Privacy Policy

This Privacy Policy explains how Zoome, operated via the domain zoomeplay-au.com, collects, uses, stores, and shares personal information of players and website visitors. It applies to all users who access or interact with https://zoomeplay-au.com and related brand domains from Australia and other locations. By using our website or services, you agree to the practices described in this Privacy Policy. This Privacy Policy is effective and deemed current through 31 December 2026.

Who We Are

OBSERVE: Users must know the legal operator, its registration details, and how to contact the data-responsible function.

EXPAND: We align these details with Curaçao corporate and licensing information and provide clear contact points for privacy matters.

REFLECT: This ensures transparency and satisfies international best-practice expectations, including Australian consumer awareness requirements.

Operator and Legal Entity

• Operator: The online gambling services reviewed and promoted on Zoome and accessible via https://zoomeplay-au.com are operated by Dama N.V.
• Legal form: Dama N.V., a company incorporated under the laws of Curaçao.
• Registration number: 152125.
• Registered and legal address: Dama N.V., Scharlooweg 39, Willemstad, Curaçao.
• Licensing details: Dama N.V. operates online gambling activities under licence number 8048/JAZ2020-013 issued to it under the master licence held by Antillephone N.V. (Curaçao). The status of this licence can be verified at https://validator.antillephone.com.

Contact for Privacy Matters (DPO / Data Protection Function)

• Email (primary privacy / support contact): [email protected]
• Email (general information): [email protected]
• Email (press and regulatory enquiries): [email protected]
• Website: https://zoomeplay-au.com

While a formal Data Protection Officer (DPO) under EU or Australian law is not mandatorily appointed, Dama N.V. designates its data protection team reachable via [email protected] as the responsible contact for all privacy-related questions, requests and complaints.

What Personal Data We Collect

OBSERVE: We collect personal, technical, payment-related and behavioural data when you use zoomeplay-au.com.

EXPAND: Data collection covers both directly provided information and data gathered automatically via devices, logs, cookies and third-party tools.

REFLECT: Categorising these data types helps you understand how and why information about you is processed.

Identification and Contact Data

• Full name, date of birth and age verification data.
• Residential address and country of residence.
• Email address and phone number.
• Document details provided for KYC/AML checks (e.g. ID card, passport, driving licence, utility bills) where applicable.

Account and Usage Data

• Username, account ID, and authentication credentials (stored in hashed/encrypted form).
• Account settings, language preferences and communication preferences (e.g. marketing opt-in/opt-out).
• Login times, session identifiers, gameplay logs, betting history, wins and losses where relevant to the services advertised or accessed via zoomeplay-au.com.
• Interactions with our support team (emails, chat logs, complaint history).

Technical and Device Data

• IP address and approximate geolocation derived from IP.
• Device information (browser type and version, operating system, device model, screen resolution, language settings).
• Log data (access dates and times, pages viewed, referral URLs, clickstream data, error logs).

Payment and Financial Data

• Limited payment instrument information (e.g. masked card numbers, payment method type) as provided by payment processors.
• Transaction details (amounts, currencies, timestamps, status, chargeback information).
• Wallet identifiers and related verification data where applicable.

Full payment card data are typically processed and stored by secure third-party payment service providers and not by Dama N.V. directly, except for limited reference data required for reconciliation and fraud prevention.

Behavioural, Analytics and Marketing Data

• Information about how you browse and interact with zoomeplay-au.com (pages visited, time spent, links clicked, navigation patterns).
• Betting and gameplay behaviour on Zoome-branded services, where accessible via our site, including game preferences and frequency of play.
• Marketing interaction data (newsletter opens, click-through rates, unsubscribe actions).

Cookies and Similar Technologies

• Cookies, web beacons, pixels and local storage used to recognise your browser, remember your preferences and measure site performance.
• Third-party analytics cookies (e.g. traffic measurement, conversion statistics) and advertising cookies subject to your consent where required.

Legal Basis for Processing

OBSERVE: Our processing must rely on recognised legal grounds in relevant privacy frameworks.

EXPAND: Even though Dama N.V. is established in Curaçao, we align with international standards such as the EU GDPR and leading privacy principles that inform Australian practice.

REFLECT: This multi-layered approach clarifies why and on what basis your data is handled.

Consent

• We process certain data only with your explicit consent, for example:
  • Receiving marketing emails, SMS messages or push notifications.
  • Use of non-essential cookies and tracking technologies for advertising or detailed analytics.
• You may withdraw consent at any time via the mechanisms described in this Policy (e.g. unsubscribe links, browser settings, or contacting support).

Performance of a Contract

• Processing is necessary to enter into and perform the user agreement related to Zoome services, including:
  • Creating and managing your player account.
  • Providing access to games and related gambling services.
  • Processing deposits, wagers and withdrawals.
  • Providing customer support and resolving operational issues.

Legitimate Interests

• We rely on legitimate interests, balanced against your privacy, to:
  • Prevent, detect and investigate fraud, abuse, money laundering and other unlawful activity.
  • Maintain network and information security.
  • Improve our website, services, user experience and business operations.
  • Produce aggregated, anonymised statistics for internal reporting and service optimisation.

Compliance with Legal and Regulatory Obligations

• We process your personal data to comply with obligations deriving from:
  • Curaçao licensing and anti-money laundering (AML) rules applicable to Dama N.V.
  • Record-keeping, accounting and reporting requirements.
  • Orders or lawful requests from competent authorities, courts or regulators.

Purpose of Processing

OBSERVE: Data is processed for clearly defined and legitimate purposes.

EXPAND: We connect purposes to service delivery, regulatory compliance and business improvement.

REFLECT: This helps you understand and, where relevant, challenge or limit how your information is used.

Service Provision and Account Management

• To register and verify your player account.
• To provide access to the Zoome gambling platform and related services promoted on zoomeplay-au.com.
• To process payments, wagers, bonuses and withdrawals.
• To provide customer support and handle your enquiries or complaints.

Regulatory, AML and Risk Management

• To comply with KYC (Know Your Customer), AML and counter-terrorist financing requirements.
• To monitor transactions and behaviour for signs of fraud or misuse.
• To respond to lawful information requests and cooperate with competent authorities.

Improvement, Analytics and Personalisation

• To analyse website traffic and usage patterns.
• To improve site performance, content relevance and usability.
• To personalise content, game recommendations and offers based on your preferences and behaviour, where allowed by law.

Marketing and Promotions

• To send you promotional communications about Zoome products, bonuses and campaigns, subject to your consent where required.
• To measure the effectiveness of marketing campaigns.
• To manage affiliate and advertising relationships and track conversions.

Security and Abuse Prevention

• To protect the security and integrity of our systems and services.
• To detect and prevent unauthorised access, hacking, cheating or other abuses.
• To conduct security testing, audits and incident response.

Disclosure & Sharing

OBSERVE: Data may be shared with carefully selected third parties and authorities.

EXPAND: We detail categories of recipients and the safeguards applied.

REFLECT: This clarifies when data leaves our direct control and under what conditions.

Group Companies and Operational Partners

• Zoome brand ecosystem: Limited data may be shared within the Zoome operational environment solely to provide integrated gambling services and support.
• Service providers: We use third parties for:
  • Payment processing and banking services.
  • ID verification, KYC/AML screening and fraud prevention tools.
  • IT hosting, cloud services, data storage and security.
  • Customer support platforms and communication tools.
  • Analytics and performance monitoring.

Payment Partners

• When you initiate deposits or withdrawals, relevant data (such as account ID, transaction details and limited payment reference data) are shared with:
  • Banks and card schemes.
  • Electronic wallet providers and payment gateways.
  • Other financial intermediaries involved in the transaction flow.

Regulators, Authorities and Dispute Bodies

• We may disclose information where required or permitted by law to:
  • Licensing bodies and supervisory authorities in Curaçao.
  • Law enforcement agencies, courts and governmental authorities, including Australian authorities where they lawfully request information in connection with investigations or enforcement activities.

Affiliates and Advertising Networks

• With your consent where required, we may share certain information with:
  • Affiliate partners for the purpose of tracking and rewarding referrals.
  • Advertising networks and marketing partners to deliver or measure targeted advertising.
• Data shared with such partners is limited to what is necessary and may be pseudonymised or aggregated where possible.

Business Transfers

• In the event of a reorganisation, merger, sale, joint venture, assignment or other transfer of all or part of our business, your personal data may be transferred to the acquiring or successor entity, subject to continued protection consistent with this Policy.

Legal Protection

• We may disclose information when we believe it is necessary to:
  • Protect our rights, property or safety, or those of our users, employees or partners.
  • Enforce our terms and conditions or other agreements.
  • Prevent physical harm or financial loss.

International Transfers

OBSERVE: Our operations and many of our providers are located outside the user's country.

EXPAND: Data may move between Curaçao, the EEA, and other regions where our suppliers operate, including infrastructure used to serve Australian players.

REFLECT: We implement safeguards aiming to maintain an adequate level of protection irrespective of the transfer destination.

Locations of Processing

• Your personal data may be processed and stored in:
  • Curaçao (headquarters and primary operational jurisdiction of Dama N.V.).
  • Member States of the European Economic Area (EEA) where certain IT, payment and support providers are based.
  • Other countries where our carefully selected service providers maintain data centres or support operations.

Safeguards for Cross-Border Transfers

• Where data is transferred from regions with regulated data export regimes (such as the EEA), we seek to ensure that:
  • Appropriate contractual safeguards (such as Standard Contractual Clauses) are in place with non-EEA recipients.
  • Technical and organisational security measures are implemented by all processors and sub-processors.
  • Transfers are limited to what is necessary for service provision, compliance and security.

Regional Compliance Note: Australian users acknowledge that zoomeplay-au.com is operated by an offshore entity (Dama N.V., Curaçao). As such, Australian privacy and consumer laws may not apply or may apply only in limited circumstances, and data may not receive the same level of statutory protection as it would under Australian Privacy Principles.

Data Retention

OBSERVE: Personal data cannot be kept indefinitely and must be retained only as long as necessary.

EXPAND: Retention durations reflect legal obligations, limitation periods and business needs.

REFLECT: Clear retention rules support accountability and enable timely deletion or anonymisation.

General Retention Principles

• We retain personal data for as long as:
  • You maintain an active account with Zoome-related services; and
  • It is necessary to fulfil the purposes described in this Policy.
• After account closure or last activity, data is retained only to the extent required by law, to resolve disputes, prevent fraud, and enforce agreements.

Indicative Retention Periods

• Identification and KYC data: Typically retained for up to 5 - 7 years after account closure or final transaction, in line with AML and record-keeping requirements.
• Transaction and gameplay records: Typically retained for up to 5 years after the relevant transaction or account closure, unless a longer period is legally required.
• Marketing data: Retained during the period of your active consent and for up to 2 years after your last interaction with our marketing communications, or until you withdraw consent.
• Technical logs and security data: Retained for a shorter period, usually between 6 months and 3 years, depending on security and operational needs.

Deletion and Anonymisation

• When data is no longer required, we will:
  • Securely delete or irreversibly anonymise it; or
  • Archive it with restricted access where retention is still legally required.
• Upon a valid deletion request, we will remove or anonymise your data unless we must retain certain information to comply with legal obligations or to establish, exercise or defend legal claims.

Your Rights

OBSERVE: Users should be able to understand and exercise control over their personal data.

EXPAND: We align with core data subject rights similar to those under GDPR and other modern privacy frameworks, even though Dama N.V. is not an EU or Australian entity.

REFLECT: Providing these rights promotes transparency and trust and supports fair processing.

Overview of Rights

• Right of access: You can request confirmation whether we process your personal data and receive a copy of such data, along with information about how it is used.
• Right to rectification: You can request correction of inaccurate or incomplete personal data.
• Right to erasure: You can request deletion of your personal data where:
  • It is no longer necessary for the purposes for which it was collected.
  • You withdraw consent where processing was based on consent and there is no other legal ground for processing.
  • You have validly objected to processing and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.
• Right to restriction of processing: You can request that we limit processing of your data in certain circumstances (for example, while we verify the accuracy of the data or the basis of an objection).
• Right to object: You may object at any time to:
  • Processing based on our legitimate interests, on grounds relating to your particular situation.
  • Processing for direct marketing, including profiling related to such marketing. If you object to marketing, we will promptly stop such processing.
• Right to data portability: Where technically feasible and applicable, you can request a copy of certain personal data in a structured, commonly used and machine-readable format and request that we transmit it to another controller.
• Right to withdraw consent: Where processing relies on your consent, you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

Exercising Your Rights

1. Submission of request: Send your request by email to [email protected] or [email protected], clearly stating:
   • Your full name, account ID (if applicable) and registered email address.
   • The right(s) you wish to exercise and a brief description of your request.
2. Verification: We may ask for additional information to confirm your identity (for example, by replying from your registered email or providing limited additional data) to prevent unauthorised access.
3. Response timeframe: We aim to respond within 30 days of receiving a complete request. If your request is complex or numerous, we may extend the response period by a further 30 days, informing you of the reasons.
4. Fees: Requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests, in line with recognised best practices.

Regional Compliance Note: While we are not directly subject to the EU GDPR or Mexican privacy legislation for Australian users, we largely mirror these rights as a matter of policy and good practice. Australian users should be aware that such rights are provided contractually and as a matter of policy rather than under direct Australian statutory compulsion, given our offshore status.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar tools collect information about how you use the site.

EXPAND: Different cookie types serve functional, analytical and advertising purposes.

REFLECT: Transparency about cookies helps you manage your choices and expectations.

Types of Cookies Used

• Session cookies: Temporary cookies that exist only while your browser is open and are erased when you close it. They are used, for example, to maintain your login session and navigation state.
• Persistent cookies: Cookies stored on your device for a defined period, helping us remember your preferences (such as language) and recognise you on subsequent visits.
• First-party cookies: Cookies set directly by zoomeplay-au.com for site functionality and security.
• Third-party cookies: Cookies set by analytics providers, advertising networks or affiliate tracking systems integrated into our site.

Purposes of Cookies

• Strictly necessary / functional: To enable core site functions such as page navigation, secure login, session management and access to restricted areas.
• Performance and analytics: To collect aggregated information about how visitors use the site (pages visited, dwell time, error messages) so we can improve performance and usability.
• Advertising and affiliate tracking: To deliver and measure advertising, track referral traffic from affiliates, and limit the number of times you see a particular advertisement, where such cookies are used.

Managing Cookies

• You can manage or disable cookies in your browser settings. Instructions are typically available in your browser's "Help" or "Settings" section.
• Disabling certain cookies (especially strictly necessary ones) may affect the functionality of the website and your ability to use some features.
• Where required by law, we will request your consent before placing non-essential cookies and provide you with options to accept or decline them.

Data Security

OBSERVE: Security is essential to protect personal data against unauthorised access, alteration and loss.

EXPAND: We employ a layered security approach combining technical, organisational and procedural measures.

REFLECT: While no system is absolutely secure, we aim to maintain a security posture consistent with recognised industry standards.

Technical Security Measures

• Encryption in transit: Data exchanged between your browser and our servers is protected using TLS 1.2 or higher (HTTPS) to reduce the risk of interception.
• Encryption at rest: Sensitive data elements are stored using encryption or other data protection techniques where appropriate.
• Access controls: Access to personal data is restricted to authorised personnel and service providers on a need-to-know basis, protected by authentication and role-based permissions.
• Network security: Firewalls, intrusion detection and other security controls are used to protect systems from unauthorised access and attacks.

Organisational and Procedural Measures

• Multi-factor authentication: Administrative access to critical systems is secured using multi-factor authentication where feasible.
• Security policies: Internal policies govern how employees and contractors handle personal data, including strict confidentiality obligations.
• Staff training: Personnel with access to personal data receive training on privacy, information security and responsible data handling.
• Vendor due diligence: Third-party service providers are assessed for their security measures and contractual obligations to protect data.

Monitoring, Audits and Incident Response

• Regular monitoring: Systems are monitored for unusual activity, vulnerabilities and potential incidents.
• Security testing: We may conduct or commission periodic security reviews or audits to identify and address weaknesses.
• Incident response: In case of a suspected or actual data breach, we follow defined procedures to contain, investigate and remediate the incident. Where applicable and required by law, we will inform affected users and/or relevant authorities without undue delay.

Compliance Note: While Dama N.V. is not certified under specific international security standards such as ISO 27001 or SOC 2, our security framework is designed with reference to best-practice controls reflected in these standards.

Complaints & Contacts

OBSERVE: Users need clear channels to raise questions and concerns.

EXPAND: We provide email contacts and outline the internal complaint handling process and potential escalation.

REFLECT: Effective complaint management supports fairness and transparency and helps identify systemic issues.

How to Contact Us

• Primary support and privacy contact: [email protected]
• General information and privacy enquiries: [email protected]
• Press and regulatory liaison: [email protected]
• Postal address (operator): Dama N.V., Scharlooweg 39, Willemstad, Curaçao.

Complaint Procedure

1. Initial complaint: Submit your complaint by email to [email protected], including:
   • Your full name and account identifier (if applicable).
   • A clear description of your concern or alleged privacy violation.
   • Any supporting evidence or correspondence.
2. Acknowledgement: We aim to acknowledge receipt of your complaint within 5 business days.
3. Investigation: Your complaint will be reviewed by the appropriate team, which may contact you for further information if necessary.
4. Response: We will provide a substantive reply, including our findings and any proposed resolution, within 30 days of receiving a complete complaint, unless a longer period is reasonably required due to complexity, in which case we will inform you.

Escalation to Authorities

As Dama N.V. is established in Curaçao, the primary supervisory or licensing bodies are based in that jurisdiction. However, depending on your location, you may have the right to lodge a complaint with your local data protection or consumer authority. For Australian users, note that:

• The Australian Communications and Media Authority (ACMA) oversees the enforcement of restrictions on offshore gambling sites and maintains a block list: https://acma.gov.au/blocked-gambling-sites.
• The Office of the Australian Information Commissioner (OAIC) may handle privacy complaints regarding entities subject to Australian privacy law: https://www.oaic.gov.au.

Because Dama N.V. is an offshore operator, the jurisdiction and competence of Australian authorities with respect to zoomeplay-au.com may be limited. Nevertheless, you remain free to contact such authorities for advice or to lodge a complaint if you believe your privacy rights have been infringed.

Updates

OBSERVE: Privacy practices and legal requirements may change over time.

EXPAND: We must keep this Policy current and inform you about material modifications.

REFLECT: Clear update procedures and version control enhance transparency and predictability.

Changes to This Privacy Policy

• We may update or amend this Privacy Policy from time to time to reflect:
  • Changes in our services, technologies or business practices.
  • Changes in legal or regulatory requirements applicable to Dama N.V.
  • User feedback or operational considerations.
• Each version will be identified by a "Last updated" date.

Notification of Material Changes

• For material changes that significantly affect how we process your personal data or your rights, we will:
  • Provide notice via email to the address associated with your account, where available; and/or
  • Display a prominent notice or banner on zoomeplay-au.com; and/or
  • Notify you via your account dashboard or similar interface, if applicable.
• Where reasonably practicable, we will provide notice of material changes at least 30 days before they take effect, giving you time to review them.

User Options on Policy Changes

• If you do not agree with the updated Privacy Policy, you may:
  • Adjust your privacy or marketing settings where available; and/or
  • Cease using the services and request account closure by contacting [email protected].
• Continued use of zoomeplay-au.com after the effective date of an updated Policy constitutes your acceptance of the revised terms.

Last updated: November 2025 (applicable and extended through 31 December 2026, subject to further updates).