burger icon
Cocoa Review Australia
Log In

Privacy Policy

This Privacy Policy explains how Cocoa, operated via the website cocoa-aussie.com, collects, uses, discloses and protects personal information of website visitors and players. It applies to all individuals who access or use cocoa-aussie.com or any related services, regardless of their location. By using cocoa-aussie.com you agree to the practices described in this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and replaces any earlier versions published on cocoa-aussie.com.

Who We Are

OBSERVE: Users need to know who is responsible for their data, where that entity is based, and how to contact it.

EXPAND: Based on the available information, Cocoa is operated by SSC Entertainment N.V. from Curaçao, offering online gambling services under a Curaçao licence, while targeting Australian players through cocoa-aussie.com.

REFLECT: We clearly identify the operator, its address, and provide a dedicated contact point for privacy matters.

Operator / Data Controller

  • Trading name: Cocoa (as reviewed on Cocoa for cocoa-aussie.com)
  • Website: https://cocoa-aussie.com
  • Operator and data controller: SSC Entertainment N.V.
  • Legal entity type: Private limited liability company (SSC Entertainment N.V.)
  • Registered / legal address: Heelsumstraat 51, E-Commerce Park, Curaçao
  • Company registration number: Not publicly specified
  • Tax identification number: Not publicly specified
  • Gaming licence: Antillephone N.V., Licence No. 8048/JAZ (public verification reported as intermittent; status not independently verifiable through 2026)

Important notice for Australian users: According to the Australian Communications and Media Authority (ACMA), the operator SSC Entertainment N.V. offers online gambling services to Australian residents in breach of the Interactive Gambling Act 2001. ACMA blocking request ACMA2023/567 and related materials indicate that the service is considered unlawful from an Australian regulatory perspective, and Australian consumer protections and remedies generally do not apply. This Privacy Policy does not imply that the service is authorised or regulated in Australia.

Data Protection Contact / DPO-equivalent

  • Responsible department: Data Protection & Compliance Department, SSC Entertainment N.V.
  • Email (primary contact - critically important): [email protected]
  • Phone: not specified
  • Postal contact: SSC Entertainment N.V., Data Protection & Compliance, Heelsumstraat 51, E-Commerce Park, Curaçao

All privacy-related queries, requests or complaints should be sent to the above email address or postal address.

What Personal Data We Collect

OBSERVE: We collect personal, technical, payment and behavioural data, as well as information through cookies and similar technologies.

EXPAND: These data categories are necessary to provide casino services (including deposits, wagers and withdrawals), ensure security and comply with anti-fraud and regulatory requirements, particularly for KYC/AML.

REFLECT: Below we describe each category, with examples, without limiting the scope of data that may reasonably fall within these categories.

1. Identification and Contact Data

  • Full name, date of birth, gender, nationality.
  • Residential address, billing address, country of residence.
  • Email address (including the one used to register and communicate), telephone number, preferred language.
  • Government-issued identification data submitted for verification (e.g. ID card, passport, driving licence numbers, copies of documents, proof of address such as utility bills or bank statements).

2. Account and Usage Data

  • Username, account ID, passwords (stored in hashed form), security questions/answers (where implemented).
  • Account settings and preferences (language, marketing preferences, limits where available).
  • Login and logout times, session duration, pages visited, clicked links, internal navigation, game preferences.
  • Communications with customer support (emails, chat transcripts, complaint records).

3. Technical and Log Data

  • IP address, approximate location based on IP, device type, operating system, browser type and version.
  • Device identifiers, hardware model, unique IDs where available.
  • Server logs including access times, pages requested, referral URL, error logs.
  • Security-related logs (failed logins, unusual access patterns, device fingerprinting where used).

4. Payment and Financial Data

  • Payment method details (such as partial card data - e.g. last 4 digits, card type - or e-wallet identifiers, bank account IBAN/BIC or local equivalents).
  • Deposit and withdrawal history, currency used, transaction identifiers, timestamps, amount, status.
  • Data required by payment processors and financial partners to execute and verify payments, conduct KYC/AML checks and prevent fraud.
  • Chargeback information, disputes and related financial correspondence.

5. Behavioural and Gambling Activity Data

  • Game history, including games played (e.g. slot titles, including Book of Dead and other games provided by Rival, Betsoft and Saucify), timestamps, stakes, wins, losses, bonuses used.
  • Betting patterns, frequency and duration of play, session intervals, wagering volumes.
  • Bonus participation, promotions redeemed, loyalty/VIP status and progression (if applicable).
  • Self-exclusion and responsible gambling settings (where available), including limits, time-outs and related communication.

6. Cookies and Similar Tracking Technologies

  • Cookie identifiers associated with your browser or device.
  • Information about your interactions with cocoa-aussie.com collected via cookies, pixels, tags, SDKs and similar technologies (e.g. clickstream data, page views, referrers).
  • Online identifiers used by analytics and advertising partners (e.g. Google Analytics, other measurement tools, where applicable).

7. Special Categories of Data

We do not intentionally seek to collect special categories of personal data (such as health data, religious beliefs or political opinions). However, some inferences about vulnerability or gambling-related harm may be drawn from your behavioural data for responsible gambling and risk assessment purposes, where available under our tools.

8. Data from Third Parties

  • Identity and verification data from KYC/AML providers, credit reference agencies or sanctions lists.
  • Data from payment service providers necessary to confirm payments and prevent fraud.
  • Data from affiliates and advertising partners about the campaigns or websites that referred you to cocoa-aussie.com.

Legal Basis for Processing

OBSERVE: Our processing activities require clear legal grounds, especially when offering services cross-border from Curaçao to Australian users.

EXPAND: We align our approach with internationally recognised principles (including concepts used in the EU GDPR) even though SSC Entertainment N.V. is not established in the EU and cocoa-aussie.com is not licensed in Australia.

REFLECT: We identify the main legal bases applicable to each category of processing, which may overlap depending on the context.

1. Performance of a Contract

We process personal data where it is necessary to enter into and perform our agreement with you, including:

  • Creating and managing your user account on cocoa-aussie.com.
  • Providing access to games, processing bets, calculating results and managing balances.
  • Processing deposits and withdrawals and facilitating payment transactions.
  • Providing customer support and resolving operational issues.

2. Compliance with Legal and Regulatory Obligations

We process data to comply with legal obligations applicable to SSC Entertainment N.V. in Curaçao and any other jurisdiction where relevant (for example, data required by licensing or anti-money laundering authorities). This includes:

  • KYC (Know Your Customer) and AML (Anti-Money Laundering) checks, including identity verification and transaction monitoring.
  • Prevention, detection and reporting of suspicious transactions or activity.
  • Record-keeping obligations relating to financial and gambling transactions.
  • Responding to lawful requests from regulators, law enforcement and other authorities (including ACMA, where it issues legally binding directions to intermediaries, noting that our service is not authorised in Australia).

3. Legitimate Interests

We rely on our legitimate business interests, balanced against your privacy rights, to process data for purposes such as:

  • Preventing abuse, fraud, chargebacks and security incidents.
  • Maintaining the integrity and availability of our systems and services.
  • Analysing usage to improve website performance, game offering and user experience.
  • Segmenting users for risk assessment, responsible gambling monitoring (where tools are implemented) and non-intrusive service-related communications.
  • Establishing, exercising or defending legal claims.

4. Consent

In certain cases, we process personal data based on your explicit or implied consent, for example:

  • Sending direct electronic marketing communications (email, SMS, push notifications) that are not strictly necessary for providing the service.
  • Placing and accessing non-essential cookies and similar tracking technologies for analytics and advertising (where required by applicable law).
  • Sharing data with affiliates and advertising networks for personalised marketing, where you have agreed to such use.

You may withdraw your consent at any time as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

5. Protection of Vital Interests and Public Interest

In very limited circumstances, we may process or disclose data where necessary to protect your vital interests or those of another person (e.g. in case of suspected severe gambling-related harm communicated to us, or serious criminal activity) or where such processing is required in the public interest by applicable law.

Purpose of Processing

OBSERVE: Each processing activity must serve a clearly defined purpose.

EXPAND: For Cocoa and cocoa-aussie.com, purposes are centred around providing online gambling services, ensuring compliance, and managing risks.

REFLECT: We group purposes to make them understandable and map them to the legal bases described above.

Core Service Delivery

  • Registering and managing player accounts.
  • Providing access to casino games supplied by certified providers (e.g. Rival, Betsoft, Saucify).
  • Processing bets, determining outcomes and crediting or debiting balances.
  • Processing deposits, withdrawals and related financial transactions.

Customer Support and Communication

  • Responding to enquiries, complaints and support requests.
  • Sending service-related notifications (e.g. account changes, payment confirmations, security alerts, updates to terms or this Privacy Policy).
  • Maintaining records of communications for quality assurance and dispute resolution.

Risk Management, Security and Fraud Prevention

  • Detecting and preventing fraud, money laundering and other unlawful activity.
  • Monitoring usage to detect suspicious behaviour or violations of our Terms and Conditions.
  • Securing IT systems, preventing unauthorised access and mitigating cyber threats.
  • Ensuring game integrity, including RNG functionality as provided by certified providers (noting that the casino's implementation is not subject to independent monthly audits such as eCOGRA).

Compliance and Legal Obligations

  • Conducting KYC/AML checks and transaction monitoring.
  • Keeping records to meet regulatory, tax and accounting obligations as applicable in Curaçao or other relevant jurisdictions.
  • Cooperating with regulators and law enforcement, subject to legal requirements.

Service Improvement and Analytics

  • Analysing aggregated and pseudonymised user behaviour to improve website performance, usability and content.
  • Understanding game popularity, device usage and traffic patterns.
  • Testing new features, security measures and technical improvements.

Marketing and Personalisation

  • Sending offers, bonuses, newsletters and promotions, subject to consent where required.
  • Creating user segments based on activity, preferences and behaviour to tailor marketing where permitted.
  • Measuring the effectiveness of campaigns run directly by us or via affiliates and advertising partners.

Disclosure & Sharing

OBSERVE: To operate cocoa-aussie.com, we must share data with specific categories of recipients.

EXPAND: Sharing is limited to what is necessary and subject to contractual and security safeguards, though regulatory gaps may exist given the offshore, effectively unregulated status for Australian users.

REFLECT: We describe with whom and under what circumstances data may be shared.

1. Group Companies and Internal Recipients

  • SSC Entertainment N.V. internal departments (customer support, payments, risk & fraud, IT, legal, compliance, marketing) for the purposes described above.
  • Any future parent, subsidiary or affiliated entities involved in the operation of cocoa-aussie.com, to the extent necessary.

2. Payment Service Providers and Financial Institutions

  • Banks, card schemes and payment providers processing deposits and withdrawals.
  • Payment gateways, e-wallet providers and other financial intermediaries.
  • These third parties receive only the data necessary to process your transactions, verify your identity and prevent fraud.

3. Technical and Operational Service Providers

  • Hosting providers, cloud infrastructure and content delivery networks (including providers such as Cloudflare, which supplies SSL/TLS protection for cocoa-aussie.com).
  • Software providers supporting the gaming platform, CRM, helpdesk and email distribution.
  • Analytics providers that help us understand traffic and usage patterns.

4. Game Providers

  • Rival, Betsoft, Saucify and other software vendors that supply games and related services.
  • Where necessary, certain player identifiers, session and transactional data may be shared with such providers for game operation, troubleshooting, anti-fraud and reporting.

5. Professional Advisors

  • Lawyers, auditors, accountants and consultants who require access to personal data for the provision of professional services, subject to confidentiality obligations.

6. Regulators, Authorities and Law Enforcement

  • Regulators in Curaçao and other competent authorities where SSC Entertainment N.V. is legally obliged to provide information.
  • Law enforcement agencies where disclosure is required by law or reasonably necessary to protect our rights, your safety or the safety of others, or to investigate suspected unlawful activity.
  • We note that in Australia, ACMA has issued blocking requests (including ACMA2023/567) against domains operated by SSC Entertainment N.V.; while these relate primarily to network-level blocking by ISPs, we may still be required to cooperate with law enforcement inquiries where lawfully mandated.

7. Affiliates and Advertising Networks

  • Affiliate partners who promote cocoa-aussie.com and refer players to the site, to account for referrals, commissions and campaign performance.
  • Advertising networks and marketing partners that deliver or measure our advertising, subject to your consent where required and local law limitations.

8. Business Transfers

  • In connection with any actual or contemplated merger, sale of assets, restructuring, acquisition or similar corporate transaction involving SSC Entertainment N.V. or cocoa-aussie.com, personal data may be disclosed to potential or actual purchasers and their advisors, subject to appropriate safeguards.

9. Aggregated and De-Identified Data

We may share aggregated or anonymised information that does not identify you personally with third parties for analytics, research or reporting. Such data is not considered personal data.

International Transfers

OBSERVE: Cocoa-aussie.com is operated from Curaçao and uses international service providers, leading to cross-border data transfers.

EXPAND: Data may be stored or processed in multiple jurisdictions, including countries that do not offer the same level of data protection as your country of residence (e.g. Australia, countries in the EEA, the United States or others).

REFLECT: We outline the main destinations and measures we apply, recognising that as an offshore operator, not all protections will align with EU-grade or Australian privacy standards.

Geographical Scope of Transfers

  • Curaçao: Principal location of SSC Entertainment N.V. and primary processing of account, transactional and compliance data.
  • European Economic Area (EEA) / UK: Some service providers (e.g. game providers, analytics or payment intermediaries) may be based in or process data from these regions.
  • United States and other third countries: Certain IT, cloud, analytics and security providers may process data in the US or other jurisdictions.
  • Australia: While the service is considered unlawful under Australian law, data may transit through or be processed on servers or by service providers located in or serving Australian networks (for example, CDNs, ISPs, or payment providers servicing Australian-based customers).

Safeguards

  • Where required and practical, we use contractual protections such as standard contractual clauses (SCCs) or equivalent mechanisms when engaging processors established in countries without an adequate level of data protection, particularly in relation to EEA/UK data subjects.
  • We implement technical and organisational measures (encryption, access controls, pseudonymisation) to mitigate risks associated with cross-border transfers.
  • Given the offshore and unregulated status for Australian players, users should be aware that enforcement of privacy rights against SSC Entertainment N.V. may be limited and that data transfers may not benefit from Australian privacy law protections.

Data Retention

OBSERVE: Personal data should not be kept longer than necessary for the purposes for which it is processed.

EXPAND: Retention must also accommodate KYC/AML and gambling regulatory obligations, which often require multi-year storage of transactional and identity data.

REFLECT: We set indicative retention periods and explain our criteria, noting that specific legal obligations may vary by jurisdiction.

General Principles

  • We retain personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, including for the purposes of satisfying legal, accounting or reporting requirements.
  • When determining appropriate retention periods, we consider the amount, nature and sensitivity of the data, potential risks of harm, the purposes of processing and applicable legal requirements.

Indicative Retention Periods

  • Account and identification data: Typically retained for up to 5 years after account closure, or longer where required by KYC/AML regulations, regulatory authorities or for the establishment, exercise or defence of legal claims.
  • Transactional and gambling data: Typically retained for 5 - 7 years from the date of the transaction or event, in line with common anti-money laundering and financial record-keeping standards.
  • Customer support communications: Retained for 3 - 5 years from the date of the last communication, depending on the nature of the interaction and any ongoing disputes.
  • Marketing data: Retained until you opt out or withdraw consent, or for a shorter period if required by applicable law; we may keep a minimal record of your opt-out request indefinitely to respect your choice.
  • Technical logs and security data: Retained for a period between 6 months and 3 years, depending on the log type and security utility.

Deletion and Anonymisation

  • When data is no longer needed, we will either delete it securely or anonymise it so that it can no longer be associated with you.
  • In some cases we may be unable to fully delete data due to overriding legal obligations (e.g. AML requirements) but we will restrict processing to storage only and limit access to authorised personnel.

Your Rights

OBSERVE: Users expect a clear explanation of their privacy rights, especially those inspired by GDPR-style frameworks.

EXPAND: Although SSC Entertainment N.V. is established in Curaçao and cocoa-aussie.com is not an Australian-licensed service, we strive to align with widely accepted privacy principles, including rights similar to those under the EU General Data Protection Regulation (GDPR) and, by analogy, rights under modern Latin American data protection frameworks.

REFLECT: We explain each right, how to exercise it, response times and cost conditions, while clarifying jurisdictional limitations and practical enforcement constraints for offshore gambling services.

Overview of Your Rights

Subject to applicable law and certain limitations, you may have the following rights in relation to your personal data:

  • Right of access: To obtain confirmation as to whether we process your personal data and, if so, to receive a copy of such data and additional information about our processing.
  • Right to rectification: To request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): To request deletion of your personal data, where there is no valid reason for us to continue processing it (subject to our legal obligations to retain certain data).
  • Right to restriction of processing: To request that we limit the processing of your data, for example while we verify its accuracy or our legitimate grounds.
  • Right to object: To object to our processing based on legitimate interests, including profiling, and to object at any time to your data being processed for direct marketing.
  • Right to data portability: To receive certain personal data in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible.
  • Right to withdraw consent: Where processing is based on your consent (e.g. marketing communications, certain cookies), you may withdraw that consent at any time.

While references in the section header mention Mexican or GDPR alignment, cocoa-aussie.com is not established in Mexico or the EU. Accordingly, local enforcement authorities in those jurisdictions may have limited or no direct authority over SSC Entertainment N.V. Nonetheless, we voluntarily endeavour to honour comparable rights requests to the extent technically and legally feasible.

How to Exercise Your Rights

  1. Submit your request: Send an email to [email protected] with:
    • Your full name, username and registered email address.
    • A clear description of the right you wish to exercise and the data concerned.
  2. Identity verification: We may ask for additional information or documents (e.g. ID copy, security questions) to verify your identity and prevent unauthorised access to your data.
  3. Our response time: We aim to respond to your request within 30 days of receipt of a complete and verifiable request. For particularly complex or numerous requests, this period may be extended; we will inform you if an extension is necessary.
  4. Cost: Requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (e.g. repetitive requests without justification).

Limitations

  • We may not be able to comply with a request for erasure, restriction or objection where we are required to retain or process data under applicable law (e.g. AML, tax, regulatory retention obligations) or where data is needed for the establishment, exercise or defence of legal claims.
  • Given the offshore and unregulated nature of the service in relation to Australia, and the absence of a local Australian licence, some rights and remedies afforded by Australian privacy or consumer laws may not be enforceable against SSC Entertainment N.V.

Cookies & Tracking Technologies

OBSERVE: cocoa-aussie.com uses cookies and similar technologies to operate effectively.

EXPAND: Different cookie types serve functional, analytical and marketing purposes; users must be informed how to manage them.

REFLECT: We classify cookies and explain control mechanisms, while acknowledging that cookie controls may be limited on some devices or browsers.

Types of Cookies We Use

  • Strictly necessary / functional cookies: Essential for the operation of cocoa-aussie.com, enabling core functions such as page navigation, login, session maintenance, security and access to secure areas. The website cannot function properly without these cookies.
  • Preference cookies: Remember your language, region and other preferences so that you do not need to re-set them every time you visit.
  • Analytics / performance cookies: Help us understand how visitors interact with the site (e.g. pages visited, time spent, error messages) so we can improve performance and usability.
  • Advertising / targeting cookies: Used (where implemented) to deliver relevant advertising, track the performance of campaigns and limit the number of times you see an ad. These may be set through our site by us or by advertising partners.
  • Third-party cookies: Placed by third parties such as analytics providers, affiliates or embedded services; these parties may process your data in accordance with their own privacy policies.

Managing Cookies

  • Browser settings: Most browsers allow you to:
    • View which cookies are stored on your device.
    • Delete cookies.
    • Block third-party cookies or all cookies.
    • Set preferences for certain websites.
  • Internal tools: Where available, cocoa-aussie.com may provide an internal cookie or privacy settings panel, allowing you to adjust your preferences for non-essential cookies.
  • Impact of disabling cookies: If you disable or block certain cookies, some features of cocoa-aussie.com may not function properly, and your user experience may be impaired (e.g. you may need to log in each time you visit, or games may not load correctly).

Data Security

OBSERVE: Protecting personal and financial data is critical, particularly for online gambling services accessed from high-risk jurisdictions such as Australia.

EXPAND: We employ a combination of technical and organisational measures, although we cannot guarantee absolute security and we currently do not offer two-factor authentication to end users.

REFLECT: We set out our key safeguards and explain residual risks transparently.

Technical Measures

  • Encryption in transit: Data transmitted between your browser and cocoa-aussie.com is protected using SSL/TLS (version 1.2 or higher), as evidenced by valid certificates (e.g. via Cloudflare).
  • Encryption at rest: Where feasible, sensitive data (including passwords, limited payment identifiers and critical configuration data) is encrypted or stored using hashing and other industry-standard techniques.
  • Access controls: Access to production systems and databases is restricted to authorised personnel based on the principle of least privilege, using authentication and logging mechanisms.
  • Network security: Firewalls, intrusion detection/prevention systems and other security technologies are used to protect infrastructure against unauthorised access and attacks.
  • Backups and resilience: Regular backups and redundancy measures are implemented to reduce the risk of data loss and service disruption.

Organisational Measures

  • Staff training: Employees and contractors with access to personal data receive training on privacy, information security and responsible handling of player data.
  • Policies and procedures: Internal policies govern data access, acceptable use, incident reporting and retention.
  • Vendor management: Third-party service providers who process personal data on our behalf are expected to implement adequate security measures and are bound by contractual obligations.

Audits and Standards

  • We conduct periodic internal reviews and may commission external assessments of key systems. However, cocoa-aussie.com and SSC Entertainment N.V. are not currently certified to ISO/IEC 27001, SOC 2 or comparable international information security standards.
  • Game providers (Rival, Betsoft, Saucify) are certified for RNG fairness, but Cocoa's specific implementation is not independently audited on a public monthly basis (e.g. by eCOGRA).

Incident Response

  • We maintain procedures for detecting, logging, investigating and responding to suspected data breaches or security incidents.
  • Where required by applicable law, we will notify relevant authorities and affected individuals without undue delay if a data breach is likely to result in a high risk to their rights and freedoms.

Important risk note for Australian players: Because cocoa-aussie.com operates without an Australian licence and is subject to ACMA blocking orders, you may have limited or no recourse under Australian consumer or privacy law in the event of a security incident or data breach.

Complaints & Contacts

OBSERVE: Users must know how to raise concerns or complaints and to whom.

EXPAND: As an offshore operator, we provide internal escalation paths; external regulatory avenues for Australian players are limited and may not be effective.

REFLECT: We describe our internal complaint mechanism and outline possible external options, while being transparent about limitations.

Contact Channels

  • Primary email for all privacy matters: [email protected]
  • Postal address: Data Protection & Compliance, SSC Entertainment N.V., Heelsumstraat 51, E-Commerce Park, Curaçao
  • Online contact / forms: Where available on cocoa-aussie.com (if a dedicated contact form exists, users may submit queries there; otherwise, use the email above).

Internal Complaint Procedure

  1. Submission: Send your complaint or query to [email protected], clearly marking it as a "Privacy complaint". Provide:
    • Your full name and account details.
    • A detailed description of the issue and how it affects you.
    • Any supporting documentation or screenshots.
  2. Acknowledgement: We aim to acknowledge receipt of your complaint within 7 business days.
  3. Investigation: The Data Protection & Compliance team will review your complaint, consult with relevant internal departments and, if necessary, request additional information from you.
  4. Response: We will endeavour to provide a substantive written response within 30 days of receiving your complete complaint. For complex issues, we may extend this period and will inform you of the extension and reasons.
  5. Follow-up: If you are dissatisfied with our response, you may request an internal review or clarification. We will re-examine the matter and respond as soon as reasonably practicable.

External Authorities and Limitations

Because SSC Entertainment N.V. is established in Curaçao and cocoa-aussie.com is not licensed in Australia, external complaint and enforcement mechanisms are limited:

  • Curaçao: You may seek information from the applicable Curaçao licensing or supervisory authority, though public individual complaint mechanisms may be limited.
  • Australia: The Australian Communications and Media Authority (ACMA) focuses primarily on enforcement against illegal offshore gambling operators (including blocking orders) rather than individual consumer redress. ACMA may be contacted via https://www.acma.gov.au for information about illegal offshore gambling services, but it cannot generally compel SSC Entertainment N.V. to provide remedies or respect Australian privacy rights.
  • EU or other jurisdictions: If you are located in a jurisdiction with a data protection authority (e.g. an EU member state), you may have the right to lodge a complaint there. However, such authorities may have limited jurisdiction over SSC Entertainment N.V. as an offshore operator.

Nothing in this section restricts any rights you may have under mandatory laws that apply to you; however, you should be aware that practical enforcement against offshore operators may be constrained.

Updates

OBSERVE: Privacy laws, technologies and our own practices may evolve over time.

EXPAND: We must update this Privacy Policy accordingly and inform users about material changes in a timely and transparent manner.

REFLECT: We adopt a versioning and notification approach with reasonable advance notice for significant changes, recognising the cross-border, offshore nature of the service.

Policy Changes and Version Control

  • This Privacy Policy may be updated periodically to reflect:
    • Changes in our data processing practices or services.
    • Modifications to applicable laws or regulatory expectations.
    • Updates in our corporate structure or third-party relationships.
  • The current version will always be available on cocoa-aussie.com, with a "Last updated" date at the end of the document.
  • Last updated: January 2026.

Notification of Material Changes

  • For material changes that significantly affect how we process your personal data, we will:
    • Display a prominent notice on cocoa-aussie.com (e.g. banner or pop-up).
    • Where feasible, send an email notification to the address associated with your account.
    • Provide notice through your account dashboard or login area where technically possible.
  • We will generally provide at least 30 days' advance notice before material changes take effect, unless immediate changes are required by law or to address security or operational issues.

Your Options in Case of Changes

  • If you do not agree with the updated Privacy Policy, you may:
    • Adjust your privacy or cookie settings where available.
    • Withdraw consent for specific processing activities (e.g. marketing) as described in this Policy.
    • Request account closure and, where permitted, deletion or restriction of your personal data, subject to legal retention obligations.
  • Your continued use of cocoa-aussie.com after the effective date of an updated Privacy Policy will be deemed acceptance of the changes, to the extent permitted by applicable law.