burger icon
Roobet Review Canada
Log In

Privacy Policy

OBSERVE: A privacy policy is required to explain how personal information is collected, used, stored, and shared when you visit roobet-play.ca or use the services reviewed on Roobet, and to support transparency obligations commonly expected under Canadian privacy law principles (including PIPEDA-style notice/consent and provincial equivalents where applicable).

EXPAND: This policy applies to (i) website visitors, (ii) account holders/players, and (iii) anyone who contacts us or interacts with our content, links, or communications connected to roobet-play.ca.

REFLECT: By accessing or using roobet-play.ca, you acknowledge the practices described below. Effective date: 6 November 2026.

Who We Are

OBSERVE (System 1): The brand referenced in Roobet is Roobet and the localized domain used for Canada is https://roobet-play.ca. The operator identified in the provided data is Raw Entertainment B.V., registered in Curaçao.

EXPAND (System 2): Because users in Canada may rely on this policy for informed consent and to exercise privacy rights, we provide corporate identity, registration, and a dedicated privacy contact channel. We also clarify that gambling licensing is held in Curaçao and that Ontario-specific licensing is not indicated in the provided data.

REFLECT: If you need to contact us about privacy, use the contact details below and include sufficient information to verify your identity and locate your account/records (to avoid unauthorized disclosure).

  • Operator (legal entity): Raw Entertainment B.V.
  • Registered / legal address: Fransche Bloemweg 4, Curaçao
  • Company registration: Raw Entertainment B.V., Company No. 157205 (Curaçao)
  • Gambling license (as provided): Curaçao Antillephone N.V., License No. 8048/JAZ (validator: https://validator.antillephone.com; last verified in source: 15 May 2024)
  • Privacy contact (DPO / Data Protection function): Data Protection Department, Raw Entertainment B.V. (email and phone: not specified in provided data)
  • Primary website for this policy context: https://roobet-play.ca
  • Related policies (as adapted for this geo):
    • Terms: https://roobet-play.ca/terms
    • Privacy: https://roobet-play.ca/privacy
    • AML: https://roobet-play.ca/aml

What Personal Data We Collect

OBSERVE: To operate and secure services associated with roobet-play.ca (and to support the user experience described by Roobet), various categories of personal information may be collected directly from you and automatically from your device/browser.

EXPAND: In online gambling contexts, privacy risk is driven by identity verification (KYC), financial crime controls (AML/CTF), and fraud/security monitoring. This implies collection of identifiers, verification evidence, payment details, and behavioral/transactional logs, subject to minimization and purpose limitation.

REFLECT: We limit collection to what is reasonably necessary for the purposes described in this policy, and we use layered controls (access limitation, security measures, retention limits) to reduce privacy impact.

Information you provide

  • Account & identity data: full name, date of birth, username, password (stored in hashed/secured form), email address, phone number, residential address, country/province, and identity verification data where required for KYC.
  • Verification (KYC) data: government ID details, proof of address, selfie/liveness checks, or other verification evidence (as required by applicable AML/KYC controls or risk-based checks).
  • Support & communications: messages sent to support, complaint submissions, and records of correspondence.

Information collected automatically

  • Technical data: IP address, device identifiers, browser type/version, operating system, language, time zone, referring/exit pages, crash logs, and diagnostic data.
  • Usage & behavioral data: pages viewed, clicks, navigation paths, session duration, feature interaction, and similar activity logs (including product interaction signals relevant to betting/casino gameplay where applicable).
  • Location data: approximate location derived from IP address for security, fraud, and compliance screening.

Payment and transaction data

  • Payment data: deposit/withdrawal method details (e.g., payment processor tokens), transaction IDs, wallet addresses (for crypto where used), and related verification outcomes. We do not intentionally collect full payment card numbers where a third-party processor can tokenize them.
  • Financial records: deposits, withdrawals, chargeback/dispute history, and AML screening outcomes as required to operate services and prevent fraud.

Cookies and similar technologies

  • Cookie data: identifiers and preferences stored by cookies, SDKs, pixels, local storage, and similar technologies to maintain sessions, remember settings, measure performance, and (with consent where required) support advertising.

Legal Basis for Processing

OBSERVE: Processing must be tied to clear grounds and communicated to users. In Canada, consent and reasonableness are central (PIPEDA-style principles), and in cross-border operations additional legal bases may apply depending on user location and applicable frameworks.

EXPAND: For gambling services, several concurrent grounds typically apply: performance of a contract (service delivery), legal obligations (AML/KYC and recordkeeping), legitimate interests (security/fraud prevention and service improvement), and consent (marketing/cookies). Where Canadian consent standards apply, we aim to obtain meaningful consent, offer withdrawal options, and ensure purposes are stated in understandable language.

REFLECT: We rely on one or more of the following bases, depending on context and the specific processing activity:

  • Consent: for optional processing such as certain cookies/advertising technologies and marketing communications, subject to your settings and opt-out choices.
  • Contract fulfillment: to create and manage your account, provide gameplay/services, process deposits/withdrawals, administer promotions, and provide customer support.
  • Legitimate interests: to protect our services, users, and business (e.g., cybersecurity, fraud prevention, risk management, service analytics), provided such interests are not overridden by your rights and reasonable expectations.
  • Compliance with legal obligations: to meet KYC/AML/CTF, sanctions screening, responsible gambling controls where applicable, regulatory reporting, and lawful requests from competent authorities.

Regional compliance note (Canada): Where Canadian privacy law applies, we design processing around notice, meaningful consent (when required), limiting collection, limiting use/disclosure, safeguards, openness, access, and challenge-compliance principles. If you are in Ontario, please note the provided data indicates Roobet is not listed/licensed by iGaming Ontario/AGCO (see: https://igamingontario.ca/en/operator/operators).

Purpose of Processing

OBSERVE: Personal information is used to operate roobet-play.ca services referenced by Roobet, maintain user accounts, and keep the platform secure.

EXPAND: Gambling platforms also need to detect fraud, prevent underage access, comply with AML/KYC, and maintain records for disputes and auditing. Marketing and analytics are optional or consent-based where required, and should be separated from core service delivery.

REFLECT: We use personal data for the following purposes:

  • Service provision: account registration, authentication, gameplay access, transaction processing, and customer support.
  • Security and integrity: fraud detection, account security, abuse prevention, bot detection, and investigation of suspicious activity.
  • Compliance: KYC verification, AML/CTF checks, sanctions screening, age verification, recordkeeping, and responding to lawful requests.
  • Service improvement: debugging, performance monitoring, product development, and user experience optimization.
  • Analytics: aggregated and/or pseudonymized measurement of site performance and feature usage.
  • Marketing (where permitted): sending promotional emails and messages and providing personalized offers where you have consented or where otherwise permitted by law; you may withdraw consent/opt out at any time.

Disclosure & Sharing

OBSERVE: To deliver services securely and reliably, information may be shared with third parties such as payment processors, verification providers, analytics vendors, and regulators/authorities where required.

EXPAND: Disclosures should be limited, purpose-bound, and subject to contracts requiring confidentiality, security safeguards, and restricted use. In gambling contexts, sharing with KYC/AML vendors and payment partners is commonly necessary. Advertising sharing should be consent-based where required and clearly described.

REFLECT: We may disclose personal information in the following scenarios:

  • Service providers (processors): hosting, cloud infrastructure, customer support tooling, analytics providers, security monitoring, email delivery, and IT maintenance - only to perform services for us under contractual obligations.
  • Payment partners: payment processors, banking partners, crypto on/off-ramp providers, and fraud/chargeback prevention services to process transactions and manage financial risk.
  • Identity/KYC/AML vendors: verification providers and screening databases to verify identity and comply with financial-crime prevention requirements.
  • Affiliates and marketing partners: where you have provided consent (or where otherwise permitted), for attribution, campaign measurement, and promotions. You can withdraw marketing consent at any time.
  • Regulators and authorities: Curaçao licensing-related entities (as applicable), law enforcement, courts, or other competent authorities when legally required or to protect rights, safety, and the integrity of services.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and notice where required.

Important caution (Canada/Ontario): If you access services from jurisdictions where the operator is not locally licensed (e.g., Ontario per the provided source note), you should understand that local gambling regulators may not provide consumer redress for disputes. This notice does not change your privacy rights, but it may affect available gambling regulatory complaint pathways.

International Transfers

OBSERVE: The operator is registered in Curaçao (Raw Entertainment B.V., Fransche Bloemweg 4, Curaçao). This implies personal information may be processed outside Canada depending on where servers, vendors, and support teams are located.

EXPAND: Cross-border transfers can create access by foreign courts/law enforcement. Canadian privacy guidance typically expects organizations to disclose cross-border processing and use contractual/technical safeguards. Additional transfer mechanisms (e.g., Standard Contractual Clauses) may be used when required by other applicable regimes.

REFLECT: Your information may be transferred to and processed in Curaçao and other countries/regions where we, our affiliates, or our service providers operate (including locations of cloud hosting and security vendors). We use safeguards such as:

  • Contractual protections: data processing agreements, confidentiality obligations, and (where relevant) standard contractual clauses or equivalent contractual commitments for cross-border processing.
  • Security measures: encryption in transit, access controls, logging/monitoring, and vendor security reviews.
  • Transfer risk controls: limiting transferred data to what is necessary, and using pseudonymization or tokenization where feasible.

Note on "Privacy Shield": We do not rely on "Privacy Shield" as a general transfer mechanism. Where cross-border transfer frameworks are relevant, we rely on contractual and technical safeguards appropriate to the circumstances.

Data Retention

OBSERVE: Retention must be limited to what is necessary for identified purposes, including legal compliance (KYC/AML), security, and dispute handling.

EXPAND: Gambling platforms often must keep certain records for several years after account closure to meet AML/financial recordkeeping and to resolve chargebacks, fraud investigations, and complaints. Retention should be category-based, with deletion/anonymization where possible. Canada's "reasonableness" and limiting retention principles suggest clear retention logic and secure disposal.

REFLECT: Unless a longer period is required or permitted by law, we apply the following retention approach (timeframes shown are maximum targets and may be adjusted to meet legal requirements in specific cases):

  • Account profile data: retained while your account is active and up to 5 years after account closure for compliance, dispute resolution, and fraud prevention.
  • KYC/verification records: retained up to 5 - 7 years after verification or account closure (whichever is later), where needed to meet AML/KYC recordkeeping and audit requirements.
  • Transaction and payment records: retained up to 7 years to address financial reporting, chargebacks, audits, and AML obligations.
  • Security logs and device/technical logs: typically retained from 90 days to 24 months depending on risk, investigation needs, and system requirements.
  • Marketing preferences and consents: retained until you withdraw consent/opt out, plus a limited period to maintain suppression lists (to respect your opt-out) and demonstrate compliance.
  • Support communications and complaints: retained up to 5 years after resolution, unless longer retention is necessary for legal claims or regulatory inquiries.

Deletion criteria: We delete, anonymize, or securely archive data when (i) the retention period expires, (ii) the processing purpose is fulfilled, (iii) you submit a valid deletion request (subject to legal exceptions), or (iv) storage is no longer necessary for security/compliance.

Your Rights

OBSERVE: Users should be able to access and control their personal information. The prompt requires detailed alignment with GDPR-style rights and Mexican privacy law references, while the page must be adapted for Canada.

EXPAND: In Canada, rights are commonly framed as access and correction, withdrawal of consent (subject to legal/contract limits), and complaint/challenge mechanisms. For users who may also be protected by other regimes (e.g., GDPR due to location/circumstances) or who request GDPR-style handling, providing a rights framework improves transparency. The prompt also requires Mexican law alignment: Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and ARCO rights (Access, Rectification, Cancellation, Opposition) should be referenced as an alignment standard, without misrepresenting jurisdictional applicability.

REFLECT: Subject to applicable law and verified identity, you may exercise the following rights. Some requests may be limited where we must retain data for AML/KYC, fraud prevention, legal claims, or other legal obligations.

Rights you may request

  • Access: obtain confirmation of whether we process your data and receive a copy of relevant personal information.
  • Correction/Rectification: correct inaccurate or incomplete personal information.
  • Deletion/Cancellation: request deletion where data is no longer necessary or where consent is withdrawn, subject to legal retention duties (e.g., AML/KYC recordkeeping).
  • Restriction: request restriction of processing in certain circumstances (e.g., contesting accuracy or objecting while we assess grounds).
  • Objection/Opposition: object to processing based on legitimate interests and/or object to direct marketing at any time.
  • Portability: request a copy of certain data you provided in a structured, commonly used format where technically feasible and where required by applicable law.
  • Withdraw consent: withdraw marketing consent or cookie consent without affecting the lawfulness of processing before withdrawal.

How to exercise your rights (procedure)

  1. Submit a request: send your request to our Data Protection Department (contact details in the "Complaints & Contacts" section). If email is not available in the provided data, submit via available site contact routes or by postal mail to the registered address.
  2. Identity verification: we may request additional information to verify your identity and protect against unauthorized disclosure.
  3. Scope clarification: specify the right you want to exercise, the account identifier (email/username), and the relevant timeframe or data category.
  4. Response timeframe: we aim to respond within 30 days (2026 standard), and may extend where legally permitted due to complexity, volume, or verification needs; if extended, we will explain why.
  5. Fees: requests are handled free of charge unless a request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse as permitted by law.

Mexican privacy law alignment (reference standard)

  • ARCO rights: our rights-handling process is designed to align with ARCO-style requests under Mexico's LFPDPPP (Access, Rectification, Cancellation, Opposition) as a best-practice benchmark when relevant.
  • Jurisdiction note: references to Mexican law are provided for alignment and transparency only and do not limit or replace rights you may have under Canadian law or any other applicable regime.

Canada note: Where Canadian privacy law applies, you may also have the right to challenge compliance with our policies and to complain to relevant privacy regulators (see "Complaints & Contacts").

Cookies & Tracking Technologies

OBSERVE: Cookies and similar tools are used to provide core site functions, improve performance, and (where permitted) deliver advertising and measure campaigns.

EXPAND: Canadian consent expectations generally require clear notice and meaningful choice for non-essential tracking. For advertising cookies, consent should be obtained where required. Users must be given practical control via browser settings and, where offered, internal preference tools.

REFLECT: We use the following categories of cookies/trackers on roobet-play.ca:

  • Strictly necessary (functional) cookies: session management, authentication, security, load balancing, and fraud prevention. These are generally required for the site to function.
  • Preferences cookies: store language, region, and UI settings to improve usability.
  • Analytics cookies: measure traffic, usage patterns, and feature performance to improve services (often aggregated or pseudonymized).
  • Advertising / attribution cookies (third-party): measure campaign effectiveness, limit ad frequency, and (where enabled) help deliver relevant ads; used with consent where required.

How to manage cookies

  • Browser controls: you can block or delete cookies via your browser settings; note that disabling necessary cookies may prevent login or core functionality.
  • Device controls: some mobile devices allow limiting ad tracking via OS privacy settings.
  • On-site preferences: where available on roobet-play.ca, use the cookie banner or privacy settings panel to manage non-essential cookies.

Data Security

OBSERVE: Gambling and financial transactions involve high-risk data and require strong security controls across transmission, storage, access, and monitoring.

EXPAND: Industry-standard controls include encryption, least-privilege access, MFA, secure SDLC practices, logging/monitoring, incident response, and vendor risk management. Claims about certifications must be qualified when not confirmed by provided data; therefore, we reference ISO 27001/SOC 2 as "where applicable" rather than asserting certification.

REFLECT: We implement administrative, technical, and physical safeguards designed to protect personal information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, including:

  • Encryption in transit: TLS 1.2+ for data transmitted between your device and our systems.
  • Encryption at rest: encryption or equivalent protective controls for sensitive data stored in databases and backups, where appropriate to the risk.
  • Authentication controls: strong password requirements and multi-factor authentication (MFA) options and/or internal MFA for administrative access.
  • Access management: role-based access control (RBAC), least privilege, segregation of duties, and periodic access reviews.
  • Monitoring & auditing: security logging, anomaly detection, and regular reviews to identify suspicious behavior.
  • Secure development & testing: vulnerability scanning, patch management, and remediation processes aligned with recognized security practices.
  • Third-party risk controls: due diligence and contractual safeguards for service providers handling personal information.
  • Staff training: ongoing security and privacy training and confidentiality obligations for personnel.
  • Incident response: documented procedures to investigate, contain, remediate, and notify relevant parties where required by applicable law.

Standards note: We aim to align security practices with widely recognized frameworks (e.g., ISO 27001 and/or SOC 2) where applicable. Specific certification status is not provided in the source data.

Complaints & Contacts

OBSERVE: Users need a clear, auditable path to raise privacy concerns and request review. The provided dataset does not specify phone numbers, email addresses, or contact forms; therefore we must offer available routes and transparently disclose the gap.

EXPAND: A compliant complaint process should include steps, identity verification, timelines, escalation, and external authority options. The prompt requires Mexican authority and EU authority contacts "where applicable," but the page is for Canada; we provide these as escalation options only when the user is actually subject to those regimes, while emphasizing Canadian regulator pathways. Because exact operator email/phone are not specified, we provide postal contact via the registered address and direct users to the website's available contact mechanisms (if present) without inventing details.

REFLECT: You can contact and/or complain using the following channels, and we will document and investigate the matter promptly.

Contact channels

  • Online: Use the contact/support options made available on https://roobet-play.ca (contact form details: not specified in provided data).
  • Email: not specified in provided data (if an email address is displayed within your account dashboard or support interface on roobet-play.ca, you may use it for privacy requests).
  • Phone: not specified in provided data.
  • Postal mail (registered address): Data Protection Department, Raw Entertainment B.V., Fransche Bloemweg 4, Curaçao.

Complaint procedure and timelines

  1. Step 1 - Submit: Provide your name, account identifier (email/username), a description of the issue, relevant dates, and what outcome you seek.
  2. Step 2 - Verification: We may request identity verification to protect your information.
  3. Step 3 - Acknowledgment: We aim to acknowledge receipt within 7 days (2026 standard).
  4. Step 4 - Investigation: We review logs, vendor involvement, and applicable legal obligations; we may ask follow-up questions.
  5. Step 5 - Decision/response: We aim to provide a substantive response within 30 days; if more time is needed, we will explain the reason and provide an updated target date.
  6. Step 6 - Remediation: Where appropriate, we will correct records, adjust processing, enhance controls, or provide other suitable remedies.

Escalation to privacy authorities (where applicable)

  • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/en/
  • Canada (example provincial regulators): Depending on your province and applicable law, you may also contact the relevant provincial privacy authority (e.g., Québec's CAI - https://www.cai.gouv.qc.ca/; Alberta OIPC - https://oipc.ab.ca/; British Columbia OIPC - https://www.oipc.bc.ca/).
  • Mexico (if you are subject to Mexican law): INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) - https://www.inai.org.mx/
  • EU/EEA (if GDPR applies to you): You may contact your local supervisory authority; directory: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

OBSERVE: Privacy policies change due to legal updates, vendor changes, security improvements, and product changes. Users should be notified in a clear and timely manner, with version control.

EXPAND: Material changes (e.g., new sharing categories, new purposes, significant cross-border transfer changes) should have advance notice where feasible. For gambling contexts, changes affecting verification/AML processing and marketing/cookies are typically "material." Users should have the option to object or close their account if they do not accept changes (subject to lawful retention obligations).

REFLECT: We may update this policy from time to time. We will communicate updates using one or more of the following methods:

  • Email notice: to your registered email address where we have it on file and where notice is required or appropriate.
  • Website banner: a prominent notice on roobet-play.ca.
  • Account/dashboard alert: an in-product notification where available.

Advance notice for significant changes: For material changes, we will aim to provide at least 30 days' notice before the change takes effect (2026 standard), unless a shorter period is required for security, legal compliance, or risk mitigation.

Your options: If you object to a material update, you may (i) stop using the site, (ii) adjust your consent preferences (e.g., marketing/cookies), and/or (iii) request account closure, subject to legal retention obligations described in "Data Retention."

Last updated: November 2026

Changelog (material changes)

  • November 2026: Initial publication for Roobet context; domain references standardized to roobet-play.ca; timelines and notice periods aligned to 2026; Ontario licensing note included per provided regulatory context; complaint/escalation pathways expanded.