Legal

Privacy
Policy

Last updated: 28 May 2026  |  Controller: PUNT 123 PTY LTD  |  Contact: support@pund123.bet

1. Who We Are

PUNT 123 PTY LTD (ABN 79 652 754 464), registered at 72 Brady Road, BENTLEIGH EAST VIC 3165, operates PUND123.BET and is the data controller for personal data processed under this Policy.

We handle your personal information in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) set out in that Act.

Questions about this Policy: support@pund123.bet

2. Data We Collect

We may collect:

  • Identity data: name, date of birth, gender, government ID number.
  • Contact data: email address, phone number, postal address.
  • Financial data: payment method details (cards, bank), transaction history.
  • Account data: username, password (hashed), betting history, preferences.
  • Device & usage data: IP address, browser type, pages visited, session length.
  • Marketing data: communication preferences, response history.

3. How We Use Your Data

We use your data to:

  • Operate and maintain your account (contract performance).
  • Verify your identity and age (legal obligation).
  • Process deposits, withdrawals and bets (contract performance).
  • Comply with anti-money laundering and regulatory reporting requirements (legal obligation).
  • Detect and prevent fraud and abuse (legitimate interest).
  • Send transactional communications (contract performance).
  • Send marketing communications, with your consent.
  • Analyse and improve our services (legitimate interest).
  • Support responsible gambling obligations (vital interest / legal obligation).

4. Sharing Your Data

We may share your personal data with the following categories of recipients, only to the extent necessary for the stated purpose:

Financial & identity services

  • Payment processors — to authorise and settle deposits and withdrawals.
  • Identity verification and KYC/AML providers — to verify your identity, age and source of funds as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

Regulatory and government authorities

  • AUSTRAC (Australian Transaction Reports and Analysis Centre) — for mandatory AML/CTF reporting.
  • Victorian Gambling and Casino Control Commission (Victorian Gambling and Casino Control Commission, VGCCC) and other state/territory gambling regulators — to meet our ongoing licence obligations and respond to regulatory inquiries.
  • ACMA (Australian Communications and Media Authority) — where required under the Interactive Gambling Act 2001 (Cth) or related broadcasting legislation.
  • OAIC (Office of the Australian Information Commissioner) — in connection with privacy complaints, notifiable data breach notifications, or other compliance obligations under the Privacy Act 1988 (Cth).
  • Law enforcement agencies and courts — in response to lawful requests, warrants or court orders.
  • Department of Social Services and other relevant Commonwealth or state government agencies — where required by law (e.g. welfare and problem gambling referral programs).

Racing and sports integrity

  • Racing controlling bodies — Racing Victoria, Greyhound Racing Victoria, Harness Racing Victoria, and interstate principal racing authorities — for race-field authorisation and integrity purposes.
  • Sports controlling bodies and Sport Integrity Australia — to detect and report suspicious betting activity under approved betting integrity frameworks.
  • BetStop (National Self-Exclusion Register) — to verify self-exclusion status and comply with self-exclusion obligations.

Technology and service providers

  • Cloud hosting and IT infrastructure providers — who process data on our behalf under binding data processing agreements that require them to maintain appropriate security standards.
  • Analytics and fraud-prevention services — to monitor platform integrity and improve service quality.

We do not sell your personal data to third parties for their own marketing purposes.

5. Overseas Disclosure

Some of our service providers (for example identity verification, payment processing, analytics or cloud hosting) may store or process personal data outside Australia. Where we disclose your information overseas, we take reasonable steps under Australian Privacy Principle 8 to ensure the recipient handles it consistently with the APPs.

A current list of the countries in which your data may be stored, and the categories of overseas recipients, is available on request by contacting our privacy team.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes set out in this Policy and to comply with our legal obligations. Under Australian anti-money laundering legislation, customer records are retained for a minimum of 7 years after account closure.

7. Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of data (subject to our legal retention obligations).
  • Opt out of direct marketing at any time.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

To exercise any right, contact support@pund123.bet.

8. Direct Marketing

Under Australian Privacy Principle 7 (APP 7), we may use your personal data to send you direct marketing communications about our products, services, promotions and responsible gambling resources, but only where you have consented or where we are otherwise permitted to do so by law.

Channels we may use: email, SMS, phone calls, in-app and push notifications, and post.

How to opt out: You can withdraw your consent and opt out of direct marketing at any time by:

  • Clicking the one-click unsubscribe link included in every marketing email or SMS;
  • Updating your communication preferences in your account settings; or
  • Contacting us directly at support@pund123.bet.

We will action all opt-out requests promptly and, in any event, within a reasonable time as required by the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

Self-excluded customers: Customers who are registered on the BetStop National Self-Exclusion Register are automatically suppressed from all marketing communications for the full term of their registration. We check the Register at account creation and periodically thereafter.

9. Security

We implement industry-standard security measures including SSL/TLS encryption in transit, encryption or hashing of sensitive data at rest, role-based access controls, and regular independent security assessments.

Notifiable Data Breaches (NDB scheme)

We operate under the Notifiable Data Breaches (NDB) scheme established by Part IIIC of the Privacy Act 1988 (Cth). Our breach response procedure is as follows:

  • Detection and containment: On becoming aware of a suspected data breach, we take immediate steps to contain the incident and prevent further unauthorised access or disclosure.
  • Assessment: We promptly assess whether the breach is an “eligible data breach” — that is, whether it is likely to result in serious harm to any of the individuals whose information was involved. We aim to complete this assessment within 30 days of becoming aware of the suspected breach.
  • Notification: If we determine that a breach is eligible, we will notify all affected individuals and the OAIC as soon as practicable after making that determination. Notification to the OAIC is submitted via the OAIC's online portal; notifications to individuals are provided directly by email or, where that is not practicable, by a prominent notice on our website.
  • Content of notification: Each notification will describe the nature of the breach, the types of information involved, steps we have taken to contain it, and the steps affected individuals can take to protect themselves.
  • Record-keeping: We maintain internal records of all suspected and confirmed data breaches, whether or not they meet the threshold for notification, to support ongoing compliance and to improve our security practices.

If you believe your personal data may have been compromised, please contact us immediately at support@pund123.bet.

10. Cookies

We use cookies and similar tracking technologies. See our Cookie Policy for details.

11. Children

Our services are not directed at persons under 18. We do not knowingly collect personal data from minors. If we become aware that a minor has registered, we will close the account and delete associated data.

12. Changes to This Policy

We may update this Policy. We will notify you by email of material changes. The updated Policy will include a new “last updated” date at the top.

This document is a structural draft only. PUNT 123 PTY LTD must have this reviewed by a qualified privacy lawyer before publication.