Privacy Policy

This Privacy Policy explains how Mr O Casino, operated via the website mro-au.com (Mr O Casino), collects, uses, discloses and protects personal information of players and website visitors. It applies to all users who access or use our services from Australia or elsewhere. By using our website and services, you acknowledge that you have read and understood this Policy. This Privacy Policy is effective from 1 January 2026 and supersedes any earlier versions published on our websites.

Who We Are

Mr O Casino is an online gambling service operated for Australian players via the domain mro-au.com. The operator is part of a group associated with Anden Online / Gambling Wages, which holds an online gambling licence issued by the Autonomous Island of Anjouan (Union of Comoros). Exact corporate registration details, including legal entity name, registered office and company registration number, are not publicly disclosed by the group at the time of writing.

For the purposes of this Privacy Policy, references to "we", "us", or "our" mean the operator of Mr O Casino acting as the data controller for personal information collected through mro-au.com and any related mirror domains (including mrocasino.com and mr-o.com) where this Policy is displayed or referenced.

Because our exact corporate identity and address are not specified in the publicly available materials provided to us, the information in this section is necessarily limited and should be verified directly with the operator. You may contact us at any time to request up-to-date corporate details.

Data Protection Contact

We have appointed an internal contact point for privacy and data protection matters (Data Protection Officer or equivalent function).

E-mail (primary privacy contact): [email protected]
Alternative general contact: [email protected]
Postal address: Not publicly specified. You may request the current postal address for privacy matters by contacting us via e-mail.

Please use "Privacy request" in the subject line of your e-mail when exercising data protection rights or raising concerns about this Policy.

What Personal Data We Collect

We collect and process different categories of personal information when you visit Mr O Casino, register an account or use our gambling services.

Information You Provide to Us

Identification and contact data: full name, date of birth, country of residence, residential address, e-mail address, telephone number and any other contact details you provide when registering or updating your profile.
Account data: username, password, security questions and answers, account preferences, communication and marketing preferences, self-exclusion or deposit limit settings.
KYC/verification data: copies of identification documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), payment method ownership evidence and any other information you submit for identity verification, age verification, source-of-funds and anti-money laundering checks.
Communications: content of your messages to customer support, e-mails, live chat transcripts, complaints, feedback, survey responses and other interactions with us.

Technical and Usage Data

Technical data: IP address, device identifiers, operating system, browser type and version, language settings, time zone, referral URLs, and basic connection diagnostics.
Log data: date and time of access, pages viewed, clicks, navigation paths, session duration, error logs and other usage information generated by our systems when you interact with the website or apps.
Device and network information: information about your device hardware, mobile network, approximate geographic location (based on IP address) and configuration data necessary to provide secure gambling services.

Payment and Financial Data

Transaction data: deposits, withdrawals, bonuses credited, chargebacks, refunds, payment timestamps, currency, amounts and transaction identifiers.
Payment method details: limited information about your payment cards, e-wallets, bank accounts or other payment instruments used (for example, masked card numbers, issuing bank, payment provider). We do not store full card numbers or CVV codes where our payment processors handle such data directly.

Behavioural and Gambling Data

Gameplay and betting history: games played, stakes placed, wins and losses, game session duration, bet types, jackpots, bonus usage and progression.
Behavioural patterns: frequency of play, typical bet sizes, responsible gambling indicators, self-exclusion events, breaks in play and similar usage patterns derived from your interaction with our services.

Cookies and Similar Technologies

Cookies: small text files stored on your device that allow us to recognise your browser or device, maintain sessions, remember preferences and perform analytics and marketing activities.
Similar technologies: web beacons, pixels, tags, local storage, device fingerprinting and software development kits (SDKs) used for security, fraud detection, performance monitoring and advertising attribution.

For further detail about our use of cookies and how you can manage them, see the section "Cookies & Tracking Technologies" below.

Legal Basis for Processing

Because we offer gambling services to players from multiple jurisdictions while operating under an offshore licence, we rely on several legal grounds to process personal information. Even though Australia does not apply the EU GDPR directly, we structure our practices to be broadly aligned with international standards.

Performance of a Contract

Account registration and management: We process your identification, contact, account and technical data to create, administer and secure your player account, provide access to games and manage your relationship with Mr O Casino.
Provision of gambling services: Processing of gameplay data, betting history, bonuses and promotions, and in-game interactions is necessary to fulfil our obligations arising from the terms and conditions you accept when using our services.
Payments and withdrawals: We process payment and financial data to deposit funds, pay out winnings, manage balances and settle financial transactions associated with your account.

Compliance with Legal and Regulatory Obligations

KYC and AML: We process identification, verification and transactional data to comply with our obligations under our offshore gambling licence in Anjouan and applicable anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.
Responsible gambling: We process information on your gameplay behaviour, limits and self-exclusion to comply with responsible gambling rules and to implement protective measures.
Record-keeping and reporting: Certain data must be retained and may be disclosed to regulators, tax authorities or law enforcement where required by law or licence conditions.

Legitimate Interests

Security and fraud prevention: We process technical, usage, behavioural and transactional data to detect and prevent fraud, bonus abuse, account takeovers, money laundering and other misuse of our services. These activities are necessary to protect our business and other players.
Service improvement and analytics: Aggregated or pseudonymised usage and gameplay data may be used to analyse performance, improve our games and interfaces, optimise customer support and develop new features.
Enforcement of our rights: We may process data to investigate and enforce our terms and conditions, resolve disputes, collect debts, defend legal claims and protect our legitimate business interests.

Consent

Marketing communications: We rely on your consent (where required by applicable law) to send you e-mail, SMS or push marketing messages about promotions, bonuses, tournaments and new products. You may withdraw this consent at any time.
Cookies and advertising technologies: For non-essential cookies (for example, certain analytics and advertising cookies), we rely on your consent, which you may manage using your browser settings or internal cookie controls where available.

Where we rely on legitimate interests, we assess our interests against your rights and expectations and implement safeguards to minimise any impact on your privacy.

Purpose of Processing

Provision of Casino and Related Services

Operating player accounts: To register accounts, authenticate logins, maintain session integrity and provide access to the Mr O Casino platform.
Running games and transactions: To process bets, determine game outcomes, manage balances, allocate bonuses and pay winnings.
Customer support: To respond to your communications, resolve technical issues, manage complaints and provide assistance.

Regulatory Compliance and Risk Management

Identity and age verification: To verify that players are of legal age and eligible to use our services, based on documentation and checks.
AML/CTF controls: To monitor transactions and behaviours for suspicious activities and fulfil reporting obligations under applicable regulations and licence conditions.
Responsible gambling: To monitor gameplay for signs of problematic gambling, implement self-exclusion or limits, and provide information and tools that help you gamble responsibly.

Service Improvement and Analytics

Performance monitoring: To measure and improve website performance, loading times, user experience and game stability.
Product development: To analyse aggregated usage and behavioural data to understand which features are used, how games perform and where improvements are needed.

Marketing and Personalisation

Direct marketing: To send offers, bonuses and news that may be of interest to you, subject to your communication preferences and applicable consent requirements.
Personalised content: To tailor promotions, recommendations and website content based on your past activity and preferences, where allowed by law and consistent with your settings.

Security, Fraud Prevention and Enforcement

Security monitoring: To prevent, detect and mitigate security incidents, including hacking, account compromise and DDoS attacks.
Fraud and abuse detection: To identify fraudulent account creation, collusion, bonus abuse, chargeback fraud and related behaviours.
Legal enforcement: To investigate suspected breaches of our terms, protect our rights and pursue or defend legal claims.

Disclosure & Sharing

We treat your personal information as confidential and share it only where necessary for the purposes described in this Policy, where permitted by law or where you have given your consent.

Service Providers and Technical Partners

Payment processors and banks: We share limited identification and transaction data with payment service providers, card schemes, banks and financial institutions to process deposits, withdrawals and related financial operations.
IT and infrastructure providers: Hosting providers, cloud platforms, data storage, content delivery networks (CDNs), security providers and technical support partners may access personal data strictly as needed to maintain and secure our systems.
Game and software providers: Where third-party game studios or platform providers are integrated into our services, certain account and gameplay data may be shared to operate those games and maintain fairness and security.

Compliance, Regulators and Law Enforcement

Licensing and regulatory authorities: We may disclose data to regulators in the Autonomous Island of Anjouan (Union of Comoros) or any other relevant jurisdiction in connection with our licence obligations, audits, inspections or reporting requirements.
Law enforcement and authorities: We may share data with police, courts, tax authorities or other public bodies when required by law, court order, administrative request or applicable regulations (including AML/CTF obligations), or when necessary to prevent serious crime or fraud.

Group Companies and Affiliates

Operator group entities: Personal data may be shared within the broader operator group associated with Anden Online / Gambling Wages, including sister brands such as Casino Extreme, Brango and Yabby, for administrative, risk management, compliance and internal reporting purposes.
Marketing affiliates: We may share limited information (such as unique identifiers, attribution codes or aggregated performance reports) with affiliate partners who promote Mr O Casino to allow them to measure campaign performance. We do not share full account or payment details with affiliates.

Advertising and Analytics Partners

Analytics providers: Aggregated or pseudonymised usage and technical data may be shared with analytics providers to help us understand website performance and user behaviour.
Advertising networks: Where applicable and subject to your consent, we may share cookie identifiers and similar technical data with advertising networks to display or measure targeted advertising. You can control such cookies as explained in the "Cookies & Tracking Technologies" section.

Business Transfers

Mergers and acquisitions: In the event of a restructuring, sale, merger, acquisition, joint venture, assignment, transfer or other disposition of all or part of our business, personal data may be transferred to the acquiring entity subject to appropriate confidentiality and data protection safeguards.

We require all third parties who process personal data on our behalf to use it only for the purposes specified by us, to protect it adequately and to comply with applicable privacy laws and contractual obligations.

International Transfers

Mr O Casino is an offshore online casino serving players in multiple countries, including Australia. As a result, your personal information may be transferred to and processed in countries outside your country of residence, including:

Union of Comoros (Autonomous Island of Anjouan): where our gambling licence is issued and certain regulatory and operational activities are carried out.
Other jurisdictions: including but not limited to data centre locations, cloud hosting regions and countries where our group companies, service providers or technical partners are established (for example, in the European Economic Area, the United Kingdom, the United States or other regions).

These countries may have privacy and data protection laws that are different from those in your home country and may not be recognised as providing an equivalent level of protection. Where required by applicable law, we implement appropriate safeguards to protect your personal information during such transfers, which may include:

Contractual protections, such as data protection agreements and, where applicable, standard contractual clauses or equivalent mechanisms.
Technical and organisational security measures, including encryption in transit and at rest, strict access controls and data minimisation.
Internal policies that restrict access to personal information on a need-to-know basis and require confidentiality from all personnel.

By using our services, you understand that your personal information may be processed in countries with different data protection regimes. Where you are located in a jurisdiction that restricts such transfers, we will take steps to ensure that any international transfers comply with applicable requirements.

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes and to enforce our agreements. Retention periods may vary by data category and jurisdiction.

General Retention Rules

Player account data: Core account information (identification, contact, account settings and basic transaction records) is typically retained for the duration of your active account and for a period of up to five (5) years after account closure, unless longer retention is required by law or justified by ongoing disputes or investigations.
KYC and AML data: Verification documents and AML-related information are generally retained for at least five (5) years after the end of the business relationship or the date of the last transaction, in line with common AML/CTF regulatory practices and potential licence requirements.
Gameplay and behavioural data: Detailed logs may be retained for the lifetime of the account and for a period following closure (typically up to five (5) years) to address inquiries, resolve disputes, comply with regulatory reporting and support responsible gambling measures.
Payment and transaction data: Financial records are kept for the periods required by accounting, tax and AML/CTF rules, usually no less than five (5) years.
Marketing data: Information about your marketing preferences is retained until you withdraw your consent or opt out, after which we maintain a minimal record of your opt-out decision to ensure it is respected in future.
Technical logs: Server logs and security-related data are typically retained for a shorter period (for example, from several months to two (2) years), unless required longer for security investigations or legal purposes.

Deletion and Anonymisation

Deletion criteria: When data is no longer needed for any of the purposes set out in this Privacy Policy and is not subject to a legal obligation to retain it, we will either securely delete it or anonymise it so that it can no longer be linked to an identifiable individual.
Upon your request: Subject to applicable legal and regulatory requirements (for example, AML/CTF record-keeping duties), we will delete or anonymise your personal information when you validly exercise your right to erasure.

Your Rights

We aim to respect and facilitate the exercise of privacy rights broadly aligned with international standards such as the EU General Data Protection Regulation (GDPR) and comparable data protection laws in other jurisdictions. While Mr O Casino targets Australian players and is operated under an offshore licence, we voluntarily provide the following rights to the extent they do not conflict with our regulatory obligations.

Access to Your Data

You may request confirmation as to whether we process your personal information and obtain a copy of such information, together with an explanation of how it is used.

Rectification (Correction)

You may request that inaccurate or incomplete personal information we hold about you be corrected or completed. In some cases, we may need supporting documentation to verify the accuracy of the new data.

Erasure (Right to be Forgotten)

You may request deletion of your personal information where:
- the data is no longer necessary for the purposes for which it was collected;
- you have withdrawn consent (where consent was the sole legal basis); or
- you have objected to processing and there are no overriding legitimate grounds for continued processing.
This right is not absolute. We may be required to retain certain data for legal, regulatory, anti-money laundering, responsible gambling or dispute-resolution purposes.

Restriction of Processing

You may request that we limit the processing of your personal information in certain circumstances (for example, while we verify its accuracy or assess an objection you have raised).

Objection to Processing

You may object to processing of your personal information where we rely on legitimate interests. We will cease such processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing is required for the establishment, exercise or defence of legal claims.
You have an unconditional right to object to the use of your data for direct marketing, including profiling related to such marketing. In such cases, we will stop using your data for marketing purposes.

Data Portability

Where technically feasible and applicable, you may request a copy of certain personal information you have provided to us in a structured, commonly used and machine-readable format, and have it transmitted to another controller where processing is based on consent or contract and carried out by automated means.

Withdrawal of Consent

Where we process personal information based on your consent (for example, for marketing communications or non-essential cookies), you may withdraw that consent at any time. The withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

Procedures, Timeframes and Costs

How to exercise rights: You can exercise your rights by contacting us at [email protected] or [email protected], clearly specifying your request and providing sufficient information for us to verify your identity and account.
Verification: To protect your privacy, we may request additional information or documentation to confirm your identity before processing your request.
Response time: We aim to respond to all valid requests within thirty (30) days of receipt. If your request is particularly complex or we receive numerous requests, this period may be extended, in which case we will inform you of the extension and reasons.
Fees: We do not normally charge a fee for handling such requests. However, where a request is manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on the request, in accordance with applicable legal standards.

Please note that while we align our practices with common international privacy principles, we are not formally subject to GDPR or Mexican data protection regulations for Australian-facing services. References to such frameworks in this Policy are for alignment and transparency purposes only and do not create additional legal obligations beyond those required under our licence and applicable law.

Cookies & Tracking Technologies

We use cookies and similar technologies on Mr O Casino to ensure the proper functioning of our services, enhance your experience, analyse performance and, where permitted, deliver personalised content and advertising.

Types of Cookies We Use

Strictly necessary (functional) cookies: These cookies are essential for the operation of the website and the provision of core services, such as logging into your account, maintaining sessions, processing bets and securing transactions. They cannot be switched off in our systems.
Preference cookies: These remember your choices and settings (for example, language, region, display options) to provide a more personalised experience.
Analytics and performance cookies: These collect aggregated information about how visitors use the website (pages visited, time spent, error messages) to help us improve performance, usability and game stability.
Advertising and targeting cookies: These may be set by us or our advertising partners to build a profile of your interests and show you relevant advertisements on our website or third-party sites. They work by uniquely identifying your browser or device.
Third-party cookies: Some cookies are set by third-party service providers (for example, analytics, security or advertising partners) to deliver their services on our site.

Similar Technologies

Web beacons and pixels: Small graphic files used to track usage and marketing campaign performance.
Local storage and SDKs: Technologies used by our applications or partners for caching, configuration and analytics.

Managing Cookies

Browser settings: Most web browsers allow you to view, delete or block cookies and configure your cookie preferences. Please refer to your browser's help section for specific instructions.
Internal controls (where available): We may provide a cookie banner or preference centre on Mr O Casino that allows you to manage certain categories of cookies, such as analytics and advertising cookies.
Impact of disabling cookies: If you disable or reject certain cookies, you may not be able to use some features of the website, and overall functionality or performance may be affected.

Data Security

We take the security of your personal information seriously and implement technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration or disclosure.

Technical Security Measures

Encryption in transit: Data transmitted between your browser or device and our servers is protected using up-to-date Transport Layer Security (TLS 1.2 or higher), helping to prevent interception or tampering.
Encryption at rest: Where feasible, sensitive information is stored in encrypted form or protected through strong hashing and salting (for example, for passwords) within our databases and storage systems.
Access controls: Access to personal information is restricted to authorised personnel and service providers who need it for legitimate business purposes, based on role-based access controls and the principle of least privilege.
Network and infrastructure security: We use firewalls, intrusion detection and prevention systems, anti-malware tools and regular vulnerability assessments to protect our infrastructure.

Organisational and Procedural Measures

Staff training: Employees and contractors with access to personal information receive training on data protection, confidentiality and information security best practices.
Policies and procedures: Internal policies govern the handling of personal data, access management, incident reporting and the use of devices and systems.
Incident response: We maintain processes for detecting, reporting, investigating and responding to suspected personal data breaches. Where required by law, we will notify affected individuals and relevant authorities of a qualifying data breach without undue delay.

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to improve our defences and minimise risks.

Complaints & Contacts

If you have questions, concerns or complaints about this Privacy Policy or our handling of your personal information, you should contact us first so that we can attempt to resolve the issue directly.

How to Contact Us

Primary support and privacy contact: [email protected]
General enquiries: [email protected]
Website: https://mro-au.com
Postal address: Not publicly specified. You may request our current postal address for legal or privacy correspondence via e-mail.

Internal Complaint Procedure

Submission: Send a clear description of your concern or complaint, including relevant account details and supporting information, to [email protected] with "Privacy complaint" in the subject line.
Acknowledgement: We will aim to acknowledge receipt of your complaint within seven (7) business days.
Investigation: Your complaint will be reviewed by an appropriate member of our team, who may contact you for additional information if necessary.
Response: We will provide you with a written response explaining our findings and any steps taken or proposed to resolve the issue, typically within thirty (30) days of receiving your complete complaint.

Escalation to Supervisory Authorities

Because Mr O Casino operates under an offshore licence rather than under Australian domestic gambling regulation, the supervisory landscape is complex. Depending on your country of residence and the circumstances, you may have the right to lodge a complaint with a relevant data protection authority or consumer protection body. For example:

In the European Economic Area or the United Kingdom, if you are physically located there and believe your rights under local data protection laws have been infringed, you may complain to your local data protection authority.
In Australia, consumer and privacy matters may fall under the responsibility of agencies such as the Office of the Australian Information Commissioner (OAIC) or state/territory consumer protection bodies. However, their jurisdiction over offshore gambling operators may be limited.

We encourage you to contact us first so that we can attempt to address your concerns directly. Our commitment is to handle all privacy-related complaints fairly, promptly and transparently.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or the way we operate Mr O Casino.

How We Will Inform You

Website publication: The latest version of this Privacy Policy will always be available on mro-au.com. We will indicate the date of the last update at the top or bottom of the Policy.
E-mail notifications: For material changes that significantly affect your rights or how we process your data, we will, where practicable, notify you by e-mail using the address associated with your account.
On-site notices: We may display banners, pop-ups or account dashboard alerts to draw your attention to important updates.

Effective Date and Advance Notice

Advance notice: Where a change is material and feasible to pre-notify, we will aim to provide at least thirty (30) days' notice before the updated Policy becomes effective, allowing you time to review the changes.
Your options: If you do not agree with the updated Policy, you may choose to stop using our services and request account closure. Continued use of Mr O Casino after the effective date of any update will be deemed acceptance of the revised Policy.

Last updated: January 2026.