1. Vegazone status and scope of the Privacy Policy
The Vegazone Privacy Policy governs all operations involving personal data on the https://vega-zone.bet/ website in the context of online casino privacy for players who use the service at least once every 12 months. The Policy applies to all sections of the website, all gaming accounts and all communication channels, including email and chat, on a 24/7 basis.
The company acts as a data controller (a legal entity that determines the purposes and scope of personal data processing). The player is recognised as a data subject, that is, a person whose information is collected, systematised and stored for at least 5 years from the date of the last transaction on the account.
The Policy applies to any registration, login or use of the website, provided the number of active sessions in the last 6 months is not 0. The player’s privacy rights are exercised by contacting customer support and providing the account ID and the date of the request. Supervision and control over compliance with the requirements is carried out by the relevant regulatory authority within the limits of applicable law.
2. Categories of player data collected and sources of collection
As part of personal data processing, Vegazone records only the data required for the operation of the account and games. The basic set includes full name, date of birth, address, email and phone number, which the player provides at registration no more than once per account.
Technical data is generated automatically at each login. The system stores geolocation data with city and country level accuracy, no more than once per session. For each connection, the IP address (the unique network identifier of the device at the time of internet access) is recorded, as well as a device identifier, which allows up to 5 devices per player to be distinguished.
A separate block is session data. It includes the start date and time, duration accurate to 1 second and the number of actions in the interface per session.
- Main data sources:
- the registration form on the https://vega-zone.bet/ website
- gaming and payment transactions
- customer support (chat, email)
3. Legal purposes and grounds for data processing in connection with gambling
Personal data is used only for clearly defined purposes related to bets, payouts and account management. For each operation, the purpose, the scope of information and the retention period of at least 5 and no more than 10 years are specified, unless otherwise required by law.
Gambling data retention is linked to the type of operation: registration, deposit, withdrawal of funds, participation in bonus programs. Customer due diligence (verification of player data before entering into a business relationship) is carried out for the client on the first deposit from 1 Australian dollar and when the total turnover reaches 2,000 Australian dollars over 12 months.
Risk assessment is performed automatically at least once every 24 hours for active accounts. In certain cases, profiling is applied if the number of atypical transactions exceeds 3 in 30 days.
Automated decision-making is used for initial blocking of high-risk operations until they are manually reviewed by a specialist.
4. Financial transactions, payments and KYC procedures
For all balance operations starting from a deposit of 1 AUD, Vegazone applies comprehensive player verification under a KYC verification model (identification of the customer using official documents and payment details). The minimum set of documents is a passport, proof of address not older than 3 months, and payment instrument details where the total turnover reaches 1,000 AUD in 6 months.
As part of AML compliance, each top-up, withdrawal and internal transfer is recorded in a log accurate to 1 second. Transaction monitoring is carried out continuously 24/7, with automatic triggers where the number of transactions exceeds 10 per day or the total volume exceeds 5,000 AUD over 24 hours.
Every action affecting the balance is entered in an audit log (a record of events specifying the time, amount and status). Only licensed payment service providers are used for payment execution, with connection encryption of at least 128-bit and separate registration of each transaction in the payment gateway.
List of key checks:
- verification of identity against documents
- verification that the name matches the owner of the payment details
- monitoring the frequency and volume of transactions
- additional document requests when established limits are exceeded
5. Marketing communications, promotions and consent management
Promotional messages are sent only after recorded player consent, provided as direct marketing consent (separate permission to receive marketing materials via selected communication channels). Consent is recorded per channel: email, SMS, push notifications, with a separate status for each of up to 5 available mailing types.
Opt-out is implemented through an opt-out mechanism: a link in each email, a reply to a message or a request to customer support. The technical processing time for an opt-out does not exceed 48 hours, and the number of contact attempts after an opt-out must not exceed 1 per channel.
Consent management is handled in the account settings, where the date, time and source of consent are recorded. To check their status, a player may submit an access request (request for access to consent records) and, if necessary, submit a correction request (adjustment of selected communication settings).
6.Cookies, tracking and analytics on the casino website
The https://vega-zone.bet/ website uses cookies and tracking technologies (technologies for storing small files in the browser to record user settings and actions) on each visit, unless cookie storage is disabled in the browser. The average number of cookies set does not exceed 30 per session, and their lifetime ranges from 1 minute to 730 days, depending on their purpose.
Some cookies are strictly necessary and are used for logging in to the account, saving the selected currency and maintaining an active session for no longer than 24 consecutive hours. A separate group is responsible for analytics of site traffic, including counting the number of unique visitors over 1 day, 7 days and 30 days.
To maintain confidentiality, information security measures are applied, including encryption of transmission channels, role-based access limitation for a maximum of 10 employees, and daily automatic deletion of technical logs that do not require further analysis.
List of cookie types:
- strictly necessary for authorisation
- functional for interface settings
- analytical for website usage statistics
- advertising for measuring campaign effectiveness
7. Disclosure to third parties and cross-border data transfer
Personal data may be processed outside the player’s country of residence to the extent necessary for settlement and account support. When cross-border data transfer is used (transfer of data outside the national jurisdiction via secure communication channels), information may be stored simultaneously in at least 2 and no more than 5 data centres in different countries.
For turnover and load analytics, anonymised statistics are generated, where account identifiers are removed and the minimum sample size is 50 records per reporting period. For some operations, pseudonymisation is used, where real details are replaced with technical codes 8 to 32 characters long.
Contractors processing data are required to use fraud prevention tools, including automatic filters for abnormal transactions and logging of all data access with accuracy of at least 1 second.
8. Data retention periods and archiving
The retention period is set separately for each data category and is recorded as a retention period (a formally approved period during which data is available in production systems or in the archive). For registration details, the minimum retention period is 5 years from the date of the last login; for financial information, 7 years from the date of the last transaction using the relevant payment method.
After these periods expire, data is moved to an archive with restricted access, where it is processed for no longer than 3 years, unless otherwise required by mandatory regulations. Access to the archive is granted only to employees with confirmed rights of at least level 2 in the internal access system.
When requesting a copy of their data, a player may exercise the right to data portability, under which the export is generated in a machine-readable format no later than 30 days from identity verification.
Main retention periods:
- registration data: 5–8 years
- payment transactions: 7–10 years
- customer support records: 3–5 years
- technical security logs: 1–3 years
9. Information security and technical protection measures
The Vegazone security system is built around the principle of staged protection of the player’s account and communication channels. The basic set includes role-based access control, activity logs and daily backups performed at least once every 24 hours. For each player, account security parameters (a combination of settings that protect the account against unauthorised access) are recorded at registration and may be updated an unlimited number of times on request.
An encryption protocol with a key length of at least 128 bits and regular key rotation at least once every 90 days is used for data transmission.
Data breach response is implemented according to an internal procedure setting maximum timeframes of up to 24 hours for initial incident assessment and up to 72 hours for technical containment.
10. Player rights regarding personal data and request procedures
Players exercise their privacy rights by contacting Vegazone customer support. Each request is processed in 3 stages: receipt, identity verification and response. The standard review period is between 7 and 30 calendar days, depending on the volume of data and the complexity of the request.
An access request (a request for access to data, including a list of stored categories and their sources) is made via the contact details provided on the website, with up to 2 requests per year processed free of charge.
A correction request allows rectification of inaccurate information, such as email or address, subject to confirmation of the new details using documents issued no more than 6 months ago.
An erasure request is considered with regard to mandatory retention periods where financial or tax reporting requirements apply.
Data portability is available as a structured file sent to the player’s email or to another recipient as explicitly instructed in writing by the player.
Main steps for the player:
- specify the type of request
- verify identity
- receive the result within the specified timeframe
11. Complaints, disputes and interaction with supervisory authorities
The complaint handling system (a procedure for registering, classifying and reviewing player enquiries and complaints using formal stages and timeframes) at Vegazone is built on a single standard. Each enquiry receives a unique number, registration date and time accurate to 1 minute, and a processing status updated at least once every 24 hours.
If a dispute relates to transactions, information is checked against the audit log, where each operation has an amount, currency, time and technical execution result recorded. In complex cases, a separate risk assessment is carried out with the involvement of at least 2 employees from different departments.
Where necessary, the player is informed of their right to contact the relevant regulatory authority if internal resolution does not settle the matter within 30 calendar days.
To protect data contained in complaints, information security measures are applied, including access segregation, encryption of communication channels and storage of the complaints archive for 3–5 years.
12. Policy updates, notifications and Vegazone contacts
The Vegazone online casino privacy Policy is reviewed whenever data processing procedures change, and at least once every 12 months. When changes are made, the revision date at the bottom of the https://vega-zone.bet/ webpage is updated, and key changes do not take effect earlier than 7 calendar days from publication, except where the law requires a shorter period.
The company acts as a data controller (the entity that determines the specific purposes, scope and timing of personal data processing) and records the date of acceptance of the Policy at the registration of each account.
Updates affecting marketing channels are reflected in the consent management system, and the player may use the opt-out mechanism via account settings or by contacting support. Questions regarding data and the text of the Policy are sent to the support email, and complaints are lodged under the complaint handling procedure, with each enquiry registered and assigned a number within 1 business day.
Key contacts for players:
- Customer support: [email protected]
- Website: https://vega-zone.bet/
- Channel availability: 24/7