burger icon
Oshi Review Australia
Log In

Privacy Policy

This Privacy Policy explains how Oshi, operated for users of the website https://oshi-aussie.com, collects, uses, stores, and discloses your personal information. It applies to all players, prospective players, and visitors who access or use oshi-aussie.com from Australia or elsewhere. By using our website, you agree to the practices described in this Policy as updated from time to time. This Privacy Policy is effective and applies to processing activities carried out up to and including the year 2026.

Who We Are

OBSERVE: Users must know the legal operator, jurisdiction, and contact channel for privacy matters.

EXPAND: We identify the controlling and processing entities and their basic registration information, even where full street addresses are not available in the supplied data, and establish a clear contact point.

REFLECT: The following information defines the entities responsible for handling your personal data in connection with Oshi on oshi-aussie.com.

Operator and Data Controller

  • Trading/brand context: Oshi (review and informational environment for Oshi, as accessed via oshi-aussie.com).
  • Operating company: Dama N.V., a public limited company (N.V.) incorporated under the laws of Curaçao.
  • Registration number: 152125 (Curaçao Chamber of Commerce, status verified as of 20.05.2024).
  • Gaming licence: Antillephone N.V. licence no. 8048/JAZ2020-013, jurisdiction of Curaçao; validity extended to 2026.
  • Registered office / legal address: Dama N.V. is registered in Curaçao; the full street address is not specified in the source data. Where required, we will provide the full address upon written request to our support team.

Payments and Processing Support Entity

  • Payments subsidiary: Strukin Ltd, a limited company registered in Cyprus, acting as a payments processing subsidiary for Dama N.V.
  • Jurisdiction: Cyprus (full address not specified in the source data).

Contact for Privacy and Data Protection

  • Data protection contact / responsible department: Data Protection Team, on behalf of Dama N.V.
  • Email (primary): [email protected] (please include "Privacy Request" in the subject line).
  • Website: https://oshi-aussie.com
  • Postal contact: As the full mailing address is not specified in the source data, you may initially contact us via email to obtain the appropriate postal details for written requests or complaints.

Regional Compliance Note: Dama N.V. is licensed and regulated in Curaçao and does not hold an Australian gambling licence. The Australian Communications and Media Authority (ACMA) has previously listed Oshi on blocklists under the Interactive Gambling Act. This Privacy Policy does not constitute any representation of compliance with Australian gambling licensing requirements and relates solely to privacy and data protection practices.

What Personal Data We Collect

OBSERVE: We collect personal, technical, transactional, and behavioural information to provide and improve services and to meet legal obligations.

EXPAND: The categories below cover data provided directly by you, data generated through your use of our services, and data obtained from third parties (e.g., payment providers, verification services).

REFLECT: Understanding these categories helps you assess how and why your data is processed when you interact with Oshi on oshi-aussie.com.

1. Identification and Contact Data

  • Full name, date of birth, and gender (where provided).
  • Residential address, country of residence, and nationality.
  • Email address (including [email protected] as our primary external contact point), phone number, and other contact details you provide.
  • Copies or details of identification documents (e.g., passport, ID card, driving licence) for Know Your Customer (KYC) checks.

2. Account and Usage Data

  • Username, account ID, passwords (stored using secure hashing algorithms), and security questions/answers.
  • Account status, verification status, and communication preferences.
  • Login times, session duration, language preferences, and interface settings.

3. Technical and Device Data

  • IP address and approximate geolocation based on IP.
  • Device identifiers (such as device ID, operating system, browser type and version, screen resolution).
  • Log data, including pages visited, links clicked, referral URLs, and error logs.
  • Data from cookies, web beacons, pixel tags, and similar tracking technologies (see "Cookies & Tracking Technologies" below).

4. Payment and Financial Data

  • Payment method details (such as partially masked card numbers, card type, expiry date) as made available to us by our payments processors.
  • Wallet identifiers and transaction hashes when using cryptocurrencies, where applicable.
  • Deposit and withdrawal history, account balances, bonus balances, and chargeback records.
  • Billing address and currency used.

5. Behavioural and Gaming Data

  • Betting and gaming history, including games played, timestamps, stakes, outcomes, and win/loss records.
  • Bonuses and promotional offers used, wagering contributions, and completion status.
  • Interactions with site elements (clickstream data, navigation paths, time spent on sections of the site).
  • Flags or internal risk ratings related to anti-fraud, AML, and responsible gambling assessments.

6. Communications and Support Data

  • Content of communications with our support team (including via [email protected]), live chat transcripts, and complaint records.
  • Survey responses, feedback forms, and review submissions related to Oshi.

7. Cookies and Similar Technologies

  • Session cookies used to maintain your login state and security tokens.
  • Persistent cookies storing your preferences (language, region, saved credentials where chosen).
  • Third-party cookies and tracking pixels used for analytics, anti-fraud tools, and (where permitted) marketing/advertising.

Legal Basis for Processing

OBSERVE: Data protection laws require us to identify valid grounds for processing personal data.

EXPAND: While Dama N.V. is established outside the EU, we align our practices with internationally recognised standards such as the EU GDPR as a benchmark, and with applicable Australian privacy principles (including the Australian Privacy Principles) where relevant to Australian users.

REFLECT: The main legal bases we rely on for processing your personal data are set out below.

1. Performance of a Contract

  • To register and manage your player account on oshi-aussie.com.
  • To provide access to games and related gambling services.
  • To process deposits, wagers, withdrawals, and bonus credits.
  • To provide customer support, handle complaints, and manage disputes.

Processing of your identification, contact, account, transactional, and behavioural data is necessary to provide the services you request and to perform our contractual obligations to you.

2. Compliance with Legal Obligations

  • To undertake KYC, age verification, and identity checks to satisfy AML/CFT and other regulatory requirements within our licensing jurisdiction (Curaçao) and relevant international standards.
  • To maintain accounting records, transaction logs, and reports required by tax, financial, or gaming authorities.
  • To respond to lawful requests from competent authorities, court orders, or regulators (including the Curaçao Gaming Control Board and other designated authorities).

In these cases we may be legally required to retain and process certain personal data, even if you request deletion or restrict processing, where lawfully permitted.

3. Legitimate Interests

  • Security and anti-fraud: Detecting and preventing fraudulent activities, money laundering, bonus abuse, account takeover, or other misuse of our platform.
  • Service improvement: Analysing aggregated or pseudonymised usage data to improve our website performance, game selection, and user experience.
  • Risk management: Monitoring betting patterns and technical activity to manage commercial, operational, and regulatory risk.
  • Internal reporting: Generating statistics and management reports to support business operations.

Where we rely on legitimate interests, we balance our interests against your rights and reasonable expectations and apply safeguards such as pseudonymisation and strict access controls.

4. Consent

  • For sending marketing communications (email, SMS, push notifications) about promotions, bonuses, and news, where required by law.
  • For the use of non-essential cookies and tracking technologies for advertising and certain analytics, where applicable.
  • For any optional processing that is not strictly necessary for the provision of services or compliance with legal obligations.

You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Instructions are provided below under "Your Rights".

Purpose of Processing

OBSERVE: Players and visitors must understand exactly how their data is used.

EXPAND: We align purposes with our contractual duties, legal obligations, risk management, and user-facing functions (service provision, marketing, and analytics).

REFLECT: The purposes below guide our processing activities and retention decisions.

Main Purposes

  • Provision of services: Creating and administering your account, enabling deposits and withdrawals, offering games, calculating and paying out winnings, and operating promotions and loyalty programs.
  • Account management: Maintaining your profile, managing preferences, providing support, and communicating about changes to terms and policies.
  • Legal and regulatory compliance: Performing KYC/AML checks, preventing underage gambling, complying with licence conditions, and maintaining audit trails and mandatory records.
  • Security and fraud prevention: Monitoring transactions and behaviour to prevent fraud, misuse, and technical abuse (e.g., bots, DDoS attacks), and to protect the integrity of the platform.
  • Analytics and service improvement: Analysing site performance and user behaviour (in aggregated or pseudonymised form where possible) to optimise games, interfaces, and content, including for Oshi content.
  • Marketing and personalisation: Sending marketing messages (where legally permitted and with your consent where required), tailoring offers and bonuses to your profile, and running targeted campaigns.
  • Dispute resolution and risk management: Investigating and resolving complaints, chargebacks, regulatory queries, and legal claims; enforcing our terms and conditions.

Disclosure & Sharing

OBSERVE: Personal data is shared with certain third parties to provide services, meet legal duties, and manage risk.

EXPAND: We identify categories of recipients and the circumstances under which data may be transferred, with appropriate safeguards.

REFLECT: The following disclosures are limited to what is necessary and proportionate for the stated purposes.

1. Group and Related Entities

  • Dama N.V. and group entities: Internal sharing within Dama N.V. and its subsidiaries (including Strukin Ltd in Cyprus) for operational support, payments processing, risk management, compliance, and internal reporting.

2. Payment and Financial Service Providers

  • Acquiring banks, card schemes, payment gateways, e-wallet providers, cryptocurrency processors, and other financial intermediaries that process your deposits, bets, and withdrawals.
  • These providers may act as independent data controllers or processors; their own privacy policies govern their handling of your financial data.

3. Technical and Operational Service Providers

  • Hosting and cloud infrastructure providers, content delivery networks, and data centres.
  • Game providers and software vendors supporting RNG-based games and platforms.
  • IT support, security monitoring, logging, and analytics providers.
  • Email delivery services, customer support platforms, and CRM systems.

4. Compliance, Verification, and Risk Management Partners

  • Identity verification and KYC/AML screening providers.
  • Fraud detection and prevention services, including tools assessing device fingerprints and behavioural patterns.
  • Professional advisers (lawyers, auditors, consultants) assisting with legal, regulatory, or risk matters.

5. Regulators, Authorities, and Dispute Bodies

  • Regulatory bodies in our licensing and corporate jurisdictions (e.g., Curaçao regulators and Antillephone N.V. as the licence supervisor), where disclosure is necessary to meet licence conditions or applicable laws.
  • Law enforcement agencies, courts, and competent authorities in response to lawful requests, court orders, or legal processes.

6. Marketing and Affiliate Partners

  • Marketing networks, affiliate programs, and advertising partners that promote Oshi and related content, where allowed by law and, where necessary, with your consent.
  • These partners may use cookies, tracking pixels, and similar technologies to measure campaign performance and avoid duplicate registrations or abuse.

7. Corporate Transactions

  • In the event of a merger, acquisition, reorganisation, asset sale, or similar corporate transaction involving Dama N.V. or relevant business units, your data may be disclosed to potential or actual buyers and their advisers, subject to confidentiality obligations, and transferred as part of the transaction.

We do not sell your personal data as a standalone asset. All sharing is conducted under contracts that impose data protection obligations where the recipient acts as our processor.

International Transfers

OBSERVE: Data may be processed in multiple countries, including outside Australia and outside the European Economic Area (EEA).

EXPAND: Given Dama N.V.'s establishment in Curaçao and use of global service providers (including Cyprus-based entities and potentially EU or other international vendors), cross-border data flows are inherent to the operation.

REFLECT: We apply contractual and technical safeguards to protect your data during such transfers, consistent with widely recognised standards.

Destinations of Transfers

  • Curaçao: Main jurisdiction where Dama N.V. is incorporated and licensed; core operations and some data storage may occur here.
  • Cyprus: Location of Strukin Ltd (payments processing subsidiary) and potentially other EU-based service providers.
  • European Union / EEA countries: Where cloud, analytics, or verification providers are located and process data.
  • Other countries: Certain technical, anti-fraud, or marketing service providers may operate globally (including in the UK, US, or Asia-Pacific), depending on contracted vendors.

Safeguards Applied

  • Use of contractual safeguards, such as data processing agreements and, where relevant, Standard Contractual Clauses or equivalent protections adopted in line with prevailing international data transfer standards.
  • Implementation of technical and organisational measures (encryption, access controls, logging) to ensure data remains protected during transfer and at rest.
  • Transfer of data only to trusted service providers that commit to appropriate confidentiality and security obligations.

By using oshi-aussie.com, you acknowledge that your personal data may be transferred internationally as described, subject to these protections.

Data Retention

OBSERVE: Data must not be kept longer than necessary for the purposes for which it was collected.

EXPAND: Retention periods are influenced by gaming licence conditions, AML regulations, tax and accounting rules, and the need to defend legal claims.

REFLECT: The indicative periods below apply unless a longer period is required or permitted by applicable law, in any event not extending beyond what is necessary up to and including 2026 for current obligations.

General Principles

  • We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, including satisfying legal, accounting, or reporting requirements.
  • Where data is no longer needed, we will either securely delete it or irreversibly anonymise it.

Indicative Retention Periods

  • Account and identification data: Generally retained for the duration of your account and for up to five (5) years after account closure, to meet AML, licensing, and record-keeping obligations and to address potential claims.
  • Transaction and financial data: Typically retained for five (5) to seven (7) years from the date of the relevant transaction, aligning with accounting and anti-money laundering requirements in the applicable jurisdictions.
  • Gaming and behavioural data: Retained for as long as necessary for operational, responsible gambling, and legal purposes and thereafter may be aggregated or anonymised for statistical analysis.
  • Customer support and complaint data: Retained for up to five (5) years after resolution of the case, or longer if required for regulatory or legal reasons.
  • Marketing data: Processed until you opt out or withdraw consent. Core records showing that you opted out may be kept longer to ensure your preferences are respected.
  • Cookies and tracking data: Stored in line with the lifespan of each cookie (see "Cookies & Tracking Technologies"); some may persist for months or up to two years unless deleted by you earlier.

Where we rely on your consent for processing and you withdraw that consent, we will stop the corresponding processing and either delete or anonymise associated data, unless retention is independently justified by another legal basis (e.g., legal obligation or legitimate interest).

Your Rights

OBSERVE: Individuals have rights concerning how their personal data is processed.

EXPAND: While Dama N.V. operates outside the EU and Mexico, we strive to align with key international privacy standards, including the EU General Data Protection Regulation (GDPR) as a benchmark and comparable rights recognised in other regimes.

REFLECT: Subject to applicable laws, you may exercise the rights below in relation to personal data processed in connection with Oshi on oshi-aussie.com.

1. Right of Access

  • You may request confirmation whether we process your personal data and obtain a copy of such data, together with information on how it is used, the categories of data involved, and the recipients or categories of recipients.

2. Right to Rectification

  • You may request correction of inaccurate personal data and completion of incomplete data (for example, updating your address or contact details).

3. Right to Erasure ("Right to be Forgotten")

  • You may request deletion of your personal data where:
    • the data is no longer necessary for the purposes for which it was collected;
    • you withdraw consent where consent is the sole legal basis;
    • you successfully object to processing based on our legitimate interests; or
    • the data has been unlawfully processed.
  • This right may be limited where retention is required for legal or regulatory reasons (for example, AML record-keeping obligations).

4. Right to Restrict Processing

  • You may request that we restrict processing of your data in certain situations, such as when you contest the accuracy of the data or object to processing based on our legitimate interests, while we verify your claims.

5. Right to Object

  • You may object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests, including profiling related to such interests.
  • You have an absolute right to object to the use of your data for direct marketing (including profiling to the extent it is related to direct marketing). We will stop such processing without undue delay.

6. Right to Data Portability

  • Where technically feasible and where we process your data by automated means on the basis of your consent or the performance of a contract, you may request to receive personal data you provided to us in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.

7. Right to Withdraw Consent

  • Where processing is based on your consent (e.g., marketing communications, some cookies), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Procedures, Timeframes, and Cost

  • How to submit a request: Send an email to [email protected] with the subject line "Privacy Request" and include:
    • your full name and username (if you hold an account);
    • a description of the right(s) you wish to exercise; and
    • any information that will help us locate your data.
  • Verification: We may request additional information to verify your identity (for example, from existing account data or ID confirmation) before acting on your request.
  • Response time: We aim to respond to all valid requests within 30 days of receipt and verification. In complex cases, this period may be extended by a further 30 days; if so, we will inform you of the extension and reasons.
  • Fees: We will not charge you a fee for processing your request unless it is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act on the request, as permitted by applicable law.

Please note that certain rights may be limited under applicable law or may not apply in all jurisdictions. Where we cannot fully comply with your request, we will explain the reasons, subject to any legal or regulatory restrictions.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar technologies are used for core functionality, analytics, security, and marketing.

EXPAND: Different cookie types serve different purposes, some strictly necessary, others optional and subject to your control.

REFLECT: Understanding these helps you manage your preferences and browser settings.

Types of Cookies We Use

  • Session cookies: Temporary cookies that exist only while your browser is open. They enable essential functions such as login sessions, bet placement, and navigation. They are deleted when you close your browser.
  • Persistent cookies: Stored on your device for a defined period to remember your preferences (language, region, login options) and to recognise you on subsequent visits.
  • First-party cookies: Set directly by oshi-aussie.com to support basic site operation and preferences.
  • Third-party cookies: Set by external providers (e.g., analytics, anti-fraud, marketing networks) that help us understand usage patterns, secure the platform, and, where applicable, deliver or measure advertising.

Purposes of Cookies and Tracking

  • Strictly necessary / functional: Essential to provide requested services, maintain logins, secure transactions, and ensure the site functions correctly.
  • Performance and analytics: Collect information on how visitors use the site (e.g., pages viewed, errors encountered) to improve performance and usability.
  • Security and fraud prevention: Help detect suspicious or fraudulent activity and protect your account and our systems.
  • Marketing and advertising (where applicable): Support tailored promotions and measure the effectiveness of campaigns related to Oshi and Oshi-branded offerings; may involve profiling to present more relevant offers.

Managing Cookies

  • Browser settings: Most browsers allow you to:
    • view which cookies are set on your device;
    • delete existing cookies;
    • block cookies from specific sites; or
    • block all cookies or third-party cookies.
  • In-site controls: Where available, you may adjust cookie preferences using consent banners or internal settings panels presented when you first visit oshi-aussie.com or after significant changes.
  • Blocking or deleting cookies may affect the functionality of the website and could prevent you from using certain features (such as staying logged in or placing bets).

Data Security

OBSERVE: Protection of personal data is critical for an online gambling environment.

EXPAND: We employ layered, risk-based security measures covering infrastructure, access management, operations, and staff awareness.

REFLECT: While no system is entirely risk-free, our measures are designed to reduce the likelihood and impact of unauthorised access or loss.

Technical and Organisational Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using industry-standard TLS (Transport Layer Security) protocols, TLS 1.2 or higher, to mitigate interception risks.
  • Encryption at rest: Sensitive data, including certain account and transactional information, is stored using strong encryption or hashing algorithms.
  • Access controls: Access to personal data is strictly limited to authorised personnel and service providers who require it for legitimate operational or legal purposes, based on role-based access control (RBAC) principles.
  • Authentication measures: Strong password policies and technical mechanisms help protect accounts. Where implemented, multi-factor authentication (MFA) may be used for administrative or privileged access.
  • Network and system security: Firewalls, intrusion detection and prevention systems, anti-malware solutions, and regular patching are deployed to protect supporting infrastructure.
  • Logging and monitoring: Security-relevant events are logged and monitored to detect anomalies, potential breaches, or misuse, particularly in high-risk financial and gaming operations.
  • Regular security assessments: Infrastructure, applications, and processes are periodically reviewed and tested, including vulnerability assessments and, where appropriate, penetration testing carried out by internal or external specialists.
  • Staff training and confidentiality: Employees and contractors with access to personal data are bound by confidentiality obligations and receive training on data protection, information security, and incident reporting.
  • Incident response: We maintain procedures for identifying, containing, investigating, and remediating security incidents. Where required by law, we will notify affected individuals and/or relevant authorities of qualifying data breaches without undue delay.

We aim to align our information security practices with recognised international standards (such as ISO 27001 and SOC 2) as benchmarks, even where formal certification is not expressly held or required.

Complaints & Contacts

OBSERVE: Users need clear channels to raise questions or concerns about privacy or data use.

EXPAND: We provide contact details, outline an internal complaint process, and indicate external escalation paths to supervisory authorities in relevant jurisdictions.

REFLECT: This structure supports transparency, accountability, and user trust.

Contacting Us

  • Primary email for privacy and complaints: [email protected]
  • Website: https://oshi-aussie.com
  • Postal correspondence: Please contact us by email in the first instance to obtain the appropriate postal details for the relevant Dama N.V. entity or department.

Internal Complaint Procedure

  1. Submission: Send your complaint or query to [email protected] with a clear description of your concerns and any supporting documentation.
  2. Acknowledgement: We will acknowledge receipt of your complaint within 7 business days, where reasonably practicable.
  3. Investigation: Your complaint will be reviewed by our support team and, where appropriate, escalated to our Data Protection Team or relevant managers.
  4. Response: We aim to provide a substantive response within 30 days of receiving your complaint. If more time is required due to complexity, we will inform you of the delay and provide an updated timeframe.
  5. Resolution: Our response will outline the findings and any corrective measures or options available to you.

Escalation to Supervisory or Regulatory Authorities

If you are not satisfied with our response or believe that your data protection rights have been infringed, you may have the right to lodge a complaint with a relevant supervisory authority, depending on your location and the applicable law.

  • Curaçao (licensing / corporate jurisdiction):
    • Complaints related to gaming conduct may be directed to the Curaçao Gaming Control Board or the relevant licensing authority (e.g., Antillephone N.V.), subject to their complaint procedures as published on their official websites.
  • Australia:
    • For general privacy concerns related to personal information about individuals in Australia, you may contact the Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au.
    • For issues related to illegal offshore gambling services and website blocking, you may contact the Australian Communications and Media Authority (ACMA): https://www.acma.gov.au.
  • Other regions:
    • If you are located in another country, you may have the right to contact your local data protection authority or regulator, where applicable under local law.

Nothing in this Privacy Policy limits any rights you may have to pursue legal remedies before competent courts or tribunals.

Updates

OBSERVE: Our services, technologies, and legal environment may change over time.

EXPAND: We must update this Privacy Policy to reflect such changes and to remain transparent and compliant.

REFLECT: The procedures below describe how we manage updates and how you will be informed.

Policy Changes and Version Control

  • This Privacy Policy may be updated from time to time to reflect:
    • changes in our services, features, or operational practices;
    • changes in applicable laws, regulations, or regulatory guidance; or
    • security improvements and technical adjustments.
  • Each version of the Policy will be identified by a "Last updated" date at the bottom of the document.
  • Where feasible, we will keep a record or overview of material changes (a "changelog") accessible or available upon request.

Notification of Material Changes

  • Advance notice: For significant changes that materially affect your rights or the way we process your data (for example, new categories of recipients, new purposes, or reduced user rights), we will provide at least 30 days' prior notice before the changes take effect, where legally and practically possible.
  • Notification methods:
    • prominent notices or banners on oshi-aussie.com;
    • email notifications to the address associated with your account, where appropriate; and/or
    • messages or alerts within your account dashboard (if available).
  • Your options: If you do not agree with the updated Privacy Policy, you may:
    • adjust your privacy or marketing preferences where options are provided; and/or
    • request account closure and deletion or restriction of your personal data, subject to legal retention obligations as described above.

Last updated: January 2026