Privacy Policy

General Information

Rooli Casino is committed to protecting user privacy in full accordance with relevant regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR). The policy covers all interactions with the website, its services, and any related communications. The platform is designed exclusively for individuals aged 18 and older. We do not intentionally gather data from minors, and if such information is discovered, appropriate actions will be taken to address it according to legal standards.

About the Operator

The website operates under the ownership and management of Novatrix SRL, a company registered in Costa Rica with number 3-102-893958. Its official address is located in the Province of Cartago, County of Oreamuno, Potrero Cerrado, on the north side of Manuel Ávila Camacho School. As the data controller, the company determines the purposes and methods for processing personal information as described in this document.

To support compliance and address any data-related matters, a dedicated Data Protection Officer (DPO) has been appointed. Users can contact the DPO at [email protected] with questions about the policy, to exercise their rights, or to raise concerns regarding personal data handling.

Types of Personal Data Collected

We gather various categories of information necessary for providing services, ensuring security, and meeting legal obligations. These include:

• Identity Data: full name, username, date of birth, gender, nationality, and official identification numbers such as passport or ID details.
• Contact Information: residential address along with supporting documents, email address, phone number, and other communication channels.
• Financial Information: banking details, payment card data, and documents verifying source of funds or wealth, including bank statements or income proofs.
• Transaction Records: information on deposits, withdrawals, and other financial activities.
• Gaming Activity: details about games played, session times, wagering patterns, bonus usage, and responsible gaming interactions.
• Technical Details: IP address and approximate location, login credentials, browser and device information, operating system, and access technology.
• Marketing Preferences: choices regarding promotional communications and any other data shared during interactions with our team.

Purposes and Legal Basis for Processing

Personal data is processed for several key reasons, each supported by an appropriate legal foundation:

• Delivering Services: managing user accounts, handling transactions, identity verification, customer support, and offering promotions — based on contract performance.
• Legal Compliance: fulfilling anti-money laundering (AML) requirements, conducting Know Your Customer (KYC) procedures, supporting responsible gaming, and meeting regulatory reporting obligations — based on legal duty.
• Fraud Prevention: identifying and stopping fraudulent behavior, bonus misuse, and other risks — grounded in legitimate business interests to safeguard the platform and its users.
• Marketing and Personalization: providing tailored offers and communications — based on user consent or legitimate interests.
• Analytics and Improvements: studying website usage, fixing technical problems, and enhancing the overall experience — based on legitimate interests.
• Security Measures: protecting the platform from threats — supported by both legitimate interests and legal obligations.

Sources of Data Collection

Information is obtained from multiple reliable sources to maintain accuracy, security, and regulatory adherence. These include direct submissions from users during registration or service use, verification agencies that confirm identity and address, financial institutions involved in payments, specialized AML and politically exposed persons (PEP) databases, regulatory and responsible gaming authorities, as well as business partners such as affiliates and analytics services that may provide anonymized or pseudonymous data.

Sharing Personal Information with Third Parties

In order to operate effectively, we may disclose data to carefully selected partners under strict controls. This includes group companies for internal risk management and compliance purposes, game providers who require limited details to deliver their titles, payment processors for transaction handling, marketing partners when consent is given, and regulatory bodies when legally required. We also work with AML/KYC tools, communication software providers, and professional advisors such as lawyers or consultants, all bound by data processing agreements.

In cases of business transfers like mergers or acquisitions, data may be shared with the new entity, with prior notice provided where possible. All third parties are required to handle information lawfully, securely, and solely for the agreed purposes. We limit sharing to the minimum necessary and prohibit partners from using data for their own unrelated objectives.

International Data Transfers

When personal information moves outside the European Economic Area (EEA), suitable protections are applied. These may include Standard Contractual Clauses approved by the European Commission or transfers to countries recognized for adequate data protection levels, ensuring continued safeguards for user privacy.

Data Retention Practices

We keep personal data only for as long as required to achieve the original collection purposes or to satisfy legal requirements. Factors such as the type of data, applicable regulations, and potential risks influence retention periods. Due to anti-money laundering rules, certain information must be retained for at least five years after account closure, making earlier deletion requests impossible to fulfill in those cases. Anonymized data may be kept longer to support service enhancements and marketing analysis without involving automated decision processes.

User Rights and Consent

Using the platform implies consent to the data practices described here, subject to applicable laws. Under GDPR and PIPEDA, individuals have several important rights, including the ability to withdraw consent, access or correct their data, request deletion or restriction of processing, seek data portability, opt out of marketing messages, and file complaints with supervisory authorities if they feel their rights have been infringed.

Automated Decision-Making

The casino generally avoids fully automated decisions that could significantly affect users. Should such processes be employed in limited situations, affected individuals will be notified separately in line with legal requirements.

Data Security Measures

Robust technical, physical, and organizational safeguards are in place to protect personal information from loss, theft, or unauthorized processing. Data is transmitted via secure servers, and access is restricted to authorized personnel who need it for legitimate business reasons. Player accounts are secured with unique credentials, and users are encouraged to activate two-factor authentication (2FA) while keeping login details strictly confidential.

Updates to the Privacy Policy

This policy may be revised periodically to reflect changes in technology, operations, or legal obligations. Users are advised to review it regularly to remain aware of how their information is managed and protected.

Contacting Us

For any inquiries about this Privacy Policy or the handling of personal data, please reach out to the Data Protection Officer at [email protected]. General support is also available through [email protected] or the live chat feature on the website.