Privacy Policy

This privacy policy sets out how royalacecasino, accessible only via royalacez.com, manages personal information. It is designed to inform players and website visitors about their data rights and the procedures we follow to ensure compliance with the Australian Privacy Act 1988 (Cth), associated Australian Privacy Principles (APPs), and global industry standards. This policy applies to all users of royalacez.com and takes effect from 1 January 2025.

Who We Are

OBSERVE: royalacecasino operates exclusively via royalacez.com and is owned by Ace Revenue Group. Legal details are drawn from business registration in Costa Rica. While registration exists, formal gaming authorisation, headquarters, and Australian licensure are not specified.
EXPAND: Transparency requires maximum available disclosure. Due to the absence of a Data Protection Officer (DPO), a designated contact person must be established.
REFLECT: All user queries about privacy should be directed to the provided point of contact.

Legal Entity: Operated by an entity of Ace Revenue Group, registered in Costa Rica for business purposes.
Registered Address: Not specified (business address in Costa Rica used for registration only; not a gambling regulatory licensing address).
Australian Operation Note: royalacez.com is not licensed by Australian regulators and is not permitted to target or offer services lawfully to Australian residents.
Contact for Data Protection: Sophie Williams (Interim Data Protection Contact). For all privacy inquiries, email via the contact form on royalacez.com.
Parent Company: Ace Revenue Group; associated brands include Planet 7 Casino, Silver Oak Casino, and Captain Jack Casino.

What Personal Data We Collect

OBSERVE: Australian privacy law requires transparent disclosure of collected data categories.
EXPAND: Data breaks down into personal identifiers, financial, technical, and behavioural information plus data from cookies and similar tracking.
REFLECT: Full classification demonstrates compliance with the APPs and informs user consent.

Personal Data: Full name, date of birth, postal address (if provided), email address, and phone number provided during account registration or support queries.
Technical Data: Internet Protocol (IP) addresses, device details (operating system, browser), session activity, and system logs.
Payment Data: Transaction histories, payment provider details, and relevant banking or e-wallet information (processed securely through payment partners).
Behavioural Data: Wagering activity, game selections, bet amounts, account actions, navigation routes, and on-site clickstream data.
Cookie and Tracking Data: Session cookies, persistent cookies, and third-party tracking (for authentication, risk management, analytics, personalisation, and advertising).

Legal Basis for Processing

OBSERVE: Under AU law, clear legal grounds must be established for data processing.
EXPAND: These include explicit consent, contract fulfilment, legitimate interests, and compliance with regulatory obligations.
REFLECT: Each lawful basis is explained with corresponding user protections.

Consent: User consent is obtained when creating an account, subscribing to marketing, or accepting cookies. Consent can be withdrawn at any time, subject to legal or regulatory constraints.
Performance of Contract: Processing is necessary for delivering services, verifying account, paying out winnings, and facilitating gameplay as per the site's Terms and Conditions.
Legitimate Interests: Data is processed to prevent fraud, maintain security, improve services, and perform analytical assessments provided these uses do not override user interests or rights.
Legal Compliance: Processing is required to meet legal obligations such as Anti-Money Laundering (AML), Know Your Customer (KYC) checks, and for reporting to appropriate authorities when required.

Protective Clause: royalacecasino (on royalacez.com) does not process sensitive personal data unless required by law or with explicit user consent.

Purpose of Processing

OBSERVE: Clearly articulating processing purposes is mandatory under AU law.
EXPAND: The core functions relate to service delivery, legal compliance, operational improvement, and marketing within lawful boundaries.
REFLECT: Each purpose supports user service, safety, and regulatory obligations.

Service Provision: To create, operate, and maintain user accounts; process bets and payments; provide access to casino games on royalacez.com.
Customer Communications: To send service-related notifications, respond to queries, and resolve requests.
Security and Fraud Prevention: For user verification, account security, anti-fraud systems, and monitoring of suspected illegal activity.
Analytics and Improvement: Assessing site usage to enhance performance, troubleshoot issues, and adapt offerings based on aggregate trends.
Marketing (with consent): Providing promotional materials by email or other electronic means, subject to user preferences. Consent for marketing can be managed at any time.
Legal and Regulatory Requirements: Fulfilling obligations under applicable laws, including gambling law compliance and governmental reporting duties.

Protective Clause: Personal data is never sold, traded, or used for unrelated purposes.

Disclosure & Sharing

OBSERVE: AU law requires transparency about third-party disclosures.
EXPAND: Disclosures to payment processors, technical support, regulatory bodies, and, where applicable, affiliates or advertising partners are described.
REFLECT: Legitimate, contract-bound sharing preserves user confidentiality.

Service Providers: IT, hosting, software suppliers, and technical support partners receive data as required to maintain services, under strict contractual safeguards.
Payment Partners: Information is shared with payment processors to manage deposits, withdrawals, and fraud checks in accordance with required security procedures.
Regulatory Authorities: Information may be passed to national and international authorities or courts, only when legally required under applicable law. (Note: royalacecasino is NOT regulated or licensed in Australia.)
Affiliates and Advertising Partners: Data is shared for marketing or analytical purposes only with user consent and in compliance with privacy laws.
Corporate Transactions: In the event of company acquisition, merger, or asset sale, personal data may be transferred, with notice given to all affected users.

Protective Clauses: All third-party transfers are governed by data processing agreements and confidentiality obligations. royalacecasino does not permit unauthorised data sales or sharing.

International Transfers

OBSERVE: AU data protection law requires notification of any overseas transfer of personal information.
EXPAND: Data may be stored, processed, or accessed in Costa Rica and other international jurisdictions, dependent on service provider locations.
REFLECT: Appropriate safeguards such as contractual clauses are implemented to minimise overseas data risks.

Potential Transfer Destinations: Data may be transferred to and processed in Costa Rica (business registration), the United States, EU/EEA countries, or other territories as required by technical or business operations.
Protection Measures: royalacecasino implements Standard Contractual Clauses (SCCs) and other contractual controls with overseas providers to ensure privacy and security principles are maintained according to AU law.
User Acknowledgement: By using royalacez.com, users consent to their data potentially being transferred outside Australia with proper safeguards.

Protective Clause: If a recipient is not subject to a law substantially similar to the APPs, royalacecasino will take reasonable steps to ensure that the overseas recipient does not breach the APPs.

Data Retention

OBSERVE: AU and industry standards require defined retention periods and destruction protocols.
EXPAND: Different data categories have separate retention timelines to balance regulation, contractual rights, and user privacy.
REFLECT: Retention is the minimum necessary, aligned with legal or operational requirements.

Personal Account Data: Retained for the lifetime of the account and up to 5 years following account closure or final transaction, or as required for legal, regulatory, or dispute purposes (aligns with AU financial crime retention standards to 2025).
Transactional and Payment Data: Maintained as legally required for tax, audit, anti-fraud, or financial integrity purposes (potentially up to 7 years).
Behavioral and Analytical Data: Aggregated and anonymised after 18 months; personally identifiable records deleted after maximum 5 years from collection or account closure.
Cookie and Technical Data: Session data deleted at end of user session; persistent cookies retained for up to 2 years, subject to user deletion.
Deletion Criteria: Data is deleted or irreversibly anonymised when retention periods expire, upon verified user request, or when processing purposes no longer apply (unless further retention is required by law).

Protective Clause: All data destruction is carried out securely and in accordance with established procedures.

Your Rights

OBSERVE: The Australian Privacy Act gives individuals enforceable rights concerning their information.
EXPAND: Users must be informed of, and empowered to exercise, their rights through simple mechanisms.
REFLECT: All rights explanations are user-focused, predefined under APP 12/13 and international best practices.

Access to Data: Users may request copies of the personal information held about them at any time by contacting royalacecasino via royalacez.com.
Correction and Deletion: Users have the right to request corrections to inaccurate data or deletion of data if no longer required for lawful purposes. Deletion requests may be subject to limitations if retention is required by law.
Restriction of Processing: Users can request restriction or pause of processing under certain conditions (such as contesting accuracy or objecting to processing).
Objection: Users can object to processing for direct marketing purposes at any time.
Data Portability: Where technically feasible, users may request their data be transferred to another provider.
Withdrawal of Consent: Users can withdraw consent for marketing or non-essential data processing at any time using internal controls or by contacting the privacy contact.

Procedural Note: Identity verification is required before processing any rights-based request to ensure data protection. response timeframes not to exceed 30 days.

Cookies & Tracking Technologies

OBSERVE: Transparency on cookies is mandatory.
EXPAND: Types, usage purposes, and user control options are disclosed in detail.
REFLECT: Plain explanations facilitate informed user choice.

Session Cookies: Essential for website operation; enable core functionality such as authentication and navigation. Deleted automatically when the session ends.
Persistent Cookies: Store preferences and login information; facilitate faster access during future visits (retained up to 2 years unless cleared by user).
Third-Party Cookies: Used for analytics (e.g., monitoring site usage), advertising, and personalisation. Subject to third-party provider policies.
Control and Disabling: Users can manage or disable cookies via browser settings or a panel provided at royalacez.com. Some functionalities may be impaired if cookies are disabled.

AU Regulatory Note: Use of non-essential cookies on royalacez.com requires user opt-in consent in line with best practice data protection standards (2025).

Data Security

OBSERVE: AU security requirements dictate a robust technical and organisational framework.
EXPAND: Security encompasses encryption, access restrictions, staff training, and ongoing risk assessments.
REFLECT: These collective measures ensure confidentiality, integrity, and availability of personal information at royalacez.com.

Technical Measures: Use of SSL/TLS encryption protocols to protect data in transit; storage of sensitive data using industry-standard encryption.
Operational Safeguards: Regular internal and external security audits, patch management, and network monitoring.
Access Controls: Strict access permissions to personal data; staff access strictly limited based on role; comprehensive staff training in data protection.
Incident Response: Established breach notification and incident response plans, including prompt user notification and reporting to authorities as required by law.

Protective Clause: While all reasonable safeguards are employed, no internet transmission or electronic storage is completely infallible. Users are encouraged to safeguard their account credentials.

Complaints & Contacts

OBSERVE: Providing clear avenues for privacy complaints is an APP requirement.
EXPAND: Points of contact must be highlighted; complaint procedures explained.
REFLECT: Process guarantees timely resolution and access to escalation mechanisms.

Contact for Privacy Inquiries: Direct all questions or requests about data protection to Sophie Williams via the secure contact form at royalacez.com. A response will be provided within 10 business days.
Complaint Handling: If you believe your privacy has been breached, submit a written complaint via the website. royalacecasino will acknowledge receipt, investigate, and provide a substantive response within 30 days.
External Escalation: If the outcome is unsatisfactory, Australian users may contact the Office of the Australian Information Commissioner (OAIC) for independent review. Note that royalacecasino (royalacez.com) is not regulated in Australia, which may affect the scope of redress.

Updates

OBSERVE: Users must be notified about policy changes.
EXPAND: Mechanisms for revision, update frequency, and effective date set out as required for dynamic compliance.
REFLECT: This section empowers users to track policy evolution.

Policy Updates: royalacecasino reserves the right to update this privacy policy to reflect changes in the law, technology, or site practice.
User Notification: Material changes will be communicated via notice on royalacez.com and, where appropriate, by email to registered users.
Effective Date of Last Revision: 1 January 2025.

Recommendation: Regularly review this page to ensure awareness of any amendments.