Privacy Policy

This Privacy Policy explains how Buran, available via the domain buran-au.com, collects, uses, discloses, and protects personal information of players and website visitors. It applies to all individuals who access, browse, or use buran-au.com, whether or not they create an account or place bets with the Buran brand. This Privacy Policy is intended to comply with applicable privacy and data protection standards, including the Australian Privacy Act 1988 (Cth) and relevant international best practices, to the extent they apply to an offshore operator.

By using buran-au.com, you acknowledge that the underlying gambling services are operated offshore and licensed in Curaçao, and that Australian consumer protection and gambling regulations may not apply. Nevertheless, this Privacy Policy sets out how your information will be handled. This Privacy Policy is effective and applies to processing activities from 1 January 2026 and onwards, unless replaced or updated as described in the "Updates" section below.

Who We Are

Observe: The gambling brand "Buran" and its Australian review presence on buran-au.com are associated with Rabidi N.V., an offshore operator incorporated in Curaçao and licensed by Antillephone N.V. as an e-gaming provider. No precise street address is provided in the available data.

Expand: For privacy and data protection purposes, users must understand which entity is responsible for their data, under which jurisdiction it operates, and how it can be contacted. While the gambling services are treated by the Australian Communications and Media Authority (ACMA) as an "illegal offshore gambling service" under the Interactive Gambling Act 2001 (Cth), the operator still undertakes to handle personal data in line with this Privacy Policy.

Reflect: We therefore clearly identify the controller, registration details, and contact channels for data protection queries and complaints.

Operator and Data Controller

Legal entity: Rabidi N.V.
Brand: Buran (including the Australian review presence "Buran" on buran-au.com)
Legal form: Public limited company (Naamloze Vennootschap) under the laws of Curaçao
Company registration number: 151791
Registered jurisdiction: Curaçao
Gaming licence: E-Gaming license No. 8048/JAZ, issued by Antillephone N.V. under the authority of the Government of Curaçao (see validator: https://validator.antillephone.com/validate?domain=burancasino.com)
Registered / legal address: Curaçao (exact street and postal address not specified in the current data; when available, it will be added to this policy).

Contact Details

Website (review domain for Australia): https://buran-au.com
Support email (primary): [email protected]
General information email: [email protected]
Press enquiries: [email protected]
Telephone: Not specified

Data Protection Contact

Rabidi N.V. does not publicly appoint a named Data Protection Officer; however, it operates a dedicated data protection contact point:

Data protection / privacy contact: [email protected]
Purpose: To receive and handle requests relating to privacy, data protection, and the rights described in this Privacy Policy.

When contacting us about privacy, please include "Privacy request - Buran" in the subject line and provide sufficient information for us to identify you and the account (if any) to which your request relates.

What Personal Data We Collect

Observe: Operating an offshore online gambling service and its associated review domain requires collecting a range of personal, technical, financial, and behavioural data. This includes information necessary to identify the user, to operate accounts and payments, to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations, and to monitor gaming behaviour.

Expand: Data is gathered both directly from you (for example, during registration or when you contact support) and indirectly (through cookies, logs, and interactions with third-party service providers such as payment processors and game providers). Some of this data will be considered sensitive or high-risk (e.g., financial and gambling activity data) and is treated accordingly.

Reflect: The categories below describe, in a structured way, the personal information we may collect when you use buran-au.com and related Buran services.

Identification and Contact Data

Full name, date of birth, and gender (where provided).
Residential address, country of residence, and proof of address documentation.
Email addresses (such as the one you use to register or to contact support) and any telephone numbers you provide.
Copies of identification documents (e.g., passport, national ID, driver's licence) and any other KYC ("Know Your Customer") documents you submit.

Account and Usage Data

Username, password (stored in hashed form), account settings, preferences, and communication choices (e.g., marketing opt-ins).
Login dates and times, session durations, and account status (active, suspended, closed).
Records of support interactions, complaints, and dispute correspondence.

Technical and Log Data

IP address, device identifiers, browser type and version, operating system, language settings, and referrer URLs.
Server logs, including pages visited on buran-au.com, timestamps, and error logs.
Device and network attributes used for fraud detection and geolocation assessments.

Payment and Financial Data

Payment method details (for example, partial card numbers, e-wallet identifiers, bank account references), as made available by payment providers.
Transaction history including deposits, withdrawals, bonuses, chargebacks, and payment failures.
Records required by AML/CTF frameworks, including source of funds information where collected.

Behavioural and Gambling Activity Data

Betting and game play history, including games played, stakes, wins/losses, and session length.
Bonus usage, promotional participation, and loyalty or VIP activity.
Clickstream data, navigation paths, and on-site behaviour used for analytics and responsible gambling monitoring.

Cookies and Similar Technologies

Session cookies, persistent cookies, and local storage entries that remember your preferences, maintain login sessions, and support security functions.
Analytics cookies and similar scripts from third parties (for example, web analytics providers) that help us understand traffic patterns and user engagement.
Advertising and tracking cookies, pixels, or tags used (where applicable and permitted) to measure marketing campaigns and, with consent, to deliver targeted advertising.

Further details about cookies are set out in the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

Observe: As an offshore operator licensed in Curaçao and offering services that may be accessed from Australia, Rabidi N.V. processes personal data under a combination of contract necessity, legal obligation, legitimate interest, and consent-based grounds, guided by international standards such as the GDPR, even though the primary corporate jurisdiction is Curaçao.

Expand: Given the sensitive nature of gambling-related data, we apply heightened scrutiny to processing operations, especially those involving profiling, marketing, and data sharing with third parties. Additionally, AML/CTF requirements and gaming licence conditions require us to obtain and retain certain categories of personal information for defined periods.

Reflect: Below we summarise the principal legal bases we rely on when handling your personal information.

Performance of a Contract

Creating and managing your player account, including authentication and account security.
Processing deposits, wagers, withdrawals, and bonus credits.
Providing customer support, handling complaints, and resolving operational issues.
Delivering website functionality, games, and related services you request.

Compliance with Legal and Regulatory Obligations

Conducting identity verification, age verification, and ongoing KYC checks.
Monitoring, recording, and reporting suspicious transactions for AML/CTF purposes.
Complying with tax, accounting, and record-keeping obligations under Curaçao law and our gaming licence conditions.
Responding to lawful requests and investigations from competent regulatory authorities in our jurisdiction.

Legitimate Interests

Preventing, detecting, and investigating fraud, account misuse, and security incidents.
Ensuring the integrity of games and systems and maintaining the stability and performance of our platforms.
Analysing aggregated usage patterns to improve services, user interfaces, and product offerings.
Enforcing our terms and conditions and protecting the rights, property, and safety of the Buran brand, players, and third parties.

Consent

Sending direct marketing communications (email, SMS, push notifications) where local law requires consent or where you have opted in.
Using certain non-essential cookies and similar tracking technologies for analytics and advertising, where legally required.
Collecting and using additional data not strictly necessary for contract performance or legal obligations (for example, certain surveys, feedback forms, or optional profile fields).

You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

Purpose of Processing

Observe: Each category of data serves one or more specific purposes, ranging from core service provision to security, compliance, and marketing.

Expand: To ensure transparency and data minimisation, we link each primary processing purpose to the underlying legal basis described above. Certain purposes, such as fraud prevention and AML/CTF, may override individual preferences in limited cases where required by law or regulatory obligations.

Reflect: The main purposes for which we process personal information in relation to Buran and buran-au.com include the following:

Service Provision and Account Management

Creating and maintaining your player account, enabling you to log in securely, and remembering your preferences.
Operating casino games, processing wagers and payouts, and managing promotions and loyalty programs.
Providing technical and customer support, including answering questions, resolving complaints, and verifying identity during support interactions.

Compliance, Risk Management, and Fraud Prevention

Verifying your identity and age, and assessing eligibility to participate under our licence conditions.
Monitoring transactions and gaming behaviour to detect suspicious activity, fraud, bonus abuse, or money-laundering patterns.
Maintaining records necessary to demonstrate compliance to our licensing authority and other competent bodies in our jurisdiction.

Service Improvement and Analytics

Analysing site usage, game popularity, and user behaviour (typically in aggregated or pseudonymised form) to improve our platform.
Testing and developing new features, interfaces, and content for buran-au.com and related Buran properties.
Performing quality assurance, audits, and internal reporting to enhance performance and resilience.

Marketing and Personalisation

Sending newsletters, promotional offers, and bonus notifications, where permitted by law and, where required, with your prior consent.
Segmenting users into groups based on activity (for example, recent deposits, game preferences) to tailor offers and communications.
Measuring the effectiveness of marketing campaigns and optimising future promotions.

Legal Claims and Enforcement

Investigating and defending against legal claims or regulatory investigations.
Enforcing our terms of use, bonus rules, and responsible gambling policies.
Supporting internal and external audits and ensuring the integrity of our systems and records.

Disclosure & Sharing

Observe: To deliver and support offshore gambling services, we must share data with a range of third parties, including payment processors, game providers, IT service providers, and regulators in our licensing jurisdiction.

Expand: Data sharing is limited to what is necessary, subject to appropriate contracts, and, where applicable, based on suitable transfer mechanisms. We do not sell personal information to third parties for their own independent marketing purposes.

Reflect: The categories of recipients and typical circumstances in which data may be disclosed are outlined below.

Affiliated Companies and Brand Infrastructure

Entities involved in the operation or support of the Buran brand and its infrastructure, under common management or control with Rabidi N.V.
Technical operators providing hosting and platform solutions that support buran-au.com and the underlying gaming services.

Payment Service Providers and Banks

Banks, card schemes, e-wallets, and other payment processors that handle deposits, withdrawals, and refunds.
Third-party services involved in fraud scoring, chargeback management, and payment dispute resolution.

Game and Software Providers

Certified game studios and platform providers responsible for supplying and operating casino games (for example, Evolution Gaming and other providers listed on the casino platform).
These providers may receive anonymised or pseudonymised player identifiers, session data, and game outcomes necessary to deliver games and ensure fairness, but not your full contact details unless strictly necessary.

Service Providers and Professional Advisers

IT, cloud, analytics, marketing, and customer support service providers operating under written data processing agreements.
Auditors, legal advisers, compliance consultants, and other professional advisors engaged to support our operations and regulatory compliance.

Regulators and Authorities

The Curaçao licensing authority and its designated bodies, for compliance, audits, and investigations.
Law enforcement agencies or other competent authorities in our jurisdiction, where required by applicable law or legitimate request.

Affiliates and Advertising Networks

Affiliate partners who refer traffic to the Buran brand and who may receive aggregated or pseudonymised performance data for tracking commissions.
Advertising networks and platforms, but only where cookies and tracking technologies have been lawfully deployed and, if required, you have given appropriate consent.

Corporate Transactions

Prospective or actual purchasers, investors, or successors in the event of a merger, acquisition, restructuring, or sale of assets involving the Buran brand or Rabidi N.V., subject to confidentiality safeguards.

International Transfers

Observe: Rabidi N.V. is established in Curaçao and uses service providers and infrastructure that may be located in multiple countries. As a result, personal data may be processed and stored outside the country from which you access buran-au.com, including outside Australia.

Expand: International transfers can expose data to different legal regimes and enforcement levels. To mitigate these risks, we use contractual and organisational safeguards and select reputable providers that implement recognised security standards.

Reflect: We endeavour to ensure that any international transfer of personal information is subject to an adequate level of protection.

Locations of Processing

Curaçao: Primary location for corporate operations and regulatory supervision for Rabidi N.V.
European Economic Area (EEA) / United Kingdom: Some hosting, support, payment, or game providers may be located in, or operate from, EEA countries or the UK.
Other jurisdictions: Selected cloud, analytics, or support services may operate from additional countries with which we contractually agree appropriate data protection terms.

Safeguards for International Transfers

Use of standard contractual clauses or equivalent contract mechanisms where appropriate and feasible.
Technical safeguards such as encryption in transit and at rest, access controls, and data minimisation.
Organisational policies limiting access to personal data to those who need to know it for the purposes described in this Privacy Policy.

By using buran-au.com and, where relevant, creating an account with the Buran brand, you acknowledge that your information may be transferred internationally as described above.

Data Retention

Observe: Different categories of data must be retained for varying periods for contractual, operational, and regulatory reasons, particularly in relation to AML/CTF and gaming licence obligations.

Expand: While we aim to keep personal data for no longer than necessary, certain records must be preserved for a minimum duration set by law or by our regulators. We also retain limited data to handle disputes, enforce our terms, and maintain technical logs.

Reflect: The following retention principles guide how long we keep your information.

General Retention Rules

Player account and KYC data: Typically retained for up to 5 - 7 years after account closure or the last transaction, to comply with AML/CTF and gaming regulatory requirements and to deal with potential disputes.
Transaction and gaming history: Retained for at least 5 years after the relevant activity, or longer where required by applicable law.
Technical logs and security data: Retained for 6 - 24 months, depending on the type of log and its relevance for security and operational integrity.
Marketing data: Retained for as long as you remain subscribed and for a limited period thereafter (typically up to 24 months) to evidence consent and manage opt-out lists.
Support correspondence: Usually retained for up to 5 years after closure of the relevant ticket or complaint.

Deletion and Anonymisation

When data is no longer needed for the purposes for which it was collected and there is no legal requirement to retain it, we will delete or irreversibly anonymise it.
Where immediate deletion is not possible (e.g., backup archives), data will be placed beyond routine use and deleted in line with our backup rotation policies.
Upon a valid deletion request, we will assess whether we must retain certain data to comply with legal obligations; if so, we will restrict processing to those obligations only.

Your Rights

Observe: Although Rabidi N.V. is based in Curaçao and provides offshore gambling services, it endeavours to align its privacy practices with core rights found in major data protection frameworks such as the EU General Data Protection Regulation (GDPR). The prompt also refers to Mexican privacy law rights, which share similar concepts (access, rectification, cancellation, opposition).

Expand: In practice, this means that, subject to legal and regulatory limitations, we offer a set of rights allowing you to understand, influence, and in some cases restrict how your data is used. Certain rights may be limited where strict AML/CTF or licensing obligations apply.

Reflect: The following rights are available to you in relation to personal information processed via Buran and associated Buran services.

Right of Access

You may request confirmation of whether we hold personal data about you and, if so, receive a copy and relevant information about the processing.

Right to Rectification

You may request correction of inaccurate or incomplete personal data. This includes updating contact details and correcting spelling or factual errors in your profile, subject to verification checks.

Right to Erasure ("Deletion")

You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (if consent was the sole legal basis), or where processing is unlawful.
We may need to retain certain data despite your request, particularly to meet AML/CTF, gaming, and record-keeping obligations or to resolve outstanding disputes.

Right to Restrict Processing

You may ask us to limit processing of your data (for example, while we verify its accuracy or assess an objection), without fully deleting it.

Right to Object

You may object to processing based on our legitimate interests, on grounds relating to your particular situation. We will assess the request and stop processing unless we have compelling legitimate grounds or a legal obligation.
You have an unconditional right to object to the use of your personal data for direct marketing; if you object, we will stop sending marketing messages.

Right to Data Portability

Where technically feasible and applicable, you may request that we provide certain personal data in a structured, commonly used, machine-readable format or transfer it to another controller, where processing is based on consent or contract and carried out by automated means.

Right to Withdraw Consent

Where processing relies on your consent (for example, for certain marketing or optional data uses), you may withdraw that consent at any time.
Withdrawal does not affect the lawfulness of processing carried out before withdrawal but may affect our ability to provide certain optional features.

Exercising Your Rights

Submit a request: Contact us at [email protected] or [email protected] with "Privacy request - Buran" in the subject.
Provide identification: We may ask for additional information to verify your identity and ensure that we do not disclose data to unauthorised persons.
Processing time: We aim to respond within 30 days of receiving a complete request. Complex requests or multiple concurrent requests may require more time, in which case you will be informed of the extension and reasons.
Fees: Requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive, consistent with international best practice.

Please note that, because Rabidi N.V. is not established in Mexico or the EU, local supervisory authorities in those jurisdictions may have limited direct oversight over our operations. Nevertheless, the rights described above are implemented internally as a matter of policy and best practice.

Cookies & Tracking Technologies

Observe: buran-au.com uses cookies and similar technologies to provide core functionality, secure the website, measure performance, and, where allowed, support marketing.

Expand: Cookies can be set by us (first-party) or by third parties such as analytics providers. Some cookies are essential for operation; others are optional and may require consent depending on applicable law.

Reflect: This section describes the types of cookies we use and how you can control them.

Types of Cookies

Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They support navigation, login sessions, and basic functionality.
Persistent cookies: Cookies that remain on your device for a set period or until you delete them. They remember your preferences (such as language or region) and help us recognise returning visitors.
First-party cookies: Placed by buran-au.com to deliver our own services and collect analytics directly.
Third-party cookies: Set by external services such as analytics providers, affiliate tracking systems, or advertising networks.

Purposes of Cookies

Strictly necessary / functional: Enable core site functions, secure logins, session management, fraud prevention, and load balancing. These cookies are typically essential and cannot be switched off in our systems.
Analytics and performance: Help us understand how visitors interact with buran-au.com, including pages visited, time spent, and error messages. Data is usually aggregated and used to improve performance and usability.
Advertising and marketing: May be used, where permitted, to measure campaign effectiveness, track conversions from affiliates, and deliver targeted offers. These cookies are generally optional and may require consent.

Managing Cookies

You can manage or delete cookies through your browser settings. Instructions are typically available in the "Help" or "Settings" section of your browser.
You may be able to opt out of certain third-party analytics and advertising cookies via the providers' own opt-out mechanisms.
Disabling or blocking some cookies may impact the functionality of buran-au.com and could limit your ability to use certain features, including secure login and account-related tools.

Data Security

Observe: Offshore gambling services process sensitive financial and behavioural data, making robust security controls essential.

Expand: We use a combination of technical, organisational, and physical safeguards designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. While no system can be guaranteed 100% secure, we strive to maintain security in line with recognised industry practices.

Reflect: The following measures summarise our approach to data security.

Technical Measures

Encryption in transit: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher, subject to the capabilities of your device and browser.
Encryption at rest: Sensitive data fields are stored using encryption, hashing, or tokenisation where appropriate.
Access controls: Role-based access control limits data access to authorised personnel and systems that require it for their duties.
Network security: Firewalls, intrusion detection or prevention systems, and other network security tools are deployed to protect infrastructure.

Organisational and Process Measures

Staff training: Personnel with access to personal data receive periodic training on data protection, confidentiality, and security best practices.
Vendor due diligence: Service providers handling personal data are evaluated for their security posture and are required to implement appropriate safeguards.
Security audits: Regular internal assessments and, where appropriate, third-party security reviews are conducted to test and improve controls.
Standards alignment: While Rabidi N.V. is not publicly certified to standards such as ISO 27001 or SOC 2, our controls are designed to be consistent with key principles of such frameworks.

Incident Response

We maintain incident response procedures to detect, investigate, and mitigate suspected data breaches or security incidents.
Where required by applicable law and where the incident poses a high risk to your rights and freedoms, we will notify relevant authorities and affected individuals without undue delay.

Complaints & Contacts

Observe: Users must have clear channels to raise questions or complaints about privacy and to escalate issues where they believe their concerns have not been adequately addressed.

Expand: Because Rabidi N.V. is offshore, local enforcement mechanisms in user countries (such as Australia) may be limited in relation to gambling services classified as "illegal offshore gambling services" by ACMA. Nonetheless, we encourage users to contact us directly to resolve privacy-related issues.

Reflect: The following outlines how you can contact us and how we handle complaints.

Primary Contact Channels

Support email: [email protected]
General / privacy email: [email protected]
Press: [email protected] (for media-related enquiries)
Postal address: Rabidi N.V., Curaçao (full postal address will be provided in this policy once confirmed).

Complaint Procedure

Initial contact: Send your complaint or query to [email protected], describing the issue, relevant dates, and any supporting evidence.
Acknowledgement: We will aim to acknowledge receipt of your complaint within 7 business days.
Investigation: Your complaint will be reviewed by relevant departments (such as compliance, security, or customer support). We may request additional information to clarify your concerns.
Response: We aim to provide a substantive response within 30 days of receiving all necessary information. Complex matters may require additional time, in which case we will inform you of the delay and expected timeline.
Escalation: If you are unsatisfied with our response, you may request further review by our internal compliance or management team via the same contact channels.

External Authorities

Given Rabidi N.V.'s location in Curaçao and the offshore nature of its services, oversight is primarily exercised by the Curaçao licensing authority and associated bodies. Users located in Australia should be aware that:

The Australian Communications and Media Authority (ACMA) may block offshore gambling sites and issue enforcement actions, but does not regulate their privacy practices directly for consumer redress.
Where local data protection authorities exist in your country of residence, they may have limited jurisdiction over an offshore operator licensed in Curaçao.

You are, however, always entitled to seek independent legal advice or contact relevant consumer or privacy organisations in your jurisdiction for guidance on your options.

Updates

Observe: Legal and regulatory frameworks for privacy and online gambling evolve over time, and our processing activities may also change. The Privacy Policy must therefore be updated periodically.

Expand: Users should be informed when changes are material, with sufficient notice and, where appropriate, options to object or discontinue use of the service.

Reflect: This section describes how we will notify you of changes and how version control is managed.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal obligations, or technical and organisational measures.
Material changes, especially those that significantly affect your rights or the way we use your data, will be highlighted.

Notification Methods

Website notices: We may display banners or prominent notices on buran-au.com informing you of significant updates.
Email communication: Where we hold your email address and the change is material, we may send you an email summarising the updates.
Account dashboard: For registered players, key changes may also be flagged via account notifications or message centre, where available.

Advance Notice and User Options

For significant changes that materially affect your rights or obligations, we will provide, where practicable, at least 30 days' notice before the changes take effect.
If you do not agree with the updated Privacy Policy, you may choose to stop using buran-au.com and, if you hold an account with the Buran brand, request account closure in accordance with the applicable terms and conditions.

Version Control

Last updated: January 2026
We maintain internal records of previous versions of this Privacy Policy and the dates on which they were in effect. On reasonable request, we may provide you with information about prior versions relevant to your query.