burger icon
A Big Candy Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how A Big Candy Casino, operated via the website abigcandybet-au.com, collects, uses, discloses and protects personal information of players and website visitors. It applies to anyone who accesses or uses our website, registers an account, participates in games, promotions or communications, or otherwise interacts with our services. By using abigcandybet-au.com, you acknowledge that you have read and understood this Privacy Policy. This version is effective from 1 January 2026 and replaces all prior versions.

Who We Are

Observe: The available sources do not disclose a verified licensed operator, registered office, or corporate details for A Big Candy Casino. Public data indicates operation as an offshore provider targeting Australian players without Australian licensing or independent regulatory oversight.

Expand: Because these details are not verifiable, we must clearly state this limitation to avoid misleading users while still providing a contact point for privacy-related inquiries.

Reflect: On this basis, we provide the information below as far as it is known and can be responsibly stated.

Operator Identification

  • Trading / Brand name: A Big Candy Casino (referred to as "we", "us", "our" or "A Big Candy Casino" in this Privacy Policy).
  • Primary website: https://abigcandybet-au.com
  • Legal entity name: Not publicly and verifiably disclosed by the operator at the time of the last independent review (Q4 2024 - Q1 2026).
  • Registered address / headquarters: Not specified or verifiable in publicly accessible sources. Some third-party affiliates claim an association with Costa Rica for "data processing" purposes only, which is explicitly not a recognised online gambling license or supervisory regime.
  • Licensing status for Australia: Not licensed by any Australian state or territory regulator and regarded in the context of ACMA enforcement as an offshore operator offering prohibited interactive gambling services to Australian residents under the Interactive Gambling Act 2001 (Cth).

Data Protection Contact

  • Data protection / privacy contact: Data Protection Officer (DPO) - A Big Candy Casino (title used for contact purposes only; formal appointment and qualifications are not publicly verified).
  • Email: [email protected] (to be used for privacy, KYC/AML, self-exclusion and other account-related correspondence).
  • Phone: Not provided.
  • Postal address for privacy correspondence: Not specified; all communication should be initiated by email unless otherwise indicated on the website from time to time.

Regional compliance note: Because we are not licensed in Australia, you may have limited or no recourse to Australian regulators or approved alternative dispute resolution bodies in relation to our handling of personal information or gambling services.

What Personal Data We Collect

Observe: Operating an online casino targeting Australian players requires extensive processing of personal, technical, payment and behavioural data to provide services, meet KYC/AML expectations and manage risk.

Expand: These data categories include information collected directly from you, generated by your use of the site, obtained from payment providers and technical tools (e.g. cookies, analytics, anti-fraud tools).

Reflect: Below we describe the main categories we may collect and process.

Identification and Contact Data

  • Full name, date of birth and gender (where provided).
  • Residential address, country of residence and billing address.
  • Email address (including the address used for account registration and correspondence such as [email protected]).
  • Telephone number or mobile number (if requested for verification, support or security purposes).
  • Government-issued ID details (e.g. passport, driver's licence, national ID number) submitted for KYC checks.

Account and Verification Data

  • Username, password (stored using hashing algorithms), security questions and answers.
  • Verification documents for KYC/AML: scans or photos of ID, proof of address (e.g. utility bill), front/back of payment card (with security code suitably redacted), and any signed authorisation forms.
  • Account status, verification status, self-exclusion flags, and responsible gambling preferences where applicable.

Technical and Usage Data

  • IP address, approximate geolocation derived from IP, device identifiers, browser type and version, operating system and device model.
  • Log data such as login timestamps, session duration, pages visited, clicks, navigation paths and error logs.
  • Technical events (e.g. failed logins, password resets, changes to account details, device changes).

Payment and Financial Data

  • Deposit and withdrawal histories (amounts, currency, time, method used and transaction identifiers).
  • Limited payment card details or e-wallet identifiers, as necessary to process payments via third-party payment processors (we do not store full card data if not required and aim to rely on tokenisation solutions offered by processors where available).
  • Records relating to chargebacks, refunds, disputes, fraud checks and AML monitoring.

Behavioural and Gaming Data

  • Game preferences, game session data, betting and wagering history, win/loss records, bonus participation and redemption history.
  • Bonuses accepted, wagering progress, breaches of bonus conditions and related restrictions.
  • Patterns that may indicate problematic gambling behaviour (e.g. rapid session escalation, repeated deposit cycles) used in the context of responsible gambling monitoring where technically implemented.

Communications and Support Data

  • Records of email communications, live chat logs (if available), and internal support notes relating to your account.
  • Content of complaints, KYC queries, self-exclusion requests and other interactions with our support team.

Cookies and Similar Technologies

  • Cookies, web beacons, pixels, local storage and similar technologies to recognise your browser or device, maintain your session, store preferences and perform analytics and advertising.
  • Information collected via cookies may include pages viewed, time spent on pages, referring/exit pages, clickstream data and anonymised identifiers for analytics or marketing campaigns.

Legal Basis for Processing

Observe: While we are an offshore operator targeting Australian residents, we aim to align our practices with generally recognised privacy principles, including those seen in the EU General Data Protection Regulation (GDPR) and leading international standards, even though these may not formally apply.

Expand: We rely on multiple legal grounds depending on the type of processing: performance of a contract, consent, legitimate interests and compliance with legal or regulatory obligations in the jurisdictions relevant to our operations.

Reflect: Below we summarise these bases in relation to typical processing activities.

  • Performance of a contract: We process personal information that is strictly necessary to:
    • Register and maintain your player account.
    • Provide access to games, bonuses and promotions.
    • Process deposits, bets, winnings and withdrawals.
    • Provide customer support, handle complaints and manage technical issues.
    Without this information, we cannot provide our gambling services.
  • Consent: We may rely on your explicit or implied consent to:
    • Send marketing communications (email, SMS, push notifications) about our offers, bonuses and news.
    • Use certain non-essential cookies and tracking technologies for targeted advertising and advanced analytics, where required by applicable law.
    • Process sensitive copies of documents for KYC purposes where local privacy laws treat these as special categories of data.
    You may withdraw consent for marketing and certain cookies at any time as described below, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legitimate interests: We may process data where it is necessary for our legitimate interests and those interests are not overridden by your privacy rights, for purposes such as:
    • Preventing, detecting and investigating fraud, abuse of bonuses, money laundering and other unlawful activities.
    • Ensuring the security and integrity of our systems, networks, games and accounts.
    • Performing internal analytics, business reporting, risk management and service improvement.
    • Enforcing our Terms & Conditions and defending our legal rights.
  • Compliance with legal and regulatory obligations: Although we are not licensed in Australia, we may still be subject to certain legal or regulatory requirements in other jurisdictions (for example where payment processors or data hosting providers are located). Accordingly, we may process your data to:
    • Conduct identity verification, anti-money laundering (AML) and counter-terrorism financing (CTF) checks.
    • Respond to lawful requests for information from authorities with jurisdiction over our operations or partners.
    • Maintain records required by applicable financial, tax or corporate laws in those jurisdictions.

Purpose of Processing

Observe: Personal information is used across multiple operational, security and commercial functions.

Expand: To ensure transparency, we link each major purpose to typical categories of data used for that purpose.

Reflect: The main purposes for which we process your personal information include the following.

  • Provision of gambling services:
    • To create, verify and manage your account.
    • To enable you to place bets, participate in games and redeem bonuses.
    • To calculate, credit and pay out winnings and handle deposits and withdrawals.
  • Account administration and customer support:
    • To communicate with you about your account, changes to our Terms & Conditions or this Privacy Policy, and operational notices (e.g. maintenance, technical incidents).
    • To respond to your questions, support tickets, complaints, KYC requests and self-exclusion instructions.
  • Risk management, fraud and abuse prevention:
    • To monitor for suspicious deposits, withdrawals or betting patterns.
    • To detect and prevent bonus abuse, chargebacks, account takeover attempts and other fraudulent or abusive behaviour.
    • To enforce game rules, bonus terms and account restrictions.
  • Compliance and record-keeping:
    • To satisfy KYC/AML expectations of payment processors and relevant jurisdictions.
    • To respond to lawful information requests and manage legal claims or investigations.
    • To maintain internal records for auditing, tax or business continuity purposes.
  • Analytics and service improvement:
    • To analyse aggregated behaviour (e.g. game popularity, session length, churn) for improving game offerings and user experience.
    • To test, troubleshoot and develop new features and interfaces.
  • Marketing and promotions:
    • To send marketing communications where permitted, including welcome offers, bonus codes, VIP notifications and special promotions.
    • To personalise bonuses and offers based on your playing history, subject to your preferences and applicable law.
    • To measure the effectiveness of marketing campaigns (e.g. tracking conversions from affiliate links or emails).
  • Responsible gambling measures (where implemented):
    • To record self-exclusion requests submitted via [email protected] and to apply corresponding account restrictions.
    • To monitor for behaviour patterns that may indicate gambling-related harm and to communicate with you about available tools and options.

Disclosure & Sharing

Observe: Providing online gambling services requires cooperation with various third parties, including payment providers, technical service providers and marketing affiliates.

Expand: Data sharing must be limited to what is necessary, accompanied by contractual safeguards, and transparently described.

Reflect: We outline below the categories of recipients and typical circumstances of disclosure.

2.1 Service Providers and Technical Partners

  • Payment processors and financial institutions: We share payment-related data with banks, card schemes, e-wallet providers and payment gateways for:
    • Processing deposits and withdrawals.
    • Conducting fraud checks, chargeback handling and AML/CTF monitoring as required by their policies or law.
  • IT and hosting providers: We may engage third-party hosting companies, data centres, cloud infrastructure providers and content delivery networks to host the website, game servers and databases.
  • Security and anti-fraud providers: Third-party tools and analytics services may be used to detect and prevent fraud, abuse, DDoS attacks, account takeovers and other security threats.
  • Customer support tools: If we use third-party ticketing or live chat systems, relevant parts of your account and interaction data may be processed within those systems.

2.2 Marketing, Affiliates and Advertising Networks

  • Affiliates and acquisition partners: We may share limited information (e.g. anonymised identifiers, campaign IDs, registration or deposit events) with marketing affiliates and acquisition networks to measure conversions and settle marketing fees.
  • Advertising and analytics networks: Subject to your consent where required, cookies and similar technologies may allow third-party advertising networks to collect or receive information from our site to provide targeted ads, retargeting and performance analytics.
  • Direct marketing service providers: Email and SMS service providers may process your contact details and preference information to send our communications to you.

2.3 Corporate and Legal Disclosures

  • Group companies and successors: If our business is sold, reorganised, merged or otherwise undergoes a corporate transaction, personal data may be transferred to the acquiring or successor entity subject to continued protection consistent with this Privacy Policy.
  • Regulators and law enforcement: We may disclose personal information where we believe in good faith that the disclosure is:
    • Required by applicable law, regulation or legal process in a jurisdiction that has authority over us or our service providers; or
    • Necessary to protect our rights, the integrity of our services, or the safety of our users or the public.
    Note: As an offshore operator not licensed in Australia, interactions with Australian regulators (including ACMA) are limited and primarily focused on enforcement actions against operators rather than individual player protection.
  • Professional advisers: Lawyers, auditors, consultants or other professional advisers may access relevant personal data when providing services to us under confidentiality obligations.

2.4 Other Disclosures

  • We will never sell your personal information as a standalone asset to data brokers.
  • We will not share your personal information with third parties for their own independent direct marketing purposes without your explicit consent, where such consent is required by applicable law.

International Transfers

Observe: As an offshore casino using international hosting, payment and support services, personal data will often be transferred across borders.

Expand: These transfers may involve countries whose data protection laws differ from those applicable in your home jurisdiction (e.g. Australia or the EU).

Reflect: We therefore implement contractual and technical safeguards where feasible.

  • Locations of processing: Your data may be stored or processed in:
    • Data centres or cloud platforms located in the European Union/EEA, the United Kingdom, North America, Central America (including but not limited to Costa Rica, where certain data-processing activities may be hosted), or other jurisdictions selected by our infrastructure providers.
    • Countries where our payment processors and key technical vendors operate or maintain support centres.
  • Safeguards for international transfers: Where required by applicable law and technically feasible, we will:
    • Enter into data processing and transfer agreements with our service providers that include confidentiality and security obligations.
    • Use standard contractual clauses or equivalent contractual protections recognised in relevant jurisdictions (e.g. the EU Standard Contractual Clauses) when transferring data from the EEA/UK to third countries, where such flows occur.
    • Implement technical measures such as encryption in transit and at rest, access controls and logging of access events.
  • Limitations: Because our corporate structure and licensing are not supervised by Australian regulators and because some processing may occur in jurisdictions with limited privacy oversight, equivalent protections to those available under Australian or EU law may not always be guaranteed in practice.

Data Retention

Observe: Retention must balance regulatory expectations, fraud prevention, operational needs and data minimisation.

Expand: We adopt indicative retention periods, but actual periods may vary depending on legal, contractual or dispute-related requirements in relevant jurisdictions.

Reflect: Once data is no longer needed for the purposes described below, it will be deleted or irreversibly anonymised where feasible.

  • Account and identification data:
    • Basic account details (name, contact information, account history) are generally retained for up to 5 years after account closure, unless longer retention is required due to ongoing disputes, investigations, chargebacks or AML/CTF obligations.
    • Verification documents (ID, proof of address, card copies, authorisation forms) are typically retained for 5 - 7 years from the date of collection or last use, reflecting common AML/CTF record-keeping expectations in financial and gaming sectors.
  • Gaming and transaction data:
    • Betting history, game logs and transaction records (deposits/withdrawals) are retained for at least 5 years from the date of the relevant transaction, and may be stored longer where necessary for accounting, tax or dispute-resolution purposes.
  • Marketing data:
    • Information used for marketing (email address, marketing preferences, interaction with campaigns) is kept until you opt out of marketing or your account is closed, plus a short period (up to 12 months) to maintain suppression lists and prove compliance with your opt-out request.
  • Technical and analytics data:
    • Log files and analytics data are kept for varying periods, usually 6 - 24 months, depending on the nature of the logs and business needs. Aggregated or anonymised statistics may be retained indefinitely as they no longer identify you.
  • Communications and complaints:
    • Support tickets, complaint records and related correspondence are typically kept for 3 - 6 years from closure of the matter, depending on applicable limitation periods for legal claims in relevant jurisdictions.
  • Deletion and anonymisation:
    • When the applicable retention period expires, personal information is securely deleted, anonymised or aggregated so that it can no longer be linked to you.
    • In some circumstances we may not be able to fully delete data immediately (for example, where technical backups exist or where legal retention applies), but such data will be segregated and protected from routine access.

Your Rights

Observe: Different jurisdictions (e.g. the EU under GDPR, Mexico under the Federal Law on Protection of Personal Data Held by Private Parties, and others) recognise specific privacy rights for individuals.

Expand: Although A Big Candy Casino is an offshore operator primarily targeting Australian players and is not subject to a unified global data protection regime, we aim - on a voluntary and goodwill basis - to acknowledge and facilitate key rights broadly aligned with GDPR and modern data protection norms, to the extent reasonably practicable and consistent with our operational and legal constraints.

Reflect: The rights outlined below are subject to limitations and may not be enforceable through local regulators in all jurisdictions (including Australia).

Access, Rectification and Erasure

  • Right of access: You may request confirmation as to whether we process your personal data and receive a copy of certain information we hold about you, together with an explanation of how we use it.
  • Right to rectification: You may request correction of inaccurate or incomplete personal information (for example, an outdated address or misspelled name).
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data in certain circumstances, for example where:
    • The data is no longer necessary for the purposes for which it was collected; or
    • You withdraw consent and there is no other legal basis for processing.
    We may refuse or delay erasure where retention is necessary for AML, fraud prevention, dispute handling, legal obligations or legitimate interests that override your request.

Restriction, Objection and Portability

  • Restriction of processing: You may request that we limit processing of your data in certain situations (e.g. where you contest accuracy and we are verifying it, or where processing is unlawful but you oppose erasure).
  • Right to object: Where we rely on legitimate interests (including profiling based on those interests) or where we send direct marketing, you may object. We will cease processing for marketing purposes upon objection. For other purposes, we will assess whether our interests override your rights.
  • Data portability: To the extent applicable under laws governing our data processing, you may request a copy of personal data you provided to us in a structured, commonly used, machine-readable format and, where technically feasible, request that we transmit it to another controller.

Marketing and Consent Management

  • Withdrawal of consent: Where processing is based on your consent (e.g. marketing communications, optional cookies), you may withdraw that consent at any time by:
    • Using the "unsubscribe" link contained in marketing emails; or
    • Contacting us at [email protected].
    Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Procedures, Timeframes and Costs

  • How to exercise rights: You can exercise any of the rights described above by emailing a clear request to [email protected] from the email address registered on your account and including:
    • Your full name and username.
    • A description of the right you wish to exercise and the data concerned.
    • Any supporting information that may help us verify your identity.
  • Verification: To protect your privacy and security, we may ask for additional information (such as a partial ID confirmation) to verify your identity before acting on your request.
  • Response timeframe: We aim to respond to legitimate requests within 30 days of receipt. Where your request is particularly complex or multiple requests are received, we may extend this period by a further 30 days and will notify you of the extension.
  • Cost: We will not charge a fee for handling your reasonable and non-repetitive requests. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive or repetitive.

Important limitation notice: As an offshore operator without an Australian license and without guaranteed subjection to GDPR or Mexican privacy authorities, your ability to enforce these rights through a supervisory authority or court in your home country may be limited. We nevertheless commit, on a voluntary basis, to handle and document rights requests in line with the principles described above.

Cookies & Tracking Technologies

Observe: Cookies are essential to delivering a functional, secure and user-friendly casino experience.

Expand: We use different categories of cookies for core functionality, performance measurement and marketing.

Reflect: You have options to manage or disable cookies, though doing so may impact certain features.

Types of Cookies We Use

  • Strictly necessary cookies (session cookies):
    • Used to maintain your logged-in session, remember your selections during gameplay and ensure basic features work correctly.
    • Typically expire when you close your browser or after a short period of inactivity.
    • Because they are essential, they cannot generally be disabled through on-site controls.
  • Functional cookies (persistent cookies):
    • Store preferences such as language, display settings or previously dismissed notifications.
    • Remain on your device for a defined period or until deleted manually.
  • Analytics and performance cookies:
    • Help us understand how visitors use our website (e.g. pages visited, time spent, navigation patterns).
    • May be set by us or by third-party analytics providers.
    • Data is usually aggregated, but may rely on identifiers such as IP address or cookie IDs.
  • Advertising and targeting cookies (third-party):
    • Used by us and our advertising partners to deliver more relevant ads, track campaign performance and enable retargeting.
    • May allow third parties (e.g. affiliate programs, ad networks) to recognise your browser across websites.
    • Typically require your consent in jurisdictions where such consent is mandated.

Managing Cookies

  • Browser settings: Most web browsers allow you to:
    • View which cookies are stored on your device.
    • Delete some or all cookies.
    • Block or restrict cookies from specific websites or all websites.
    Instructions are usually available in the help section of your browser.
  • Device settings: Mobile devices may include settings to restrict tracking or reset advertising identifiers.
  • On-site controls (where available): We may provide internal preferences or cookie banners to allow you to manage non-essential cookies. If such a panel is available, it will be accessible via the website footer or the initial cookie banner.
  • Impact of disabling cookies: If you disable or reject cookies, some features of abigcandybet-au.com (including login persistence, game stability or personalised offers) may not function properly.

Data Security

Observe: Operating an online gambling platform involves handling sensitive financial and identity data that must be protected from unauthorised access, loss or misuse.

Expand: Security covers technical, organisational and procedural safeguards.

Reflect: While no system can be perfectly secure, we implement commercially reasonable measures proportionate to the risks.

8.1 Technical Measures

  • Encryption in transit: Communications between your browser and abigcandybet-au.com are protected using Transport Layer Security (TLS) version 1.2 or higher (commonly referred to as "HTTPS").
  • Encryption at rest: Where feasible, sensitive data (such as passwords, limited payment details and verification documents) are stored using encryption, hashing or tokenisation techniques.
  • Access controls: Access to production systems and databases is restricted to authorised personnel and systems on a need-to-know basis, using unique credentials, strong authentication and logging of access events.
  • Network and application security: Firewalls, intrusion detection/prevention measures, DDoS mitigation and security hardening practices are used to protect infrastructure and applications from common attacks.

8.2 Organisational Measures

  • Staff training and confidentiality: Personnel who handle personal data are expected to comply with internal policies and confidentiality obligations. Awareness training on data handling and security practices may be provided periodically.
  • Vendor management: Where third-party service providers process data on our behalf, we seek to ensure that they maintain appropriate security standards and contractual obligations.
  • Segregation of duties: Operational roles are structured so that no single individual has unrestricted access to all systems and data without oversight.

8.3 Monitoring, Audits and Incident Response

  • Monitoring and logging: Security-relevant events, including failed logins, unusual account activity and system anomalies, may be monitored and logged for analysis and incident detection.
  • Security reviews: Internal security reviews and periodic assessments of critical systems may be conducted to identify vulnerabilities and improvement opportunities.
  • Incident response: In the event of a suspected or actual data breach, we will:
    • Investigate the incident and take steps to contain and mitigate any harm.
    • Assess the risk to affected individuals.
    • Where required by applicable law, notify relevant authorities and, when necessary, inform affected users via the email associated with their account or through website notices.

Compliance note: We do not claim formal certification under ISO/IEC 27001, SOC 2 or similar frameworks as of the last update. Security practices described above aim to reflect commonly accepted industry measures but are not audited by an external gambling regulator for Australian players.

Complaints & Contacts

Observe: Users need a clear path to raise questions or concerns about privacy and our handling of personal data.

Expand: As an offshore operator not licensed in Australia, external escalation options are more limited than for domestically regulated casinos.

Reflect: We outline available channels and realistic expectations for resolution.

26.1 Contacting Us

  • Primary contact for privacy matters:
  • Information to include in your complaint or query:
    • Your full name and username.
    • The email address linked to your account.
    • A detailed description of your concern or request (e.g. suspected misuse of data, disagreement with a decision on a rights request).
    • Any supporting evidence (screenshots, reference numbers, dates).

26.2 Internal Complaint Procedure

  1. Submission: Send your complaint or question to [email protected]. Mark the subject line with "Privacy Complaint" or "Data Protection Request".
  2. Acknowledgement: We aim to acknowledge receipt within 5 business days.
  3. Investigation: Your case will be reviewed by relevant personnel (including, where applicable, the designated privacy contact). We may request further information or clarification.
  4. Response: We will attempt to provide a substantive response within 30 days of receiving all necessary information. Complex cases may require additional time; in such instances, we will inform you of the delay and provide an updated timeframe.
  5. Outcome: Our response will explain our decision, any actions taken, and options available to you if you remain dissatisfied.

26.3 Escalation to Supervisory Authorities

Important jurisdictional caveat: Because A Big Candy Casino operates offshore and is not licensed in Australia, your options to escalate complaints to a regulator with clear jurisdiction over our activities may be limited.

  • Australian authorities: The Australian Communications and Media Authority (ACMA) focuses on enforcement against illegal offshore gambling services rather than individual consumer complaint resolution. You may nonetheless report concerns about the availability of abigcandybet-au.com in Australia to:
  • EU or other authorities: If you reside in a jurisdiction where local data protection authorities claim jurisdiction over processing affecting you (e.g. in the EU/EEA), you may have the right to lodge a complaint with your local supervisory authority. However, their ability to enforce decisions against an offshore operator may be constrained.
  • Alternative dispute resolution (ADR): No independent ADR body with binding authority over A Big Candy Casino is known or formally appointed as of the last review. Many player disputes are resolved, if at all, only through direct negotiation or public pressure on third-party review platforms.

Updates

Observe: Regulatory expectations, technical infrastructure and business models can change over time, requiring updates to this Privacy Policy.

Expand: Users must be informed about material changes with adequate notice where practicable.

Reflect: We describe how we will handle updates, notification mechanisms and your options.

36.1 Changes to This Privacy Policy

  • We may modify or update this Privacy Policy from time to time to reflect:
    • Changes in our data processing practices, services or business structure.
    • Adjustments in applicable laws, regulatory expectations or industry standards.
    • Feedback from users, partners or oversight bodies (where applicable).
  • Each version of the Privacy Policy will be identified by a "Last updated" date at the end of the document.

36.2 Notification Methods

  • Website publication: The current version of the Privacy Policy will always be available on abigcandybet-au.com. Continued use of the site after changes take effect will constitute acceptance of the updated terms.
  • Email notifications: For material changes that significantly affect your rights or how we use your data, we will endeavour to send an email notice to the address registered on your account, where technically feasible.
  • On-site alerts: We may display banners, pop-up notifications or dashboard alerts within your account to draw attention to important updates.

36.3 Advance Notice and Your Options

  • Notice period: Where practicable and where changes are material (for example, broadening categories of third-party recipients or introducing new types of processing for marketing), we aim to provide at least 30 days' advance notice before such changes become effective for existing account holders.
  • Your review and consent: We encourage you to review the updated Privacy Policy carefully. If you do not agree with the changes, you should discontinue use of abigcandybet-au.com and may request account closure by contacting [email protected].
  • Account closure: If you choose to close your account in response to an update, we will:
    • Process your closure request in line with our Terms & Conditions.
    • Continue to retain and process your personal data only as required or permitted under this Privacy Policy (for example, for AML, fraud prevention, accounting or legal defence) and applicable laws.

Last updated: January 2026