Privacy Policy

General Information

Rooli Casino upholds strict privacy standards in line with major regulations such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR). The policy applies to all website interactions, services, and related communications. The platform caters exclusively to adults aged 18 and above. We take no deliberate steps to collect information from minors, and any such data found will be managed according to applicable legal requirements.

About the Operator

Novatrix SRL owns and manages the website. This Costa Rican company carries registration number 3-102-893958, with its registered office situated in the Province of Cartago, County of Oreamuno, Potrero Cerrado, on the north side of Manuel Ávila Camacho School. As the data controller, the company decides the reasons and methods for processing personal data outlined in this document.

To ensure ongoing compliance and address privacy matters, a Data Protection Officer (DPO) has been designated. Users may contact the DPO at [email protected] for questions about the policy, to exercise their rights, or to raise any concerns related to personal data handling.

Types of Personal Data Collected

We collect several categories of information essential for delivering services, maintaining security, and fulfilling legal duties. These include:

Identity data such as full name, username, date of birth, gender, nationality, and official documents like passports or ID numbers.

Contact details covering residential address with supporting proofs, email address, phone number, and preferred communication methods.

Financial information including banking records, payment card details, and documents confirming source of funds or wealth, such as bank statements or income verification.

Transaction history encompassing deposits, withdrawals, and other financial movements.

Gaming activity data covering games played, session durations, betting patterns, bonus usage, and responsible gaming measures.

Technical information like IP address and general location, login details, browser and device specifications, operating system, and connection methods.

Marketing preferences regarding promotional communications and any additional information provided during contact with support staff.

Purposes and Legal Basis for Processing

Personal data undergoes processing for specific purposes, each backed by a valid legal foundation:

Service delivery, including account management, transaction processing, identity checks, customer assistance, and promotional offers, based on contractual obligations.

Legal compliance covering anti-money laundering (AML) rules, Know Your Customer (KYC) procedures, responsible gaming initiatives, and regulatory reporting, based on statutory requirements.

Fraud prevention to detect and prevent dishonest activities, bonus abuse, and related risks, grounded in legitimate interests for protecting the platform and users.

Marketing and personalization to deliver relevant offers and messages, based on consent or legitimate interests.

Analytics and service improvement through examination of website usage, issue resolution, and experience enhancement, based on legitimate interests.

Security protection against threats, supported by both legitimate interests and legal obligations.

Sources of Data Collection

Data comes from various trustworthy sources to ensure accuracy, security, and regulatory compliance. Primary origins include direct user submissions during registration and service use, identity and address verification agencies, financial institutions handling payments, specialized AML and politically exposed persons (PEP) databases, regulatory and responsible gaming bodies, as well as partners such as affiliates and analytics providers that may supply anonymized or pseudonymous information.

Sharing Personal Information with Third Parties

To maintain smooth operations, we may share data with selected partners under tight controls. Recipients include affiliated companies for internal risk and compliance management, game providers needing minimal details to supply their content, payment processors for handling transactions, marketing partners where consent exists, and regulatory authorities when legally mandated. We also collaborate with AML/KYC service tools, communication platforms, and professional advisors like legal experts or consultants, all governed by data processing agreements.

In situations involving business changes such as mergers or acquisitions, data may transfer to the successor entity, with notification provided where feasible. All third parties must process information lawfully, securely, and only for the specified purposes. Sharing stays limited to what is strictly necessary, and partners cannot use the data for unrelated aims.

International Data Transfers

When personal information transfers beyond the European Economic Area (EEA), adequate safeguards apply. These typically involve Standard Contractual Clauses endorsed by the European Commission or transfers to jurisdictions deemed to offer sufficient data protection levels, thereby preserving user privacy protections.

Data Retention Practices

We retain personal data solely for as long as needed to fulfill the purposes for which it was gathered or to meet legal obligations. Retention duration depends on data type, regulatory demands, and associated risks. Due to anti-money laundering regulations, certain records must remain for at least five years following account closure, preventing earlier deletion in those instances. Anonymized data may persist longer to aid service development and analytical purposes without engaging automated decision-making.

User Rights and Consent

Accessing the platform indicates acceptance of the data practices described, within the bounds of applicable laws. Under GDPR and PIPEDA, users possess several key rights, including the ability to withdraw consent, access or rectify their data, request erasure or processing restrictions, seek data portability, unsubscribe from marketing communications, and lodge complaints with supervisory authorities if rights appear violated.

Automated Decision-Making

The casino typically refrains from fully automated decisions that produce significant effects on individuals. In rare cases where such processes occur, affected users receive separate notification consistent with legal standards.

Data Security Measures

Strong technical, physical, and organizational protections guard personal information against loss, unauthorized access, or improper processing. Secure servers handle data transmission, while access remains restricted to personnel requiring it for legitimate purposes. Player accounts use unique login credentials, and users receive encouragement to enable two-factor authentication (2FA) while safeguarding their account details.

Updates to the Privacy Policy

This policy may undergo periodic updates to align with evolving technology, operational practices, or legal requirements. Users should check it regularly to stay informed about current data management and protection methods.

Contacting Us

For questions concerning this Privacy Policy or personal data practices, contact the Data Protection Officer at [email protected]. General support inquiries can go to [email protected] or through the live chat option available on the website.