Personal Data at Royal Reels Australia
Royal Reels Casino | royalreelsau.co.com
Royal Reels Casino operates under a licence issued by the Gaming Control Board of Curaçao (GCB) and makes its services available to players in Australia. This policy sets out what personal information the platform collects, the purposes for which it is processed, the legal grounds on which processing rests, and the rights available to you under applicable law. The Australian Privacy Act 1988 and the Australian Privacy Principles (APPs) apply to the handling of personal information about Australian residents. Registering an account constitutes acceptance of these practices.
1. Information We Collect
Royal Reels Casino collects personal information across three categories. Registration data includes your full legal name, date of birth, residential address, email address, phone number, and a chosen password. Payment data includes bank account or card details, e-wallet identifiers, and transaction history — full card numbers are not stored on platform servers. Identity verification data includes copies of government-issued photo identification, proof of residential address dated within 90 days, and, for transactions above defined thresholds, documentation of source of funds. Technical data — IP address, device identifiers, browser type, session timestamps, and in-session activity logs — is recorded automatically each time you access the platform. Support correspondence is retained in full, including message content and the contact channel used.
Collection is limited to what is reasonably necessary. The platform does not collect sensitive information beyond what identity verification specifically requires.
2. Purposes of Processing
Account administration covers registration, login, balance management, and account security. Transaction processing covers deposit authorisation, withdrawal execution, and chargeback management. Identity verification and age confirmation are licence conditions under the GCB framework — they are not discretionary. Anti-money laundering monitoring is required under Curaçao’s National Ordinance on the Identification of Clients when Rendering Financial Services, which applies independently of player location. Responsible gambling functions — deposit limits, cooling-off periods, self-exclusion — depend on accurate account data to operate correctly. Direct marketing is processed only where you have given explicit opt-in consent, which you can withdraw at any time through account settings without affecting your access to the platform.
3. Legal Bases for Processing
Processing rests on four grounds. Performance of a contract covers the core operation of your account — registration, payments, and access to games require your personal information to function. Legal obligation covers identity verification, AML transaction monitoring under the National Ordinance, and regulatory reporting to the GCB; these obligations apply regardless of consent. Legitimate interest covers fraud detection, platform security, and abuse prevention — in each case the operator has assessed that the interest does not override individual rights. Consent applies exclusively to direct marketing communications.
4. Identity Verification
Verification is mandatory before any withdrawal is processed, and in some cases before certain deposit thresholds are reached. Required documents are a valid government-issued photo ID (passport, driver’s licence, or national identity card), proof of residential address (utility bill or bank statement dated within 90 days), and — for withdrawals above AUD 10,000 — documentation of source of funds. Verification is conducted through AUSTRAC-registered third-party providers where Australian identity documents are involved. Accounts that do not complete verification within the timeframe specified in the verification request will be restricted; pending withdrawals will be held until the process is finalised. Verification data is retained for a minimum of five years from the date of your last transaction, as required by AML record-keeping obligations.
5. Sharing Personal Information
Personal information is shared only where necessary and only with identified categories of recipients. Payment processors receive the data required to authorise and settle transactions. Identity verification providers receive identity documents under contractual data protection obligations. Fraud detection and cybersecurity services receive session and behavioural data for anomaly analysis. Regulatory authorities — including the GCB and, where legally required, AUSTRAC — receive information in response to lawful requests. No personal information is sold to third parties for commercial purposes. This is a legal position, not a marketing statement.
6. International Transfers
Royal Reels Casino is operated from Curaçao. Personal information is processed by service providers in multiple jurisdictions. Where data is transferred outside Australia, the operator applies contractual safeguards consistent with APP 8 to ensure recipients handle the information under standards comparable to those in the Privacy Act 1988. By using this platform, you acknowledge that international transfers occur as part of normal platform operation.
7. Data Retention
Account records and transaction history are retained for a minimum of five years from account closure, in line with GCB licence conditions and AML obligations. Identity documents are deleted within 30 days of a verification decision unless a regulatory obligation requires continued retention. Marketing preference records are retained until consent is withdrawn; suppression is applied within 10 business days of withdrawal. Technical logs are retained for 12 months. Anonymised aggregate data used for performance analysis is retained indefinitely because it contains no personal identifiers.
8. Your Privacy Rights
Under the Australian Privacy Principles, you have the right to access the personal information we hold about you, to request correction of inaccurate or incomplete records, and to make a complaint if you believe your information has been mishandled. Access and correction requests can be submitted to [email protected] . The operator will respond within 30 days. If a request is refused, reasons will be provided in writing. Complaints that are not resolved to your satisfaction may be referred to the Office of the Australian Information Commissioner (OAIC).
9. Cookies and Tracking
This platform uses cookies and similar tracking technologies. Functional cookies are required for login sessions, security, and platform performance. Analytical cookies measure usage patterns to support platform improvement. Marketing cookies track referral sources and campaign attribution. You can manage cookie preferences through your browser settings; disabling functional cookies will impair platform functionality. A full breakdown of cookies in use is set out in the Cookie Policy available on the platform.
10. Security
Personal information is protected by TLS encryption in transit and AES-256 encryption at rest. Access to personal data within the operator’s systems is restricted to personnel who require it to perform their role, under role-based access controls. Security practices are reviewed periodically. No transmission method is entirely without risk; the operator applies reasonable technical and organisational measures consistent with the sensitivity of the data involved.
11. Changes to This Policy
This policy may be updated to reflect changes in legal obligations, regulatory requirements, or platform operations. Material changes will be communicated by email to the address registered on your account or by prominent notice on the platform. Continued use of the platform after the effective date of a revised policy constitutes acceptance of the updated terms.
12. Contact
Privacy-related enquiries, access requests, and complaints should be directed to [email protected] . The operator will acknowledge receipt within five business days and respond in full within 30 days.