Self-exclusion and protection of personal data: what happens to your information

Introduction

Self-exclusion procedures require the provision of personal information (full name, date of birth, contact details), but players have the right to know how this data is used, stored and protected. This article explains the legal framework, technical and organizational security measures, and your rights.

1. What data is collected

1. When registering with BetStop

Full name and date of birth for unambiguous identification

E-mail address and phone number for code confirmation
Postal code - for geographical verification
2. In the personal account of the casino

KYC data (passport, driver's license) - for synchronization with BetStop and exclusion of multi-accounts
3. Additional information

Access history (IP addresses, login time) - for SD compliance audit

Communication records (chat logs, e-mail) - for evidence in case of violations

2. How data is stored and protected

1. Privacy Act 1988

APP (Australian Privacy Principles) require:

Collect only required data
No longer storage than needed for SD purpose
Using Encryption in Transmission and Storage
2. Technical measures

Database encryption (AES-256) and TLS sessions on BetStop and operators

Regular backups and storage in secure data centers

Restrict access by role (RG specialists and administrators only)
3. Organizational measures

Policies for Data Destruction After SD Expiration

Instructions for removing paper and electronic copies of KYC
Personnel training on confidential information handling procedures

3. Data transfer and third parties

1. Inter-operator synchronization

BetStop passes the player only as "excluded" without transferring the full KYC set to operators

Operators use data hashes (SHA-256) for reconciliation without disclosing initial information
2. Regulators and law enforcement

ACMA or staff commissions may request data when investigating violations

The law obliges operators to transfer only within the framework of official requests under the agenda or through the GDPR analogue (APRA units)
3. Third-party service providers

Payment gateways and cloud providers process data under non-disclosure agreements and according to APP

4. Your rights and how to exercise them

1. Access and remediation

The right to ask BetStop or the operator for a copy of their data and correct inaccuracies

2. Delete and restrict processing

At the end of SD, the data must be destroyed or anonymized (the law requires limiting storage)

3. Violation complaint

If your Privacy Act is breached, you can file a complaint with the OAIC (Office of the Australian Information Commissioner)

4. SD Recall Privacy

In case of early withdrawal, you have the right to request that the archived lock records be deleted if they are no longer needed

5. Risk minimization recommendations

1. Use a separate e-mail/phone

Registering an SD with a new address reduces the interweaving of data with other services

2. Remove from social media

If you are logged in through Facebook/Google, untie these services after registering SD

3. Check your privacy policy

Make sure that the RG-tools section of the operator contains a link to the Privacy Policy and data retention periods

4. Timely data updates

Make changes to your profile to avoid unnecessary entries and speed up the deletion process

Conclusion

Self-exclusion requires some personal data to be entrusted to operators and BetStop, but legislation and industry standards guarantee their protection. Knowing what information is collected, how it is encrypted and who has access, you can confidently go through the SD procedure, maintaining control over privacy and minimizing the risk of leaks.