Privacy Notice for Casino Royal Reels
Who Operates This Service
Royal Reels Casino is operated under a licence issued by the Gaming Control Board of Curaçao. The operator functions as the data controller for all personal information collected through royalreelscasino.com.au. Data handling practices reflect the requirements set out in the Landsverordening bescherming persoonsgegevens (National Ordinance on the Protection of Personal Data) and, where applicable, the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).
What Information Is Collected
Account registration requires a full legal name, date of birth, residential address, email address, and a chosen password. Identity verification under Curaçao GCB licensing conditions and AUSTRAC compliance obligations requires a government-issued photo ID — a passport or driver’s licence — and, in some cases, proof of address dated within three months. Payment processing requires card details or e-wallet identifiers, though full card numbers are never stored on Royal Reels Casino servers. During platform use, the system records session timestamps, device identifiers, IP addresses, browser type, and gameplay activity including wager amounts, game selections, and withdrawal history.
Why This Information Is Used
Identity and age verification is a licence condition — the operator cannot lawfully accept deposits or pay winnings to an unverified account. Transaction monitoring is required under Curaçao’s anti-money laundering framework; this means financial activity is assessed against risk thresholds, and unusual patterns are flagged for review. Responsible gambling tools — deposit limits, cooling-off periods, and self-exclusion — depend on accurate account data to function. Customer support cannot resolve disputes or investigate technical issues without access to account and session records. Marketing communications are sent only where the account holder has given explicit consent; withdrawal of that consent is available at any time through account settings.
The Legal Basis for Processing
Processing rests on three grounds. Performance of a contract covers account management, payment processing, and access to games. Legal obligation covers identity verification, AML transaction monitoring, and regulatory reporting. Legitimate interest covers fraud prevention, platform security, and service improvement — in each case, the operator has assessed that the interest does not override individual rights. Where processing rests on consent alone — specifically, direct marketing — that consent can be withdrawn without affecting account access.
Data Retention
Account records are retained for a minimum of five years from the date of account closure, in line with Curaçao GCB requirements and AUSTRAC record-keeping obligations. Identity documents are deleted within 30 days of the verification decision unless a regulatory obligation requires retention. Marketing preference records are retained until consent is withdrawn, at which point suppression is applied within 10 business days. Anonymised aggregate data — used for game performance analysis — is retained indefinitely because it contains no personal identifiers.
Sharing With Third Parties
Payment processors receive only the data necessary to authorise and settle transactions. Identity verification is conducted through a contracted third-party provider operating under equivalent data protection standards. If AUSTRAC or the Curaçao Gaming Control Board requests account or transaction data under their statutory powers, the operator is legally required to comply; in most circumstances, the operator cannot notify the account holder that such a request has been made. Affiliates and marketing partners do not receive personal data — they receive only aggregated, anonymised performance metrics.
Your Rights Under Applicable Law
Under the Australian Privacy Principles and applicable Curaçao law, you can request access to personal data held about you, correction of inaccurate records, and deletion of data where no legal retention obligation applies. Requests are assessed within 30 days. Where deletion is not possible due to a regulatory retention requirement, the operator will explain the specific legal basis for continued retention. Complaints about data handling can be directed to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or to the Curaçao Gaming Control Board.
Cookies and Tracking
A separate Cookie Policy sets out how tracking technologies are used on royalreelscasino.com.au. Session cookies are necessary for platform functionality; their removal prevents login. Analytics and preference cookies can be managed through the cookie consent tool.
Security Measures
Data is encrypted in transit using TLS 1.2 or higher. Stored personal data is encrypted at rest. Access to production systems is restricted to authorised personnel and subject to multi-factor authentication. Penetration testing is conducted annually by an independent security firm. In the event of a breach that creates a likely risk of serious harm, affected users will be notified in accordance with Australian Notifiable Data Breach obligations.
Changes to This Policy
Material changes to this policy will be communicated by email to the address registered on the account at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance.
royalreelscasino.gr.com | [email protected]