutions and regular security patching help protect our infrastructure against common threats.

Organisational and procedural measures

  • Staff training: Personnel with access to personal data receive appropriate training on data protection, security and confidentiality obligations.
  • Policies and procedures: Internal policies govern data handling, access rights, incident response, and retention. These policies are reviewed periodically.
  • Security assessments: We conduct internal reviews and may engage external specialists to assess and improve our security measures, including periodic vulnerability assessments.
  • Incident response: In the event of a suspected data breach, we follow an incident response plan aimed at containing the incident, assessing impact, and notifying affected users and relevant authorities where required by law.

Where feasible, we seek to align our practices with recognised security frameworks such as ISO/IEC 27001 or SOC 2-like controls, even if we are not formally certified. However, no online service can guarantee absolute security. You also play a role in protecting your account by choosing strong, unique passwords and keeping your login details confidential.

Complaints & Contacts

OBSERVE: Users need clear channels to ask questions or lodge complaints and know which authority they may approach.

EXPAND: Because the operator is offshore, oversight by EU or Mexican authorities may be limited; however, it is good practice to indicate potential supervisory bodies conceptually and highlight that Australian authorities such as ACMA are active on the gambling regulatory side.

REFLECT: We set out a step-by-step internal complaint process and then indicate external escalation options subject to jurisdiction.

Contacting us

Internal complaint procedure

  1. Step 1 - Submit your complaint: Send a detailed e-mail to [email protected] with the subject "Privacy Complaint". Include your username (if any), contact details, and a clear description of your concern.
  2. Step 2 - Acknowledgement: We aim to acknowledge receipt of your complaint within 5 business days.
  3. Step 3 - Investigation: We will investigate your complaint, which may involve contacting you for additional information or clarification.
  4. Step 4 - Response: We will provide a substantive written response within 30 days of receiving your complaint. If we cannot respond within this timeframe due to complexity, we will inform you of the delay and the expected resolution date.

Escalation to supervisory authorities

  • Australia: While Gw Casino is an offshore operator and not licensed in Australia, you may raise concerns about the broader conduct of offshore gambling providers with the Australian Communications and Media Authority (ACMA), which enforces the Interactive Gambling Act 2001. See ACMA's website and blocked sites list (e.g. Blocked gambling sites list) for further information.
  • European Union / EEA (if applicable): If you are located in the EU/EEA and believe your rights under local data protection laws have been infringed, you may be able to lodge a complaint with your national data protection authority. Contact details are typically available via your government's official website.
  • Mexico (if applicable): If you are a resident of Mexico and believe that your rights under the Federal Law on the Protection of Personal Data Held by Private Parties have been affected, you may consider contacting the competent Mexican data protection authority (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI) for guidance, recognising that jurisdiction may be limited for offshore operators.

We encourage you to contact us first so that we can try to resolve your concern directly.

Updates

OBSERVE: Privacy policies must evolve with services, law and technology.

EXPAND: Users should be told how changes will be communicated and when they take effect, along with any rights to object or close accounts.

REFLECT: We implement version control, notice periods for material changes and clear communication channels.

Changes to this policy

  • We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or technical and organisational measures.
  • Each version will be identified by a "Last updated" date at the end of the document and, where appropriate, a brief summary of material changes.

Notification methods

  • E-mail notifications: For registered players, we may send e-mail notices to the address associated with your account explaining key changes.
  • Website banners or pop-ups: We may display a notice on gw-au.com and/or affiliated Gw Casino domains highlighting significant changes and linking to the updated policy.
  • Account dashboard alerts: Where an account dashboard is available, we may provide in-account notifications summarising important updates.

Effective date and user choices

  • For material changes that significantly affect your rights or how we use your data (for example, new categories of data, new purposes, or sharing with new categories of recipients), we will provide at least 30 days' advance notice, where technically and legally feasible, before the new terms take effect for existing users.
  • If you do not agree with the updated policy, you may choose to stop using the Website and, where applicable, request closure of your Gw Casino account and exercise your rights as described in "Your Rights".
  • Continuing to use the Website or Gw Casino services after the effective date of an updated Privacy Policy will be deemed acceptance of the changes, unless prohibited by applicable law.

Last updated: January 2026