Privacy Policy

This Privacy Policy explains how Mr Pacho, operated in connection with the website mrpachobet-au.com, collects, uses, discloses and protects personal information of website visitors and users of our gambling-related services. It applies to all individuals who access or use our website, contact us, subscribe to our communications or interact with our services from Australia or elsewhere. By using our website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective from 1 January 2025 and remains in force until updated, with key protections anticipated to apply through at least 31 December 2026.

Who We Are

OBSERVE: Users must know who is responsible for their data, the operating entities, and how to contact them.

EXPAND: Mr Pacho presents information about the Mr Pacho brand for Australian users. The operating group is offshore-licensed and not locally licensed in Australia, but remains responsible for privacy compliance for its processing activities.

REFLECT: We clearly identify the corporate structure and provide central contact points for privacy matters.

The Mr Pacho project is associated with the online gambling brand "Mr Pacho" available via mrpachobet-au.com. The brand is part of the Rabidi group of companies.

Operator and corporate structure

• Primary operator: Rabidi N.V., a private limited liability company incorporated under the laws of Curaçao.
• Registration number: 151791 (Rabidi N.V., Curaçao).
• Gambling licence: Antillephone N.V. licence number 8048/JAZ for online gambling (casino and related interactive services), issued in Curaçao and stated as valid via validator.antillephone.com as of 24 May 2024 and expected to remain valid through at least 2026 unless revoked.
• Payment/operational subsidiary: Liernin Enterprises Ltd, incorporated in the Marshall Islands, supporting payment processing and operational management.
• Registered/operational addresses:
  • Rabidi N.V., Curaçao (exact street address not specified).
  • Liernin Enterprises Ltd, Marshall Islands (exact street address not specified).

Important regional notice for Australian users

Our gambling services are offered offshore and are not licensed in Australia. Under Australian law and regulatory practice (including the Interactive Gambling Act 2001 (Cth) and enforcement by ACMA), offshore interactive gambling services may be considered prohibited. This Privacy Policy does not imply that our services are lawful in Australia; it explains how personal information is handled if you nonetheless access our website or services.

Data protection contact

• Data protection contact / DPO function: Data Protection Department, Rabidi Group.
• Email (primary, critical): [email protected] (also used for privacy queries).
• Email (general information): [email protected].
• Website: https://mrpachobet-au.com.
• Preferred method for privacy requests: email to [email protected] with the subject line "Privacy Request".

What Personal Data We Collect

OBSERVE: We collect different data categories necessary to operate gambling-related services, provide support, comply with laws and improve our offering.

EXPAND: Data is obtained directly from you, from your device and interactions, from payment intermediaries, and from certain third-party service providers (e.g., analytics, fraud prevention).

REFLECT: We categorise the data to help you understand what is collected and for what broad purposes.

Identity and contact data

• Full name, date of birth and age verification details.
• Residential country and address (where requested), and proof-of-address documents.
• Email address (e.g., used for registration, support and marketing communications).
• Phone number and other contact details you provide voluntarily.
• Copies of identification documents (e.g., passport, driver licence, national ID) as part of KYC/AML checks.

Account and usage data

• Username, account ID and profile settings on mrpachobet-au.com.
• Login history, session IDs, language, time zone and interface preferences.
• Support and complaint history, including correspondence via email.

Technical and device data

• IP address and approximate geolocation (country/region level).
• Device identifiers, operating system, browser type and version.
• Connection data (timestamps, network provider, referring URLs).
• Log files and diagnostic information about how our website is accessed and performs.

Payment and financial data

• Payment method type (e.g., card, e-wallet, bank transfer, cryptocurrency, where applicable).
• Limited payment card data as allowed (card brand, masked card number, expiry date), processed via payment providers or Liernin Enterprises Ltd.
• Deposit, withdrawal and balance history.
• Transaction identifiers, timestamps, currency and amount.
• Verification results from payment providers (e.g., fraud or chargeback risk indicators).

Behavioural and gambling-related data

• Betting and gameplay history, including:
  • Games played (e.g., titles provided under licences such as those listed at Pragmatic Play licensing info).
  • Stake amounts, wins/losses, frequency and duration of sessions.
  • Bonus usage, wagering progress and promotional participation.
• Clickstream data (pages visited, navigation paths, links clicked).
• Interaction with marketing material (email opens, clicks, unsubscribes).

Cookies and similar technologies

• HTTP cookies (session and persistent), local storage objects and similar tracking methods.
• Unique identifiers assigned to your browser or device for authentication, analytics, personalisation and advertising (where permitted).
• Analytics data gathered via third-party tools (e.g., aggregated usage metrics, conversion statistics).

Special categories and sensitive information

• We do not intentionally collect special categories of personal data (e.g., health, religion) except:
  • in limited responsible gambling contexts where you voluntarily disclose information regarding problem gambling or self-exclusion; and
  • in fraud and AML investigations where additional documentation may indirectly reveal sensitive data.

Legal Basis for Processing

OBSERVE: We must identify legal bases recognised in relevant data protection regimes (e.g., GDPR-style principles and comparable international standards) as guidance for our processing activities.

EXPAND: While Mr Pacho targets Australian users of an offshore service, we align our practices with core privacy principles, including consent, contractual necessity, legitimate interests and legal obligations (e.g., KYC/AML).

REFLECT: These legal bases explain why processing is necessary and what choices you have.

Consent

• We rely on your explicit consent where required for:
  • direct marketing communications (e.g., promotional emails or SMS);
  • non-essential cookies and online behavioural advertising; and
  • certain responsible gambling profiling, where applicable.
• You may withdraw your consent at any time (see "Your Rights"). Withdrawal does not affect prior lawful processing.

Contractual necessity

• We process personal data as necessary to enter into and perform a contract with you, including:
  • creating and maintaining your mrpachobet-au.com account;
  • verifying your identity and eligibility to use our services;
  • processing deposits, wagering and withdrawals; and
  • providing customer support, resolving technical issues and managing promotions.

Legitimate interests

• We process data where it is in our legitimate interests and those interests are not overridden by your rights, including:
  • preventing fraud, money laundering and abuse of bonuses;
  • securing our systems and infrastructure;
  • performing analytics and statistics to improve services and user experience;
  • protecting our legal rights, including debt recovery, defending claims and managing regulatory risk; and
  • operating an offshore online gambling business and associated review content for adults.

Compliance with legal obligations

• We process data to comply with legal and regulatory obligations applicable to our operations, including:
  • anti-money laundering (AML) and counter-terrorism financing (CTF) obligations;
  • know-your-customer (KYC) verification and ongoing monitoring;
  • record-keeping obligations under Curaçao and other applicable laws;
  • cooperation with law enforcement, courts and regulators (including, where relevant, Australian regulatory bodies such as ACMA); and
  • age verification and protection of minors.

Purpose of Processing

OBSERVE: Users must understand how collected data is used in practice.

EXPAND: Use of data spans service provision, optimisation, marketing, security and compliance.

REFLECT: We link each purpose to typical data categories for transparency.

Provision and operation of services

• To register, authenticate and manage your account.
• To provide access to games, betting services and related features.
• To process deposits, wagers, winnings and withdrawals securely.
• To facilitate promotions, bonuses, loyalty programs and rewards.
• To provide customer support and handle queries about mrpachobet-au.com, including any content on Mr Pacho.

Service improvement and personalisation

• To analyse user behaviour and preferences to improve usability, content and product offerings.
• To tailor game recommendations, promotions and interface settings to your profile.
• To conduct testing, troubleshooting, system maintenance and development.

Marketing and communications

• To send service-related communications (e.g., transactional emails, security alerts, policy updates).
• To send marketing messages about products, services, promotions and events where permitted by law and based on your consent or our legitimate interests.
• To measure and optimise the effectiveness of campaigns (e.g., open rates, conversion tracking).

Analytics and statistics

• To compile aggregated statistics on website usage, performance and user demographics.
• To evaluate game performance, provider quality and market trends, including reference to official sources such as research on illegal offshore wagering for contextual understanding.

Fraud, security and compliance

• To prevent, detect and investigate fraud, cheating, bonus abuse and other illegal or irregular activity.
• To monitor transactions and behaviour for AML/CTF and risk management.
• To secure our infrastructure, enforce our terms and protect our legal rights.
• To cooperate with regulators and law enforcement where lawfully required or permitted.

Disclosure & Sharing

OBSERVE: We share data with specific categories of recipients for legitimate purposes.

EXPAND: Recipients include group companies, payment processors, technology providers and public authorities.

REFLECT: We aim to limit sharing to what is necessary and subject to appropriate safeguards.

Group companies and internal recipients

• Rabidi N.V. (Curaçao) as the primary operator and controller of player data.
• Liernin Enterprises Ltd (Marshall Islands) for payment processing and operational support.
• Other Rabidi group entities involved in IT, security, compliance or customer support.

Payment partners and financial institutions

• Banks, card schemes, e-wallet providers, payment gateways and cryptocurrency processors (where used) to:
  • process deposits/withdrawals;
  • perform fraud checks and chargeback prevention; and
  • comply with AML/CTF and financial regulations.

Service providers and vendors

• IT hosting and cloud infrastructure providers.
• Game and software providers (e.g., studios licensed under regimes such as those referenced at Pragmatic Play licences).
• Identity verification and KYC/AML service providers.
• Fraud prevention and risk management platforms.
• Analytics, performance monitoring and optimisation tools.
• Email, SMS and marketing automation platforms (for communications and campaigns).

Affiliates and advertising networks

• Affiliate partners and marketing networks that refer users to mrpachobet-au.com.
• Online advertising partners and tracking providers for targeted advertising where allowed by law and your consent.
• Shared data is typically limited to identifiers, attribution data (e.g., affiliate tags) and aggregated statistics.

Regulators, authorities and professional advisers

• Regulatory and licensing authorities in our operating jurisdictions (e.g., Curaçao authorities) and, when lawfully required or reasonably necessary, other public bodies, including relevant Australian authorities (such as ACMA) in connection with investigations or enforcement actions.
• Law enforcement, courts and dispute resolution bodies, where necessary to establish, exercise or defend legal claims.
• Auditors, legal counsel, consultants and other professional advisers under appropriate confidentiality obligations.

Business transfers

• In the event of a merger, acquisition, restructuring, sale of assets or similar corporate transaction, personal data may be transferred to relevant third parties, subject to confidentiality and continued protection consistent with this Privacy Policy.

International Transfers

OBSERVE: Data is processed and stored across multiple jurisdictions.

EXPAND: Users, particularly in Australia, must understand where their data may go and how it is protected.

REFLECT: We describe typical transfer destinations and safeguards, drawing on international best practices.

• Primary processing locations:
  • Curaçao - for operations by Rabidi N.V.
  • Marshall Islands - for operations by Liernin Enterprises Ltd.
• Other possible destinations:
  • Member states of the European Economic Area (EEA) and the United Kingdom - for hosting, analytics, payment services or support.
  • Other countries where our service providers, game providers or partners are located (e.g., technology hubs in North America or Asia-Pacific).
• Safeguards:
  • Contractual safeguards requiring service providers to protect personal data, use it only on our instructions and implement appropriate security measures.
  • Where service providers are subject to European-style data protection laws, use of standard contractual clauses or equivalent data transfer agreements, where required by those laws.
  • Technical measures such as encryption in transit and at rest, strict access controls and minimisation of data transferred.
• By using our services, you acknowledge that your data may be transferred to and processed in countries that may have different data protection standards from those in your home jurisdiction (including Australia). Nonetheless, we seek to protect your personal information in line with the principles set out in this Policy.

Data Retention

OBSERVE: We cannot keep personal data indefinitely without justification.

EXPAND: Retention periods must reflect legal obligations (e.g., KYC/AML) and business needs, then data should be anonymised or deleted.

REFLECT: We provide indicative timeframes and criteria.

• General principle: We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to meet legal, accounting and reporting requirements.

Indicative retention periods

• Account and identification data: For the duration of your active account and typically for up to 5 - 7 years after account closure, depending on applicable KYC/AML and record-keeping laws.
• Transaction and gambling history: For the duration of your account and generally for 5 - 7 years after the end of the relevant financial year, for regulatory, tax and dispute resolution purposes.
• Customer support and complaint records: For up to 5 years after resolution of the inquiry or complaint.
• Marketing data: Until you withdraw consent or object to marketing, after which we will retain a minimal record of your preference (suppression list) to ensure we respect your choice.
• Technical logs and security data: For 6 - 24 months, unless a longer period is necessary for security, fraud investigations or legal proceedings.

Deletion and anonymisation

• When data is no longer required, we will:
  • securely delete or destroy it; or
  • irreversibly anonymise it so it is no longer personal data.
• We may retain anonymised or aggregated data indefinitely for statistical, analytical or business planning purposes.
• Where you request deletion, we will comply to the extent permitted by law and our legitimate interests (e.g., retaining certain records for legal obligations or to defend claims).

Your Rights

OBSERVE: Users expect rights similar to those under modern data protection frameworks (e.g., GDPR-style and comparable Latin American regimes).

EXPAND: Although Mr Pacho is directed at Australian users of an offshore service, we voluntarily align our approach with key principles reflected in international standards, including EU GDPR and Mexican privacy regulations such as the Federal Law on Protection of Personal Data Held by Private Parties, where relevant.

REFLECT: We summarise your rights, how to exercise them, and our response timelines.

Summary of rights

• Right of access: You can request confirmation whether we process your personal data and obtain a copy, together with information about how it is used.
• Right to rectification: You can request correction of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): You can ask us to delete your personal data where:
  • it is no longer necessary for the purposes collected;
  • you withdraw consent and there is no other legal basis; or
  • processing is unlawful or no longer justified.
• Right to restriction of processing: You can request that we restrict processing in certain cases (e.g., while we verify accuracy or handle an objection).
• Right to object: You may object to:
  • processing based on our legitimate interests, on grounds relating to your particular situation; and
  • processing for direct marketing, at any time (after which we will stop marketing to you).
• Right to data portability: Where technically feasible and subject to legal limitations, you can request a machine-readable copy of certain personal data you have provided to us, or ask us to transmit it to another controller.
• Right to withdraw consent: Where processing is based on consent (e.g., marketing), you can withdraw it at any time without affecting the lawfulness of prior processing.
• Rights in relation to automated decision-making: Where we use automated means that produce legal or similarly significant effects (e.g., fraud checks), you may request human review and express your point of view.

How to exercise your rights

1. Submit a request: Contact us at [email protected] with:
   • your full name;
   • registered email/username (if applicable);
   • country of residence; and
   • a clear description of the right you wish to exercise.
2. Verification: We may request additional information to verify your identity and prevent unauthorised access or changes to your data.
3. Response timeframe: We aim to respond to all valid requests free of charge within 30 days of receipt. If your request is complex or we receive multiple requests, we may extend this period by a further 30 days, informing you of the extension and reasons.
4. Limitations: We may refuse or partially fulfil a request where:
   • we cannot verify your identity;
   • the request is manifestly unfounded or excessive; or
   • we must retain certain data to comply with law or for legitimate interests (e.g., AML/CTF obligations, dispute resolution).

Nothing in this section is intended to limit any mandatory rights you may have under the laws of your jurisdiction. Our alignment with GDPR and Mexican privacy principles is voluntary and for transparency, particularly for users familiar with these frameworks.

Cookies & Tracking Technologies

OBSERVE: Cookies are necessary for operation but also used for analytics and advertising.

EXPAND: Users must know which types we use and how to manage their preferences.

REFLECT: We classify cookies and explain controls.

Types of cookies we use

• Strictly necessary (session) cookies:
  • Required for core functions (e.g., login, security, navigation, session management).
  • Typically expire when you close your browser.
• Functional (persistent) cookies:
  • Remember your preferences (e.g., language, region, saved settings).
  • Remain on your device for a defined period or until deleted.
• Analytics and performance cookies:
  • Collect aggregated data about website usage (e.g., pages visited, time on site).
  • Help us improve site performance, content and navigation.
• Advertising and targeting cookies (third-party):
  • Set by us and our partners to deliver relevant advertising and measure campaign performance.
  • May track your browsing across different sites, subject to applicable laws and your consent.

Managing cookies

• Browser controls: Most browsers allow you to:
  • block all cookies;
  • block cookies from specific sites; or
  • delete existing cookies.
  Please refer to your browser's help section for detailed instructions.
• On-site controls: Where available, we provide internal cookie or privacy settings that allow you to consent to or reject non-essential cookies (e.g., analytics, advertising).
• Consequences of disabling cookies: If you disable or reject cookies, some features of mrpachobet-au.com or Mr Pacho may not operate correctly, and your user experience may be affected.

Data Security

OBSERVE: Security is critical given the sensitivity of financial and gambling data.

EXPAND: We implement layered technical and organisational controls aligned with recognised standards.

REFLECT: While no system is perfectly secure, we continually improve our defences.

Technical measures

• Encryption in transit: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher (HTTPS).
• Encryption at rest: Sensitive data (e.g., passwords, certain financial identifiers) is stored in encrypted or hashed form.
• Access controls: Access to production systems and databases is restricted to authorised personnel under role-based access controls and strong authentication mechanisms, including multi-factor authentication where feasible.
• Network and infrastructure security: Use of firewalls, intrusion detection/prevention systems and monitoring tools to detect suspicious activities.
• Secure development: Adoption of secure coding practices, vulnerability scanning and patch management to reduce the risk of exploitable flaws.

Organisational measures

• Policies and training: Internal policies and regular staff training on data protection, confidentiality, acceptable use and incident reporting.
• Vendor due diligence: Evaluation of key service providers' security practices and contractual requirements for adequate safeguards.
• Access minimisation: "Need to know" principle for access to personal data, combined with logging and monitoring of administrative activities.

Audits and incident response

• Audits: Periodic internal reviews and, where appropriate, third-party assessments of security controls. While we may not be formally certified under standards such as ISO 27001 or SOC 2, we aim to align with their core principles.
• Incident response:
  • Preparation of response plans to manage security incidents, including containment, investigation and remediation.
  • Assessment of risks to individuals and implementation of measures to mitigate potential harm.
  • Notification to affected users and, where required by applicable law, to relevant authorities and regulators, without undue delay.

Complaints & Contacts

OBSERVE: Users must have clear channels to raise concerns and escalate complaints.

EXPAND: This includes internal handling and external supervisory options.

REFLECT: We set expectations for timelines and steps.

Contacting us

• Primary email (support & privacy): [email protected]
• General information email: [email protected]
• Website: https://mrpachobet-au.com
• Postal contact (group level): Rabidi N.V., Curaçao; Liernin Enterprises Ltd, Marshall Islands (exact street addresses not specified; please contact us by email in the first instance to obtain the most appropriate postal address, if needed).

Internal complaint procedure

1. Submit your complaint: Send a detailed description of your concern (including relevant dates, account details and supporting evidence) to [email protected] with the subject line "Privacy Complaint".
2. Acknowledgement: We will normally acknowledge receipt within 5 business days.
3. Investigation: Your complaint will be reviewed by our Data Protection Department or an appropriate senior staff member.
4. Response: We aim to provide a substantive response within 30 days. If more time is required due to complexity, we will inform you of the delay and anticipated timeframe.
5. Appeal: If you are not satisfied with our response, you may request further review by indicating the reasons for your dissatisfaction. We will then conduct an additional assessment where feasible.

External escalation

Depending on your location and applicable law, you may have the right to lodge a complaint with a data protection or privacy authority.

• Australia:
  • You may contact the Office of the Australian Information Commissioner (OAIC) regarding concerns about privacy practices: https://www.oaic.gov.au.
• European Union / EEA:
  • If you are located in the EU/EEA, you may have the right to complain to your local data protection authority. Contact details are available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
• Mexico:
  • For users under Mexican jurisdiction, you may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI): https://home.inai.org.mx/, in relation to rights under the Federal Law on Protection of Personal Data Held by Private Parties.

We encourage you to contact us first so we can attempt to resolve your concern directly.

Updates

OBSERVE: Privacy practices evolve; users must be informed of changes.

EXPAND: We maintain version control and provide advance notice of material updates.

REFLECT: This ensures transparency and allows users to make informed decisions.

Changes to this Privacy Policy

• We may update this Privacy Policy from time to time to reflect:
  • changes in our services, technology or business structure;
  • changes in applicable laws or regulatory guidance (including developments in Australian, Curaçao or other relevant jurisdictions); or
  • feedback from users or supervisory authorities.

Notification methods

• Website notice: We will post the updated Policy on mrpachobet-au.com and/or relevant pages associated with Mr Pacho.
• Email notification: For material changes, we will endeavour to notify registered users by email to the address associated with their account.
• On-site alerts: We may display banners, pop-ups or dashboard alerts drawing attention to significant changes.

Timing and user choices

• Advance notice: Where feasible and if the changes are material, we will provide at least 30 days' notice before the new terms take effect.
• Continued use: Your continued use of mrpachobet-au.com or related services after the effective date of an updated Privacy Policy will constitute your acceptance of the changes.
• Right to object or close account: If you do not agree with a material change, you may:
  • object to the change where permitted by law; and/or
  • close your account and request deletion or restriction of your data (subject to legal retention obligations).

Last updated: November 2025 (with protections expected to remain applicable through at least 2026, subject to future updates).