burger icon
Kingmaker Australia
Log In

Privacy Policy

This Privacy Policy explains how the Kingmaker brand, operating the AU-facing site at kingmakerbet-au.com and related mirror domains, collects, uses, discloses, and protects personal information of players and website visitors ("you"). It applies to all use of our gambling services, related features, and any interaction with our online platforms, whether you access them as a registered player or as a visitor.

Because Kingmaker targets players in Australia from an offshore location, we seek to align with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, and, where applicable, with the EU General Data Protection Regulation (GDPR) and relevant Mexican privacy regulations for users located in those jurisdictions.

By using kingmakerbet-au.com you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use our services. Effective date: 15 January 2026.

Who We Are

The online gambling services marketed as Kingmaker and made available through kingmakerbet-au.com (including AU-facing mirror/alternate domains such as kingmaker-au.com and kingmaker.io) (collectively, the "Site") are operated by the Kingmaker brand through an offshore corporate structure.

Based on available information, the services are operated by a company that presents itself under the name KM Operations Ltd and claims to hold a Curaçao eGaming sub-license number 365/JAZ with sublicense reference GLH-OCCHKTW0712342021. Publicly available evidence indicates that this license information requires independent verification and that the Site is not licensed in Australia and operates from offshore while accepting Australian players in a "grey-market" context.

Because complete, verifiable corporate registration and legal address details are not fully confirmed in the data available to us, you should always refer to the most recent corporate details published in the Site's Terms and Conditions and legal notices. Those details will prevail over any summary in this Privacy Policy.

Data Protection Contact

  • Data protection contact / DPO: Data Protection Officer, Kingmaker (KM Operations Ltd or its current operating entity)
  • Email: [email protected] (or the current privacy contact email indicated on the Site's contact or legal pages)
  • Postal contact (for privacy matters): Data Protection Officer, Kingmaker - as per the postal address published in the Site's Terms and Conditions or contact page.

If any of the above details change, the updated information published on kingmakerbet-au.com will apply and will be reflected in this Privacy Policy during the next update cycle.

What Personal Data We Collect

We collect only the personal information reasonably necessary for operating and improving our gambling services, meeting our legal obligations (including KYC/AML), and protecting the integrity of our platform.

Identification and Contact Data

  • Registration data: full name, date of birth, country of residence, username, password, security questions.
  • Contact data: email address, phone number, preferred language, communication preferences.
  • Identity/KYC data: copies or data from identity documents (passport, driver licence, national ID), proof of address (utility bills, bank statements), selfies or video verification where required.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone, language settings.
  • Access and system logs: login and logout timestamps, session IDs, pages visited, clicks, error logs, and other diagnostic data.
  • Cookies and similar technologies: identifiers stored on your device (see "Cookies & Tracking Technologies" below).

Payment and Financial Data

  • Payment details: partial payment card details (tokenised where possible), card type, issuing country, expiry date (we do not store full card numbers where our payment processors can tokenise them).
  • Transaction data: deposit and withdrawal history, currencies used, payment instruments used, chargebacks, refunds, bonuses credited and cleared.
  • AML/Source-of-funds data: documents and information supporting source of funds or wealth, as may be required by our KYC/AML procedures.

Behavioural and Profile Data

  • Gaming behaviour: betting history, game preferences, time spent playing, limits set, responsible gambling interactions.
  • Marketing and interaction data: email open/click rates, interactions with promotions, responses to surveys, participation in loyalty or VIP programmes.

Communications and Customer Support

  • Support records: transcripts of live chat, emails, complaint forms, call notes, and internal case management records.
  • Verification and dispute materials: any additional documentation you provide when raising disputes or exercising your privacy rights.

Cookies and Similar Technologies

  • Session cookies: temporary identifiers enabling navigation and secure use of the Site.
  • Persistent cookies: cookies that remain on your device for a defined period to remember preferences and improve user experience.
  • Third-party cookies and trackers: analytics and advertising cookies from service providers (for example, traffic analytics and campaign performance measurement), as explained in the "Cookies & Tracking Technologies" section.

Legal Basis for Processing

Because Kingmaker operates offshore while targeting Australian players and may also receive visitors from other jurisdictions, our processing of personal information is grounded on multiple legal bases, depending on your location and the specific activity.

Consent

  • We rely on your consent where we are required to do so by applicable law, for example:
    • sending electronic marketing communications (email, SMS, push notifications) where consent is the relevant legal basis;
    • using non-essential cookies and similar technologies for analytics or advertising;
    • processing certain special categories of data (if ever applicable) where local law requires explicit consent.

Performance of a Contract

  • We process your data where it is necessary to enter into and perform our contract with you, including:
    • creating and managing your player account;
    • verifying your age and eligibility to use the services;
    • processing deposits, bets, game sessions, and withdrawals;
    • providing customer support and resolving operational issues.

Legitimate Interests

  • We process data where necessary for our legitimate interests, after balancing those interests against your rights and expectations, including:
    • preventing fraud, money laundering, bonus abuse, match fixing, and other prohibited conduct;
    • ensuring IT and network security, including logging and monitoring for incident detection;
    • improving our services, games, and user experience through analytics and usage insights;
    • defending and exercising legal claims and managing risk.

Compliance with Legal Obligations

  • We process your data where required to comply with legal obligations arising under:
    • anti-money laundering (AML) and counter-terrorism financing (CTF) laws applicable to our offshore licensing arrangements;
    • record-keeping and reporting duties to regulators and financial institutions in Curaçao or other relevant jurisdictions;
    • tax, accounting, and corporate compliance requirements.

GDPR and Mexican Law Alignment

  • For users located in the European Economic Area or the UK, we strive to align our practices with the legal bases under the GDPR and equivalent UK legislation.
  • For users subject to Mexican privacy laws (including the Federal Law on Protection of Personal Data Held by Private Parties and its regulations), we rely on consent, contractual necessity, and legal obligations as recognised there, particularly in relation to ARCO rights (Access, Rectification, Cancellation, Opposition).

Purpose of Processing

We use personal data for the following purposes, which are closely linked to the legal bases described above.

Provision and Management of Gambling Services

  • Creating and managing player accounts and profiles.
  • Running games, placing bets, settling wagers, and crediting winnings.
  • Processing deposits, withdrawals, and payment-related transactions.
  • Providing customer service and handling day-to-day queries.

Compliance, Risk Management and Integrity of the Platform

  • Implementing KYC/AML and affordability checks, where required.
  • Monitoring behaviour to detect fraud, collusion, bonus abuse, and other prohibited activities.
  • Complying with record-keeping, audit, and reporting obligations.

Service Improvement and Analytics

  • Analysing how users interact with the Site to improve performance, usability, and game selection.
  • Developing new features, products, and promotions based on aggregated insights.
  • Measuring the effectiveness of marketing campaigns (where permitted).

Marketing and Personalisation

  • Sending promotional communications about Kingmaker offers and products, subject to your preferences and applicable consent requirements.
  • Customising content, bonuses, and recommendations based on your profile and behaviour, where not prohibited by applicable law.

Security, Dispute Resolution and Legal Claims

  • Ensuring the security and integrity of our systems, including detection and investigation of suspicious activity.
  • Handling complaints, chargebacks, disputes, and regulatory inquiries.
  • Establishing, exercising, or defending legal claims.

Disclosure & Sharing

We do not sell your personal data. We share it only with carefully selected recipients and only to the extent reasonably necessary for the purposes described in this Privacy Policy.

Service Providers and Business Partners

  • Payment processors and banks: for processing deposits, withdrawals, chargebacks, and anti-fraud checks.
  • Identity verification and KYC/AML providers: to verify your identity, age, and source of funds where required.
  • IT and hosting providers: cloud hosting, content delivery networks, data storage, and technical support services.
  • Analytics and marketing partners: providers who help us analyse traffic or deliver and measure marketing campaigns (subject to consent where required).

Group Companies and Affiliates

  • Other entities within the broader Kingmaker or KM Operations group (or its successors) may receive data for internal administrative purposes, consolidated reporting, compliance, and consistent service provision across mirror domains.
  • Marketing affiliates may receive limited information (for example, conversion statistics) in aggregated or pseudonymised form to measure campaign performance.

Regulators, Law Enforcement and Dispute Bodies

  • Regulators and licensing bodies: including offshore regulators associated with the claimed Curaçao licence 365/JAZ and any other competent authority that may have jurisdiction over our operations.
  • Law enforcement agencies and courts: where we are required to share data by applicable law, court order, or to protect our legitimate interests in legal proceedings.
  • Dispute resolution bodies and payment schemes: when investigating chargebacks, complaints, or disputes.

Advertising Networks and Social Media

  • Where you have given consent (if required), we may share limited identifiers (for example, hashed email address, cookies) with advertising networks and social media platforms to:
    • serve you with targeted or interest-based advertising; and
    • measure and improve our advertising effectiveness.

Corporate Transactions

  • If we undergo a restructuring, merger, acquisition, asset sale, or similar corporate event, your personal data may be transferred to the relevant acquiring or successor entity, subject to safeguards and continued protection consistent with this Privacy Policy.

International Transfers

Because Kingmaker is operated offshore and relies on global service providers, your personal data may be transferred to, stored in, or processed in countries other than your country of residence, including:

  • Curaçao and other Caribbean or offshore jurisdictions linked to our claimed licensing structure;
  • European Economic Area (EEA) and the United Kingdom, where some of our service providers may be located;
  • United States and other countries where IT, analytics, or payment processors operate;
  • any other jurisdiction where our cloud hosting or backup infrastructure is located.

Protection Measures for Cross-Border Transfers

  • We use contractual safeguards, including data protection clauses in our agreements with processors and partners, requiring them to:
    • process personal data only on our documented instructions;
    • implement appropriate security measures; and
    • assist us in fulfilling data subject rights and breach notification obligations.
  • Where required under GDPR or similar frameworks, we seek to rely on:
    • Standard Contractual Clauses (SCCs) approved by the European Commission or UK equivalents for transfers from the EEA/UK to third countries; and
    • additional technical and organisational safeguards (such as encryption and access controls) to reduce the risks associated with cross-border transfers.

Your data may therefore be subject to the laws of jurisdictions that may not provide the same level of data protection as your home country. However, we endeavour to ensure that any such transfers are carried out in compliance with applicable law and with appropriate safeguards in place.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements, and then securely delete or irreversibly anonymise it.

General Retention Principles

  • Active account data: retained for the duration of your account and usage of our services.
  • After account closure: most core account and transaction data will typically be retained for up to 5 years after closure to comply with AML/CTF and record-keeping obligations, or longer where required by law or necessary to resolve disputes.

Typical Retention Periods (Subject to Applicable Law)

  • Identification and KYC documents: 5 - 7 years after account closure or last transaction, depending on AML/CTF requirements in the relevant jurisdiction.
  • Transaction and payment records: up to 7 - 10 years where required for tax, accounting, and anti-fraud purposes.
  • Technical and security logs: typically 12 - 24 months, unless required longer for security investigations or legal claims.
  • Marketing data: retained until you opt out of marketing, after which it may be retained in a suppression list to ensure we respect your opt-out.
  • Customer support and complaint records: generally 5 years from closure of the case, or longer where necessary for legal defence.

Deletion and Anonymisation

  • When data is no longer needed, we will take reasonable steps to:
    • securely delete it; or
    • irreversibly anonymise it so that it can no longer be associated with you.
  • Your right to request deletion may be limited where we must retain certain data to comply with legal obligations, to protect our legitimate interests, or to establish, exercise, or defend legal claims.

Your Rights

Your privacy rights depend on your location and the laws that apply to our relationship. We seek to align our practices with the Australian Privacy Principles, the GDPR (where applicable), and relevant Mexican privacy law, including ARCO rights.

Core Rights (Access, Correction, Deletion)

  • Right of access: You can request confirmation of whether we hold personal data about you and receive a copy of that data, together with information about how we use it.
  • Right to correction/rectification: You can request that we correct inaccurate or incomplete personal information we hold about you.
  • Right to deletion/cancellation: In certain circumstances, you can request deletion of your personal data (for example, where it is no longer needed, or you withdraw consent and no other legal basis applies). We may need to retain some data despite your request where required by law (e.g. AML/CTF obligations).

Restriction, Objection and ARCO Rights

  • Right to restriction of processing: You may request that we restrict processing of your personal data in specific circumstances (for example, while we verify its accuracy or assess an objection).
  • Right to object: Where we process data based on legitimate interests or for direct marketing, you may object. We will stop processing unless we can demonstrate compelling legitimate grounds or need the data for legal claims.
  • ARCO rights (Mexico): For users subject to Mexican law, we will handle requests for Access, Rectification, Cancellation, and Opposition (ARCO) in accordance with the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations, taking into account any applicable exceptions.

Data Portability and Consent Management

  • Right to data portability (GDPR where applicable): You may request to receive certain personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible and required by law.
  • Right to withdraw consent: Where we rely on your consent (for example, for marketing or certain cookies), you can withdraw it at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
  • Marketing opt-out: You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by changing your preferences in your account (where available).

How to Exercise Your Rights

  1. Submit a request: Contact us via [email protected] or via any dedicated privacy/contact form on the Site, stating:
    • your full name and registered email;
    • the right you wish to exercise; and
    • relevant details to help us locate your data.
  2. Identity verification: We may ask you to provide additional information or documents to verify your identity and prevent unauthorised access.
  3. Response timeframe: We aim to respond within 30 days from receipt of a complete request. For complex or numerous requests, we may extend this period by a further 30 days, informing you of the extension and reasons.
  4. Fees: Requests are handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in accordance with applicable law.

Some rights may be limited by applicable law (for example, where disclosure would adversely affect the rights of others or where we must retain data for legal or regulatory reasons). Where we cannot fully comply with your request, we will explain the reasons, to the extent permitted by law.

Cookies & Tracking Technologies

We use cookies and similar technologies on kingmakerbet-au.com and related AU-facing domains to ensure the Site functions correctly, improve performance, and provide personalised content and advertising where permitted.

Types of Cookies

  • Strictly necessary (functional) cookies: essential for enabling core functionality such as secure login, session management, and load balancing. These cannot be disabled via our systems.
  • Preference cookies: help remember your settings and choices (for example, language preference, display options).
  • Analytics/performance cookies: collect aggregated information about how visitors use the Site (pages visited, time spent, error messages) to help us improve our services.
  • Advertising/targeting cookies: used to deliver relevant advertisements and track campaign performance. These may be placed by us or by third-party advertising networks, subject to consent where required.

Managing Cookies

  • Browser settings: Most web browsers allow you to block or delete cookies through their settings. Doing so may affect the functionality of the Site, particularly for strictly necessary cookies.
  • On-site controls: Where available, you may manage non-essential cookies through a cookie banner or preference centre on the Site, including withdrawing consent at any time.
  • Third-party tools: You can also manage certain third-party advertising cookies through industry platforms (for example, "Your Online Choices" in the EU), where these are applicable to you.

For more detailed information about specific cookies used on kingmakerbet-au.com, you should consult any cookie table or detailed cookie notice available on the Site, as this may be updated more frequently than this Privacy Policy.

Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration, or disclosure.

Technical Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using industry-standard TLS (Transport Layer Security) protocols (TLS 1.2 or higher), where supported by your device and browser.
  • Encryption at rest: Where feasible, sensitive data (such as passwords and certain financial or identification data) is stored in encrypted or hashed form using industry-standard algorithms.
  • Access controls: Personal data is accessible only to authorised personnel and service providers who need it to perform their duties, based on role-based access controls and "least privilege" principles.
  • Network and infrastructure security: Firewalls, intrusion detection/prevention systems, and monitoring tools are used to help protect our infrastructure from unauthorised access and attacks.

Organisational Measures

  • Staff training: Personnel with access to personal data receive ongoing training on data protection, confidentiality, and security best practices.
  • Policies and procedures: Internal policies govern how personal data is handled, accessed, stored, and destroyed, including incident response plans.
  • Vendor due diligence: We select service providers that commit to appropriate security standards and enter into agreements requiring them to protect personal data.

Incident Response

  • We maintain procedures for identifying, investigating, and responding to suspected data breaches or security incidents.
  • Where required by law, we will notify affected individuals and relevant authorities of a data breach without undue delay, including providing information about the nature of the breach and mitigation steps.

While we take reasonable steps to protect your personal data, no system can be completely secure. You are responsible for keeping your login credentials confidential and for using strong, unique passwords and up-to-date security software on your devices.

Complaints & Contacts

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, you have several channels available.

Contacting Us

  • Email (primary channel): [email protected]
  • Online forms: any feedback or complaint forms available on the Site's "Contact" or "Public Complaints" pages.
  • Postal mail: Data Protection Officer, Kingmaker - as per the latest postal address indicated on the Site's Terms and Conditions or Public Complaints policy.

Internal Complaint Procedure

  1. Submit your complaint: Provide your full name, contact details, account ID (if any), and a clear description of your concern or request.
  2. Acknowledgment: We aim to acknowledge receipt of your complaint within 5 business days.
  3. Investigation and response: We will investigate your complaint and aim to provide a substantive response within 30 days. If we cannot respond within that timeframe, we will inform you of the delay and the expected resolution date.
  4. Escalation: If you are not satisfied with our response, you may request further review or escalate your complaint to the relevant supervisory authority, as described below.

Escalation to Supervisory Authorities

Depending on your location and applicable law, you may have the right to lodge a complaint with a data protection or privacy authority.

  • Australia (primary reference for Kingmaker):
  • Mexico:
    • Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
    • Website: https://www.inai.org.mx
  • European Union / EEA:
    • You may contact the data protection authority in the EU/EEA Member State of your habitual residence, place of work, or alleged infringement. A list of supervisory authorities is available via the European Data Protection Board (EDPB) at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

You should generally give us the opportunity to address your concerns directly before approaching a supervisory authority, although this is not obligatory under some laws.

Updates

We may update this Privacy Policy from time to time to reflect changes in our operations, technology, legal requirements, or other factors.

How We Will Inform You

  • Email notifications: Where you hold a registered account and the changes are material, we may notify you by email.
  • On-site notices: We may display banners or pop-up notices on kingmakerbet-au.com or in your account dashboard to draw attention to key changes.
  • Policy versioning: Each version of this Privacy Policy will be identified by the "Last updated" date below.

Notice Period and Your Choices

  • For material changes that significantly affect how we process your personal data, we will, where reasonably practicable, provide at least 30 days' advance notice before the new policy takes effect.
  • During this notice period, you may:
    • review the updated Privacy Policy; and
    • choose to close your account and stop using the services if you do not agree with the changes (subject to any outstanding obligations such as withdrawal of funds or legal retention requirements).
  • Your continued use of the Site after the updated policy takes effect will constitute your acceptance of the changes, to the extent permitted by applicable law.

Last updated: 15 January 2026. Significant changes since prior versions may include clarifications about offshore operation for Australian players, expanded explanation of international data transfers, and explicit alignment references to GDPR and Mexican privacy law where relevant.