Last updated: 1 April 2025 | Effective date: 1 April 2025
PointsBet Australia Pty Ltd
("PointsBet", "we", "us", "our") is committed to protecting the privacy and security of your personal
information. This Privacy Policy explains how we collect, use, disclose and safeguard your personal
information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles
(APPs) contained within it.
1. Information We Collect
We may collect the following categories of personal information when you register, bet with us, or
otherwise interact with our platform:
- Identity information: Full name, date of birth, government-issued ID number, profile
photo
- Contact information: Email address, phone number, postal address, state/territory of
residence
- Financial information: Payment method details (card type and last 4 digits only), bank
account details for withdrawals, transaction history
- Account activity: Betting history, wagering amounts, deposit and withdrawal records,
session activity
- Technical information: IP address, device type, browser type and version, operating
system, pages visited, time and date of access
- Communications: Records of any customer support enquiries, live chat sessions, or
correspondence with us
- Responsible gambling data: Deposit limits set, cool-off periods, self-exclusion
requests
2. How We Use Your Information
We use your personal information for the following purposes:
- To establish, verify and maintain your wagering account
- To process deposits, withdrawals and betting transactions
- To fulfill obligations under the Northern Territory Racing Commission (NTRC) licence conditions,
including age verification and identity checks
- To monitor and detect fraud, problem gambling, money laundering and other prohibited activities
- To send account-related communications (security alerts, transaction confirmations)
- To send marketing communications where you have provided consent or where permitted by law
- To improve our platform, products and services through analytics and behavioural analysis
- To comply with our legal and regulatory obligations, including AML/CTF reporting obligations under the
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
- To enforce our Terms and Conditions
3. Disclosure of Information
We may disclose your personal information to the following types of third parties:
- Identity verification providers: Third-party services that assist with age and identity
verification as required by our licence
- Payment processors: Financial institutions and payment gateway providers that process
your transactions
- Regulatory bodies: The NTRC, AUSTRAC, and other government authorities where required
by law
- BetStop (National Self-Exclusion Register): We are required to check and report to the
National Self-Exclusion Register
- Technology service providers: Hosting, analytics, customer support and communications
infrastructure providers
- Sports data providers: To deliver live odds and statistics (aggregated,
non-identifiable data only)
We do not sell, rent or trade your personal information to any third party for their own marketing
purposes.
4. Cookies and Tracking Technology
We use cookies, web beacons and similar tracking technologies to operate and improve our website and app.
Types of cookies we use include:
- Essential cookies: Required for the operation of our platform (login sessions, bet
slip, security)
- Analytics cookies: To understand how users interact with our site (Google Analytics)
- Preference cookies: To remember your settings such as time zone and preferred sports
- Marketing cookies: To track effectiveness of advertising campaigns
You can manage cookie preferences via our cookie banner or through your browser settings. Note that
disabling essential cookies will affect core platform functionality.
5. Data Security
We implement and maintain a range of physical, technical and organisational security measures to protect
your personal information from unauthorised access, use, disclosure, modification or destruction. These
include:
- 256-bit SSL/TLS encryption for all data transmitted between your device and our servers
- Two-factor authentication options for account access
- Restricted access to personal data on a need-to-know basis among our employees
- Regular security audits and penetration testing
- Encrypted storage of payment information (we do not store full card numbers)
Despite these measures, no system can be 100% secure. In the event of a data breach that is likely to
result in serious harm, we will notify affected individuals and the Office of the Australian Information
Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.
6. Data Retention
We retain personal information for as long as necessary to fulfill the purposes set out in this policy, or
as required by law. In general:
- Account and transactional data is retained for a minimum of 7 years after account closure, as required
under AML/CTF legislation
- Marketing communications preferences are retained until you withdraw consent
- Technical log data is retained for up to 24 months
- Identity verification documents are retained for the period required by our NTRC licence conditions
When you close your account, we will deactivate it and remove directly identifiable information from active
systems where legally permitted to do so.
7. Your Privacy Rights
Under the Australian Privacy Principles, you have the right to:
- Request access to the personal information we hold about you
- Request correction of personal information that is inaccurate, out of date or incomplete
- Complain about a breach of the Australian Privacy Principles. Complaints should first be directed to us
via the contact details below. If unsatisfied, you may lodge a complaint with the OAIC at
oaic.gov.au
- Opt out of direct marketing communications at any time via the unsubscribe link in our emails or by
contacting us
To exercise any of the above rights, please contact our Privacy Officer using the details in Section 9.
8. Children's Privacy
Our platform is strictly for persons aged 18 years and over. We do not knowingly collect personal
information from anyone under the age of 18. If we become aware that a minor has provided us with personal
information, we will take steps to delete such information immediately and close the associated account.
