Lizaro Privacy Policy

Last updated: May 21, 2026

This privacy policy explains how Sligo Limited, trading as Lizaro, collects, uses, stores, and protects personal data when Australian players access the casino and sportsbook services. The policy covers all interactions with the platform, including registration, deposits, gameplay, withdrawals, and communications with support.

By creating an account or using the services, players acknowledge that their personal information will be processed in accordance with this policy. The platform operates under Remote Bookmaker Licence 1020369 issued by the National Excise Licence Office in Ireland, and data processing follows applicable privacy legislation and industry standards. Players retain control over their data and may exercise rights outlined in this document at any time.

Key Definitions and Terms

Understanding the terminology used throughout this policy helps clarify how personal data is managed. The following definitions apply to all sections of this document and reflect the practical relationship between players and the platform.

Personal data refers to any information that identifies or can identify an individual player, including name, email address, date of birth, payment details, device identifiers, and gameplay history. The platform collects this information during account creation, transactions, and active use of casino and sportsbook services.

Account and User Identity

An account represents the registered profile created by a player to access casino games, sports betting, and promotional offers. Each account is linked to one individual and must use accurate identity information. Players may hold only one account per person, household, and IP cluster, as outlined in the one-account rule. Duplicate accounts may result in suspension, bonus forfeiture, and withdrawal restrictions.

Device and Technical Data

A device includes any smartphone, tablet, desktop computer, or other hardware used to access the platform. Technical data collected from devices includes IP address, browser type, operating system, screen resolution, and session duration. This information supports security monitoring, fraud detection, and service optimization without directly identifying the player unless combined with account data.

Processing and Storage

Processing refers to any operation performed on personal data, including collection, storage, transmission, analysis, and deletion. Storage describes the retention of data on secure servers managed by the platform and its service providers. Data is stored for operational, legal, and compliance purposes, and retention periods vary depending on the type of information and regulatory requirements.

Personal Data Collection Methods

The platform collects personal data through multiple channels during normal use of casino and sportsbook services. Data collection occurs at registration, during transactions, throughout gameplay, and when players contact support or adjust account settings.

Most data is provided directly by players when they create accounts, make deposits, or submit documents for identity verification. Additional data is collected automatically through cookies, tracking technologies, and server logs as players navigate the site or interact with games.

Registration and Account Data

When players register, they provide email address, password, full name, date of birth, phone number, residential address, and currency preference. This information creates the account profile and enables the platform to verify age, enforce geographic restrictions, and comply with anti-money laundering controls. Players must provide accurate details, as false information may trigger account closure and withdrawal blocks.

Identity Verification Documents

Before the first withdrawal, players submit identity documents such as Australian passport, driver licence, or Medicare card to confirm their identity. Address verification requires a utility bill, bank statement, or government letter issued within three months. Payment verification may include card photos, e-wallet screenshots, or crypto wallet ownership proof. These documents ensure compliance with Know Your Customer procedures and prevent fraudulent transactions.

Transaction and Payment Data

Deposit and withdrawal records include payment method, transaction amount, date and time, processing status, and associated fees. The platform stores payment details to enable future transactions, detect unusual activity, and comply with financial regulations. Full card numbers are not stored on platform servers; only tokenized references are retained to facilitate repeat deposits while maintaining security standards.

Gameplay and Interaction Data

The platform tracks gameplay history, including pokies played, bet amounts, win and loss records, bonus usage, and session timestamps. This data supports responsible gambling monitoring, bonus compliance checks, and dispute resolution. Sports betting records include selected markets, odds, stake amounts, settlement results, and cashout activity. Tracking this information helps enforce bonus terms, detect irregular play, and provide accurate account statements.

Automatic and Technical Collection

Cookies and tracking technologies collect browsing behavior, page views, click patterns, device identifiers, and geolocation signals. Server logs capture IP addresses, browser versions, referral sources, and error reports. This automatic collection supports fraud prevention, session management, and platform performance optimization. Players can control some tracking through browser settings, but essential cookies remain active to ensure functionality.

Purposes of Data Processing

Personal data is processed to deliver casino and sportsbook services, maintain security, comply with legal obligations, and improve player experience. Each processing purpose connects to a specific function that supports account operation or regulatory compliance.

The platform does not process data for purposes unrelated to service delivery, and players are informed when new processing activities are introduced. Data usage aligns with the legal basis outlined in subsequent sections and respects player rights to control their information.

Service Provision and Account Management

Data enables account creation, login authentication, gameplay access, transaction processing, and customer support. Without this processing, players cannot register, deposit, place bets, or withdraw winnings. Account management includes password resets, email and phone updates, and currency adjustments. The platform uses data to enforce age restrictions, prevent duplicate accounts, and apply geographic access controls.

Compliance and Verification

Identity verification, anti-money laundering checks, and source-of-funds reviews rely on personal data to meet regulatory requirements. The platform processes documents and transaction history to confirm player identity, detect suspicious activity, and comply with requests from the National Excise Licence Office and other relevant authorities. Enhanced due diligence may apply when deposits exceed threshold limits or unusual patterns emerge.

Fraud Prevention and Security

Data processing supports fraud detection systems that monitor login locations, payment method changes, and irregular betting patterns. The platform compares current activity to historical behavior to identify potential account compromise, bonus abuse, or collusion. Security systems use IP analysis, device fingerprinting, and velocity checks to block unauthorized access and protect player funds.

Marketing and Communications

With player consent, the platform sends promotional emails, SMS messages, and push notifications about bonuses, tournaments, and new games. Marketing communications may include reload offers, cashback rewards, and VIP invitations. Players control subscription preferences through account settings and can opt out at any time. Transactional messages, such as withdrawal confirmations and KYC requests, are sent regardless of marketing preferences.

Analytics and Service Improvement

Aggregated and anonymized data supports analysis of platform performance, game popularity, payment method usage, and player retention. These insights guide decisions about game library expansion, payment provider selection, and user interface updates. Analytics processing does not identify individual players and focuses on patterns across user groups.

Legal Basis for Processing

Every data processing activity relies on a lawful basis under privacy legislation. The platform processes personal data based on consent, contractual necessity, legal obligation, or legitimate interests, depending on the purpose and context.

Players can request information about the legal basis used for specific processing activities by contacting support. In cases where consent is the basis, players may withdraw consent at any time, though this may limit access to certain services.

Consent

Marketing communications, optional cookies, and certain analytics tracking rely on explicit consent provided during registration or through account settings. Players indicate consent by ticking checkboxes, enabling browser permissions, or responding to preference prompts. Consent can be withdrawn without affecting core account functionality, though promotional offers and personalized content may no longer be available.

Contractual Necessity

Processing required to deliver casino and sportsbook services falls under contractual necessity. This includes account creation, transaction processing, gameplay access, and withdrawal handling. Without this processing, the platform cannot fulfill its obligations to provide gaming services, and players cannot participate. Refusal to provide necessary data results in account restrictions or closure.

Legal Obligation

Identity verification, anti-money laundering checks, and regulatory reporting rely on legal obligation as the processing basis. The platform must comply with requirements set by the National Excise Licence Office, financial authorities, and data protection regulators. Players cannot opt out of processing conducted to meet these obligations, as compliance is mandatory for licensed operation.

Legitimate Interests

Fraud prevention, security monitoring, and platform improvement activities rely on legitimate interests. The platform balances its operational needs against player privacy rights to ensure processing remains fair and proportionate. Legitimate interest processing does not override player rights, and individuals may object to certain activities by contacting support.

Data Sharing and Disclosure

Personal data is shared with third parties only when necessary to deliver services, comply with legal requirements, or protect platform security. The platform does not sell player data to advertisers, data brokers, or unrelated commercial entities.

All third parties with access to personal data are bound by confidentiality agreements and must process information in accordance with privacy legislation. The platform monitors third-party compliance and conducts regular audits of service providers.

Service Providers and Payment Processors

Payment processors handle transaction data for deposits and withdrawals using Visa, Mastercard, PayID, Osko, Skrill, Neteller, MiFinity, Neosurf, and cryptocurrency networks. These providers process cardholder information, bank account details, and crypto wallet addresses to execute payments. Cloud hosting services store account data and gameplay records on secure servers located in jurisdictions with data protection safeguards. Analytics providers receive anonymized usage data to generate performance reports.

GMBL Tech Platform Services

GMBL Tech provides platform-layer services that support account management, gameplay delivery, and technical infrastructure. As a connected service provider, GMBL Tech accesses personal data necessary to maintain platform functionality, troubleshoot technical issues, and implement system updates. Data shared with GMBL Tech remains subject to the same privacy protections as information held by Sligo Limited.

Regulatory and Legal Authorities

The platform discloses personal data to the National Excise Licence Office, Irish Revenue Commissioners, and other relevant authorities when required by law. This includes anti-money laundering reports, license compliance audits, and responses to lawful requests for information. Legal disclosure may also occur in the event of disputes, fraud investigations, or court orders.

Business Transfers and Corporate Events

In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the acquiring entity. Players will be notified of any ownership change that affects data processing practices, and the new entity will be required to honor the commitments made in this privacy policy unless players are given the opportunity to opt out.

Data Retention and Deletion

Personal data is retained only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Retention periods vary depending on the type of data and regulatory requirements.

Once retention periods expire, data is either securely deleted or anonymized so it can no longer identify individual players. Account closure does not immediately delete all data, as certain records must be retained for compliance and legal purposes.

Active Account Data

Data associated with active accounts is retained for the duration of the player relationship. This includes identity documents, transaction history, gameplay records, and communications with support. Players may request deletion of specific data categories, subject to legal and operational constraints.

Closed Account Data

After account closure, identity verification documents are retained for five years to comply with anti-money laundering legislation. Transaction records are kept for seven years to meet financial reporting requirements. Gameplay history and marketing preferences are deleted within 90 days unless retention is required to resolve disputes or enforce bonus terms.

Legal and Compliance Records

Data related to investigations, disputes, or regulatory inquiries is retained until the matter is resolved and any applicable appeal period has expired. If legal proceedings are initiated, relevant data is preserved until the case concludes and no further action is anticipated.

Player Rights and Control

Players have rights over their personal data, including access, correction, deletion, and restriction of processing. These rights enable individuals to control how their information is used and ensure data accuracy.

To exercise any right, players should contact support@lizaro.com with a clear description of the request. The platform responds within 30 days and may require identity verification before fulfilling certain requests. Some rights are subject to legal limitations and operational constraints.

Access and Portability

Players may request a copy of all personal data held by the platform, including account details, transaction history, gameplay records, and communications. Data is provided in a structured, commonly used, and machine-readable format such as CSV or JSON. Portability requests enable players to transfer data to another service provider, though technical compatibility may vary.

Correction and Rectification

If personal data is inaccurate or incomplete, players can request corrections through account settings or by contacting support. Name, address, phone number, and email updates may trigger additional KYC checks to prevent fraud. Payment details cannot be edited directly and must be removed and re-added to ensure security.

Deletion and Erasure

Players may request deletion of personal data when it is no longer necessary for its original purpose, consent is withdrawn, or processing is unlawful. Deletion requests are subject to legal retention obligations, and certain data must be kept for compliance purposes. Active bonus balances, pending withdrawals, and unresolved disputes may delay deletion until matters are settled.

Restriction and Objection

Players can request that processing be restricted while disputes about data accuracy or lawfulness are resolved. Restriction freezes certain processing activities but does not delete data. Objection rights apply to processing based on legitimate interests, such as marketing and analytics. Players may opt out of promotional communications and request removal from marketing lists at any time.

Security Measures and Data Protection

The platform employs technical and organizational measures to protect personal data from unauthorized access, loss, misuse, and disclosure. Security systems are designed to reduce risks, though no system can guarantee absolute protection.

Players contribute to security by choosing strong passwords, enabling two-factor authentication, and avoiding shared or public devices for account access. Suspicious activity should be reported to support immediately.

Encryption and Secure Transmission

All data transmitted between player devices and platform servers is encrypted using TLS protocols. Payment data is protected through tokenization, ensuring full card numbers are not stored on platform systems. Sensitive documents submitted for KYC verification are encrypted at rest and accessible only to authorized compliance staff.

Access Control and Authentication

Account access requires username and password authentication, with optional two-factor verification via SMS or email. Internal systems restrict data access to employees and service providers based on role requirements. Login attempts are monitored, and repeated failures trigger temporary account locks to prevent brute-force attacks.

Fraud Detection and Monitoring

Automated systems analyze transaction patterns, login locations, and gameplay behavior to detect anomalies. VPN or proxy use may trigger account review, as geolocation signals help enforce access restrictions and prevent fraudulent activity. Unusual deposit velocity, multiple failed verification attempts, and inconsistent account information are flagged for manual review.

Incident Response and Breach Notification

In the event of a data breach that poses a risk to player rights, the platform will notify affected individuals within 72 hours and provide guidance on protective actions. Breaches are reported to relevant data protection authorities in accordance with legal requirements. The platform maintains incident response procedures to contain breaches, assess impact, and prevent recurrence.

Cookies and Tracking Technologies

The platform uses cookies, web beacons, and similar technologies to enhance functionality, personalize content, and analyze usage patterns. Some cookies are essential for service delivery, while others support optional features and analytics.

Players can manage cookie preferences through browser settings, though disabling essential cookies may impair account access and gameplay functionality. The platform respects do-not-track signals where technically feasible.

Essential Cookies

These cookies enable account login, session management, and secure transaction processing. Without essential cookies, players cannot access their accounts, place bets, or complete deposits and withdrawals. Essential cookies do not require consent and remain active as long as players use the platform.

Analytics and Performance Cookies

Analytics cookies collect information about page views, click patterns, and session duration to help improve platform performance. These cookies track aggregated usage trends and do not identify individual players. Performance cookies monitor load times, error rates, and server response to ensure reliable service delivery.

Marketing and Personalization Cookies

Marketing cookies enable personalized promotional offers, targeted email campaigns, and retargeting advertisements on third-party websites. Personalization cookies remember language preferences, game favorites, and customized dashboards. Players can opt out of marketing cookies through account settings or browser controls without affecting core functionality.

Third-Party Cookies

Some cookies are placed by third-party service providers, including payment processors, analytics platforms, and advertising networks. The platform does not control third-party cookies and recommends reviewing the privacy policies of these providers for information about their data practices.

Third-Party Links and External Services

The platform may include links to external websites, payment providers, and social media platforms. These third parties operate independently and are not controlled by Sligo Limited.

Players who navigate to external sites are subject to the privacy policies of those platforms. The platform is not responsible for the data practices, security measures, or content of third-party websites. Players should review external privacy policies before providing personal information.

Payment Provider Policies

Payment processors such as Visa, Mastercard, Skrill, Neteller, and cryptocurrency networks have their own privacy policies governing transaction data. The platform shares only the information necessary to complete deposits and withdrawals, but players should review the terms of their chosen payment method to understand how transaction details are handled.

Social Media Integration

If the platform integrates social media sharing buttons or login options, data may be transmitted to social networks when players interact with these features. Social media platforms may track visits to the platform and associate browsing activity with social profiles. Players can control social media tracking through platform privacy settings.

Age Restrictions and Minors Policy

The platform is restricted to individuals aged 18 and older. No services are directed at minors, and the platform does not knowingly collect personal data from individuals under the legal gambling age.

Age verification is conducted during registration and through document checks before the first withdrawal. Players who provide false age information face immediate account closure, forfeiture of balances, and potential reporting to authorities.

Detection and Removal Procedures

If the platform discovers that an account belongs to a minor, the account is immediately suspended, all balances are confiscated, and deposited funds may be returned or forfeited depending on the circumstances. Parents or guardians who believe a minor has accessed the platform should contact support@lizaro.com immediately. The platform cooperates with guardians to remove accounts and prevent further access.

Parental Controls and Monitoring

Parents and guardians are encouraged to use device-level controls, browser filters, and network monitoring tools to prevent minors from accessing online gambling services. The platform supports responsible access by enforcing age checks and displaying warnings about age restrictions throughout the registration process.

Policy Updates and Amendments

This privacy policy may be updated to reflect changes in data processing practices, legal requirements, or platform services. Updates are published on the website, and the last updated date at the top of the policy indicates the most recent revision.

Material changes that significantly affect player rights or data processing purposes will be communicated via email or account notifications. Continued use of the platform after an update constitutes acceptance of the revised policy. Players who disagree with changes may close their accounts by contacting support.

Notification Methods

Policy updates are announced through on-site banners, email notifications to active accounts, and push messages to players who have enabled notifications. Players are encouraged to review the policy periodically to stay informed about data practices. The platform does not apply retroactive policy changes to data collected under previous versions unless required by law.

Effective Date and Transition

Updated policies take effect immediately upon publication unless a delayed effective date is specified. During transition periods, the platform may apply both old and new policies depending on when specific data was collected. Players may request clarification about which policy version applies to their data by contacting support.

Contact Information and Privacy Requests

Players can submit privacy-related inquiries, data access requests, and complaints to support@lizaro.com. All requests are reviewed by the compliance team and addressed within 30 days.

For identity verification purposes, players should include their registered email address, account username, and a brief description of the request. Complex requests may require additional documentation to confirm identity and prevent unauthorized disclosure. The platform may extend response times in cases involving large volumes of data or legal consultation.

Data Protection Authority Contact

Players who are unsatisfied with the platform's response to a privacy request may lodge a complaint with the Irish Data Protection Commission or their local data protection authority. The platform cooperates with regulators and responds to official inquiries as required by law. Players retain the right to seek legal remedies for data protection violations.