burger icon
Grand Rush Сasino Casino
Log In

Privacy Policy

This privacy policy describes how grandrush, accessible via grandrushes.com, manages and protects your personal information. It applies to all players and visitors of our website, ensuring transparency and compliance with Australian privacy regulations. This policy is effective as of 02 February 2025.

Who We Are

OBSERVE: Grandrush operates as an online gaming service provider with primary client bases in Australia and New Zealand. Partial corporate data includes potential association with Endorphins PTE LTD, with founding years noted as 2006 and 2019 (pending clarification). While full legal address and registration number are not publicly available, all privacy inquiries are addressed by our data protection team.

  • Operator: Grandrush (trading via grandrushes.com).
  • Parent Company: Endorphins PTE LTD (subject to confirmation).
  • Contact Address: Legal address not specified; legal correspondence to be directed to official support contacts.
  • Data Protection Officer (DPO)/Privacy Department:

REFLECT: In the absence of certain formal registration details (pending public disclosure), privacy oversight remains the responsibility of our designated data protection staff, contactable via the channels above.

What Personal Data We Collect

OBSERVE: We collect varied data types as part of legal and operational requirements, in line with Australian online gambling standards.

  • Personal Data: Name, date of birth, postal address (where provided), email address, phone number.
  • Technical Data: IP address, device identifiers, browser type/version, access logs, and geo-location data.
  • Payment and Financial Data: Bank or card details, transaction histories, and payment verification documents as required for withdrawal and compliance.
  • Behavioral Data: Game activity, betting history, session data, time spent, clicks, bonuses used, and responsible gaming actions.
  • Cookies & Similar Technologies: See "Cookies & Tracking Technologies" section for further details.

EXPAND: Some information may be collected automatically through your device or browser, and certain behavioral/profiling data are used for anti-fraud and regulatory reporting. Additional information may be requested to verify age or identity in line with KYC/AML regulations.

REFLECT: All categories of data are processed in accordance with the Australian Privacy Principles and applicable iGaming industry standards.

Legal Basis for Processing

OBSERVE: We process your personal information based on strict legal foundations, ensuring regulatory compliance in the Australian context.

  1. User Consent: When you register or use our services, you provide clear consent for the collection and processing of personal information as described in this policy. Consent is also obtained for marketing communications.
  2. Performance of Contract: Data processing is required to operate your account, provide gaming services, process payments, and issue withdrawals.
  3. Compliance with Legal Obligations: We collect and process data to fulfill obligations under Australian law, including Know Your Customer (KYC), Anti-Money Laundering (AML), and statutory reporting requirements to local regulators.
  4. Legitimate Interests: Processing may occur for fraud prevention, IT security, analytics, and service improvement, provided such interests do not override your fundamental rights and freedoms.

REFLECT: Processing is conducted strictly within legislative and ethical parameters, with data minimization and privacy by design as cornerstones. You may withdraw consent for non-essential processing at any time (see Your Rights section).

Purpose of Processing

OBSERVE: The use of your personal data is limited to essential and explicitly stated purposes.

  • Provision of Casino Services: Account creation, identity verification, gameplay management, deposits, and payouts.
  • Service Improvement & Personalization: Enhancing user experience, customizing content, and refining platform functionality.
  • Marketing & Communications: Sending offers, updates, service messages (with opt-in/opt-out capability).
  • Analytics & Research: Aggregating anonymized data for statistical analysis, improving security posture, and detecting trends.
  • Regulatory & Legal Compliance: Meeting obligations related to responsible gambling, reporting, KYC, and AML monitoring.
  • Fraud Prevention & Security: Monitoring system access, tracking suspicious activity, and enforcing platform integrity.

REFLECT: All processing is purpose-driven, transparent, and aligned with Australian privacy requirements for gaming operators.

Disclosure & Sharing

OBSERVE: Data disclosure is limited to cases where necessary for the provision of services or required by law.

  1. Service Partners: Your data may be transferred to payment processors, banking partners, and verified third-party service providers solely for transactional, operational, or verification purposes. All partners are contractually bound to data protection obligations.
  2. Regulatory Authorities: Information may be disclosed, upon proper request, to legal or regulatory agencies in accordance with Australian law, including AUSTRAC, state gaming regulators, or law enforcement.
  3. Affiliates & Advertising Networks: With your explicit consent, data may be shared with trusted affiliate marketing and advertising partners for promotion or campaign management.
  4. Technical Providers: Data may be accessible to IT infrastructure providers (such as hosting, security, or analytics solutions) under strict confidentiality and security conditions.

EXPAND: We ensure all external recipients are either subject to equivalent privacy protection standards or contractual clauses that mirror Australian legal requirements.

REFLECT: Personal data is never sold or commercially licensed to unauthorized third parties, ensuring your privacy and legal protections are maintained at all times.

International Transfers

OBSERVE: As an online platform serving Australia and New Zealand, certain technical or support operations may involve international transfers of personal data.

  • Potential Transfer Destinations: Data may be transferred to jurisdictions outside Australia, including the European Economic Area, Singapore, or other countries where technical partners are based, only as necessary for service delivery, hosting, or support.
  • Legal Safeguards: All cross-border transfers will be protected by:
    • Standard Contractual Clauses approved by Australian or international regulators
    • Contractual obligations for service providers to maintain confidentiality and data protection equivalent to Australian privacy requirements
    • Regular assessment of partner compliance and security certifications

REFLECT: No international transfer occurs without robust protection mechanisms in place. You may contact us for further details regarding international data transfer safeguards.

Data Retention

OBSERVE: Data is retained only as long as necessary for legitimate business and legal purposes, in strict accordance with industry standards and Australian statutory requirements.

  • General Retention Periods:
    • Personal account data: up to five (5) years after account closure or last activity, as required by AML/CTF and record-keeping laws.
    • Payment and transaction records: at least five (5) years following completion, to fulfil financial reporting and auditing obligations.
    • Behavioral and analytics data: retained in anonymized or aggregated form for system improvement, for no more than five (5) years.
  • Deletion Criteria: Data is deleted or de-identified when statutory retention expires, a user requests account deletion, or processing is no longer necessary for its intended purpose.

REFLECT: We ensure timely data purging, inaccessibility after deletion, and compliance with the "right to be forgotten" as per Australian Privacy Principle 11.2.

Your Rights

OBSERVE: Under Australian privacy law and industry best practice, all data subjects enjoy clearly defined rights with respect to their personal data held by grandrushes.com.

  1. Right of Access: You may request a copy of all personal information held by us, subject to standard identification procedures.
  2. Correction and Deletion: You may request correction of inaccurate data or deletion where legal grounds allow, including where data is no longer required or consent is withdrawn.
  3. Restriction of Processing: You may request limits on data use in specific circumstances (such as during dispute resolution).
  4. Objection: You have the right to object to certain processing activities (such as direct marketing) with prompt effect upon request.
  5. Data Portability: Where technically feasible, you may request to receive personal data in a structured, commonly used digital format.
  6. Withdrawal of Consent: You may opt out of marketing or withdraw consent for non-essential processing at any time via account settings or by contacting support.

REFLECT: All rights requests are handled within statutory timeframes. Detailed response protocols are available upon inquiry.

Cookies & Tracking Technologies

OBSERVE: grandrushes.com utilizes common online tracking mechanisms to enhance user experience and ensure platform integrity.

  • Session Cookies: Enable user authentication, maintain session state, and support secure gameplay; expire after session end.
  • Persistent Cookies: Remember user preferences, retain custom settings, and facilitate repeat logins for up to 12 months or as required.
  • Third-Party Cookies: Deployed for analytics, advertising (with explicit consent), and certain integrations, subject to strict confidentiality.
  • Similar Technologies: Pixel tags, device fingerprinting, and local storage for analytics and platform optimization.
  • Managing Cookies: Users can:
    • Disable cookies via browser privacy settings
    • Opt out of marketing/advertising cookies via our account dashboard where available
    • Contact support for cookie policy clarification

REFLECT: Cookie use is fully compliant with relevant privacy and consent requirements. Disabling cookies may impact some functional aspects of the service.

Data Security

OBSERVE: grandrushes.com implements comprehensive technical and organizational safeguards to maintain the confidentiality, integrity, and availability of your data.

  • Technical Measures:
    • All data transmissions secured by SSL/TLS encryption
    • Password hashing and secure key management systems
    • Regular security audits and third-party penetration testing
    • Monitoring and intrusion detection systems
  • Organizational Measures:
    • Role-based access controls limiting data to authorized staff
    • Privacy and data protection training for all relevant personnel
    • Strict internal policies for incident management and breach notification

REFLECT: In the event of a data breach affecting your information, you will be notified without undue delay in accordance with the Notifiable Data Breaches (NDB) scheme. Security practices are continuously updated to meet or exceed AU regulatory standards as of 2025.

Complaints & Contacts

OBSERVE: If you have questions or wish to raise a privacy concern or complaint regarding personal data processing, you are encouraged to contact our privacy team as follows:

EXPAND: Complaints will be handled by our designated Data Protection Officer or privacy team. We aim to resolve all issues within 30 days, subject to regulatory complexity.

REFLECT: If you are dissatisfied with the response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or the equivalent body in your jurisdiction.

Updates

OBSERVE: This policy may be updated periodically to reflect legal, technical, or operational changes.

  • Notification of Changes: All amendments will be published on grandrushes.com. Material changes will be notified by email or in-platform alerts where feasible.
  • Effective Date: The current version is effective as of 02 February 2025.

REFLECT: Continued use of our services after changes indicates acceptance. Users are encouraged to review this policy regularly for updated information on privacy practices.