Privacy Policy — Richard Casino
Last updated: 2026-05-12. This policy is written to align with the Australian Privacy Principles (APPs) set out under the Privacy Act 1988 (Cth). It applies to all personal information Hollycorn N.V., trading as Richard Casino, handles in connection with Australian players. Where another jurisdiction's rules apply because of where you sit or where a service provider sits, we say so explicitly.
1. Who We Are And Who To Contact
Hollycorn N.V., a company registered in Curacao, operates Richard Casino under gaming licence 8048/JAZ2019-015. References to "we", "us" or "Richard" in this policy mean Hollycorn N.V. operating the Richard Casino brand. Our privacy contact is the Data Protection Officer reachable at [email protected]. For non-privacy questions, see the contact page.
2. APP 1 — How We Manage Personal Information
We maintain an internal privacy framework that includes staff training on this policy, formal access controls on personal information stored in our systems, annual review of processor contracts and an incident-response plan. This page is the publicly available version of that framework. We update it when our practices change materially; cosmetic edits change the date at the top.
3. APP 2 — Anonymity And Pseudonymity
You can browse the public website without identifying yourself. Once you open an account, anonymity is no longer possible: we are required to verify your identity under anti-money-laundering law (AML/CTF Act 2006 in Australia for AU-facing operators, plus our Curacao licence obligations). Where a transaction does not require identification, we do not collect identifying detail beyond what is necessary.
4. APP 3 & APP 5 — Collection And Notification
We collect the following categories of personal information, and only the following categories, directly from you or generated by your activity:
| Category | Examples | Source | Why |
|---|---|---|---|
| Account identity | Name, date of birth, email, AU mobile | You, at sign-up | Account creation, age verification, communications. |
| KYC documents | Government photo ID, proof of address | You, at KYC trigger | AML/CTF compliance, fraud prevention. |
| Financial | Payment-method identifiers, PayID/POLi/BPAY/Neosurf details, card last-4, crypto address | You and your bank | Processing deposits and payouts. |
| Wagering history | Bets placed, outcomes, bonus usage | Generated by your play | Service operation, RG monitoring, dispute resolution. |
| Communications | Chat transcripts, emails to support | You | Support, complaint records. |
| Technical | IP, device, browser, cookie identifiers | Your device | Security, fraud detection, fault diagnostics. |
| Marketing preferences | Opt-in flags, channel choices | You | Consent management. |
We notify you at the point of collection what each field is for. We do not collect sensitive information within the meaning of the APPs (health, racial origin, religion, sexual orientation, political opinion) other than where a specific RG conversation makes it relevant and you choose to share it.
5. APP 4 — Unsolicited Personal Information
If we receive personal information about you that we have not asked for — for example, a third party emails us about your account — we assess whether we could lawfully have collected it ourselves under APP 3. If not, we destroy or de-identify the information as soon as practicable.
6. APP 6 — How We Use Personal Information
We use the categories above to:
- Operate your account, including deposits, withdrawals, bonus tracking and game history.
- Verify your identity and meet AML/CTF obligations.
- Communicate with you about your account and transactions (transactional emails).
- Send you marketing material — only where you have opted in and only on the channels you chose.
- Detect, investigate and prevent fraud, collusion and bonus abuse.
- Operate the responsible gambling toolkit and monitor for risk signals.
- Resolve disputes and complaints.
- Comply with regulatory requests, court orders and tax reporting where applicable.
- Improve the website and games — analytics work on aggregated, de-identified data.
We do not sell personal information. We do not use personal information to make automated decisions with legal effect on you without human review.
7. APP 7 — Direct Marketing
Marketing emails and SMS are off by default. They turn on only if you opt in — either at sign-up or later from Account → Preferences. Every marketing email contains an unsubscribe link; every SMS contains a STOP keyword. Acting on either takes effect within 24 hours. We continue to send transactional notices (login alerts, withdrawal confirmations, T&Cs updates) regardless of marketing preference — these are operational, not promotional.
8. APP 8 — Cross-Border Disclosure
Some of the service providers we rely on are based outside Australia. Before sharing, we satisfy ourselves they handle personal information consistently with the APPs, either by contract or by being subject to a comparable framework. The categories are limited to:
| Recipient type | Location | What they receive |
|---|---|---|
| Cloud hosting (database, application servers) | Singapore (primary), Frankfurt (failover) | All categories listed in section 4. |
| KYC verification vendor | UK | Identity documents and core account identity. |
| Email delivery provider | USA | Email address, communications. |
| SMS delivery provider | Singapore | Mobile number, message body. |
| Game studios (Pragmatic Play, Evolution, etc.) | Malta, Curacao | Pseudonymous session identifier (not your name) — for game state only. |
| Analytics | USA | Pseudonymous device and behavioural data (cookie-driven, optional category). |
None of these providers sells your data onwards.
9. APP 9 — Government-Related Identifiers
We collect a government-issued ID number only as part of the KYC process and we use it exclusively for that purpose. We do not use a government identifier as a primary account key.
10. APP 10 — Quality Of Personal Information
We rely on you to keep your contact details current. You can update them yourself from Account → Profile. For KYC documents, we accept updates by email to the privacy address; the underlying record is kept for the legal retention period below, even if you update the live document.
11. APP 11 — Security
Personal information is held on encrypted databases inside our cloud-hosting provider's environment. Transport is over TLS 1.2 or 1.3. Access is restricted to staff whose role requires it and is logged. Payment-card data, where collected, is handled by a PCI-DSS-compliant processor — we do not store the full PAN on our systems. Passwords are stored as salted hashes (argon2id) — we cannot read your password and could not return it to you if asked.
If a data breach occurs that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme. Our standard notification commitment is within 72 hours of confirming the breach.
12. APP 12 — Access
You can request a copy of the personal information we hold about you by emailing the privacy address. We commit to substantive response within 30 calendar days; in practice most requests are answered inside 10 business days. The first request per calendar year is free; subsequent requests carry a reasonable administrative fee, disclosed upfront.
13. APP 13 — Correction
If you believe personal information we hold about you is incorrect, ask us to correct it. We will correct the record if we agree, or annotate the record with your stated correction if we do not — and tell you why we do not. Either response within 30 days.
14. Retention
| Category | Retention | Reason |
|---|---|---|
| Account and KYC records | 7 years after account closure | AML/CTF Act 2006 record-keeping obligation. |
| Transaction records | 7 years after the transaction | Same. |
| Marketing consent log | 2 years after revocation | Audit / dispute resolution. |
| Support chat transcripts | 2 years after the interaction | Service-quality review. |
| Cookie identifiers | Per cookies policy | See cookies page. |
| Self-exclusion record | Indefinite for permanent exclusion; otherwise + 1 year past expiry | To honour the exclusion. |
After the retention period, records are deleted or de-identified.
15. Cookies And Tracking
The cookies we set and your choice over them are detailed on our cookies policy page. The short version: essential cookies always on, optional cookies off until you opt in, your choice respected on every device that signs in to your account.
16. Your Rights Beyond The APPs
If you are habitually resident in the European Economic Area or the UK and engage with us, you may have additional rights under the GDPR or UK GDPR — including the right to data portability and the right to object. Email the privacy address to exercise them.
17. Complaints
If you believe we have breached the APPs, please first email [email protected]. We will respond within 30 days. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. The OAIC can investigate and make determinations.
18. Changes To This Policy
Material changes — anything that expands collection, sharing, or retention beyond what is described here — are notified by in-account message at next login at least 14 days before they take effect. You will have the opportunity to close your account if you do not agree.
APP Mapping Index
| APP | Section in this policy |
|---|---|
| APP 1 — Open and transparent management | §2 |
| APP 2 — Anonymity | §3 |
| APP 3 — Collection of solicited personal information | §4 |
| APP 4 — Dealing with unsolicited information | §5 |
| APP 5 — Notification of collection | §4 |
| APP 6 — Use or disclosure | §6 |
| APP 7 — Direct marketing | §7 |
| APP 8 — Cross-border disclosure | §8 |
| APP 9 — Adoption, use or disclosure of government related identifiers | §9 |
| APP 10 — Quality of personal information | §10 |
| APP 11 — Security | §11 |
| APP 12 — Access | §12 |
| APP 13 — Correction | §13 |