Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed and protected when you access or use the Olympia services available via olympia-aussie.com. It applies to all visitors to our website, prospective and existing players, and any other individuals whose data we process in connection with these services. By using the site, you consent to the handling of your personal information in accordance with this Policy. The effective date of this Privacy Policy is 1 January 2026 unless replaced by a later "Last updated" notice below.

Who We Are

OBSERVE: Users need to know the identity and contact details of the operator responsible for data handling.

EXPAND: We incorporate the corporate structure of the Olympia brand, Curaçao licensing information, and contact channels relevant to privacy queries.

REFLECT: This section clarifies who controls your data and how to contact us about privacy.

Operator and Legal Entity

The services reviewed and made available through olympia-aussie.com under the brand "Olympia" are operated for data protection purposes by:

Operator: Dama N.V.
Legal form: Private limited liability company
Registration number: 152125
Registered address / legal address: Scharlooweg 39, Willemstad, Curaçao
Operator jurisdiction: Curaçao

Dama N.V. operates online gambling services under licence number 8048/JAZ2020-013 issued to Antillephone N.V. in Curaçao (online gambling / casino licence, active at least through 2026). Payments may in some cases be facilitated by affiliated entities such as Strukin Ltd, Cyprus, acting as a processing partner.

Contact Details

Website: https://olympia-aussie.com
Support email: [email protected]
General information email: [email protected]
Press enquiries: [email protected]
Sales: [email protected]
HR: [email protected]

Data Protection Contact

We have appointed a dedicated data protection contact point responsible for privacy matters:

Data Protection Contact / DPO function: Data Protection Officer, Dama N.V.
Email: [email protected] (please state "Privacy request - Olympia" in the subject line)
Postal contact: Data Protection Officer, Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Regional compliance note (AU): Dama N.V. does not have a physical office in Australia and operates as an offshore provider. While the services may be accessible from Australia, they are not licensed under Australian law. This Privacy Policy does not constitute a representation of compliance with the Australian Privacy Act 1988 (Cth) but we endeavour to apply comparable safeguards where commercially and technically feasible.

What Personal Data We Collect

OBSERVE: Online casino operations require identification, technical data, payment data and behavioural information.

EXPAND: We distinguish categories of data and channels through which they are obtained, covering direct input, automatic collection and data from partners.

REFLECT: This supports transparency obligations and helps users understand which data is necessary for which aspects of the service.

Data You Provide to Us

Registration and profile data: Full name, username, date of birth, country of residence, address (where requested), email address, mobile or landline telephone number, password or other authentication credentials.
Account and communication data: Preferences, language, communication settings, content of messages sent to support, feedback forms, complaint correspondence, and records of interactions with our customer support team.
Verification and KYC/AML data: Copies or details of identity documents (passport, ID card, driving licence), proof of address (utility bills, bank statements), payment ownership evidence, source-of-funds / source-of-wealth information as may be requested under AML procedures.

Technical and Usage Data

Device and connection information: IP address, approximate geolocation derived from IP, device identifiers, browser type and version, operating system, language, referrer URLs, time zone settings, and similar technical data.
Log and interaction data: Login and logout times, session IDs, pages viewed, clicked links, navigation paths, error logs, and other diagnostic information.
Cookies and similar technologies: Unique cookie IDs, session tokens, analytics identifiers, advertising identifiers and related metadata (see the Cookies & Tracking Technologies section).

Payment and Financial Data

Transaction information: Deposits, withdrawals, bonuses credited or forfeited, currency, transaction timestamps, used payment method, transaction identifiers.
Payment method details: Limited card or account data as required to process payments (for example, masked card number, card brand, expiry date), wallet identifiers, bank account details, as processed directly or via payment processors such as Strukin Ltd or other authorised partners.

Behavioural and Marketing Data

Gaming behaviour: Game selections, stakes, wins/losses, bet history, session duration, responsible gambling settings and limits, self-exclusion status.
Marketing interaction data: Email opens, clicks on promotional links, subscription / unsubscription status, participation in promotions and loyalty programs where available.

Data from Third Parties

Verification and risk management partners: Information from identity verification services, payment providers, anti-fraud databases and AML screening tools.
Affiliates and advertising networks: Referral information, campaign tags, basic identifiers and aggregated statistics about how you arrived at olympia-aussie.com, where legally permitted and based on your consent where required.

Legal Basis for Processing

OBSERVE: Different processing activities require specific lawful grounds.

EXPAND: We map typical casino-related processing (account setup, gambling services, AML checks, marketing, analytics) to recognised legal bases.

REFLECT: This enhances accountability and allows users to link each purpose to a justification.

Consent

We rely on your explicit or implicit consent to:
- Send you marketing communications by email, SMS, push notifications or similar channels, where required by applicable law.
- Use non-essential cookies and similar technologies for analytics and advertising (see Cookies & Tracking Technologies).
- Process particularly sensitive verification data beyond what is strictly required by law, where we ask you to agree to such processing.
You may withdraw your consent at any time, as described in the "Your Rights" section. Withdrawal does not affect processing already carried out lawfully.

Contractual Necessity

We process personal data where it is necessary to enter into and perform a contract with you, including to:
- Register and maintain your player account.
- Provide access to the games and related gambling services available through olympia-aussie.com.
- Process deposits, bets, winnings and withdrawals.
- Provide customer support and manage your requests.

Legitimate Interests

We process data on the basis of our legitimate interests, balanced against your privacy rights, to:
- Prevent and detect fraud, abuse, cheats, bonus misuse and other unlawful or suspicious activities.
- Ensure network and information security, including monitoring access and protecting our systems from attacks.
- Improve our services, user experience and website performance through aggregated analytics.
- Defend our legal rights, respond to claims and manage business risk.

Compliance with Legal Obligations

We must process certain personal data to comply with legal and regulatory obligations applicable in Curaçao and other relevant jurisdictions, including:
- Know-your-customer (KYC) and anti-money laundering / counter-terrorist financing (AML/CTF) requirements.
- Record-keeping, accounting and reporting duties.
- Enforcement of self-exclusion and responsible gambling measures where required.
- Responding to lawful requests from supervisory, tax, law enforcement or other competent authorities.

Purpose of Processing

OBSERVE: Users must understand why their data is used.

EXPAND: We associate each main operational area with concrete purposes.

REFLECT: This clarifies that we do not process data for unrelated reasons without a lawful basis.

Provision and Management of Services

To create, verify and manage your player account.
To provide access to games, betting facilities and related gambling functionality.
To process deposits, bets, bonuses and withdrawals, and to maintain transaction histories.
To provide technical and customer support, resolve issues and respond to your enquiries.

Service Improvement and Personalisation

To analyse how players use the website and services (for example, which games are popular, typical navigation flows).
To troubleshoot performance issues and improve stability, security and functionality.
To tailor content, game recommendations and promotions to your profile, within the limits of applicable law and your consent where required.

Marketing and Promotions

To send newsletters, promotional offers, loyalty and VIP program information, and other marketing communications if you have opted in or where otherwise permitted by law.
To evaluate the effectiveness of campaigns, including affiliate and advertising network performance.

Analytics, Risk Management and Fraud Prevention

To perform profiling and risk scoring for fraud detection and prevention of unauthorised access.
To apply AML/CTF controls and monitor for suspicious transactions or behaviour.
To enforce our terms and conditions, bonus rules and responsible gambling measures.

Legal, Regulatory and Business Purposes

To comply with legal obligations, regulatory requirements and licensing conditions.
To respond to information requests and audits from relevant authorities.
To manage business operations, including internal reporting, compliance checks, and potential restructuring, merger or asset transfer, in which case data may be reviewed under strict safeguards.

Disclosure & Sharing

OBSERVE: Casino operations rely on multiple external providers.

EXPAND: We delineate categories of recipients, the circumstances of disclosure and safeguards.

REFLECT: Users can see who else may access their data and why.

Group Companies and Operational Partners

Group entities and processors: We may share your data with companies controlled by, controlling or under common control with Dama N.V., including but not limited to payment processing affiliates such as Strukin Ltd (Cyprus), solely for purposes outlined in this Policy.
Platform and infrastructure providers: Third-party platform providers (for example, SoftSwiss and other technology partners), hosting providers, cloud and IT support services, who assist us in operating olympia-aussie.com.

Payment Service Providers

We share necessary payment-related information with banks, card schemes, e-wallet providers, payment gateways and other financial institutions to:
- Process deposits and withdrawals.
- Conduct AML and fraud checks.
- Resolve payment disputes and chargebacks.

Service Providers and Professional Advisers

Service providers: Identity verification and KYC/AML partners, fraud prevention tools, analytics providers, email delivery services, customer support tools and similar vendors. These service providers act as processors and are bound by confidentiality and data protection obligations.
Professional advisers: Lawyers, auditors, consultants and accountants who may receive limited data where necessary for legal, auditing or consulting purposes and subject to professional secrecy.

Regulators and Public Authorities

We may disclose personal data to:
- Regulators and licensing bodies in Curaçao and other relevant jurisdictions.
- Law enforcement agencies, courts and public authorities where we are legally obliged to do so or where it is necessary to establish, exercise or defend legal claims.
- Authorities addressing unlawful online gambling in particular jurisdictions (including, where applicable, Australian authorities such as the Australian Communications and Media Authority (ACMA)), subject to applicable law.

Affiliates and Advertising Networks

With your consent where required by law, we may share limited information (for example, identifiers and conversion data) with:
- Affiliate partners who referred you to olympia-aussie.com, to ensure correct attribution and commission calculation.
- Advertising networks and analytics partners to measure the performance of online campaigns and, where permitted, to tailor advertising.

Business Transfers

If Dama N.V. or substantially all of its assets related to the Olympia brand are acquired, merged, restructured or transferred, personal data may be disclosed to the acquiring or merging entity under appropriate confidentiality and data protection obligations, and only to the extent reasonably necessary for due diligence or completion of the transaction.

International Transfers

OBSERVE: Data handling involves cross-border processing, particularly between Curaçao, the EU/EEA and other locations.

EXPAND: We identify typical transfer destinations and safeguards such as contractual protections.

REFLECT: This helps users understand how their data is protected when it leaves their country.

Locations of Processing

Your personal data may be processed and stored in:
- Curaçao (headquarters and main operations of Dama N.V.).
- Member States of the European Union / European Economic Area, particularly Cyprus and other locations where our processors or group entities are situated.
- Other countries where our technology, payment or support providers maintain data centres, subject to appropriate safeguards.

Safeguards for Cross-Border Transfers

When transferring personal data from regions with data export requirements (such as the EEA) to countries that may not provide the same level of data protection, we implement:
- Contractual safeguards: Standard Contractual Clauses or similar agreements approved under relevant data protection regimes, where applicable.
- Technical and organisational measures: Encryption, strict access controls, minimisation of exported data and security audits.
- Risk assessment: Case-by-case assessments of the legal and practical risks associated with the transfer.

Regional compliance note: While Olympia targets users in Australia through olympia-aussie.com, data is primarily controlled in Curaçao and may be processed in other jurisdictions as described above. By using the services, you acknowledge that your data may be transferred internationally and that such transfers are necessary for the operation of the services.

Data Retention

OBSERVE: Different data types require different retention periods, especially under AML and licensing rules.

EXPAND: We link categories to indicative retention times and deletion criteria.

REFLECT: This enables users to understand how long their data will typically be stored.

General Retention Principles

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including:
- Provision of services and maintenance of your account.
- Compliance with legal, regulatory, accounting and reporting obligations.
- Resolution of disputes and enforcement of agreements.

Indicative Retention Periods

Account and profile data: Stored for the lifetime of your active account and generally for up to 5 years after account closure, unless a longer period is required by law or to resolve ongoing disputes.
KYC/AML and verification data: Typically retained for 5 - 10 years after the end of the business relationship or after a one-time transaction, in line with applicable AML/CTF regulations where they apply.
Transaction and gaming history: Preserved for at least 5 years after the relevant transaction or account closure, as required for accounting, tax and regulatory purposes.
Marketing data: Retained while you remain subscribed and for a short period (normally up to 2 years) after unsubscribing, solely to demonstrate compliance with your opt-out request and campaign analytics.
Technical logs and security data: Kept for a period typically ranging from 6 months to 3 years, depending on the sensitivity of the data and operational needs for security and fraud prevention.

Deletion and Anonymisation

When personal data is no longer required:
- We will securely delete or irreversibly anonymise the data so that it can no longer be associated with an identified or identifiable individual.
- Backups containing your data will be overwritten in accordance with our backup rotation and disaster recovery policies.
We may retain anonymised or aggregated information (which does not identify you) indefinitely for statistical, research and business analytics purposes.

Your Rights

OBSERVE: Individuals should be informed of their rights and how to exercise them.

EXPAND: We align these rights with widely recognised standards such as the GDPR, and where relevant, refer to comparable concepts under other frameworks.

REFLECT: Clear procedures and timelines strengthen user control and demonstrate accountability.

Overview of Rights

Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of such data together with information about the processing.
Right to rectification: You can request correction of inaccurate personal data and completion of incomplete data.
Right to erasure ("right to be forgotten"): You can request deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, you withdraw consent (where consent is the only basis), or you successfully object to processing. This right may be limited where we must retain data for legal or regulatory reasons (for example, AML/CTF rules).
Right to restriction of processing: You can request that we restrict processing of your data in certain circumstances, such as while we verify its accuracy or our legitimate interests.
Right to object: You may object, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling. You also have an unconditional right to object at any time to processing of your data for direct marketing purposes.
Right to data portability: When processing is based on your consent or on a contract and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used and machine-readable format, and have it transmitted to another controller where technically feasible.
Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal.

Note on non-EU and Mexican users: While this Policy is primarily aligned with standards similar to the EU General Data Protection Regulation (GDPR), we also seek to respect comparable principles from other data protection frameworks such as the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) where relevant, especially regarding transparency, purpose limitation, data quality, security and rights of access, rectification, cancellation and objection (ARCO rights). However, the primary governing law remains as defined in our general terms and conditions.

How to Exercise Your Rights

Submit your request: Contact us via email at [email protected] with the subject "Privacy request - Olympia", or write to our Data Protection Officer at the postal address listed in the "Who We Are" section.
Specify your request: Clearly state which right you wish to exercise and, where applicable, provide details (for example, which data you wish to correct or erase).
Identity verification: For your protection, we may request additional information to verify your identity before acting on your request, particularly for access, portability or erasure.
Response timeframe: We aim to respond to all valid requests without undue delay and in any event within 30 days of receipt. If your request is particularly complex, or we receive numerous requests, we may extend this period by a further 30 days and will inform you of the extension and reasons.
Fees: Requests are handled free of charge. However, we may charge a reasonable fee or refuse to act on a request that is manifestly unfounded or excessive, in particular because of its repetitive character.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for session management and analytics.

EXPAND: We classify cookies by type and purpose and explain control options.

REFLECT: This allows users to make informed consent choices and manage their browser settings.

Types of Cookies We Use

Session cookies: Temporary cookies that are erased when you close your browser. They are used to maintain secure sessions, remember your selections within a single visit and keep you logged in while navigating the site.
Persistent cookies: Cookies stored on your device for a defined period. They enable us to remember your preferences (for example, language, region, login details if you choose "remember me") and to recognise you when you return.
First-party cookies: Cookies set directly by olympia-aussie.com to enable core functionality and site analytics.
Third-party cookies: Cookies set by external services integrated into our website, such as analytics providers, affiliate tracking tools and, where applicable, advertising networks.

Purposes of Cookies

Strictly necessary / functional: Required for the operation of the website and services, including security, session management, load balancing and basic navigation. These cookies cannot generally be disabled via our systems.
Analytics and performance: Used to collect aggregated information about how visitors use the site (for example, pages visited, time spent, error messages). This helps us improve the performance, design and content of olympia-aussie.com.
Advertising and affiliation: Used to track referrals from affiliates, measure campaign performance and, where permitted, support targeted or personalised advertising. These cookies are usually third-party and subject to consent where required by law.

Cookie Management

Browser settings: Most web browsers automatically accept cookies but allow you to modify your settings to block or delete cookies. Please refer to your browser's help or settings menu for instructions.
On-site tools: Where available, we may provide internal settings or banners enabling you to manage non-essential cookies (for example, opting out of analytics or advertising cookies).
Consequences of disabling: If you choose to disable or block certain cookies, some parts of the website may not function correctly, and your user experience may be degraded (for example, you may need to log in more frequently, and some features may not be available).

Data Security

OBSERVE: Gambling platforms process sensitive financial and behavioural data and must apply robust security.

EXPAND: We outline technical and organisational measures and refer to relevant standards.

REFLECT: This reassures users that reasonable steps are taken to protect their information.

Technical Safeguards

Encryption in transit: Data transmitted between your browser and olympia-aussie.com is protected using industry-standard Transport Layer Security (TLS 1.2 or higher), helping to prevent interception.
Encryption at rest: Sensitive data, such as passwords and certain financial information, is stored using strong cryptographic techniques and hashing algorithms in accordance with best practice.
Access controls: Access to personal data is restricted to authorised personnel and service providers who require it for their role and are bound by confidentiality obligations. Role-based access control and logging are implemented to minimise and monitor access.
Network and infrastructure security: Firewalls, intrusion detection/prevention systems and other protective technologies are implemented to safeguard our infrastructure.

Organisational Measures

Policies and training: Staff handling personal data receive regular training in data protection, information security and responsible handling of gambling-related information.
Security audits: Security controls are reviewed periodically, and we may rely on certifications and audits undertaken by core technology providers (for example, the underlying platform may be ISO 27001 certified) as part of our vendor management.
Incident response: We maintain procedures for identifying, investigating and responding to suspected personal data breaches. Where required by law, we will notify relevant authorities and affected individuals without undue delay.

While we take appropriate steps to protect your data, no system can be guaranteed to be entirely secure. You are responsible for keeping your login credentials confidential and for using adequate security measures on your own devices.

Complaints & Contacts

OBSERVE: Users need clear channels for questions and complaints.

EXPAND: We define internal escalation and external supervisory contacts where applicable.

REFLECT: This underpins effective redress mechanisms.

Contacting Us

Primary email for privacy and complaints: [email protected]
Customer support: [email protected]
Postal address: Data Protection Officer, Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Internal Complaint Procedure

Submission: Send your complaint or query detailing the issue, relevant dates and any supporting documentation to the Data Protection Officer at the contact details above.
Acknowledgement: We will acknowledge receipt of your complaint within 5 business days where feasible.
Investigation: Your complaint will be reviewed by appropriate personnel who may contact you for further information.
Response: We aim to provide a substantive response within 30 days of receiving a complete complaint. If more time is required due to complexity, we will inform you of the delay and the expected timeframe.
Further steps: If you remain dissatisfied, you may request further internal review or escalate the matter to a competent supervisory authority, where available under your local law.

External Authorities

The competent supervisory authority for data protection matters will depend on your place of residence and the specific legal framework that applies. If you believe your data protection rights have been infringed, you may have the right to lodge a complaint with the relevant data protection or consumer authority in your jurisdiction. Contact details of such authorities differ by country.

Note for Australian users: Privacy-related concerns may, in some circumstances, be raised with the Office of the Australian Information Commissioner (OAIC) or other relevant regulators. However, as Dama N.V. is an offshore operator based in Curaçao and not licensed in Australia, the availability and scope of such remedies may vary.

Updates

OBSERVE: Privacy policies must adapt to changes in law and operations.

EXPAND: We identify notification methods, version control and user options.

REFLECT: This section provides predictability regarding future changes.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors.
Where changes are material, we will provide prominent notice, for example by:
- Sending an email notification to the address associated with your account.
- Displaying a notice or banner on olympia-aussie.com.
- Providing an alert in your account dashboard, where available.

Advance Notice and User Choices

For material changes that significantly affect how we process your personal data or your rights, we will, wherever practicable, provide at least 30 days' advance notice before the changes take effect.
If you do not agree with the updated Policy, you may:
- Object to certain changes where applicable, or
- Close your account and discontinue use of the services before the changes become effective.
Your continued use of the services after the effective date of the updated Policy will constitute acceptance of those changes.

Last updated: January 2026