Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed and protected when you access or use the website Syndicate hosted at https://syndicate-aussie.com (the "Website"). It applies to all visitors to the Website, including Australian users who access offshore online gambling services reviewed or referenced on this Website. This Privacy Policy is effective from 1 January 2025 and is intended to remain in force until replaced or updated, with key practices anticipated to continue at least through 2026.

Who We Are

Website operator

The Website Syndicate available at https://syndicate-aussie.com (referred to as "we", "us", "our" or the "Operator") provides information and reviews regarding online gambling services, including the Syndicate brand.

The underlying gambling brand "Syndicate Casino" is operated by:

• Legal entity: Dama N.V.
• Legal form: Private limited liability company
• Company registration number: 152125
• Registered and legal address: Scharlooweg 39, Willemstad, Curaçao
• Gambling licence: 8048/JAZ2020-013 issued by Antillephone N.V., authorised by the Government of Curaçao, for online gambling operations (valid as of 2024-05-20 and anticipated to remain valid to at least 2026 unless revoked).

Important regulatory note for Australian users

According to information published by the Australian Communications and Media Authority (ACMA), certain websites operated by Dama N.V., including Syndicate-branded services, have been the subject of blocking orders and enforcement actions as illegal offshore gambling services for Australian residents. The Website Syndicate at syndicate-aussie.com is an informational site and does not itself provide gambling services or process bets, but may reference such offshore services.

Data protection contact

For all privacy-related questions, requests or complaints regarding this Website, you may contact our data protection contact point:

• Email (general and privacy): [email protected]
• Support: [email protected]
• Postal contact (operator of brand): Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Where we refer to a "Data Protection Officer (DPO)" in this Policy, this denotes the responsible person or team handling privacy queries via the above contacts, even if no formal DPO is appointed under specific legislation.

What Personal Data We Collect

We collect and process different categories of personal information when you visit or interact with Syndicate on syndicate-aussie.com, or when you choose to create an account or engage with linked gambling services.

Identification and contact data

• Basic identification data: full name, username or nickname, date of birth (where required by the underlying gambling service for age/identity verification).
• Contact data: email address, telephone number, country of residence, preferred language.
• Account data: account identifiers, internal user IDs, communication preferences, subscription settings for marketing or newsletters.

Technical and usage data

• Device and connection data: IP address, approximate geolocation inferred from IP, browser type and version, operating system, device type and settings, screen resolution, time zone, language settings.
• Log data: pages visited, time and date of access, referral URLs, clickstream data, session duration, error logs, and similar technical logs generated by our servers and security systems.

Payment and transactional data

• Payment method data: limited information relating to deposits and withdrawals carried out with payment providers connected to the Syndicate brand (such as masked card numbers, payment instrument type, transaction references). We do not store full credit card numbers on the review Website. Payment details may be primarily processed by payment partners on behalf of the gambling operator.
• Financial transaction data: amounts deposited or withdrawn, currency, time and date of transactions, status of transactions, chargeback information and related financial records required for anti-fraud and anti-money laundering (AML) compliance.

Behavioural and gambling-related data

• Website behaviour: clicks, navigation paths, interaction with promotional content, time spent on particular sections of the Website, and responses to surveys or feedback forms.
• Gambling behaviour (where you use the Syndicate gambling services): game preferences, game sessions, betting history, wins and losses, stake amounts, frequency and duration of play, bonuses used, self-exclusion or cooling-off data, responsible gambling limits applied.

Cookies and similar technologies

• Cookies: small text files stored on your device used for session management, remembering preferences, analytics and advertising.
• Tracking technologies: web beacons, pixels, tags, SDKs, device identifiers and local storage used for security, analytics, marketing attribution and performance measurement.

Voluntary communications and content

• Communications: content of messages sent to [email protected], [email protected] or other email addresses, support inquiries, complaints or feedback, and our internal notes on handling such communications.
• Public content: reviews, comments, or ratings that you voluntarily submit on the Website (if such features are enabled), including your displayed name or nickname.

Legal Basis for Processing

Our processing of personal data is grounded in multiple legal bases recognised by international privacy standards and, where applicable, relevant Australian privacy requirements (including the Privacy Act 1988 (Cth) and the Australian Privacy Principles), as well as comparable global frameworks such as the EU General Data Protection Regulation (GDPR). For users from Mexico or the EU who may access the Website, our practices also aim to be compatible with Mexican data protection requirements and GDPR standards.

Consent

• Marketing communications: We rely on your explicit consent when you subscribe to newsletters, promotional emails or marketing communications. You can withdraw this consent at any time through the unsubscribe link or by contacting us.
• Non-essential cookies and tracking: We use consent mechanisms (such as cookie banners) to obtain your permission for analytics and advertising cookies where legally required.

Contractual necessity

• Provision of requested services: If you open an account or otherwise engage with services linked to the Syndicate brand through syndicate-aussie.com, the processing of your identification, contact, transactional and behavioural data is necessary to:
  • Create and manage your user account;
  • Provide games, bonuses, promotions and loyalty programs;
  • Process payments, payouts and account balance adjustments;
  • Deliver support and respond to your queries.

Legitimate interests

• Website operation and improvement: We process technical and usage data to ensure the proper functioning, optimisation and security of the Website, including preventing abuse and improving content relevance.
• Fraud prevention and network security: We analyse transaction and behavioural patterns to detect and prevent fraud, account takeovers, money laundering or other unlawful activities, balancing these interests against your rights and expectations.
• Analytics and performance: Non-identifying or pseudonymised usage data may be used to analyse trends, measure the effectiveness of advertising, and evaluate Website performance.

Compliance with legal obligations

• KYC/AML and regulatory requirements: The gambling operator (Dama N.V.) is bound by international KYC (Know Your Customer) and AML rules, which require the collection and retention of identification, verification and transactional data.
• Tax, accounting and reporting: We may need to process and retain payment and transaction records for tax, accounting, auditing and regulatory reporting.
• Law enforcement requests: We may process and disclose personal data to comply with binding requests from courts, regulators or law enforcement agencies where such disclosure is required by applicable law.

Purpose of Processing

We process personal data for clearly defined and legitimate purposes, and we do not use data in ways that are incompatible with these purposes.

Provision and management of services

• To operate Syndicate on syndicate-aussie.com and provide informational and review content.
• To enable you to create and manage an account, where applicable, and to access linked gambling services.
• To facilitate deposits, withdrawals and financial transactions via authorised payment partners.
• To provide customer support, respond to inquiries and handle complaints.

Improvement and optimisation

• To monitor and analyse the performance of the Website, pages and content.
• To understand user behaviour and preferences in order to improve usability, security, and the selection of content or offers.
• To test and develop new features and enhancements.

Marketing, promotions and personalisation

• To send marketing communications, promotions, newsletters or bonus offers about the Syndicate brand or related services, subject to your consent where required.
• To personalise displayed content and offers based on your interactions, preferences or general profile (for example, showing relevant games or promotions).
• To perform marketing attribution and measure the effectiveness of advertising campaigns, including affiliate marketing relationships.

Analytics, risk management and fraud prevention

• To conduct statistical analysis and aggregated reporting regarding website traffic and usage trends.
• To detect, investigate and prevent fraud, abuse of bonuses, account misuse, money laundering, or violations of terms and conditions.
• To protect the rights, property and safety of our users, the Operator, and third parties.

Legal and regulatory compliance

• To comply with KYC/AML obligations, gambling regulations in Curaçao and other applicable jurisdictions, as well as Australian enforcement requirements (including ACMA directions and blocking orders).
• To respond to lawful requests by public authorities and to comply with court orders or regulatory reporting obligations.

Disclosure & Sharing

We may share personal data with carefully selected third parties where necessary and proportionate for the purposes set out above. In all cases, we endeavour to ensure that third parties only receive the minimum data necessary and are bound by appropriate confidentiality and data protection obligations.

Service providers and technical partners

• Hosting and IT infrastructure: Providers that host the Website, maintain servers, databases, backup systems, content delivery networks, and related technical infrastructure.
• Security and anti-fraud tools: Vendors that provide fraud detection, IP reputation, device fingerprinting, and security monitoring services.
• Analytics providers: Third-party analytics tools used to understand how visitors use the Website and to optimise performance.

Payment partners and financial institutions

• Payment processors: When you make deposits or withdrawals with the Syndicate gambling services, your payment data is shared with banks, card schemes, e-wallet providers and other financial intermediaries to process the transaction.
• Chargeback and risk management services: Third parties that help investigate and manage chargebacks, disputes or suspicious payment activity.

Affiliates and marketing partners

• Affiliate networks: Partners that market the Syndicate brand and are compensated based on traffic or conversions. We may share limited information for tracking, reporting and fraud prevention, usually in pseudonymised or aggregated form.
• Advertising networks and platforms: With your consent where required, we may use third-party advertising and retargeting services that use cookies and similar technologies to display relevant ads and measure campaign effectiveness.

Group companies and corporate transactions

• Related entities: Subsidiaries, parent companies or other entities within the same corporate group as Dama N.V. or as the Operator of Syndicate, for internal administrative, auditing, compliance and service-provision purposes.
• Business transfers: In the event of a merger, acquisition, asset sale, restructuring or insolvency, personal data may be transferred to another entity, subject to continued protection consistent with this Policy.

Regulators, authorities and legal recipients

• Regulatory authorities: Gambling regulators in Curaçao and any other competent jurisdiction, and enforcement authorities such as the ACMA in Australia, to comply with licensing, enforcement and blocking requirements.
• Law enforcement and courts: Where required by applicable law or pursuant to a valid legal process, we may disclose data to police, courts, or other public authorities.
• Legal and professional advisers: Lawyers, auditors, accountants or other professional advisers under appropriate confidentiality obligations.

International Transfers

Given the cross-border nature of online gambling services and the global infrastructure used to operate and secure the Website, your personal data may be transferred to, and processed in, countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Key transfer destinations

• Curaçao: Corporate registration and licensing jurisdiction of Dama N.V., where certain operational, compliance and support functions may be located.
• European Economic Area (EEA) and other regions: Hosting, analytics, payment and security providers may be located in or process data from the EEA, the United Kingdom, or other countries with established data protection frameworks.
• Other international locations: Some service providers may process data from additional countries (for example, cloud infrastructure regions in North America or Asia-Pacific), depending on their infrastructure.

Safeguards for international transfers

• We seek to ensure that cross-border data transfers comply with applicable legal requirements, including by:
  • Using contractual safeguards such as Standard Contractual Clauses or equivalent arrangements where required by EU, UK or comparable laws;
  • Ensuring that recipients are subject to appropriate technical and organisational measures to protect personal data;
  • Limiting transfers to what is strictly necessary for the purposes set out in this Policy.
• Where local law in your jurisdiction imposes specific conditions on international transfers (for example, under Mexican or EU data protection law), we endeavour to respect those conditions for affected users, subject to technical feasibility and the nature of our services.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy, including for the fulfilment of legal, accounting and reporting obligations, and then securely delete or irreversibly anonymise it.

General retention periods

• Website account data: Stored for the duration of your active relationship with us. After account closure or your last interaction, core account data is generally retained for up to 5 years, unless a longer period is required by law or necessary for the establishment, exercise or defence of legal claims.
• Identification and KYC data: Retained for at least 5 years after account closure, or longer if required by AML or gambling regulations in relevant jurisdictions.
• Payment and transaction data: Retained for at least 7 years from the date of the transaction for accounting, tax and regulatory purposes, where such periods may extend into or beyond 2026.
• Technical logs and security data: Retained for 6 to 24 months, depending on the type of log and security relevance, after which it is anonymised or deleted.
• Marketing data: Retained for as long as you remain subscribed to marketing communications and for a limited period (usually up to 2 years) after you unsubscribe, for evidentiary purposes and to ensure that your opt-out is respected.
• Support communications and complaints: Retained for up to 5 years after resolution of the query or complaint, or longer where necessary for legal reasons.

Deletion criteria

• Data is deleted or anonymised when:
  • The retention period expires;
  • The data is no longer required for any lawful purpose described in this Policy;
  • You successfully exercise relevant data protection rights (such as deletion) and there is no overriding legal basis to retain the data.

Your Rights

We seek to handle personal data in line with recognised international data protection standards, including principles reflected in the GDPR and comparable laws such as Mexican data protection regulations. Depending on your place of residence and subject to applicable law, you may have some or all of the following rights regarding your personal data.

Right of access

• You may request confirmation as to whether we process personal data about you and, where this is the case, obtain a copy of your personal data and certain related information (for example, categories of data, purposes of processing, recipients and retention periods).

Right to rectification

• You may request that we correct or complete inaccurate or incomplete personal data relating to you. Where possible, you may also update some information directly via your account settings on the gambling platform.

Right to deletion ("right to be forgotten")

• You may request deletion of your personal data where:
  • The data is no longer necessary for the purposes for which it was collected;
  • You withdraw consent (where consent is the legal basis) and there is no other legal basis for processing;
  • You successfully object to processing and there are no overriding legitimate grounds;
  • The data has been unlawfully processed or must be deleted to comply with a legal obligation.
• We may refuse or delay deletion where retention is required by law (for example, KYC/AML rules) or necessary for the establishment, exercise or defence of legal claims.

Right to restriction of processing

• You may request that we restrict processing of your data (while still retaining it) where:
  • You contest the accuracy of the personal data, for a period enabling us to verify it;
  • The processing is unlawful, and you oppose deletion and request restriction instead;
  • We no longer need the data but you require it for legal claims;
  • You have objected to processing and we are verifying whether our legitimate grounds override your interests.

Right to object

• You may object, on grounds relating to your particular situation, to the processing of personal data based on our legitimate interests, including profiling. We will cease such processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is needed for legal claims.
• You may object at any time to the processing of your data for direct marketing, including profiling related to such marketing, and we will comply with your objection.

Right to data portability

• Where processing is based on your consent or on a contract and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used and machine-readable format, and you may request that we transmit this data directly to another controller where technically feasible.

Right to withdraw consent

• Where processing is based on your consent (for example, marketing communications or certain cookies), you have the right to withdraw this consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

Procedures, timeframes and cost

• How to exercise your rights: You may exercise your rights by contacting us via [email protected] or [email protected]. Please provide sufficient information to verify your identity and to locate your data (for example, your username, registered email, and a clear description of your request).
• Response time: We aim to respond to all valid requests within 30 days of receipt. Where the request is complex or numerous, we may extend this period in accordance with applicable law and will inform you of any such extension.
• Fees: We handle rights requests free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in particular because of their repetitive character.

Cookies & Tracking Technologies

Cookies and similar technologies are used to ensure the proper functioning of Syndicate on syndicate-aussie.com, to enhance user experience, and to support analytics and advertising activities.

Types of cookies

• Session cookies: Temporary cookies that exist only while your browser is open and are deleted after you close it. They enable core functionality such as login sessions and navigation.
• Persistent cookies: Cookies that remain on your device for a set period or until you delete them. They are used to remember preferences, personalise content, and recognise you on subsequent visits.
• First-party cookies: Cookies set directly by syndicate-aussie.com.
• Third-party cookies: Cookies set by third-party services integrated into the Website, such as analytics providers, advertising networks or social media platforms.

Purposes of cookies

• Strictly necessary / functional: Required for the operation of the Website and to provide services you explicitly request, such as remembering your privacy settings, maintaining sessions and enabling basic navigation.
• Analytics and performance: Collect information about how visitors use the Website (for example, which pages are visited most, error messages, time spent on pages) to help us understand and improve performance.
• Advertising and marketing: Used to deliver more relevant ads on our Website and elsewhere, to limit how often you see a particular advertisement, and to measure the effectiveness of campaigns. These may involve third-party advertising networks and require your consent in many jurisdictions.

Managing and disabling cookies

• Browser settings: Most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. Refer to your browser's help section for instructions.
• Cookie banners and tools: Where implemented, you may use our cookie banner or preference centre to accept or reject non-essential cookies.
• Third-party opt-out tools: Some third-party providers offer their own opt-out mechanisms for analytics or advertising cookies.
• Please note that disabling certain cookies may affect the functionality or performance of the Website and reduce the quality of your user experience.

Data Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

Technical measures

• Encryption in transit: Data transmitted between your browser and our servers is protected using Transport Layer Security (TLS) version 1.2 or higher, helping to prevent interception or tampering.
• Encryption at rest: Where feasible, sensitive data is stored using industry-standard encryption or hashing mechanisms to protect it against unauthorised access.
• Access controls: Access to systems and databases is restricted based on the principle of least privilege and protected through strong authentication methods, which may include multi-factor authentication (MFA) where appropriate.
• Segmentation and firewalls: Network segmentation, intrusion detection systems, firewalls and other security technologies are used to monitor and protect the infrastructure.

Organisational measures

• Policies and procedures: Internal policies govern data handling, access control, incident response, password management and acceptable use.
• Staff training: Employees and contractors who handle personal data receive training on data protection, confidentiality and security awareness.
• Vendor due diligence: Third-party service providers are vetted for their security practices, and contractual safeguards are put in place to require appropriate data protection and security measures.

Monitoring and incident response

• Regular reviews: We periodically review our security controls and may conduct audits, vulnerability assessments or penetration testing in line with industry good practice.
• Incident handling: We maintain procedures for identifying, assessing and responding to suspected personal data breaches. Where required by law, affected users and relevant authorities will be notified without undue delay.
• While we aim to align our security posture with recognised international standards (such as ISO 27001 or SOC 2 principles) where appropriate, no system can be guaranteed to be completely secure. You are encouraged to use strong, unique passwords and to protect your own account credentials.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal data, or if you wish to exercise any of your data protection rights, you should first contact us so that we can attempt to resolve the issue directly.

Primary contact channels

• Email (privacy and general): [email protected]
• Support: [email protected]
• Postal address (brand operator): Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Complaint procedure

1. Submit your complaint: Send a detailed description of your concern, including relevant dates, account identifiers, and copies of any supporting documents, to one of the contact channels above.
2. Acknowledgement: We will acknowledge receipt of your complaint, usually within 5 business days.
3. Investigation: We will review your complaint, consult internal logs and staff where necessary, and, if appropriate, request additional information from you.
4. Response: We aim to provide a substantive response within 30 days of receiving a complete complaint. If we require more time due to complexity or volume, we will notify you of the delay and provide an updated timeframe.
5. Further steps: If you remain dissatisfied with our response, you may seek further review from relevant supervisory or regulatory authorities, or pursue other remedies available under applicable law.

Escalation to supervisory authorities

• Australia: If you are in Australia and your complaint relates to privacy matters, you may contact the Office of the Australian Information Commissioner (OAIC):
  • Website: https://www.oaic.gov.au
• ACMA (gambling enforcement): For complaints relating to illegal offshore gambling services, you may also refer to the Australian Communications and Media Authority (ACMA):
  • Website: https://www.acma.gov.au
• EU / EEA users: If you are located in the EU/EEA and believe your rights under GDPR have been infringed, you may contact your local data protection authority. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
• Mexican users: If you are located in Mexico, you may be able to submit a complaint to the competent Mexican data protection authority (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI) or its successor entity, in accordance with applicable Mexican privacy regulations.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

Notification of changes

• Website publication: The most current version of this Privacy Policy will always be available on Syndicate at syndicate-aussie.com, with a "Last updated" date shown at the end.
• Direct notifications: Where changes are material, we may also notify you by:
  • Sending an email to the primary email address associated with your account (where you have an account);
  • Displaying prominent notices or banners on the Website;
  • Providing alerts within your account dashboard or similar interfaces.

Advance notice and user options

• For significant changes that materially affect your rights or the way we process personal data, we will, where reasonably possible, provide at least 30 days' advance notice before the new version takes effect.
• If you do not agree with the updated Policy, you may:
  • Discontinue use of the Website and associated services; and
  • Request closure of your account and, where applicable, exercise your data protection rights (including deletion, subject to legal retention obligations).

Last updated: January 2025 (intended operational alignment through at least 2026).