burger icon
Nomini Review Australia
Log In

Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed and protected when you visit or use the Nomini services available via the regional mirror website at nomini-au-au.com (the "Website"). It applies to all Website visitors, prospective players and existing account holders who interact with this Website or its integrated services, whether from Australia or other locations. By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is effective as of 1 January 2026 and replaces any earlier versions published on this Website.

Who We Are

OBSERVE: Identify the operating entities and contacts relevant to data protection.

EXPAND: Clarify the role of each entity and how they appear to users of nomini-au-au.com.

REFLECT: Present a clear legal identity and contact channel for privacy matters.

The online gambling services associated with the brand Nomini and promoted on the Nomini project at https://nomini-au-au.com are operated, for licensing and gambling service purposes, by:

  • Rabidi N.V., a private limited liability company incorporated under the laws of Curaçao
  • Registration number: 151791
  • Registered/Legal Address: Dr. H. Fergusonweg 1, Willemstad, Curaçao
  • Gambling Licence: 8048/JAZ, issued by Antillephone N.V., Curaçao (online gambling / casino)

For certain payment processing activities related to the Nomini brand, a related entity may be involved:

  • Tilaros Limited, Cyprus - acting as a payment processor and possibly appearing on bank statements. The exact corporate relationship between Rabidi N.V. and Tilaros Limited may change due to corporate restructuring; please always refer to the operator information shown in the footer of the active gaming site.

The Nomini Website at nomini-au-au.com is a regional mirror and review environment that presents information about the Nomini brand and related services. For the purposes of this Privacy Policy, references to "we", "us", or "our" refer collectively to Rabidi N.V. as the main operator and any directly controlled entities that support the operation of this Website.

Data Protection Contact / DPO:

  • Email (primary): [email protected]
  • Email (general information): [email protected]
  • Postal contact for privacy matters: Rabidi N.V., Dr. H. Fergusonweg 1, Willemstad, Curaçao (marked "Privacy / Data Protection")
  • Telephone: not specified at this time; users should contact us by email in the first instance.

We may appoint a dedicated Data Protection Officer or equivalent responsible person. Where such an appointment exists, their contact details will be made available via this Privacy Policy or via the Website.

What Personal Data We Collect

OBSERVE: Identify the types of information collected when users browse, register, deposit, wager, or communicate.

EXPAND: Include both directly provided data and automatically generated or inferred data categories.

REFLECT: Explain each category clearly so users understand what is collected and why.

1. Identification and Contact Data

  • Basic personal details: first name, last name, username or chosen nickname.
  • Contact details: email address, telephone number (where provided), country of residence, postal address (where required for verification or payment).
  • Account credentials: encrypted password, security questions/answers or similar authentication factors.
  • Verification data (KYC): date of birth, age verification records, copies or data from identification documents (e.g. passport, ID card, driver's licence), proof of address, and any other documentation required under anti-money laundering ("AML") and know-your-customer ("KYC") rules.

2. Technical and Device Data

  • Technical identifiers: IP address, browser type and version, device type, operating system, language settings, time zone.
  • Usage logs: access dates and times, pages viewed, referring/exit pages, errors, clickstream data, session duration.
  • Device characteristics: screen resolution, approximate geolocation derived from IP (at a regional/country level, not precise GPS), device identifiers or similar technical tags where applicable.

3. Payment and Financial Data

  • Transaction data: deposits, withdrawals, bonuses credited, chargebacks, rejected transactions, currency used, amounts and timestamps.
  • Payment instrument data: limited card details (such as masked card number, cardholder name, expiry date) or e-wallet identifiers, depending on the payment method used. Full card numbers and sensitive payment data are typically processed by licensed payment processors such as Tilaros Limited or other third-party payment providers; we receive only the data required to reconcile and verify transactions.
  • AML and affordability information: information about source of funds, occupation or income where required to comply with AML/CTF and risk management obligations.

4. Behavioural and Gaming Data

  • Account behaviour: login frequency, session length, navigation patterns, interactions with customer support.
  • Gaming/betting history: games played, bets placed, stake amounts, wins/losses, bonus use and wagering progress, RTP statistics, and any self-exclusion or limit-setting activity.
  • Marketing and interaction data: email opens, click-through behaviour, participation in promotions, response to surveys and feedback forms.

5. Communications and Support Data

  • Customer support records: emails, chat logs, complaint submissions, attachments and evidence submitted by users.
  • Internal notes: risk assessments, fraud case files, and responsible gambling flags created by our staff as part of our regulatory obligations.

6. Cookies and Similar Technologies

  • Cookies: small text files placed on your device to support functionality, analytics and personalization.
  • Similar technologies: web beacons, pixels, local storage, SDKs or browser-based identifiers used for security, analytics and, where permitted, advertising measurement.

Where required by applicable law, we will ask for your consent before placing non-essential cookies or using similar tracking technologies.

Legal Basis for Processing

OBSERVE: Identify the principal legal grounds for data processing activities in an online gambling environment.

EXPAND: Map each basis (consent, contract, legal obligation, legitimate interest) to typical scenarios on nomini-au-au.com.

REFLECT: Present a structured explanation clarifying why we rely on each ground and how it protects users.

1. Performance of a Contract

We process personal data where it is necessary to enter into and perform a contract with you, including:

  • Creating and managing your player account on the gaming platform associated with Nomini.
  • Processing deposits, bets/wagers, bonuses and withdrawals.
  • Providing customer support, handling your requests and resolving operational issues.
  • Ensuring technical delivery of the Website and associated services you request.

2. Compliance with Legal and Regulatory Obligations

As a licensed online gambling operator under Curaçao law, we must comply with a variety of legal obligations, including AML/CTF, responsible gambling and record-keeping requirements. This requires us to process personal data for:

  • Identity verification, age checks and KYC procedures.
  • Transaction monitoring and reporting of suspicious activities to competent authorities.
  • Enforcement of self-exclusion, cooling-off periods, betting limits and other responsible gambling tools.
  • Maintaining records for specified statutory periods, including for tax, audit and regulatory inspection purposes.

3. Legitimate Interests

We may process data where it is necessary for our legitimate interests, provided such interests are not overridden by your rights and freedoms. These interests include:

  • Preventing, detecting and investigating fraud, collusion, abuse of bonuses and other unlawful or unethical behaviour.
  • Maintaining the security and integrity of our systems and networks, including detecting bots and cyberattacks.
  • Analysing aggregated user behaviour to improve our products, Website performance, user experience and risk models.
  • Defending and exercising legal claims, including managing disputes, complaints and regulatory inquiries.

Where we rely on legitimate interests, we conduct a balancing assessment to ensure that our interests do not override your fundamental rights and interests.

4. Consent

In certain cases, we rely on your consent to process personal data. This particularly applies to:

  • Sending direct electronic marketing communications that are not otherwise permitted under applicable law without consent.
  • Using non-essential cookies or similar technologies for advertising or advanced analytics purposes.
  • Sharing data with selected partners for marketing or profiling, where such activity is not strictly necessary for service provision.

You may withdraw your consent at any time (see "Your Rights" section), but this will not affect the lawfulness of processing carried out before withdrawal.

Purpose of Processing

OBSERVE: Explain in practical terms why personal data is processed.

EXPAND: Align purposes with gambling operations, risk management, support and marketing.

REFLECT: Clarify purposes to enhance transparency and enable users to exercise their rights.

  • Provision of services: To create and maintain accounts, operate games, process deposits and withdrawals, apply bonuses, and deliver all core features of the Nomini gaming environment presented via nomini-au-au.com.
  • Verification and compliance: To conduct KYC checks, verify age and identity, prevent underage gambling, comply with AML/CTF and sanctions requirements, and satisfy concurrent obligations in Curaçao and other relevant jurisdictions.
  • Risk management and fraud prevention: To monitor transactions and behaviour, prevent fraudulent use of payment methods, identify misuse of bonuses, and protect users, us, and third parties from financial and reputational harm.
  • Service improvement and analytics: To analyse how users interact with the Website and games, to troubleshoot technical issues, test new features, and optimize design, performance and content.
  • Customer support and communication: To respond to queries, handle complaints, provide account notices, security alerts, transactional messages and regulatory information.
  • Marketing and personalization: To send permitted promotional communications, offer tailored bonuses or game suggestions, conduct surveys and measure the effectiveness of our campaigns, subject to your consents and preferences.
  • Legal defence and enforcement: To manage disputes, enforce our Terms and Conditions, and cooperate with regulators and law enforcement where legally required.

Disclosure & Sharing

OBSERVE: Identify all categories of recipients who may receive personal data.

EXPAND: Explain the conditions and safeguards under which data is shared.

REFLECT: Promote accountability by clarifying that data is not sold indiscriminately and is shared only where necessary or legally required.

1. Group Companies and Operational Partners

  • Group/related entities: Rabidi N.V., Tilaros Limited (Cyprus) as payment processor, and any future successor operators (such as Adonio N.V. or similar entities) that may assume responsibility for the Nomini brand following corporate or licensing restructures. Any such successor will provide updated operator details in the site footer and/or in account communications.
  • Hosting and infrastructure providers: Companies providing servers, cloud infrastructure, content delivery networks (CDNs) and related services used to host and operate the Website and gaming platform.

2. Payment Service Providers and Financial Institutions

  • Banks, card schemes, e-wallet providers, payment gateways and other regulated financial entities that process deposits, withdrawals and refunds on our behalf.
  • These providers act as independent controllers or processors depending on the context; they maintain their own privacy policies and obligations under financial regulations.

3. Professional and Technical Service Providers

  • Identity and verification providers: Vendors performing KYC checks, age verification, PEP and sanction screenings.
  • Analytics and security providers: Fraud detection tools, risk management platforms, IT consultants and security auditors.
  • Marketing and communication providers: Email delivery platforms, CRM systems, customer support tools and survey providers. Where these involve advertising networks or cross-site tracking, we will request your consent where legally required.

4. Regulators, Authorities and Dispute Resolution Bodies

  • Licensing authority in Curaçao (Antillephone N.V.) and any other regulatory body that may request information for compliance oversight.
  • Law enforcement, courts and governmental bodies where disclosure is required by applicable law, court order or to defend legal rights.
  • Alternative dispute resolution (ADR) providers or ombudsman services, if engaged in the context of dispute resolution.

5. Affiliates and Advertising Networks

  • Affiliate partners: Websites and marketing partners that refer users to our services may receive limited performance data (e.g. registrations, conversions, aggregated revenue) but not full personal profiles, unless explicitly agreed and lawfully justified.
  • Advertising networks and tracking providers: Where we use advertising cookies or cross-platform tracking, we will do so only with your consent where required and subject to contractual safeguards.

6. Corporate Transactions

  • In the event of a merger, acquisition, restructuring, or transfer of business related to the Nomini brand or Rabidi N.V.'s gambling operations, personal data may be transferred to the acquiring or successor entity, subject to confidentiality obligations and continuity of protections equivalent to those set out in this Privacy Policy.

We do not sell your personal data as a standalone asset for unrelated third-party marketing. All sharing is limited to the purposes described in this Policy or required by law.

International Transfers

OBSERVE: Recognize that data is processed in multiple jurisdictions, including Curaçao, EU/EEA, Cyprus, and potentially other regions.

EXPAND: Explain the mechanisms used to protect data when transferred cross-border.

REFLECT: Provide reassurance and transparency regarding international flows and safeguards.

Due to the global nature of online gambling operations and support services, your personal data may be transferred to, and processed in, countries other than the one in which you are located. This includes, in particular:

  • Curaçao: Where Rabidi N.V. is registered and where core operational and licensing obligations are based.
  • Cyprus: Where Tilaros Limited and certain payment or back-office functions may be located.
  • European Union / EEA: Where some hosting providers, analytics vendors, customer support tools and risk management systems may be based.
  • Other regions: Where specialised service providers or cloud infrastructure are located, subject to appropriate safeguards.

When transferring personal data internationally, we take steps to ensure that such transfers comply with applicable data protection laws and that your information remains protected. These steps may include:

  • Using standard contractual clauses or comparable contractual mechanisms approved by relevant data protection authorities.
  • Ensuring that the recipient maintains adequate security measures and data protection practices consistent with this Policy.
  • Limiting transfers to what is strictly necessary for the provision of services, compliance with law, or protection of our legitimate interests, while balancing your rights.

Because the Website targets users in Australia while being operated offshore, you should be aware that your data may not be subject to the same statutory protections as under the Australian Privacy Act 1988 (Cth). Nevertheless, we apply robust contractual and technical safeguards to maintain a high standard of protection.

Data Retention

OBSERVE: Describe how long each key category of data is retained.

EXPAND: Link retention to legal obligations, disputes and operational needs.

REFLECT: Provide clear retention rules, deletion criteria and exceptions.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes. Retention periods may vary by jurisdiction and category of data, but the following principles apply:

  • Account and identification data: Core account records, KYC documentation and verification results are generally retained for up to 5 years after account closure, or longer where required by AML/CTF or gambling regulations, or to resolve ongoing disputes or investigations.
  • Transaction and payment data: Financial records related to deposits, withdrawals, bets and winnings are typically retained for 5 - 7 years from the date of the relevant transaction, in line with accounting and AML obligations.
  • Gaming and behavioural data: Detailed game logs and bet histories are usually retained for 5 years after account closure, subject to longer retention where legally required or necessary to defend legal claims.
  • Marketing and communication data: Records of consents and marketing preferences are retained for as long as you remain subscribed and for a reasonable period thereafter (normally up to 2 years) to demonstrate compliance with consent and opt-out requests.
  • Technical logs and security data: Server logs, security alerts and fraud-related records are typically retained for 6 - 24 months, with possible extensions where necessary to investigate and mitigate security incidents or pursue legal claims.
  • Customer support and complaint files: Support tickets and complaint documentation are generally retained for 5 years from resolution, or longer if required for regulatory reporting or ongoing proceedings.

When the applicable retention period expires, or when data is no longer needed for the purposes described, we will either securely delete or irreversibly anonymise it, unless we are legally obliged or permitted to keep it longer. If you request deletion of your data, we may still need to retain certain information to comply with our legal obligations (for example, AML rules) or to establish, exercise or defend legal claims.

Your Rights

OBSERVE: Identify core privacy rights comparable to those under GDPR and similar frameworks.

EXPAND: Translate those rights into practical procedures for users of nomini-au-au.com, including Australians and other international users.

REFLECT: Describe how to exercise rights, response timeframes and cost-free guarantees.

Depending on your place of residence and the applicable data protection laws, you may have some or all of the following rights in relation to your personal data. While Nomini and the operator are not established in the EU or Mexico, we endeavour to align our practices with internationally recognised privacy principles, including those reflected in the EU General Data Protection Regulation (GDPR) and comparable Latin American and Mexican privacy frameworks, to the extent reasonably practicable.

1. Right of Access

  • You can request confirmation of whether we process your personal data and obtain a copy of the data we hold about you, together with relevant information about how we use it.

2. Right to Rectification

  • You can ask us to correct inaccurate or incomplete personal data. In many cases, you can update basic account information directly through your profile settings on the gaming platform associated with Nomini.

3. Right to Erasure ("Right to be Forgotten")

  • You can request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and no other legal ground applies), or where you consider that the processing is unlawful.
  • We may not be able to delete data that we are legally required to retain under AML, gambling or accounting regulations, or data that is necessary to defend legal claims.

4. Right to Restrict Processing

  • You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing, and we are verifying such claims.

5. Right to Object

  • You may object to processing based on our legitimate interests, including profiling, on grounds relating to your particular situation. We will stop the processing unless we demonstrate compelling legitimate grounds that override your interests and rights or where the data is needed for legal claims.
  • You have an unconditional right to object at any time to the use of your data for direct marketing, including profiling related to direct marketing. If you object, we will stop using your data for this purpose.

6. Right to Data Portability

  • Where the processing is based on consent or on a contract and carried out by automated means, you may request a copy of your personal data in a commonly used, machine-readable format and, where technically feasible, have it transmitted directly to another controller.

7. Right to Withdraw Consent

  • Where we rely on your consent for specific processing (e.g. certain marketing activities or non-essential cookies), you may withdraw that consent at any time through the mechanisms provided (such as email unsubscribe links, account settings, or browser controls).
  • Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

8. Procedures, Timeframes and Cost

  • How to exercise your rights: You can submit requests related to your privacy rights by contacting us at [email protected] or [email protected], clearly stating your identity, the right you wish to exercise, and any relevant details.
  • Verification: To protect your data, we may ask you to provide additional information to verify your identity before implementing your request.
  • Response time: We aim to respond to all valid requests within 30 days of receipt. Where requests are complex or numerous, we may extend this period by a further 30 days, in which case we will notify you of the extension and reasons.
  • Cost: We will handle your request free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive or repetitive, where permitted by applicable law.

Cookies & Tracking Technologies

OBSERVE: Define the main categories of cookies and similar tools used on the Website.

EXPAND: Explain their purposes, retention and user control options.

REFLECT: Assist users in making informed choices about cookie settings.

1. Types of Cookies Used

  • Strictly necessary (functional) cookies: These cookies are essential for the operation of the Website and for enabling basic features such as page navigation, secure login, and access to restricted areas. The Website cannot function properly without these cookies.
  • Preference cookies: These remember your settings and choices (such as language, region, or cookie preferences) to provide a more personalized experience.
  • Analytics and performance cookies: These collect aggregated information about how visitors use the Website (e.g. which pages are visited most often, error messages). The information is used to improve the performance and usability of the Website.
  • Advertising and targeting cookies: These may be used to deliver relevant advertisements or track the effectiveness of marketing campaigns. They may be set by us or by third-party advertising networks. In many jurisdictions, including Australia and the EU, these cookies require your consent.
  • Third-party cookies: Some cookies may be placed by third-party services integrated into the Website, such as analytics providers, affiliate tracking platforms, social media plug-ins or content delivery services.

2. Management of Cookies

  • Browser settings: Most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. However, blocking some types of cookies may affect your ability to use certain features of the Website.
  • Internal tools: Where available, we may provide an internal cookie banner or preference panel that allows you to accept or reject non-essential cookies by category.
  • Opt-out links: For some third-party advertising or analytics services, additional opt-out mechanisms may be available on the providers' own websites.

By continuing to browse the Website after seeing a cookie notice, and where local law permits implied consent, you may be deemed to consent to the use of cookies in accordance with your browser settings and this Policy. In other regions, we will explicitly request your consent before using non-essential cookies.

Data Security

OBSERVE: Outline the key technical and organisational measures applied to protect data.

EXPAND: Cover encryption, access control, auditing, training and incident response.

REFLECT: Provide realistic assurances without guaranteeing absolute security.

We employ a combination of technical, organisational and physical safeguards designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. These measures include, among others:

  • Encryption in transit: Use of TLS 1.2 or newer protocols to encrypt data transmitted between your browser and our servers, reducing the risk of interception.
  • Data security at rest: Use of industry-standard encryption, access controls and segregation of environments to protect stored data, including sensitive account and transaction information.
  • Access control and authentication: Strict role-based access controls (RBAC) to ensure that only authorised personnel who need access for legitimate business purposes can access personal data. Administrative accounts are protected by multi-factor authentication (MFA) where technically feasible.
  • Network and system security: Firewalls, intrusion detection and prevention systems, anti-malware tools, vulnerability management and change control processes.
  • Regular audits and monitoring: Periodic security assessments, log monitoring and internal audits of access and processing activities; engagement of external experts where appropriate.
  • Staff training and confidentiality: Mandatory confidentiality obligations and regular training for employees and contractors on data protection, information security and responsible handling of customer information.
  • Incident response: An incident response process designed to detect, assess and mitigate security incidents. Where required by law, we will notify relevant authorities and affected individuals of data breaches without undue delay.

While we strive to implement security measures in line with recognised industry standards (including drawing on principles found in frameworks such as ISO 27001 and SOC 2), no system can be guaranteed to be completely secure. You are encouraged to keep your login credentials secret, use strong passwords, and promptly notify us at [email protected] if you suspect any unauthorised use of your account.

Complaints & Contacts

OBSERVE: Provide clear channels through which users can raise privacy concerns.

EXPAND: Describe our internal complaint procedure and escalation options to supervisory authorities.

REFLECT: Encourage users to contact us directly while acknowledging their right to seek external recourse.

1. How to Contact Us

  • Email (preferred for privacy issues): [email protected]
  • General enquiries: [email protected]
  • Postal address: Rabidi N.V., Dr. H. Fergusonweg 1, Willemstad, Curaçao (please mark "Privacy / Complaint" on the envelope).

2. Internal Complaint Procedure

  1. Submission: You may submit a complaint about our data processing practices or about this Privacy Policy by email or postal mail. Please include your full name, account identifier (if applicable), relevant details of your complaint, and the outcome you seek.
  2. Acknowledgement: We will acknowledge receipt of your complaint within 7 business days where reasonably possible.
  3. Investigation: Your complaint will be reviewed by the relevant department (including our data protection function or DPO, where appointed). We may request additional information from you to clarify the issue.
  4. Response: We aim to provide a substantive response within 30 days of receiving all necessary information. If we are unable to respond within this timeframe, we will inform you of any delay and the expected date of response.
  5. Further steps: If you are not satisfied with our response, you may request that the complaint be escalated internally or pursue external remedies as applicable in your jurisdiction.

3. Escalation to Supervisory Authorities

The operator of the Nomini brand is licensed in Curaçao and not directly supervised by Australian privacy regulators. However, depending on your location, you may have the right to lodge a complaint with a competent data protection or privacy authority in your country of residence, place of work or place of the alleged infringement. Examples include:

  • Australia: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au
  • European Union: If you are located in the EU/EEA, you may contact your local Data Protection Authority (DPA) or the authority in the Member State where you live or work. Contact details are typically available via the European Data Protection Board's website (edpb.europa.eu).
  • Other jurisdictions: Please refer to the website of your national data protection, consumer protection or telecommunications authority for complaint procedures.

Before approaching an external authority, we encourage you to contact us so that we have an opportunity to address your concerns directly. This does not limit any rights you may have to complain to an authority.

Updates

OBSERVE: Recognise that privacy practices and legal requirements evolve over time.

EXPAND: Describe how changes to this Policy will be communicated and how users can respond.

REFLECT: Ensure transparency, version control and user choice regarding significant changes.

We may update or revise this Privacy Policy from time to time to reflect changes in our services, legal obligations, regulatory guidance or technological developments.

1. Notification of Changes

  • Website notice: The most current version of this Privacy Policy will always be available on the Website, with the effective date clearly indicated at the top.
  • Email notifications: For material changes that significantly affect how we process your personal data or your rights, we will endeavour to notify registered users by email using the contact address associated with their account.
  • On-site alerts: We may display banners, pop-up messages or account dashboard alerts summarising important changes and directing you to the updated Policy.

2. Advance Notice and User Options

  • Advance notice: Where feasible and where changes are material, we will provide at least 30 days' advance notice before the updated Policy becomes effective.
  • Review and consent: Continued use of the Website or related services after the effective date of the updated Policy will constitute your acknowledgment of the changes. Where required by law, we will seek your renewed consent for specific processing activities.
  • Right to object or close account: If you do not agree with the updated Policy, you may choose to discontinue use of the Website and, if you hold an active account on the associated gaming platform, request account closure and exercise your data rights as described above.

Last updated: January 2026