Privacy policy.
Effective: 1 July 2026. Version 2.1.
1. About this policy
1.1. This is the privacy policy of Fortuna Felicitas Pty Ltd (ABN 30 674 922 788 734) ("GoldenBet888", "we", "us"), published for the purposes of Australian Privacy Principle (APP) 1. It explains how we collect, hold, use and disclose personal information in connection with goldenbet888.co and our wagering services, in accordance with the Privacy Act 1988 (Cth) and the APPs.
1.2. "Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not.
1.3. We hold an Australian sports bookmaker licence (No. NT-RWC-SB-2021-0843, NTRWC) and are a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ("AML/CTF Act"). Much of what we collect, and much of what we must keep, is dictated by those regimes — where the law gives us no choice, this policy says so.
2. What we collect
2.1. Categories of personal information we collect and hold:
- Identity — full legal name, date of birth, residential address, and government-issued document details (driver licence, passport or proof-of-age card numbers), including a photograph or scan of those documents where required for verification.
- Contact — email address, phone number, postal address and communication preferences.
- Account — username, password hash, security settings, self-imposed limits, self-exclusion status and preference history.
- Financial — payment method details (tokenised card or account references as held by the relevant payment processor), deposit and withdrawal history, and — where enhanced checks apply — source-of-funds and source-of-wealth information.
- Wagering and behavioural — wagers placed, prices taken, win/loss outcomes, session timing and frequency, and indicators used for responsible-gambling monitoring.
- Technical — IP address, device identifiers, browser and operating system data, approximate location (to confirm you are in Australia), and cookie or similar data as described in the Cookies notice.
- Communications — support emails, complaint records, call notes and survey responses.
2.2. Sensitive information. We do not seek sensitive information (such as health information) except where you volunteer it in the context of responsible-gambling support or a complaint, in which case we handle it only for that purpose and with your consent, or where the law otherwise permits.
2.3. Anonymity and pseudonymity (APP 2). You may browse public pages of the Site without identifying yourself. You cannot open an account or wager anonymously or under a pseudonym: identification is required by the AML/CTF Act and our licence conditions.
2.4. Unsolicited information. If we receive personal information we did not ask for and determine we could not lawfully have collected it, we destroy or de-identify it as soon as practicable, where lawful to do so.
3. How we collect it
3.1. Directly from you — at account opening, when depositing or withdrawing, when wagering, when setting responsible-gambling tools, and when you contact us.
3.2. Automatically — through the Site and our systems, including cookies and similar technologies described in the Cookies notice.
3.3. From third parties, being:
- identity verification providers and official document verification services, used to verify the details you supply;
- credit reporting bodies — solely to verify identity against credit header information where you consent to that method (this is not a credit check and does not affect your credit score);
- payment processors and financial institutions, in connection with deposits, withdrawals and chargebacks;
- BetStop (the National Self-Exclusion Register), when screening accounts as required by Part 7B of the Interactive Gambling Act 2001 (Cth);
- racing and sporting controlling bodies, regulators and law-enforcement agencies, in connection with integrity or compliance matters;
- publicly available sources, where verification or investigation reasonably requires it.
4. Why we collect it
4.1. Purposes and their legal footing:
- Opening and running your account — performance of our agreement with you.
- Identity verification and age confirmation — AML/CTF Act; Racing and Wagering Act 2024 (NT); NTRWC licence conditions.
- BetStop screening — Interactive Gambling Act 2001 (Cth), Part 7B.
- Transaction monitoring and reporting — AML/CTF Act (suspicious matter reports, threshold transaction reports).
- Responsible-gambling monitoring and intervention — Northern Territory Code of Practice for Responsible Service of Online Gambling 2019; National Consumer Protection Framework.
- Fraud prevention and wagering integrity — legitimate operational need; controlling-body integrity agreements.
- Payments — processing deposits and withdrawals and investigating payment issues.
- Support, complaints and disputes — contractual and statutory obligation.
- Direct marketing, only with your consent — Privacy Act, APP 7 (see section 6).
- Product improvement and analytics — using aggregated or de-identified data wherever practicable.
- Legal compliance and regulator reporting — statutory obligation.
4.2. We do not use or disclose personal information for a purpose unrelated to the above unless you consent, you would reasonably expect it and it is related to a collection purpose, or the use is required or authorised by law.
5. Identity verification detail
5.1. Verification compares the details you provide against records held by document issuers and approved verification services. You authorise those checks when you apply for an account.
5.2. Where a check against credit header data is used, the credit reporting body records that a verification request was made; this record is not visible to credit providers assessing creditworthiness and does not affect your credit score.
5.3. If verification fails, we will tell you and offer an alternative method (such as certified documents). We cannot open, and cannot pay out from, an account that has not been verified.
6. Direct marketing (APP 7)
6.1. We send marketing — new markets, features available to account holders, and similar — only where you have expressly opted in, and only through the channels you selected (email, SMS, push notification).
6.2. Every marketing message includes a working unsubscribe mechanism. You can also change marketing preferences inside the account at any time, or ask support to switch everything off.
6.3. Marketing ceases automatically for any person registered with BetStop, any self-excluded customer, and any customer we identify as at risk of gambling harm. It also ceases on account closure.
6.4. We comply with the Spam Act 2003 (Cth), the Betting and Racing Act 1998 (NSW) restrictions on direct marketing for NSW residents, and equivalent State and Territory rules. We do not market wagering to anyone under 18 and do not buy marketing lists.
7. Disclosure
7.1. We disclose personal information, only to the extent needed for the purposes in section 4, to:
- Regulators — AUSTRAC, the NTRWC, ACMA, the OAIC and other bodies with lawful authority;
- BetStop and the Commonwealth department administering it;
- Racing controlling bodies — Racing Victoria, Racing NSW, Racing Queensland, harness and greyhound authorities and their interstate counterparts, under race-fields and integrity arrangements;
- Sporting controlling bodies and Sport Integrity Australia, for integrity matters;
- Law enforcement, where required or authorised by law;
- Service providers — identity verification vendors, payment processors, banks and card schemes, cloud hosting and IT infrastructure providers, analytics providers (in accordance with the Cookies notice), and professional advisers — each bound by contract to handle information only for the services they provide to us;
- A purchaser or prospective purchaser of the business, under confidentiality obligations, where reasonably necessary.
7.2. We do not sell personal information. Ever.
8. Overseas disclosure (APP 8)
8.1. Our systems are hosted in Australia. Some service providers (for example cloud infrastructure and analytics vendors) may process limited data in, or provide support from, other countries — principally the United States and the European Union.
8.2. Before any overseas disclosure we take reasonable steps to ensure the recipient handles the information consistently with the APPs, including contractual data-protection commitments. Identity documents and verification records are stored in Australia.
9. Government identifiers (APP 9)
9.1. We record government-issued identifiers (licence, passport numbers) solely for verification and record-keeping required by law. We do not use them as our own customer identifier — your account has its own number.
10. Data quality (APP 10)
10.1. We take reasonable steps to keep the personal information we hold accurate, up to date and complete, including periodic prompts to confirm your details. Please tell us when your details change — settlement of withdrawals depends on them being right.
11. Security (APP 11)
11.1. Measures protecting personal information include: TLS encryption in transit; encryption at rest for identity documents and credentials (passwords are stored only as salted hashes); network segregation; role-based access on a need-to-know basis with logged access; multi-factor authentication for staff systems; mandatory staff privacy and security training; vendor due-diligence; and periodic independent penetration testing and security review.
11.2. No system is impregnable. If a breach occurs we respond under section 13.
12. Retention and destruction
12.1. Identity, transaction and account records are retained for at least seven (7) years after account closure or the transaction, as required by Part 10 of the AML/CTF Act and our licence conditions. Complaint and responsible-gambling records are kept for the periods our licence and the NT Code of Practice require.
12.2. Information no longer required for any lawful purpose is destroyed or de-identified in accordance with APP 11.2. Backups roll off on fixed cycles.
13. Data breach response
13.1. Suspected eligible data breaches are contained, assessed and, where the assessment is not immediate, resolved within thirty (30) days as the Notifiable Data Breaches scheme (Part IIIC, Privacy Act) requires.
13.2. Where a breach is likely to result in serious harm, we notify the Office of the Australian Information Commissioner (OAIC) and affected individuals promptly, with a description of the breach, the information involved and the steps you should take.
14. Access and correction (APPs 12 and 13)
14.1. You may request access to the personal information we hold about you by writing to privacy@goldenbet888.co. We verify your identity, then respond within thirty (30) days. We do not charge for making a request; where retrieval is unusually burdensome we may charge our reasonable costs of supply, quoted in advance.
14.2. Access may be refused in limited circumstances the Privacy Act allows — for example where it would prejudice an AML/CTF investigation or reveal information about another person. If we refuse, we give written reasons and the complaint avenues open to you.
14.3. You may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading. We correct it or, if we disagree, give written reasons and, at your request, attach a statement of your view to the record.
14.4. Much of your information — wagering history, deposits, limits, statements — is visible directly inside the account, which is usually the fastest way to check it.
15. Children
15.1. Our services are strictly 18+. We do not knowingly collect personal information from anyone under 18; any such information discovered is destroyed and the associated account (if any) closed.
16. Cookies and online tracking
16.1. Cookies and similar technologies are covered by the separate Cookies notice, which forms part of this policy. Non-essential cookies are off by default and require your consent.
17. Complaints
17.1. Privacy complaints go to the Privacy Officer at privacy@goldenbet888.co. We acknowledge within 1 business day and respond in writing within thirty (30) days.
17.2. If you are not satisfied, or we do not respond within 30 days, you may complain to the Office of the Australian Information Commissioner — oaic.gov.au · 1300 363 992 · GPO Box 5288, Sydney NSW 2001.
18. Contact and updates
18.1. Privacy Officer, Fortuna Felicitas Pty Ltd, 15 Montclair Avenue, Glen Waverley VIC 3150 — privacy@goldenbet888.co.
18.2. We review this policy at least annually and when our practices or the law change. The current version is always at goldenbet888.co/legal/privacy.php; material changes are notified to account holders by email and on-site notice. Earlier versions are available from the Privacy Officer on request.
Operated by Fortuna Felicitas Pty Ltd (ABN 30 674 922 788 734). Sports Bookmaker Licence NT-RWC-SB-2021-0843 granted by the Racing and Wagering Commission of the Northern Territory. Registered office: 15 Montclair Avenue, Glen Waverley VIC 3150. Contact: support@goldenbet888.co.