Player Privacy at Royal Reels AU

What We Collect and Why

We collect personal information because GCB licence conditions and Australian AML obligations require it — not because we want more data than necessary. At account registration, we collect your full legal name, date of birth, residential address, email address and a contact phone number. During identity verification (mandatory under AUSTRAC guidelines), we collect a copy of a government-issued photo ID and, where required, proof of address dated within three months.

Payment processing requires your financial details — card numbers, bank account references or digital wallet identifiers. We do not store full card numbers after a transaction completes; that data is held by our PCI-DSS-compliant payment processors. When you use the platform, we automatically collect device identifiers, IP address, browser type, session duration and gameplay data. This is not optional — it is required for fraud detection and responsible gambling monitoring under the National Consumer Protection Framework.

How We Use Your Information

Your data serves six specific purposes. Identity verification confirms you are who you say you are and that you are at least 18 years old — Australian law is unambiguous on this point. AML and fraud screening checks your activity against sanctions lists and suspicious transaction patterns, as required by AUSTRAC. Account management covers the day-to-day operation of your account, including processing deposits and withdrawals. Customer support uses your data to resolve disputes and respond to queries. Responsible gambling monitoring tracks your activity to identify problem gambling indicators and apply limits where needed under the National Consumer Protection Framework. Marketing communications are sent only where you have provided explicit consent — and you can withdraw that consent at any time without consequence to your account standing.

We do not use your data for purposes beyond these six. We do not sell your personal information to third parties for their own marketing use. This is not a disclaimer buried in fine print — it is an enforceable commitment under APP 6.

Disclosure to Third Parties

We share your information with payment processors to complete transactions, identity verification providers to satisfy KYC requirements, fraud detection services to protect the platform, and regulatory authorities including AUSTRAC and GCB when legally required. All third-party providers are contractually bound to handle your data in compliance with the APPs. We do not transfer your data to countries with weaker privacy protections without first implementing appropriate safeguards — this includes standard contractual clauses where applicable.

Law enforcement and government agencies may receive your data where we are compelled by a valid legal order. We do not volunteer information beyond what is legally required, and we will notify you of any disclosure where the law permits us to do so.

Data Retention

Account records are retained for seven years after account closure. This is not arbitrary — it reflects AUSTRAC’s minimum AML record-keeping requirements. Identity verification documents are retained for the same period. Marketing consent records are retained for the life of the consent plus five years, to demonstrate compliance in the event of a complaint. If you request account closure, your data is not immediately deleted; the seven-year retention period begins from the date of closure.

Your Rights Under the APPs

You have the right to access the personal information we hold about you. Submit a written request to [email protected] and we will respond within 30 days. You have the right to correct inaccurate information — if something is wrong, we will fix it. You have the right to complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs. The OAIC is the relevant authority; we are required to tell you this and we are telling you.

You do not have a general right to erasure under Australian law in the same way EU residents do under GDPR — the Privacy Act 1988 does not provide an equivalent right. Where retention is required by AUSTRAC, we cannot delete records even if you request it.

Cookies and Tracking

We use cookies for session management, fraud prevention and performance analytics. Detailed information about specific cookies, their purpose and duration is set out in our Cookie Policy . You can manage cookie preferences through your browser settings, though disabling certain cookies will affect platform functionality.

Responsible Gambling Data

Your gameplay data — bet amounts, session frequency, win/loss ratios and deposit patterns — is monitored for responsible gambling purposes. This is a GCB licence condition and an expectation under the National Consumer Protection Framework. We use this data to trigger intervention measures, apply cooling-off periods and assess self-exclusion requests. This monitoring is not optional and cannot be switched off — it is a condition of holding an account with us.

Changes to This Policy

We will notify you by email at least 14 days before any material change to this policy takes effect. Continued use of the platform after the effective date constitutes acceptance of the revised policy. If you do not accept the changes, close your account before the effective date.

Contact

Questions about this policy or requests to exercise your rights should be directed to [email protected] . We aim to respond within 30 days. Complaints unresolved after 60 days may be referred to the OAIC.