Privacy Policy

This Privacy Policy explains how Malina, operated via the website https://malina-aussie.com, collects, uses, discloses, and protects personal information of website visitors and players who use our services, including when accessing or interacting with Malina-branded casino offers and related content. It applies to all users located in Australia who visit our site, subscribe to our communications, or otherwise provide personal data to us. By using this website, you agree to the practices described in this Privacy Policy. This Privacy Policy is effective as of 1 January 2026.

Who We Are

OBSERVE: The site Malina is an Australia-facing review and information portal focused on Malina-branded online gambling services offered via malina-aussie.com. Operational and licensing details are based on the operator's Curacao registration.

EXPAND: For transparency, users must be informed which legal entity ultimately controls the gambling operation, and how to contact the data protection function for privacy-related matters.

REFLECT: We therefore set out the responsible company, registration details, and contact channels clearly below.

The underlying gambling operation to which this site refers is owned and operated by:

Company name: Rabidi N.V.
Legal form: Limited liability company (N.V.) incorporated under the laws of Curacao
Registration number: 151791
Registered / legal address: Scharlooweg 39, Willemstad, Curacao
Gambling licence: Online gambling / casino licence No. 8048/JAZ issued by Antillephone N.V., authorised by the Government of Curacao (treated as active at least until 2026, based on latest verification)

For the purposes of this Privacy Policy, Rabidi N.V. is generally the data controller in relation to the operation of Malina-branded gaming services. The AU-facing review brand Malina, accessed through https://malina-aussie.com, functions as an informational and marketing interface aligned with that operation.

Data Protection Contact

Data protection contact / responsible department: Data Protection Officer (DPO) / Data Protection Department of Rabidi N.V.
Primary email for privacy queries (AU-facing brand): [email protected]
Support contact for account-related matters: [email protected]
Postal contact: Rabidi N.V., Data Protection Officer, Scharlooweg 39, Willemstad, Curacao

If you are unsure which contact to use, please write to [email protected] and your request will be directed to the appropriate person.

What Personal Data We Collect

OBSERVE: Malina collects data directly from users, from their devices, and from interaction with gambling and payment systems.

EXPAND: For compliance with Curacao licensing standards, anti-fraud controls, and best practices expected under the Australian Privacy Act 1988 (Cth) ("Privacy Act"), we must specify all key categories of data processed.

REFLECT: The data categories below may apply depending on how you use the website and any linked gambling services.

Identity and Contact Data

Full name, date of birth, and gender (where provided for account creation or verification).
Residential address and country of residence.
Email addresses (including but not limited to [email protected] communications) and any other contact details you provide.
Telephone number(s), if you submit them for support or verification purposes.
Government-issued identification details (e.g., passport, driver licence, national ID) and copies of documents when required for KYC/AML checks.

Account and Behavioural Data

Username, account ID, and profile settings associated with Malina-branded accounts.
Login dates, times, session duration, and activity logs.
Betting and gaming history, including games played, stakes, wins/losses, and time spent.
Bonus usage, promotion participation, and reward history.
Clickstream data, page views, navigation paths, and interaction with review content and banners on malina-aussie.com.

Technical and Device Data

IP address (including country or approximate location derived from it).
Device identifiers (such as device ID, operating system, browser type and version, screen resolution, language settings).
Log files, error reports, and security event data (e.g., failed logins, unusual access patterns).

Payment and Financial Data

Payment method type (e.g., card, e-wallet, bank transfer, cryptocurrency where lawful).
Partial card data (e.g., masked card number), card issuer, and expiry date, as processed by payment providers.
Transaction history, including deposits, withdrawals, chargebacks, and refunds.
Bank account identifiers or e-wallet details, to the extent necessary to process payouts.

Communications and Support Data

Content of emails, live chat, and other communications with support (including via [email protected] and other listed addresses).
Records of complaints, requests, responsible gambling interactions (e.g., self-exclusion, limits), and dispute correspondence.

Cookies and Similar Technologies

Session cookies that maintain your logged-in state and core site functionality.
Persistent cookies that remember your preferences and help us recognise returning users.
Third-party cookies and tracking pixels used for analytics, performance measurement, and advertising (where permitted).
Local storage or similar browser-based technologies used to cache content or store preferences.

Where you provide information about another person (for example, when verifying a payment source or providing contact information for a complaint), you confirm that you are authorised to share such data and that the information is accurate.

Legal Basis for Processing

OBSERVE: Although Rabidi N.V. is based in Curacao and targets Australian users on a grey-market basis, it aligns with widely accepted privacy standards including the EU General Data Protection Regulation ("GDPR") principles and the Australian Privacy Act.

EXPAND: We rely on multiple legal grounds for processing personal data, depending on the specific activity.

REFLECT: The principal bases are contract performance, consent, legitimate interests, and legal obligations (including KYC/AML).

Performance of a Contract

To create and manage your account with Malina-branded services.
To process deposits, bets, game outcomes, bonuses, and withdrawals.
To provide customer support and handle complaints or disputes.

Without this data, we cannot provide you with the requested gambling or related services.

Consent

Sending marketing communications (email newsletters, promotional offers, bonus notifications) where required consent is obtained.
Using non-essential cookies or similar technologies for targeted advertising and some analytics functions.
Collecting certain optional information (e.g., preferences, surveys, feedback forms) that is not strictly necessary to provide the service.

You can withdraw your consent at any time, as described in the "Your Rights" section, without affecting the lawfulness of processing before withdrawal.

Legitimate Interests

Preventing and detecting fraud, abuse, bonus misuse, and money laundering schemes.
Securing our websites, networks, systems, and user accounts.
Measuring and improving the performance of malina-aussie.com and associated services.
Conducting internal analytics to enhance user experience, features, and content (e.g., optimising review pages and game recommendations).

When relying on legitimate interests, we assess that our interests are not overridden by your privacy rights and implement safeguards such as pseudonymisation where appropriate.

Compliance with Legal Obligations

Conducting customer due diligence, identity verification, and ongoing monitoring as required under applicable KYC (Know Your Customer) and AML (Anti-Money Laundering) rules in Curacao and other relevant regimes.
Maintaining transaction and gaming records for audit, accounting, and regulatory reporting purposes.
Responding to lawful requests from regulators (e.g., Antillephone N.V.) and other competent authorities, including cooperation with enforcement action initiated by the Australian Communications and Media Authority (ACMA) where applicable.

Purpose of Processing

OBSERVE: Personal data is processed for operational, security, marketing, and compliance objectives.

EXPAND: Clearly stating purposes helps you understand how your data is used and supports transparency obligations under global privacy standards.

REFLECT: The purposes below are linked to the data categories described previously.

Service Provision and Account Management

Setting up and administering player accounts, including verification and profile management.
Processing gameplay, bets, winnings, and payouts.
Implementing responsible gambling measures (limits, reality checks, self-exclusion).

Website Operation and Improvement

Operating and maintaining malina-aussie.com as an AU-facing review and information site for Malina-branded services.
Improving usability, content relevance, and page performance based on aggregated analytics.
Testing and deploying new features or layouts, including A/B testing and performance monitoring.

Marketing, Promotions, and Personalisation

Sending direct marketing communications where permitted (e.g., welcome offers, bonus updates, newsletters).
Displaying personalised content and promotions on our website and in emails.
Running affiliate and advertising campaigns with partners, based on pseudonymised or aggregated data when possible.

Analytics, Research, and Reporting

Using analytics tools to understand user behaviour (e.g., page visits, conversion rates, product interest).
Producing statistical reports and business intelligence to support strategic decisions.
Contributing anonymised or aggregated data to industry and academic research (for example, in collaboration with responsible gambling and gaming-focused research initiatives, including those similar to those referenced at link.springer.com/journal/10899), without identifying individual users.

Fraud Prevention, Security, and Legal Compliance

Detecting and preventing fraudulent activity, account takeover, collusion, and payment abuse.
Ensuring compliance with licensing, AML/KYC, and gambling regulations.
Handling legal claims, enforcing our terms and conditions, and defending against potential disputes.

Disclosure & Sharing

OBSERVE: To operate an online gambling service and AU-facing review site, we must share data with carefully selected third parties.

EXPAND: We aim to minimise disclosure, use contractual safeguards, and ensure recipients only process data for specified purposes.

REFLECT: The categories of recipients are documented below for transparency and risk awareness.

Group Companies and Operational Partners

Entities within the same corporate group as Rabidi N.V. involved in providing the Malina-branded platform, customer support, risk management, or marketing.
White-label or technology partners that enable the underlying casino platform, games lobby, and account systems.

Payment Service Providers and Banks

Payment processors, card schemes, acquiring banks, and e-wallet providers that execute deposits, withdrawals, and other financial transactions.
Anti-fraud and credit risk agencies that help assess transaction legitimacy.

Technical and Security Service Providers

Hosting, cloud infrastructure, and content delivery network providers used to serve malina-aussie.com and related systems.
IT security specialists, intrusion detection, DDoS protection, and monitoring providers.
Analytics providers and error-tracking tools that help diagnose performance issues.

Game and Content Providers

Third-party game providers and software studios whose games are available through Malina-branded services, such as those that may provide compliance resources (e.g., pragmaticplay.com/en/compliance/). Limited player data (e.g., session identifiers, game events) may be shared to enable gameplay and compliance.

Regulators, Supervisory, and Enforcement Authorities

Antillephone N.V. and Curacao regulatory bodies responsible for licence supervision.
Other government or enforcement authorities, including in Australia (such as the Australian Communications and Media Authority (ACMA), see acma.gov.au/blocked-gambling-websites), if required by applicable law or co-operation frameworks.
Courts, law enforcement agencies, or authorised third parties in connection with legal proceedings, fraud investigations, or suspected unlawful activity.

Affiliates, Advertising Networks, and Partners

Affiliate partners and marketing networks that promote Malina and Malina-branded services, using tracking IDs or cookies to attribute referrals.
Advertising networks that serve targeted or retargeted ads, where you have consented to such cookies and tracking technologies.

Professional Advisers

Lawyers, auditors, accountants, compliance consultants, and other professional advisers who require access to data strictly for providing their services.

We do not sell your personal information to third parties for their independent marketing purposes. Transfers are subject to contracts imposing confidentiality and data protection obligations consistent with this Privacy Policy.

International Transfers

OBSERVE: Data is processed in Curacao and may be transferred to other jurisdictions (including the EU/EEA and other regions) where our partners or service providers are located.

EXPAND: Some of these countries may not offer the same level of data protection as Australia or the EU, requiring appropriate safeguards.

REFLECT: We implement legal and technical measures to protect your data during and after such transfers.

Your personal data is primarily processed by Rabidi N.V. in Curacao and by hosting, payment, and game providers in countries including, but not limited to, members of the European Economic Area (EEA), the United Kingdom, and other third countries.
Where we transfer personal data from the EEA or the UK to a country that is not recognised as providing an adequate level of protection, we use appropriate safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO.
- Contractual clauses imposing equivalent data protection commitments on recipients.
- Technical safeguards such as encryption in transit and at rest, access controls, and minimisation of data transferred.
Where data originates from Australia, transfers are made in accordance with the cross-border disclosure obligations under the Australian Privacy Principles (APP 8), and we take reasonable steps to ensure overseas recipients handle personal information in a manner consistent with those principles.

You may contact us to obtain more information about international transfers and the safeguards we use.

Data Retention

OBSERVE: Data must be retained long enough to comply with legal obligations and resolve disputes, but no longer than necessary.

EXPAND: Different categories of data require different retention periods (e.g., transactional vs. marketing data).

REFLECT: We apply the retention rules below, with periodic reviews, and will extend operational validity no later than the end of 2026 where needed to align with licence and regulatory expectations.

Account and identity data (including KYC documents): Kept for the duration of the business relationship and generally for up to 5 - 7 years after account closure, to comply with AML/KYC and regulatory requirements, unless a longer period is required by law or for ongoing disputes.
Transaction and betting history: Retained for at least 5 years from the date of the last transaction or closure of the account, for financial reporting, anti-fraud checks, and dispute resolution.
Technical logs and security data: Stored typically for 6 - 24 months, depending on the sensitivity and purpose (e.g., security logs may be kept longer if linked to investigations).
Marketing and communication data: Stored while you remain subscribed and for up to 2 years after your last interaction with marketing content, unless you withdraw consent earlier.
Customer support and complaint records: Retained for the lifetime of your account and up to 5 years after closure or resolution of the complaint, to comply with regulatory and legal requirements.

We will delete or irreversibly anonymise personal data when:

The applicable retention period expires and no legal or regulatory reason exists to retain it further.
It is no longer necessary for the purposes for which it was collected.
You validly exercise your right to erasure and no overriding legitimate grounds exist to keep the data.

Your Rights

OBSERVE: While Rabidi N.V. is not based in the EU or Mexico, we align with key concepts of GDPR-style rights and, where relevant, comparable rights in other frameworks.

EXPAND: For Australian users, we adhere to principles compatible with the Australian Privacy Act and Australian Privacy Principles, and we structure rights similarly to GDPR for clarity.

REFLECT: The rights described below may be exercised subject to certain legal and regulatory limitations (for example, where retention is required for AML/KYC).

Access to Your Data

You may request confirmation whether we process your personal data and obtain a copy of that data, together with information about the processing.

Correction (Rectification)

You may request correction of inaccurate or incomplete personal information we hold about you. Where possible, you can update some details directly through your account settings.

Deletion (Erasure)

You may request deletion of your personal data where it is no longer necessary, you withdraw consent (where consent is the basis), or you object to processing and there are no overriding legitimate grounds.
We may be unable to delete certain data when we are required to keep it for legal, regulatory, or AML/KYC reasons.

Restriction of Processing

You may request that we restrict processing of your data in certain circumstances (e.g., while we verify accuracy of data or assess an objection).

Objection to Processing

You may object to processing based on legitimate interests, including profiling, and we will cease processing unless we demonstrate compelling legitimate grounds or the processing is needed for legal claims.
You may always object to direct marketing (including profiling for such purposes); in that case we will stop processing your data for marketing.

Data Portability

Where applicable, you may request a copy of your personal data that you provided to us in a structured, commonly used, and machine-readable format and ask us to transfer it to another service provider where technically feasible and lawful.

Withdrawal of Consent

Where processing is based on your consent, you may withdraw that consent at any time, without affecting prior lawful processing.
You can typically manage marketing preferences through your account or by using the "unsubscribe" link in email communications.

How to Exercise Your Rights

Submit Request: Send an email to [email protected] or [email protected], clearly describing your request (e.g., access, correction, deletion).
Verification: We may request additional information to confirm your identity and ensure that requests are made by the account holder or authorised representative.
Assessment: We will review your request in light of our legal and regulatory obligations (e.g., AML/KYC retention requirements).
Response Timeframe: We aim to respond to your request within 30 days of receipt. Complex or numerous requests may require an extension; if so, we will notify you and explain the reasons.
Fees: Requests are handled free of charge. A reasonable fee may be charged, or a request refused, only where requests are manifestly unfounded or excessive, in which case we will provide reasons.

Please note that because the operation is licensed in Curacao and services Australian users as a grey-market offering, some GDPR-specific mechanisms may not strictly apply as a matter of law. However, we strive to respect these rights wherever reasonably possible and consistent with local legal obligations.

Cookies & Tracking Technologies

OBSERVE: Malina uses cookies and similar technologies on malina-aussie.com for functionality, security, analytics, and advertising.

EXPAND: Cookies must be categorised, and users should have clear management options.

REFLECT: We describe cookie types, purposes, and how you can control them below.

Types of Cookies

Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They enable essential functions such as logging in and navigating pages.
Persistent cookies: Remain on your device for a predefined period or until you delete them. They help us remember your preferences and recognise you as a returning user.
First-party cookies: Set directly by malina-aussie.com to support core operations and analytics.
Third-party cookies: Set by external providers (e.g., analytics services, advertising networks, affiliate tracking systems) to measure performance or deliver targeted content.

Purposes of Cookies

Strictly necessary / functional: Required for basic site operation, such as authentication, security, and remembering your settings (e.g., language, consent choices).
Analytics and performance: Help us understand how users interact with malina-aussie.com (e.g., pages visited, session duration, navigation path) so we can improve site performance and content.
Advertising and affiliate tracking: Used to track the effectiveness of marketing campaigns, attribute referrals to affiliate partners, and (where permitted) serve personalised or retargeted ads.

Managing Cookies

You can manage or disable cookies through your browser settings, typically under "Privacy" or "Security" options. You may delete existing cookies and block new ones.
Some browsers allow you to set site-specific preferences or use "Do Not Track" signals; while we respect such signals where technically feasible, not all functionality may be supported.
We may provide an internal cookie management panel on malina-aussie.com that lets you accept or reject non-essential cookies (such as analytics or advertising cookies). Strictly necessary cookies cannot be disabled as they are required for site operation.

Disabling or rejecting certain cookies may affect the functionality of the site, including the ability to stay logged in or access specific features.

Data Security

OBSERVE: Protecting personal data and gaming-related information is critical for legal compliance and user trust.

EXPAND: We use a combination of technical, organisational, and physical measures consistent with recognised security standards.

REFLECT: While no system is completely immune to risks, we take reasonable steps to reduce them and respond effectively to incidents.

Technical Security Measures

Encryption in transit: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher, helping prevent interception or tampering.
Encryption at rest: Sensitive data (such as passwords and certain financial data) is stored in encrypted form using industry-standard encryption algorithms.
Access controls: Access to production systems and databases is restricted to authorised personnel only, based on role-based access control (RBAC) and the principle of least privilege.
Multi-factor authentication (MFA): MFA is implemented for critical internal systems and administrative access to reduce the risk of account compromise.
Segmentation and firewalls: Network segmentation and firewall rules are used to protect core systems from unauthorised access.

Organisational and Procedural Measures

Security policies: Internal security and data protection policies define rules for handling personal data, passwords, devices, and access to systems.
Staff training: Personnel receive regular training on data protection, security awareness, phishing prevention, and responsible handling of personal information.
Vendor management: Third-party service providers are evaluated and contractually required to implement appropriate data protection and security measures.
Regular audits: We conduct periodic internal checks and commission external assessments where appropriate. We aim to align our controls with widely recognised frameworks (such as ISO/IEC 27001 and SOC 2) where feasible, though formal certification may not always be held.

Incident Response

Monitoring: Systems are monitored for security events, unusual patterns, and indications of unauthorised access.
Response procedures: We maintain incident response processes to identify, contain, investigate, and remediate security incidents promptly.
Notification: In the event of a data breach that creates a risk to your rights or freedoms, we will notify affected users and, where required, relevant authorities, consistent with applicable law and regulatory guidelines.

Complaints & Contacts

OBSERVE: Users need clear channels to raise privacy concerns, make complaints, or seek clarification.

EXPAND: We provide multiple contact points and a structured complaint-handling procedure, while also informing you about external escalation options.

REFLECT: This supports accountability and transparency obligations under multiple privacy frameworks.

Contact Channels

Data protection and privacy enquiries: [email protected]
Account and support issues: [email protected]
Press / media enquiries: [email protected]
Postal address: Rabidi N.V., Data Protection Officer, Scharlooweg 39, Willemstad, Curacao

Internal Complaint Procedure

Submit your complaint: Email us at [email protected] or [email protected] with:
- Your full name and, where applicable, account ID.
- A clear description of the issue or concern.
- Any evidence or relevant correspondence.
Acknowledgement: We aim to acknowledge receipt of your complaint within 5 business days.
Investigation: The DPO or designated privacy contact will investigate the matter, which may involve reviewing system logs, speaking with relevant staff, and requesting additional information from you.
Response: We will provide a substantive response within 30 days of receiving your complaint, explaining our findings and any corrective action taken or proposed.
Further steps: If you are not satisfied with our response, you may request escalation or pursue external remedies as available under applicable law.

External Escalation and Supervisory Authorities

Because our controlling entity is based in Curacao, there is no single EU or Australian data protection authority formally supervising Rabidi N.V. in the same way as a locally regulated entity. However, depending on your location and the nature of your complaint, you may have the option to contact:

Australian Information Commissioner (OAIC): For privacy concerns under the Australian Privacy Act relating to handling of personal information of individuals in Australia.
- Website: https://www.oaic.gov.au
European data protection authorities: If your data is processed from or in connection with an EU/EEA jurisdiction and you consider that GDPR-equivalent rights are engaged, you may contact your local data protection authority. Contact details for EU authorities are available via the European Data Protection Board website.
Other local authorities: Where applicable, you may contact consumer protection or gambling regulators in your jurisdiction (for example, ACMA in Australia for issues related to interactive gambling services).

Updates

OBSERVE: Laws, regulatory guidance, and our operations may evolve over time.

EXPAND: To remain compliant and transparent, we may need to update this Privacy Policy and inform users accordingly.

REFLECT: We explain how changes are communicated, how you can track versions, and what options you have if you disagree.

Policy Changes and Version Control

This Privacy Policy may be updated periodically to reflect:
- Changes in our services, technology, or internal processes.
- Updates in applicable laws, regulations, or regulatory guidance (including Australian privacy and gambling regulation trends).
- Feedback from users, regulators, or industry best practice developments.
Each version of the Privacy Policy will include a "Last updated" date to help you identify the most recent revision.
Last updated: January 2026.

Notification Procedures

Minor changes: For non-material amendments (e.g., clarifications, typographical corrections), we may update the Privacy Policy without specific notice beyond publishing the revised version on malina-aussie.com.
Material changes: Where we make significant changes to how we process your data, your rights, or our sharing practices, we will:
- Provide a prominent notice on the website (e.g., banner or pop-up).
- Notify you by email, where we have your email address on file.
- Display an alert within your account dashboard (where applicable) highlighting key changes.
For material changes, we will normally provide at least 30 days' advance notice before the changes take effect, unless earlier implementation is required to comply with legal obligations or address urgent security issues.

Your Options in Case of Changes

If you do not agree with the updated Privacy Policy, you may choose to stop using malina-aussie.com and associated Malina-branded services.
You may request closure of your account and exercising of your rights (such as deletion or restriction) in accordance with this Privacy Policy.
Continued use of the website or services after the effective date of changes will be deemed acceptance of the updated Privacy Policy, to the extent permitted by applicable law.

For any questions about this Privacy Policy or how Malina, via malina-aussie.com, handles your personal information, please contact us at [email protected].