Privacy Policy

Popmolly Online Casino — Privacy Policy

Effective Date and Scope

This Privacy Policy governs the collection, processing, storage, and disclosure of personal data by Popmolly, an online casino brand operated under a license issued by the Government of Curacao. This policy applies to all users who access or register on the Popmolly platform, including residents of Australia who engage with the casino’s services through any digital channel, including desktop and mobile interfaces. By registering an account, making a deposit, or otherwise using the services provided by Popmolly, you acknowledge that you have read, understood, and agreed to the terms set out in this Privacy Policy. If you do not agree with the terms described herein, you must discontinue use of the platform immediately.

Popmolly is committed to protecting the privacy and personal data of its users in accordance with applicable data protection principles and regulatory obligations. Although Australia does not mandate a single unified gambling-specific data protection statute, Popmolly adheres to principles consistent with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and international best practices applicable to licensed online gambling operators. This policy is designed to be transparent, comprehensive, and compliant with the standards expected of a licensed iGaming operator.

1. Data Controller Information

Popmolly operates as the data controller for all personal information collected through its platform. The brand holds a valid gaming license issued by the Curacao Gaming Authority, which imposes regulatory obligations on the operator regarding user data protection, anti-money laundering compliance, and responsible gambling practices. As the data controller, Popmolly determines the purposes and means of processing personal data and is responsible for ensuring that all processing activities are conducted lawfully, fairly, and transparently. Users who have inquiries regarding the handling of their personal data may contact the Popmolly data protection team through the official support channels listed on the platform’s contact page.

2. Categories of Personal Data Collected

Popmolly collects a range of personal data from users in the course of providing its online casino services. The categories of data collected include, but are not limited to, the following:

• Registration data, including full legal name, date of birth, residential address, email address, and telephone number provided at the time of account creation
• Government-issued identification documents, including passports, national identity cards, or driver’s licenses submitted during identity verification procedures
• Payment and financial data, including bank account details, credit and debit card numbers, e-wallet identifiers, transaction histories, and records of deposits and withdrawals
• Technical and device data, including IP addresses, browser type and version, operating system, device identifiers, session durations, and clickstream data generated during platform use
• Cookie data and similar tracking technologies used to monitor user behavior and platform performance
• Communications data, including records of correspondence between the user and Popmolly’s customer support team, including chat logs, emails, and complaint records
• Behavioral and gaming data, including betting history, game preferences, wagering patterns, and responsible gambling self-assessment responses
• Geolocation data, where permitted, used to verify the user’s jurisdiction and ensure compliance with applicable territorial restrictions

3. Purposes of Data Processing

Popmolly processes personal data for a range of legitimate purposes that are directly connected to the operation of a licensed online casino and the fulfillment of legal and regulatory obligations. The specific purposes include:

• Account registration and management, including the creation, maintenance, and administration of user accounts on the platform
• Identity verification and Know Your Customer procedures, which are mandatory under the terms of the Curacao gaming license and applicable anti-money laundering frameworks
• Anti-Money Laundering compliance, including transaction monitoring, suspicious activity reporting, and cooperation with relevant financial intelligence authorities
• Anti-fraud detection and prevention, including the identification of unusual account activity, unauthorized access attempts, and potential abuse of promotional offers
• Payment processing, including the facilitation of deposits and withdrawals through authorized payment providers and financial intermediaries
• Marketing communications, including the delivery of promotional offers, bonus notifications, newsletters, and personalized content, where the user has provided consent or where a legitimate interest exists
• Customer support, including the resolution of disputes, technical issues, and account-related inquiries
• Responsible gambling obligations, including the enforcement of self-exclusion requests, deposit limits, and the identification of at-risk gambling behavior in accordance with the operator’s duty of care
• Platform improvement and analytics, including the analysis of user behavior data to enhance the functionality, security, and user experience of the casino platform
• Legal compliance, including the retention of records required by law and the fulfillment of obligations arising from regulatory investigations or court orders

4. Legal Basis for Processing

All processing activities carried out by Popmolly are grounded in one or more of the following legal bases:

• The performance of a contract, where processing is necessary to provide the services requested by the user
• Compliance with a legal obligation, where processing is required by applicable laws, including AML regulations and gaming licensing conditions
• Legitimate interests pursued by Popmolly, including fraud prevention, platform security, and business analytics, where such interests are not overridden by the rights and freedoms of the user
• Consent, where the user has expressly agreed to a specific processing activity, such as receiving marketing communications

5. Data Sharing and Disclosure

Popmolly does not sell personal data to third parties. However, personal data may be disclosed to the following categories of recipients in the course of lawful business operations:

• Payment service providers and financial institutions involved in the processing of deposits and withdrawals on behalf of the user
• Identity verification and KYC partners, including third-party providers who assist with document authentication and background screening
• Anti-fraud and risk management service providers who support the operator’s efforts to detect and prevent fraudulent activity on the platform
• Regulatory authorities, including the Curacao Gaming Authority and any other competent authority entitled to request user data in connection with licensing compliance, financial investigations, or legal proceedings
• Law enforcement agencies and government bodies, where disclosure is required by applicable law or court order
• Technology and infrastructure providers, including cloud hosting services, cybersecurity firms, and platform maintenance providers who process data on behalf of Popmolly under appropriate data processing agreements
• Marketing and analytics partners, where the user has consented to the use of their data for targeted advertising or behavioral analysis

All third-party service providers engaged by Popmolly are required to comply with applicable data protection standards and are prohibited from using personal data for purposes beyond those specified in their contractual agreements with the operator.

6. Data Retention

Popmolly retains personal data for as long as is necessary to fulfill the purposes for which it was collected, including the satisfaction of legal, regulatory, and contractual obligations. In line with AML regulatory requirements and the conditions of the Curacao gaming license, transaction records and identity verification documents are typically retained for a minimum of five years following the closure of the user’s account or the completion of the relevant transaction. Communications records and customer support logs are retained for a period consistent with applicable limitation periods for legal claims. Where data is no longer required for any lawful purpose, it is securely deleted or anonymized in accordance with Popmolly’s internal data retention procedures.

7. User Rights

Users of the Popmolly platform have the following rights in relation to their personal data, subject to applicable legal limitations:

• The right to access personal data held by Popmolly, including the right to receive a copy of the data in a commonly used format
• The right to request the correction of inaccurate or incomplete personal data
• The right to request the deletion of personal data, where it is no longer necessary for the purposes for which it was collected and where no overriding legal obligation requires its retention
• The right to restrict the processing of personal data in certain circumstances, including where the accuracy of the data is contested or where the processing is unlawful
• The right to object to processing carried out on the basis of legitimate interests, including direct marketing activities
• The right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of the above rights, users must submit a written request through the official support channels available on the Popmolly platform. Popmolly will respond to all valid requests within a reasonable timeframe and in accordance with applicable legal standards.

8. Cookie Policy

8.1 Use of Cookies

Popmolly uses cookies and similar tracking technologies on its platform to enhance user experience, ensure platform security, and collect analytical data. Cookies are small text files stored on the user’s device when they visit the platform. The following categories of cookies are used:

• Essential cookies, which are strictly necessary for the operation of the platform, including session management, login authentication, and security functions. These cookies cannot be disabled without affecting the functionality of the platform.
• Analytical and performance cookies, which are used to collect information about how users interact with the platform, including pages visited, time spent on the site, and error messages encountered. This data is used to improve the performance and usability of the casino platform.
• Marketing and targeting cookies, which may be used to deliver personalized promotional content and track the effectiveness of advertising campaigns, subject to user consent where required.

8.2 Cookie Management

Users may manage their cookie preferences through the cookie consent tool provided on the platform or through the settings of their web browser. Disabling essential cookies may impair the functionality of the platform. Users who wish to withdraw consent for non-essential cookies may do so at any time without affecting their ability to access their account, subject to the limitations described above.

9. International Data Transfers

As Popmolly operates under a Curacao gaming license and engages with service providers located in various jurisdictions, personal data may be transferred to and processed in countries outside of Australia. Where such transfers occur, Popmolly ensures that appropriate safeguards are in place to protect the data, including contractual protections consistent with applicable data protection standards. Users who have concerns regarding international data transfers may contact the Popmolly data protection team for further information.

10. Data Security

Popmolly implements appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls limiting data access to authorized personnel, regular security assessments, and incident response procedures. Despite these measures, no data transmission or storage system can be guaranteed to be completely secure. Users are encouraged to maintain the confidentiality of their account credentials and to notify Popmolly immediately in the event of any suspected unauthorized access to their account.

11. Responsible Gambling and Data Processing

Popmolly takes its responsible gambling obligations seriously and processes certain personal data specifically to fulfill its duty of care toward users. This includes the monitoring of gambling behavior for signs of problem gambling, the enforcement of self-exclusion and cooling-off periods, and the application of deposit and loss limits requested by the user. Data processed for responsible gambling purposes is handled with the highest degree of sensitivity and is not used for marketing or commercial purposes.

12. Amendments to This Policy

Popmolly reserves the right to amend this Privacy Policy at any time in response to changes in applicable law, regulatory requirements, or business operations. Users will be notified of material changes through the platform or via email communication. Continued use of the platform following the publication of an updated Privacy Policy constitutes acceptance of the revised terms. Users are encouraged to review this policy periodically to remain informed of how their personal data is being processed.

13. Contact and Complaints

Users who have concerns or complaints regarding the handling of their personal data by Popmolly are encouraged to contact the data protection team directly through the support channels available on the platform. Where a user believes that their data protection rights have been violated and the matter has not been resolved satisfactorily by Popmolly, they may have the right to lodge a complaint with the Office of the Australian Information Commissioner or another relevant supervisory authority in their jurisdiction.