Privacy Policy

Data Controller and Scope

This Privacy Policy applies to all personal data collected and processed by Oreels Casino through the Platform and related services. Oreels Casino is the data controller responsible for your information. If you have privacy concerns or wish to exercise your data rights, you can reach us through the official channels listed in the footer of this website.

Why We Collect Your Data

We collect and process your personal data for the following purposes:

  • Account creation and management: Registration, login, account verification, and profile maintenance.
  • Payment processing: Recording deposits, withdrawals, transactions, and payment history.
  • Regulatory compliance: Know-your-customer (KYC) verification, anti-money laundering (AML) checks, and age confirmation.
  • Security and fraud prevention: Detecting suspicious activity, protecting against fraud, and maintaining Platform integrity.
  • Customer support: Responding to inquiries, resolving disputes, and providing technical assistance.
  • Analytics and improvement: Analysing user behaviour to enhance Platform features and user experience.
  • Marketing and communication: Sending promotional content (only with your consent) and service updates.
  • Legal obligations: Complying with regulations, responding to legal requests, and maintaining audit trails.

Types of Data We Collect

We may collect:

  • Identity data: Full name, date of birth, address, and contact information.
  • Payment data: Bank account details, payment method information, transaction history, and deposit/withdrawal records.
  • Verification data: Government-issued ID, proof of address, and other KYC documentation.
  • Behavioural data: Login times, game preferences, betting patterns, and session history.
  • Technical data: IP address, browser type, device information, and cookie identifiers.
  • Communication data: Messages, emails, and records of your interactions with support staff.

Legal Basis for Processing

We process your data based on:

  • Contract fulfilment: Processing necessary to provide gaming services and manage your account.
  • Legal obligation: Compliance with gaming regulations, AML/KYC requirements, and tax laws.
  • Legitimate interest: Preventing fraud, maintaining security, and improving services (where your rights are not overridden).
  • Consent: Marketing communications and optional data uses (where you have explicitly agreed).

Third-Party Data Sharing

We do not sell your data. However, we may share information with:

  • Payment processors: To facilitate deposits and withdrawals.
  • Regulatory authorities: As required by law or gaming regulations.
  • Identity verification services: To conduct KYC and age verification.
  • Fraud detection services: To protect against suspicious activity.
  • Legal representatives: If required by court order or legal process.
  • Service providers: IT, hosting, analytics, and customer support vendors who process data under confidentiality agreements.

All third parties are contractually obligated to protect your data and use it only as necessary.

Data Retention

We retain your data for as long as:

  • Your account is active.
  • Required by law (typically 5–7 years for financial and regulatory records).
  • Necessary for dispute resolution or legal claims.

Once you close your account, we retain identifying and transaction data for regulatory compliance. Personal data used only for marketing is deleted upon your request.

Cookies and Tracking

Our Platform uses cookies and similar technologies to:

  • Remember your login status and preferences.
  • Analyse how you use the Platform.
  • Improve user experience and personalise content.
  • Comply with security protocols.

You can control cookies through your browser settings. Disabling essential cookies may affect Platform functionality. Analytical and marketing cookies are optional and can be disabled without impacting core services.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update inaccurate or incomplete information.
  • Erasure: Request deletion of your data (subject to legal retention obligations).
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Oppose processing for marketing or analytics purposes.
  • Restriction: Limit how we use your data while a dispute is resolved.
  • Withdraw consent: Revoke any optional data processing you previously agreed to.

To exercise these rights, contact us through the official channels in the footer.

International Data Transfers

If your data is transferred to countries outside your region, we ensure adequate protections through:

  • Standard contractual clauses approved by relevant authorities.
  • Data processing agreements with international partners.
  • Compliance with applicable data protection laws in both jurisdictions.

You will be notified of any material international transfers.

Security Measures

We implement industry-standard safeguards to protect your data:

  • Encryption of sensitive information in transit and at rest.
  • Restricted access to personal data (staff need-to-know basis).
  • Regular security audits and vulnerability assessments.
  • Secure authentication and session management.
  • Incident response procedures to address any data breaches.

While we strive to protect your information, no system is completely secure. Serious security breaches will be reported to you and relevant authorities as required by law.

Policy Updates

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or prominent notice. Your continued use of the Platform after updates constitutes acceptance of the revised policy.

Privacy Rights and Contact

For privacy-related inquiries, data access requests, or to exercise your rights, please use the official contact channels listed in the footer of this website. We will respond to legitimate requests within the timeframe required by law (typically 30 days).

If you have unresolved privacy concerns, you may lodge a complaint with your local data protection authority.