burger icon
Lucky Elf Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how Lucky Elf Casino on luckyelf-au.com ("Lucky Elf Casino", "Lucky Elf Casino", "we", "us", "our") collects, uses, discloses, and protects your personal information when you visit our websites, create an account, or use our casino services. It applies to players and visitors who access our services from Australia and other locations where we are lawfully accessible. By using our services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is designed to meet the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and to be broadly aligned with international standards such as the EU General Data Protection Regulation (GDPR) and relevant Mexican data protection rules where they may apply to users located in those regions.

Effective date: 21 February 2026

Who We Are

Operator: Lucky Elf Casino is owned and operated by Hollycorn N.V., a company incorporated under the laws of Curaçao.

  • Legal entity: Hollycorn N.V.
  • Registration number: 144359
  • Registered address: Scharlooweg 39, Willemstad, Curaçao
  • Gaming licence: 8048/JAZ2019-015 issued by Antillephone N.V. (Curaçao)

For certain payment and billing operations, Hollycorn N.V. is assisted by its subsidiary:

  • Legal entity: Libergos Limited
  • Registration number: HE 371971
  • Jurisdiction: Cyprus

This Privacy Policy applies to the Australian-facing website and related services available at https://luckyelf-au.com and any official mirror domains currently in use (including https://luckyelf2.com and https://luckyelf3.com), to the extent they direct users to the same casino environment for Australian players.

Data Protection Contact

We have appointed an internal privacy/contact point responsible for overseeing questions in relation to this Privacy Policy.

  • Data protection / privacy contact: Privacy Officer, Hollycorn N.V.
  • Email: [email protected] (primary contact for privacy and complaints)
  • Postal address (operator): Hollycorn N.V., Scharlooweg 39, Willemstad, Curaçao

You may also reach us via the 24/7 live chat interface on the website ("Elf Assistant") for basic queries. For formal privacy requests (access, correction, deletion, complaints), please always use email or written correspondence so we can properly document and respond to your request.

What Personal Data We Collect

We collect only the personal information that is reasonably necessary for us to operate an online casino, comply with our legal and licensing obligations, and improve our services. Depending on how you use our services, we may collect the following categories of data.

Identification and Contact Data

  • Full name, date of birth, and gender (where provided)
  • Residential address and country of residence
  • Email address and telephone number
  • Copies or details of identification documents (e.g. passport, driver licence, national ID) for KYC/AML checks
  • Proof of address documents (e.g. utility bill, bank statement)

Account and Usage Data

  • Username, password (stored in encrypted form), and account preferences
  • Account status, verification status, responsible gambling settings (limits, self-exclusion)
  • Communication history with our support team (live chat transcripts, emails)
  • In-site interactions such as pages viewed, clicks, and navigation paths

Technical and Device Data

  • IP address and approximate geolocation (country/region level)
  • Device identifiers, device type, operating system, browser type and version
  • Language settings, time zone, and connection attributes
  • Log files related to access, login, and security events (e.g. failed logins, session timeouts)

Payment and Transaction Data

  • Payment method details (e.g. masked card numbers, PayID identifiers, e-wallet or crypto transaction references)
  • Deposit and withdrawal history, including amounts, currencies (e.g. AUD), timestamps, and payment provider used
  • Financial verification data (such as ownership of payment method) where required for AML/KYC purposes

We do not store full card PANs or CVV codes on our own systems; these are processed by our authorised payment processors and/or banking partners.

Gaming and Behavioural Data

  • Game play history, including games played, duration of sessions, stakes, wins and losses
  • Bonus and promotion usage, including wagering activity and redemption history
  • Risk and behavioural indicators we observe (for example, rapid play patterns or unusual transaction patterns) used to support responsible gambling and anti-fraud monitoring

Cookies and Similar Technologies

  • Session cookies to maintain your login session and security status
  • Persistent cookies to remember preferences (language, saved settings) and recognise returning users
  • Analytics cookies (first-party and selected third-party) to measure site performance and usage
  • Advertising and tracking cookies where you have consented, to measure marketing campaigns and tailor offers
  • Other tracking technologies such as web beacons, pixels, and device fingerprinting used for security, anti-fraud and analytics

We do not knowingly collect personal information from any person under the age of 18. If we discover that a minor has created an account, we will take steps to close the account and delete or anonymise the relevant personal data, subject to legal retention obligations.

Legal Basis for Processing

Because we serve players in multiple jurisdictions and operate from Curaçao with payment processing in Cyprus, we apply a layered legal approach to personal data handling. For Australian players, our primary framework is the Privacy Act 1988 (Cth) and the Australian Privacy Principles; for users in the EU/EEA and Mexico, we also take into account GDPR and local data protection rules. In practice, our main legal bases are:

Contractual Necessity

  • To create and manage your Lucky Elf Casino account on luckyelf-au.com
  • To provide you with gambling services, process deposits and withdrawals, and settle bets
  • To verify your identity where required for access, payouts, and anti-fraud measures
  • To communicate essential information about your account, transactions, and service changes

Compliance with Legal and Regulatory Obligations

  • To satisfy KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations arising under our Curaçao licence and generally applicable international standards
  • To comply with record-keeping, reporting, and audit requirements imposed by our regulator (Antillephone N.V.), financial institutions, and applicable laws
  • To respond to lawful requests and orders from law enforcement or regulators

Legitimate Interests

We process certain personal data on the basis that it is necessary for our legitimate interests (balanced against your rights and expectations), such as:

  • Securing our systems, preventing fraud, abuse, and cheating
  • Detecting and managing problem gambling patterns and enforcing responsible gambling tools
  • Improving and optimising our website, game offerings, and user experience
  • Measuring the effectiveness of our marketing (within the bounds of applicable consent rules)

Consent

  • For optional marketing communications by email, SMS, push notifications, or other electronic means
  • For the use of non-essential cookies and tracking tools (e.g. certain advertising or third-party analytics cookies)
  • For any processing that is not strictly required for contract performance, legal obligations, or our legitimate interests

You may withdraw your consent at any time, for example by adjusting your marketing preferences in your account settings or by using unsubscribe links in our messages. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Purpose of Processing

We use your personal data only for specific purposes that we explain to you. These include:

  • Providing and operating casino services: creating and maintaining your account, verifying your identity, enabling gameplay, processing deposits and withdrawals, recording wagers and outcomes, and providing customer support.
  • Compliance and risk management: fulfilling KYC/AML obligations, verifying age and eligibility, preventing fraud, money laundering, bonus abuse, and other prohibited conduct, and meeting licensing and audit requirements.
  • Responsible gambling: monitoring gameplay behaviour to identify potential problem gambling, administering self-exclusion and player-set limits, and offering assistance or interventions where appropriate.
  • Service improvement and analytics: analysing site and app usage, game performance, and customer feedback to improve usability, fix technical issues, develop new features, and optimise our offerings for Australian players.
  • Marketing and personalisation: sending newsletters and promotional offers (where permitted), tailoring content and bonuses to your profile and preferences, and measuring the success of campaigns and affiliates.
  • Security and integrity: protecting our platforms and users by detecting suspicious logins, bots, collusion, account sharing, or other behaviour that may compromise fairness or security.
  • Legal defence and enforcement: establishing, exercising, or defending legal claims, handling disputes and complaints, enforcing our Terms & Conditions and Bonus Terms, and managing chargebacks or payment disputes.

Disclosure & Sharing

We do not sell your personal information. However, to run Lucky Elf Casino effectively and lawfully, we may disclose your data to selected third parties under contracts that protect your privacy and limit use of your information.

Service Providers and Business Partners

  • Payment processors and banks: to process deposits, withdrawals, and refunds, and to conduct fraud checks and AML screenings.
  • Game providers and platform vendors: to enable gameplay, manage jackpots, and provide the underlying casino platform and RNG systems.
  • IT and security providers: hosting providers, cloud infrastructure, content delivery networks, DDoS protection, and security/monitoring tools.
  • Customer support tools: live chat platforms and ticketing systems used to manage your support interactions.
  • Analytics and performance tools: to understand how users interact with our site and to improve performance, subject to cookie and consent settings.

Regulators, Authorities, and Legal Recipients

  • Our licensing authority in Curaçao (Antillephone N.V.) and other relevant oversight bodies, in line with licensing requirements.
  • Law enforcement agencies, courts, and governmental authorities, where disclosure is required by law, regulation, or valid legal process, or where we reasonably believe it is necessary to protect our rights, property, or safety or that of others.
  • Financial institutions and payment networks, in relation to investigations of fraud, chargebacks, or suspicious transactions.

Affiliates and Marketing Partners

  • Affiliate partners: we may share aggregated or pseudonymised information to verify traffic, conversions, and commission calculations.
  • Advertising networks and marketing platforms: where you have consented to cookies and similar tracking technologies, we may share limited identifiers (such as cookie IDs or hashed email addresses) with advertising partners to measure campaigns or deliver targeted promotions.

Corporate Transactions

If we are involved in a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction, subject to confidentiality obligations and consistent protection standards. In such cases, we will take reasonable steps to inform you of any material changes in the handling of your personal information.

International Transfers

As an offshore online casino serving Australian players, your personal data may be transferred to, stored in, or accessed from countries outside your home country. These may include:

  • Curaçao: where Hollycorn N.V. is incorporated and licensed, and where core operational systems are administered.
  • Cyprus and other EEA countries: where Libergos Limited and certain payment or service providers are established.
  • Other countries: where our technical, support, or analytics partners host their services, which may include data centres in the EU/EEA, the United Kingdom, or other regions.

We take appropriate safeguards to protect personal information when it is transferred internationally, including:

  • Using contracts with service providers that require them to protect your data and use it only for specified purposes (including clauses similar to standard contractual clauses recognised under EU law, where relevant).
  • Limiting access to personal information to those who need it for legitimate operational purposes, with role-based access controls.
  • Applying encryption in transit and at rest wherever reasonably practicable.
  • Performing risk assessments and due diligence on key third-party providers, especially where they are located outside Australia or the EEA.

We do not rely on the former EU - US Privacy Shield framework as a legal mechanism for data transfers.

Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, and to meet legal, regulatory, and accounting requirements. Retention periods vary depending on the type of information and the context of collection.

Category of data Typical retention period Primary criteria
Account profile (name, contact details, account settings) For the life of the account and up to 5 years after closure Contract management, dispute resolution, regulatory requirements
KYC/AML documentation (ID, proof of address, verification records) At least 5 years after account closure or final transaction, and longer if required by applicable AML or licensing rules Compliance with AML/KYC obligations and audit requirements
Transaction and gameplay history At least 5 years after the relevant transaction, and up to 7 years where required for tax, accounting, or regulatory purposes Regulatory reporting, financial reconciliations, disputes
Customer support communications Up to 5 years after the issue is resolved Quality control, training, evidence in case of disputes
Marketing preferences and consents Until you withdraw consent or your account is closed, plus a short period to record the withdrawal Evidence of consent and unsubscribes
Cookies and analytics identifiers From end of session to up to 24 months, depending on cookie type Technical necessity, analytics requirements, browser settings

When personal data is no longer required, we will either securely delete it or irreversibly anonymise it. In some cases, we may retain limited information (such as a record of self-exclusion or serious fraud) for longer periods where this is necessary to protect you, us, or others from future harm or to comply with outstanding legal obligations.

Your Rights

We are committed to respecting your privacy rights. For Australian players, these rights are primarily grounded in the Privacy Act 1988 (Cth) and the Australian Privacy Principles. For users located in the European Union/EEA or Mexico, additional rights under the GDPR and Mexican data protection regulations may also apply. In practice, and subject to certain limitations, we provide the following rights to all users:

Right of Access

  • You may request confirmation of whether we hold personal information about you and obtain a copy of that information in a reasonably intelligible form.
  • We will also provide additional details such as the purposes of processing, categories of data, and main types of recipients, subject to legal and security constraints.

Right to Correction (Rectification)

  • You may request that we correct any inaccurate or incomplete personal information we hold about you.
  • Where appropriate, you can update certain information directly in your account settings on luckyelf-au.com.

Right to Deletion (Erasure)

  • You may request deletion of your personal information where it is no longer needed for the purposes for which it was collected, where you withdraw consent (and there is no other legal ground), or where you believe the processing is unlawful.
  • We may need to retain certain information despite your request, for example to comply with KYC/AML obligations, enforce our Terms & Conditions, resolve disputes, or meet accounting and regulatory requirements.

Right to Restrict or Object to Processing

  • You may request that we restrict processing of your data (for example, while we verify its accuracy or our grounds for processing).
  • Where our processing is based on legitimate interests or involves direct marketing, you may object at any time. We will then cease the relevant processing unless we have compelling legitimate grounds or legal obligations to continue.

Right to Data Portability (where applicable)

  • Where technically feasible and relevant (for example, for transactional data processed by automated means), you may request a copy of certain personal data in a structured, commonly used and machine-readable format.
  • This right is more closely associated with GDPR and similar regimes; for Australian players we provide it on a good-faith, reasonable efforts basis.

Right to Withdraw Consent

  • Where we rely on your consent (for example, for marketing communications or certain cookies), you may withdraw this consent at any time via your account settings, through cookie tools, or using the unsubscribe options in our messages.
  • Withdrawal will not affect processing that has already occurred, but we will update our records promptly to reflect your preferences going forward.

How to Exercise Your Rights

  1. Submit your request: Send an email to [email protected] with:
    • Your full name and username
    • The country from which you are accessing the service
    • A clear description of the right you wish to exercise and the data concerned
  2. Verification: We may request additional information (for example, ID verification or security questions) to confirm your identity and ensure that we are dealing with the correct account holder.
  3. Response time: We aim to respond to all valid requests within 30 days. If your request is complex or we receive multiple requests, we may extend this period, but we will inform you of the extension and explain why it is needed.
  4. Fees: We will not charge you for making a normal request. However, where a request is manifestly unfounded or excessive (for example, repeated requests), we may charge a reasonable fee or refuse to act, as permitted by law.

In some circumstances, we may be unable to fully grant your request (for example, where doing so would interfere with law enforcement, breach confidentiality, or prevent us from meeting legal obligations). Where this happens, we will explain our reasons, subject to applicable restrictions.

Cookies & Tracking Technologies

Cookies and similar technologies help us operate Lucky Elf Casino efficiently, keep your sessions secure, and provide a smooth gaming experience tailored to your preferences.

Types of Cookies We Use

  • Strictly necessary (session) cookies: These are essential for the operation of our website, enabling core functions such as login, account management, transaction processing, and security checks. They are usually deleted when you close your browser.
  • Functional (persistent) cookies: These remember your preferences (language, display settings, saved details where permitted) and help us recognise you when you return, improving convenience and usability.
  • Analytics cookies: These collect aggregated information about how visitors use our site (pages visited, time spent, errors encountered). We use this information to improve performance and usability. Analytics cookies may be provided by us or by selected third parties.
  • Advertising and tracking cookies: With your consent, these cookies track your interactions with our site and marketing materials to help us understand the effectiveness of our campaigns and, where applicable, to tailor promotions and bonuses to your interests.

Managing Cookies

  • You can manage cookies through your browser settings by blocking or deleting some or all cookies. Most browsers allow you to:
    • View which cookies are currently stored
    • Block third-party cookies
    • Delete cookies when you close the browser
  • Some features of our site (including secure login and gameplay) rely on essential cookies. If you block these, the site may not function properly, and you may be unable to use certain services.
  • Where we offer an internal cookie or privacy settings panel, you can use it to adjust your preferences for non-essential cookies (such as analytics or advertising cookies) at any time.

Data Security

We take the security of your personal information seriously and implement a combination of technical, organisational, and procedural safeguards designed to protect it from unauthorised access, use, disclosure, alteration, or destruction.

Technical Measures

  • Encryption in transit: Data transmitted between your device and our servers is protected using TLS 1.2+ or equivalent, helping to safeguard your information from interception.
  • Encryption at rest: Sensitive data elements are stored using encryption or other appropriate pseudonymisation techniques where technically and operationally feasible.
  • Secure authentication: We use secure password hashing and encourage strong passwords. Where available, we may offer additional authentication options to enhance account security.
  • Network and system security: Firewalls, intrusion detection/prevention systems, DDoS protection, and regular patching help reduce vulnerabilities and block malicious traffic.

Organisational and Procedural Measures

  • Access controls: Access to personal information is limited to personnel and service providers who need it for legitimate business purposes, based on role-based access and the principle of least privilege.
  • Staff training: Staff who handle personal data receive training on confidentiality, data protection, and information security, including the importance of safeguarding player data and respecting privacy.
  • Vendor management: We select third-party service providers carefully and require them to apply appropriate security measures and use your data only for specified purposes.
  • Audits and monitoring: We conduct regular internal reviews, logging, and monitoring of critical systems to detect anomalies, potential abuse, or security incidents.

Incident Response

  • We maintain procedures to identify, investigate, and respond to suspected data breaches or security incidents.
  • If we become aware of a data breach that is likely to result in serious harm to individuals, we will assess the impact promptly and notify affected players and relevant authorities in accordance with applicable laws (for example, the Notifiable Data Breaches scheme under Australian law, where applicable).

While we strive to align our practices with recognised industry standards for information security (such as ISO 27001 and SOC 2 principles), we do not represent that we hold formal certifications unless explicitly indicated on our website.

Complaints & Contacts

If you have questions about this Privacy Policy, concerns about how your personal information is handled, or wish to make a complaint, you can contact us or the relevant supervisory authorities as outlined below.

Contacting Lucky Elf Casino

  1. Initial contact: Send an email to [email protected] with:
    • Your full name and username
    • The country where you are playing from (e.g. Australia)
    • A clear description of your concern or complaint, including relevant dates and any supporting evidence
  2. Acknowledgement: We will acknowledge receipt of your complaint within a reasonable time, usually within 5 business days.
  3. Investigation and response: We will investigate your concern and aim to provide a substantive response within 30 days. If we require more time due to complexity, we will inform you of the delay and the expected timeframe.
  4. Escalation within Lucky Elf Casino: If you are not satisfied with the initial response, you may request that your complaint be escalated to our privacy officer or a more senior manager for review.

You may also use our live chat support for general queries, but for formal privacy complaints and legally significant correspondence, please always follow up in writing via email.

Escalation to Supervisory Authorities

If you believe that we have not handled your complaint satisfactorily, or you wish to seek independent advice or lodge a formal complaint, you may contact the relevant data protection or privacy authority.

  • Australia - Office of the Australian Information Commissioner (OAIC)
    • Website: https://www.oaic.gov.au
    • Online complaint form: available via the OAIC website
    • Telephone (Australia): 1300 363 992
  • Mexico - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) (where Mexican data protection regulations apply to you)
    • Website: https://www.inai.org.mx
    • Guidance and complaint mechanisms are available on the INAI website.
  • European Union / EEA - Local Data Protection Authority (for users located in the EU/EEA)

Nothing in this section limits any rights you may have under applicable laws to bring a complaint before a court of competent jurisdiction.

Updates

We may update this Privacy Policy from time to time to reflect changes in our operations, technology, legal obligations, or best practices. When we make changes, we will take appropriate steps to inform you.

How We Will Notify You

  • Website publication: The latest version of this Privacy Policy will always be available at https://luckyelf-au.com/privacy-policy.
  • Email notifications: For material changes that significantly affect your rights or how we use your data, we will send an email notification to the address associated with your account, where feasible.
  • On-site notices: We may display banners, pop-ups, or dashboard alerts within your account to draw your attention to key updates.

Effective Date and Advance Notice

  • Minor changes (such as clarifications or updates to contact details) will take effect upon publication on the website.
  • For significant changes that materially affect the way we process your personal information, we will, where reasonably practicable, provide at least 30 days' advance notice before the new version becomes effective for existing players.

Your Options

  • If you continue to use Lucky Elf Casino after changes to this Privacy Policy take effect, you will be deemed to have accepted the updated terms.
  • If you do not agree with a material change, you may:
    • Adjust your privacy and marketing settings in your account; and/or
    • Request account closure and, where appropriate, exercise your rights of access, deletion, or restriction as described in the "Your Rights" section.

Last updated: February 2026