burger icon
Leon Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how Leon Casino, operated through the website betleon-au.com ("Site"), collects, uses, discloses, and protects personal data of its users. It applies to registered players, visitors to the Site, and individuals who contact us or interact with our services in any way. By using the Site, creating an account, or otherwise providing personal data, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective from 1 January 2026 and replaces any previous versions published on the Site.

Who We Are

The online gambling services available via betleon-au.com under the Leon Casino project ("Leon Casino", "we", "us", "our") are operated by:

  • Operating company: Moonlite N.V.
  • Legal form: Naamloze Vennootschap (N.V.)
  • Registered address: Schout Bij Nacht Doormanweg 40, Curaçao
  • Gambling licence: Sub-licence under Master Licence No. 8048/JAZ2016-028 issued by Antillephone N.V., Curaçao

Moonlite N.V. is the primary data controller for personal data processed in connection with Leon Casino and betleon-au.com. In some cases, our payment processing partners act as separate or joint controllers for payment-related data:

  • SafeGate Limited, Gibraltar - payment processing (including AUD)
  • Covimal Limited, Cyprus - payment processing (including AUD)

Data protection contact

We have designated a data protection contact point (data protection officer or equivalent) responsible for privacy matters:

  • Email: [email protected]
  • Postal: Data Protection Officer, Moonlite N.V., Schout Bij Nacht Doormanweg 40, Curaçao

For general support (including account-related issues) you may also use the contact channels provided within your Leon Casino account or on the Site.

What Personal Data We Collect

Identification and contact data

  • Basic registration data: full name, username, password, date of birth, country of residence.
  • Contact details: email address, telephone number, postal address (where provided).
  • KYC / verification data: copies or details of identity documents (e.g. passport, driver licence), proof of address, selfies or video verification, source-of-funds/source-of-wealth documentation as required under our KYC/AML policy.

Technical and usage data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, time zone, referrer URL.
  • Usage and log data: pages viewed, clickstream, access times and dates, session duration, login/logout records, error logs, and similar diagnostic data.
  • Network and security data: information about VPN/proxy usage, unusual connection patterns, and device fingerprinting data used to prevent fraud, enforce geo-restrictions, and ensure compliance with our Terms (including restrictions on masked IP addresses).

Payment and transactional data

  • Payment method details: limited card information (such as card type and last four digits), e-wallet identifiers, bank transfer details, crypto wallet addresses, payment reference numbers.
  • Financial transactions: deposits, wagers, wins, losses, bonuses, withdrawals, chargebacks, refunds, and related accounting information.

Behavioral and profile data

  • Gaming activity: betting history, stakes, games played, session duration, tournament participation, bonus usage, and risk parameters used to detect problem gambling and fraud.
  • Preference data: language preferences, content preferences, notification and marketing preferences.
  • Responsibility and compliance data: self-exclusion details, limits set, interactions with responsible gambling tools, and records of compliance checks.

Cookies and similar technologies

  • Cookies: small text files stored on your device to recognize you, maintain your session, and remember preferences.
  • Similar technologies: web beacons, pixels, local storage, and tag technologies used for analytics, fraud prevention, and advertising where applicable.

More details about cookies and how to manage them are provided in the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

Because Leon Casino serves players in multiple jurisdictions, we rely on a combination of legal bases for processing personal data, including principles derived from the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), and comparable international frameworks, to the extent they apply.

  • Performance of a contract: We process data necessary to:
    • create and manage your Leon Casino account;
    • provide casino and betting services, calculate bets, settle payouts, and manage bonuses;
    • provide customer support and handle complaints or disputes.
  • Compliance with legal obligations: We process your data to:
    • meet anti-money laundering (AML), counter-terrorist financing, and "Know Your Customer" (KYC) requirements;
    • respect gambling regulations and licensing conditions in Curaçao and any other relevant jurisdiction;
    • comply with record-keeping, tax, and reporting obligations.
  • Legitimate interests: Where our interests are not overridden by your rights, we process data to:
    • maintain the security and integrity of our services, including fraud detection, account verification, and prevention of bonus abuse;
    • monitor system performance, troubleshoot, and develop new features;
    • defend legal claims and manage risk, including dealing with regulatory inquiries and disputes;
    • conduct internal analytics and aggregated reporting.
  • Consent: In specific cases we rely on your consent, such as:
    • sending electronic marketing communications (email, SMS, push notifications) where required by law;
    • using certain non-essential cookies and similar technologies for advertising and detailed behavioural profiling;
    • processing special categories of data (if ever relevant) only where permitted and necessary.
    You may withdraw your consent at any time as described below, without affecting the lawfulness of prior processing.

Purpose of Processing

We use personal data for clearly defined purposes, including:

  • Service provision: to register and authenticate users, operate accounts, process deposits and withdrawals, offer games, calculate and pay winnings, and provide customer support.
  • Service improvement and optimisation: to monitor performance, analyse usage trends, test new features, and improve the user experience, game offering, and platform stability.
  • Risk management, security, and fraud prevention: to verify identity, detect and prevent money laundering, payment fraud, bonus abuse, multi-accounting, use of prohibited VPN/masked IP access, and other breaches of our Terms and Conditions.
  • Legal and regulatory compliance: to perform age verification, maintain required transaction and audit records, cooperate with regulators, and comply with orders from competent authorities.
  • Marketing and personalisation: to send promotional offers, bonuses, newsletters, and personalised content relating to Leon Casino where permitted, and to tailor our communications and content based on your preferences and behaviour.
  • Analytics and reporting: to compile aggregated statistics, measure the effectiveness of our campaigns, and support business planning and responsible gambling initiatives.
  • Dispute resolution and enforcement: to investigate and resolve complaints, enforce our Terms and Conditions, and defend or advance our legal interests in case of disputes.

Disclosure & Sharing

We do not sell your personal data. We may, however, share it with carefully selected third parties for the purposes set out in this Privacy Policy, always subject to appropriate safeguards.

Service providers and processors

  • Payment processors and banks: including SafeGate Limited (Gibraltar) and Covimal Limited (Cyprus), card schemes, payment gateways, crypto payment processors, and banking intermediaries that process deposits, withdrawals, and related financial transactions.
  • IT, hosting, and security providers: providers of cloud hosting, data storage, DDoS protection, content delivery networks, monitoring services, and security tools that help keep the Site and systems operational and secure.
  • Verification and AML partners: identity verification services, KYC/AML screening tools, sanctions and PEP screening providers, address verification services, and fraud prevention networks.
  • Communication services: email service providers, SMS gateways, and ticketing systems used to deliver messages and manage customer support.

Affiliates, marketing, and analytics partners

  • Affiliate partners: we may share limited data (such as account activity and conversions) in pseudonymised or aggregated form to verify affiliate performance and prevent fraud.
  • Analytics and advertising networks: where permitted by law and subject to your cookie and marketing preferences, we may allow third-party analytics tools and advertising networks to collect information about your Site usage via cookies and similar technologies.

Regulators, authorities, and dispute bodies

  • Regulators and law enforcement: gambling regulators in Curaçao (including Antillephone N.V. and relevant governmental bodies), financial intelligence units, tax authorities, police, courts, and other authorities when required by law or necessary to protect our rights or those of others.
  • Alternative dispute resolution (ADR): where a dispute is escalated through an ADR body such as the Certria / Antillephone N.V. dispute portal at https://certria.com/pass/check/, we may share relevant account and transaction data required to resolve the complaint.

Corporate transactions and other disclosures

  • Corporate restructuring: in connection with a merger, acquisition, sale of assets, or similar transaction, your data may be transferred to prospective or actual purchasers, subject to confidentiality and applicable law.
  • Professional advisers: lawyers, auditors, consultants, and accountants who provide professional services to us and are bound by confidentiality obligations.
  • With your consent: we may share your data with other third parties when you have given explicit consent for a specific purpose.

International Transfers

As an offshore online gambling operator, we process and store data in multiple jurisdictions. Your personal data may be transferred to, and stored in, countries outside of your country of residence, including:

  • Curaçao: where Moonlite N.V. is established and core operational systems may be hosted or accessible.
  • Gibraltar and Cyprus: where key payment processing partners are located.
  • Other countries: where our technical, cloud, analytics, and support providers operate, which may include locations within and outside the European Economic Area (EEA) and the United Kingdom.

When transferring personal data internationally, we take appropriate measures to protect it, which may include:

  • using standard contractual clauses or equivalent contractual safeguards where required for transfers from the EEA/UK or other regions with transfer restrictions;
  • implementing robust technical and organisational security measures (such as encryption, access controls, and pseudonymisation) to reduce risk;
  • limiting access to your data to personnel and service providers who need it for legitimate purposes and are bound by confidentiality obligations.

By using Leon Casino and betleon-au.com, you acknowledge that your data may be processed in these countries, which may have different data protection laws than your home jurisdiction, but that we will protect your data as described in this Privacy Policy.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal and regulatory obligations (including AML/KYC requirements), to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the category of data and applicable law.

Category of data Typical retention period Reason / criteria
Account and identification data (KYC) Up to 5 - 7 years after account closure Required for AML, fraud prevention, regulatory compliance, and legal defence.
Transaction and gaming history Up to 7 years after the relevant transaction or account closure Accounting, tax, regulatory reporting, dispute resolution, and responsible gambling analysis.
Technical logs and security data Typically 1 - 3 years Security monitoring, fraud detection, system diagnostics, and abuse prevention.
Marketing and communications data Until you withdraw consent or object, and generally no more than 5 years after your last activity Managing preferences, demonstrating compliance with consent requirements, and keeping records of opt-outs.
Complaint and dispute records Up to 5 - 7 years after resolution Evidence for legal claims, regulatory inquiries, and internal audit purposes.

When the applicable retention period expires, or when data is no longer required for the stated purposes, we will either securely delete, anonymise, or aggregate the data so that it can no longer be linked to you, unless further retention is required by law or reasonably necessary to protect our legitimate interests (for example, in ongoing litigation).

Your Rights

We respect your rights in relation to your personal data. Because we interact with users from different regions, we structure our approach in line with international standards, including the GDPR and Mexican privacy law, to the extent applicable. These rights apply in addition to any specific protections provided under the Australian Privacy Act and Australian Privacy Principles, where they apply to you.

Core rights (all users, subject to law)

  • Right of access: You can request confirmation whether we process your personal data and obtain a copy of your data, together with information about how we use it.
  • Right to rectification: You can request that we correct or complete inaccurate or incomplete data. In many cases you can update certain details directly in your account settings.
  • Right to deletion / cancellation: You can request deletion of your personal data where:
    • the data is no longer necessary for the purposes for which it was collected;
    • you have withdrawn consent (where consent was the sole legal basis); or
    • you have objected to processing and there are no overriding legitimate grounds.
    We may retain data where required by law (e.g. AML, tax, regulatory obligations) or where necessary for legal claims.
  • Right to restriction: You may request that we restrict processing in certain circumstances, for example while we verify contested data.
  • Right to object: You can object to processing based on our legitimate interests, including profiling for those interests. You always have the right to object to direct marketing.
  • Right to data portability: Where technically feasible and legally required (e.g. under GDPR), you may request that we provide personal data you have given us in a structured, commonly used, machine-readable format or transfer it to another controller.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time, for example by adjusting your marketing and cookie preferences.

GDPR alignment (EEA / UK users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you may have additional statutory rights under the GDPR and UK GDPR, which generally correspond to the rights listed above (access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority). We treat GDPR-aligned requests with the same priority even though our main establishment is in Curaçao.

Mexican privacy law alignment (LFPDPPP - ARCO rights)

If you are in Mexico, the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) recognises the ARCO rights: Access, Rectification, Cancellation, and Opposition. We align our practices with these principles to the extent applicable:

  • Access: obtain confirmation and details of your personal data we hold.
  • Rectification: correct inaccurate or incomplete data.
  • Cancellation: request that we cancel (delete) your data when it is no longer necessary, subject to legal retention obligations.
  • Opposition: object to certain processing, for example for marketing or profiling, on legitimate grounds.

How to exercise your rights

  1. Submit a request: Contact us via [email protected] or through the dedicated privacy/contact options in your account, clearly stating:
    • your full name and registered email;
    • the right(s) you wish to exercise; and
    • any relevant account or reference numbers.
  2. Verification: For security, we may ask you to verify your identity (for example by logging into your account or providing additional information) before acting on your request.
  3. Response time: We aim to respond to all valid requests without undue delay and generally within 30 days of receipt. If your request is complex or we receive multiple requests, we may extend this period as permitted by law, and we will inform you of any extension.
  4. Fees: Requests are handled free of charge. We may charge a reasonable fee or refuse to act only where a request is manifestly unfounded or excessive, in accordance with applicable law.

Cookies & Tracking Technologies

We use cookies and similar technologies on betleon-au.com to ensure the Site functions properly, to improve performance, and to support marketing activities where permitted.

Types of cookies we use

  • Strictly necessary (session) cookies: These are essential for the operation of the Site and your account. They maintain your login session, support payment flows, and enable security features. They are typically deleted when you close your browser.
  • Persistent preference cookies: These remember your choices and settings (such as language, region, or preferred view) so that you do not need to configure them each time you visit.
  • Analytics and performance cookies: These help us understand how visitors use the Site (for example, which pages are visited most often) so we can improve functionality and user experience. Data is usually aggregated and does not directly identify you.
  • Advertising and targeting cookies: Where enabled and permitted by law, these cookies help deliver relevant advertising and measure the effectiveness of our marketing campaigns, including via third-party networks.
  • Third-party cookies: Some cookies are set by third parties (such as analytics providers or affiliate tracking partners) when you interact with their services on or via our Site.

Managing cookies

  • Browser settings: Most web browsers allow you to block, delete, or configure cookies. Check your browser's "Help" or "Settings" section for instructions. Blocking some cookies may affect the functionality of Leon Casino and prevent you from using certain features (e.g. staying logged in, completing payments).
  • On-site tools: Where available, you can adjust your cookie preferences via our cookie banner or settings panel on the Site, enabling or disabling non-essential cookies.
  • Do Not Track: Our systems may not respond to all browser "Do Not Track" signals, but you can still manage cookies as described above.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration, or destruction, taking into account the nature of the data and the risks of online gambling operations.

  • Encryption in transit: Data transmitted between your device and betleon-au.com is protected using industry-standard Transport Layer Security (TLS 1.2 or higher), helping prevent interception or tampering.
  • Access controls: Access to personal data is limited to authorised personnel and service providers who require it for legitimate purposes, subject to strict access control, authentication, and logging procedures.
  • Data protection by design: We apply security and privacy-by-design principles when developing and maintaining systems, including role-based access, segregation of duties, and minimisation of stored data.
  • Infrastructure security: We use reputable hosting and cloud providers, firewalls, intrusion detection and prevention tools, DDoS mitigation, and regular patching to protect our infrastructure.
  • Monitoring, testing, and audits: We monitor systems for suspicious activity, perform internal reviews, and engage in ongoing risk assessment. Where relevant, we seek to align with recognised information security standards such as ISO 27001/SOC 2 through our own controls or those of our service providers.
  • Staff awareness and confidentiality: Employees and contractors handling personal data are subject to confidentiality obligations and receive appropriate training on data protection and security.
  • Incident response: We maintain procedures to detect, investigate, and respond to data breaches or security incidents. Where required by law, we will notify you and/or relevant authorities of a qualifying personal data breach without undue delay.

While we strive to protect your data, no method of transmission or storage is completely secure. You are also responsible for maintaining the confidentiality of your login details and for using unique, strong passwords for your Leon Casino account.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal data in connection with Leon Casino and betleon-au.com, you have several ways to contact us and, if needed, escalate your complaint.

Contacting us

  • Privacy-specific contact: [email protected]
  • Postal: Data Protection Officer, Moonlite N.V., Schout Bij Nacht Doormanweg 40, Curaçao
  • Online forms: You may also use the relevant contact or support forms available on the Site (including those on our responsible gaming pages) to reach us; your request will be directed to the appropriate team.

Internal complaint procedure

  1. Submit your complaint: Provide a clear description of your concern, the data or processing activities involved, and any supporting evidence (such as screenshots or correspondence).
  2. Acknowledgement: We will acknowledge receipt of your complaint within a reasonable time after receiving it via email or the channel you used.
  3. Investigation: We will review your complaint, consult relevant internal teams (such as security, compliance, or customer support), and may contact you for additional information if needed.
  4. Outcome: We aim to provide a substantive response or resolution within 30 days of receiving your complaint. If your complaint is complex or involves external parties, we may need additional time, in which case we will keep you informed of progress.

Escalation to supervisory or regulatory authorities

If you are not satisfied with our response, or you believe that your data protection rights have been infringed, you may have the right to lodge a complaint with a relevant supervisory authority. Depending on your location, this may include:

  • Australia: Office of the Australian Information Commissioner (OAIC) - see https://www.oaic.gov.au for complaint procedures under the Privacy Act 1988 (Cth).
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - see https://home.inai.org.mx for information on lodging ARCO-related complaints under the LFPDPPP.
  • EEA / EU: Your local Data Protection Authority - a list of authorities is available via the European Data Protection Board (EDPB) at https://edpb.europa.eu.
  • United Kingdom: Information Commissioner's Office (ICO) - see https://www.ico.org.uk.

For gambling-specific disputes (such as game outcomes or withdrawals) separate from privacy matters, you may also use the dispute resolution/ADR route indicated in our Terms and Conditions and via the Certria / Antillephone portal at https://certria.com/pass/check/, which may involve sharing necessary personal and transactional data with that body.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data processing practices for Leon Casino and betleon-au.com.

How we will notify you

  • Website publication: The latest version of this Privacy Policy will always be available on betleon-au.com, with a "Last updated" date.
  • Email notifications: For material changes (for example, significant changes to the types of data we collect or the purposes for which we use it), we will, where feasible, notify registered users by email sent to the address associated with their account.
  • On-site notices: We may display prominent banners, pop-ups, or account dashboard alerts to inform you of key updates.

Effective date of changes and your options

  • Advance notice: Where required by law or appropriate given the nature of the change, we will aim to give you at least 30 days' notice before material changes take effect.
  • Continued use: If you continue to use betleon-au.com after the updated Privacy Policy becomes effective, your continued use will be treated as acceptance of the updated terms.
  • Right to object or close account: If you do not agree with the updated Privacy Policy, you may object to certain processing where permitted by law, adjust your preferences (for example, marketing and cookies), or close your account and request deletion of your data, subject to our legal retention obligations.

Last updated: February 2026