Rose Casino Privacy Policy
This page is a plain-English guide to the official Rose Casino privacy policy. It explains what data may be collected, why it’s processed, who it may be shared with, how long it can be retained, and what rights you have under UK/EU-style data protection rules.
The official policy lists an effective date of 07/06/2024 and states that you must read and accept the privacy policy during sign-up. If you do not accept, the policy states you should stop using the website.
For related rules that connect to compliance and account use, you can also review the terms and conditions.
Privacy Policy Overview
The privacy policy explains how Rose Casino handles personal data in connection with website use, account creation, support requests, marketing preferences, analytics, payments, and regulatory duties. It also explains how to exercise your rights and where to complain if you believe your data is mishandled.
Who We Are (Controller + DPO Contact)
The official privacy policy states the data controller is Betable Limited. It provides a UK postal address and explains how to contact the Data Protection Officer (DPO) by writing to customer support (using the email address shown on the website’s contact areas) or by post.
| Controller | Address | DPO route |
|---|---|---|
| Betable Limited | Suite 3.05, Colony Jactin House, 24 Hood Street, Manchester, M4 6WX, UK | Contact via the customer support email shown on the contact page, or write to the address above “For the Attention of the Data Protection Officer” |
If you need help finding the correct email channel or submitting a request safely, use customer support and ask them to route your message to the DPO.
What This Policy Covers (Website + External Links)
The policy focuses on data processing tied to the Rose Casino website and services. If the site links to external websites, those sites have their own policies and you should review them separately.
- This policy covers data collected during registration, account use, payments, support chats, and site navigation.
- It may not cover third-party websites you visit via external links.
- If you interact with third-party tools through the site, their processing may also apply.
Your Rights (GDPR) and How to Complain
The privacy policy lists standard data protection rights. These rights can have limits depending on legal obligations and regulatory record-keeping, but the policy explains you can request access and corrections and raise concerns if needed.
- Right to be informed about how your data is used.
- Right of access to request a copy of your personal data.
- Right to rectification to correct inaccurate data.
- Right to erasure (in some cases, with legal limits).
- Right to restrict processing under certain conditions.
- Right to data portability for certain data sets.
- Right to object to certain processing, including some marketing activity.
- Rights related to automated decision-making and profiling.
The policy also states you can complain to the UK regulator for data protection issues, the Information Commissioner’s Office (ICO), if you are unhappy with how your data is handled.
Do I have to accept the privacy policy to register?
Yes. The privacy policy states you must read and accept it as part of creating an account. If you do not accept, the policy states you should stop using the website.
What Data We Collect
The privacy policy lists categories of personal data that may be collected. This can include identity information, contact details, preferences, technical data, and financial information.
| Category | Examples | Why it’s used |
|---|---|---|
| Identity and profile | Name, date of birth, gender | Account creation, verification, service delivery |
| Contact details | Email address, phone number, postcode | Account management, support contact, security alerts |
| Preferences | Preferences, interests | Personalisation and relevant communications |
| Financial data | Financial information including credit/debit card numbers | Payment processing and fraud prevention |
| Technical and device | IP address, browser type/version, operating system | Security, analytics, service improvement |
Do you store card details and financial information?
The privacy policy states financial information can be collected, including credit/debit card numbers. Payment processing is also described as involving third-party providers, so the exact storage and handling can depend on the payment flow and processors used.
How We Use Your Data (Lawful Bases)
The policy describes processing for service delivery, account management, support responses, personalisation, marketing (where consented), analytics, and regulatory compliance. It also references lawful bases such as contract, consent, and legitimate interests.
| Purpose | Lawful basis | User control |
|---|---|---|
| Account and service delivery | Contract | Required to provide the service you request |
| Customer support and security | Legitimate interests | Provide evidence/screenshots to help resolve issues faster |
| Marketing messages | Consent | Opt in/out through account settings and unsubscribe links |
| Analytics and improvements | Legitimate interests (and cookie consent where required) | Control cookie choices via consent and browser settings |
| Regulatory duties | Legal obligation / compliance | Some records must be retained for compliance purposes |
Where identity and age checks are needed, related processing can connect to verification workflows. If you want the operational steps for uploads and status screens, use the verification guide.
Marketing and Preferences (Opt-in/Opt-out)
The privacy policy explains that marketing communications may be sent where you have opted in, and that you can opt out via your account. It also notes that the operator may provide information about promotional offers from affiliated brands.
- Check your account communication preferences.
- Turn off marketing channels you do not want (email/SMS/phone/post where listed).
- Use the unsubscribe option in marketing emails where provided.
- Allow a short period for preference updates to take effect.
- If preferences do not apply correctly, contact support and request confirmation in writing.
Do you share my data with other brands or affiliates?
The policy states data may be shared within group companies and that information about promotional offers from affiliated brands may be provided. It also describes sharing anonymised statistics with investors, affiliates, partners, and advertisers.
Data Retention (5 Years After Account Closure)
The privacy policy states personal data can be retained for five (5) years after account closure. This is described as being required for unresolved matters such as unsettled wagers, complaints, and compliance obligations connected to the Gambling Commission.
| Data type | Retention | Reason |
|---|---|---|
| Account and transaction records | Up to 5 years after closure | Unsettled wagers, complaints, compliance requirements |
| Support/complaint history | Up to 5 years after closure | Evidence for disputes and regulatory obligations |
| Verification-related records | Up to 5 years after closure | Compliance and fraud prevention requirements |
How long do you keep my data after I close my account?
The policy states personal data can be kept for five years after account closure for compliance and unresolved issues like complaints or unsettled wagers.
How and Where We Share Data
The policy describes sharing with group companies and with third-party suppliers who support key functions such as age verification, payment processing, search, and advertising/marketing. It also describes sharing anonymised statistics with investors, affiliates, partners, and advertisers.
| Recipient type | Example services | What may be shared |
|---|---|---|
| Group companies | Group operations and compliance | Account and operational data where needed |
| Service providers | Age verification, payments, marketing tools | Data required to deliver the service securely |
| Partners/advertisers | Reporting and performance | Anonymised statistics (non-identifying) |
International Transfers (Outside EEA, incl. India)
The policy states that some or all personal data may be stored outside the EEA, including in India. It also states that steps will be taken to ensure protections are equivalent to those required within the EEA.
- Some services may use processors located outside the EEA.
- Data transfers can happen for operational reasons (support, processing, analytics).
- The policy states the operator will take steps to keep protections equivalent.
- If you have concerns, you can contact the DPO route described above.
Is my data transferred outside the UK/EEA (including India)?
Yes. The policy states data may be stored outside the EEA, including India, and that steps are taken to ensure equivalent protections.
Cookies and Analytics (Consent + Strictly Necessary)
The policy describes cookie consent via a pop-up and distinguishes between cookies that are strictly necessary for the site to function and cookies used for analytics/measurement. Some cookies may be set by third parties.
| Cookie | Type | Purpose |
|---|---|---|
| JSESSIONID | Strictly necessary | Session management |
| SessionCorrelationId | Strictly necessary | Session correlation / site operation |
| gameServerSessionId | Strictly necessary | Game session handling |
| hasSeenCookiePromp | Strictly necessary | Stores whether you’ve seen the cookie prompt |
What cookies are strictly necessary and can I disable them?
The policy lists several cookies as strictly necessary (including JSESSIONID and others). These are required for site functionality, and disabling them can break login, cashier, or game sessions.
Analytics/Tracking Cookies (Google Analytics + Providers)
The privacy policy states that analytics cookies may be used, including Google Analytics. It also references additional cookies/providers such as Grace Media and EPG for analytics/measurement and related functions.
- Analytics helps understand how visitors use the site and improve performance.
- Some analytics tools are third-party services and may set their own cookies.
- You can often control analytics cookies via the consent pop-up and browser settings.
Do you use Google Analytics?
Yes. The policy references Google Analytics as an analytics tool used on the website.
How to Control Your Data and Cookies
You have practical controls via account settings, consent choices, and browser tools. Cookie choices are often presented via the consent pop-up. Browser settings also let you block or delete cookies, but that can reduce site functionality.
- Use the cookie consent pop-up to accept or reject non-essential cookies where available.
- Clear cookies in your browser if you want to reset consent choices.
- Block third-party cookies in your browser for stricter privacy (may affect games).
- Disable strict extensions temporarily if they break the cashier or chat widgets.
- Update your marketing preferences in your account.
- For data rights requests, contact the DPO route described above.
Access Requests (SAR): How to Get a Copy of Your Data
The policy states you can request access to a copy of your personal data. Requests should be made via the contact route described in the policy, using the customer support email address shown on the site, or by post to the controller address. For best results, include enough details for the team to find your account.
- Use your registered email and state that you are making a data access request.
- Specify what you want (full export vs specific categories like payments, support, verification).
- Include your account identifiers and a clear timeframe if relevant.
- Do not send sensitive documents in public messages; use official secure channels only.
- Keep copies of what you sent and note the date/time.
How do I request a copy of my personal data (SAR)?
Use the policy’s contact route: email the customer support address shown on the site and ask for the request to be handled by the Data Protection Officer, or write to the controller’s postal address marked “For the Attention of the Data Protection Officer”.
Changes to This Privacy Policy
The policy states it can change over time. Changes are posted on the website, and you may be prompted to review and accept updates when you log in. It’s a good habit to check this page regularly, especially after major service changes.
Next Steps
If you want to connect privacy rules to how the account operates, use the related pages below. These are the only internal links on this page.
- For account and compliance rules connected to your use of the site, read the terms and conditions.
- If you need help finding the correct contact channel for a privacy request, use customer support and ask them to route your message to the DPO.
- If you need the practical steps for identity checks and document uploads, follow the verification guide.
FAQ
What is the effective date of the Rose Casino privacy policy?
The policy shows an effective date of 07/06/2024.
Who is the data controller for Rose Casino?
The policy states the data controller is Betable Limited.
How can I contact the Data Protection Officer?
The policy states you can contact the DPO via the customer support email address shown on the site’s contact areas, or by post to the controller address marked “For the Attention of the Data Protection Officer”.
What personal data can be collected?
The policy lists categories including identity details (name, date of birth, gender), contact details (email/phone), preferences, financial information (including credit/debit card numbers), and technical data like IP address and browser/OS information.
What lawful bases are used to process my data?
The policy describes processing based on contract (service delivery), consent (marketing), and legitimate interests (security, improvement), plus compliance with regulatory duties.
How long is my data retained after account closure?
The policy states personal data can be retained for five years after account closure for unsettled wagers, complaints, and compliance obligations.
Is my data shared with third parties (age verification, payments, marketing)?
Yes. The policy describes sharing with group companies and with third-party suppliers for services such as age verification, payment processing, search, and advertising/marketing, and it also mentions sharing anonymised statistics with affiliates/partners/advertisers.
Can my data be stored outside the EEA?
Yes. The policy states data may be stored outside the EEA, including India, and that steps will be taken to ensure equivalent protections.
What cookies are used and how do I control them?
The policy describes a cookie consent pop-up and lists strictly necessary cookies (like session cookies). You can control non-essential cookies via consent choices and browser settings, but disabling essential cookies can break site functionality.
Do you use Google Analytics?
Yes. The policy references Google Analytics for site analytics.
How do I access or delete my data?
You can request access, and you can request corrections. Deletion can be limited by legal and compliance retention requirements, including the stated five-year retention after account closure.
Who do I contact if I’m unhappy with how my data is handled?
The policy states you can complain to the Information Commissioner’s Office (ICO) if you are unhappy with how your data is handled.