burger icon
Roja Bet United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Roja Bet ("Roja Bet", "we", "us", "our"), operated for UK users via rojalbets.com under the Roja Bet profile, collects, uses, discloses and protects your personal data when you visit our websites or use our betting and casino services. It applies to website visitors, registered players, prospective customers and any individual who interacts with our services or support channels.

This Policy is intended to comply with the UK General Data Protection Regulation ("UK GDPR") and the UK Data Protection Act 2018, and to align with comparable international standards for online gambling and remote gaming. It is effective from 6 November 2025 and remains in force until replaced or updated in accordance with the "Updates" section below.

Who We Are

OBSERVE: The operator behind rojalbets.com and the Roja Bet profile is an offshore gambling company licensed in Curaçao, with payment processing support from entities in Cyprus. There is no separate UK-licensed company.

EXPAND: For the purposes of UK GDPR, the primary "data controller" responsible for your personal data is:

  • Controller: Media Entertainment N.V.
  • Registered office / legal seat: Curaçao (full street address not specified in the available corporate information; details may be requested via our support channels).
  • Jurisdiction and licence: Licensed and regulated by Curaçao Interactive Licensing N.V. under Master Licence 5536/JAZ (sublicence associated with the domain rojabet.com), which also covers the services offered via rojalbets.com.
  • Operational domains: Our primary domain for UK-facing access is rojalbets.com. The legacy global domain rojabet.com and related pages (including Spanish-language terms at rojabet.com/info/terminos-y-condiciones) are operated by the same controller and may be accessible from the UK on an offshore basis.

For certain payment methods and ancillary services, Media Entertainment N.V. may use group companies and partners, including (based on the information available):

  • Payment processing entity: New World Times Enterprises Ltd, Cyprus (specific office address not specified in the available information), acting primarily as a payment processor or service provider rather than as a controller.

REFLECT: To exercise privacy rights or ask questions about this Policy, you may contact our data protection contact point:

  • Data Protection Contact / DPO function: Data Protection Officer, Media Entertainment N.V.
  • Email: Please use the dedicated privacy or support contact channel indicated in the "Complaints & Contacts" section and on rojalbets.com, clearly marking your message "For the attention of the Data Protection Officer".
  • Postal contact: You may write to Media Entertainment N.V., Data Protection Officer, at its registered office in Curaçao (full address available on request via support).

Because the brand does not hold a UK Gambling Commission licence and operates offshore, complaints about data protection should be directed to the controller, to the relevant data protection authorities described below, and, for licence-related matters, to the Curaçao licensing helpdesk (helpdesk@curacaolicensing.com).

What Personal Data We Collect

OBSERVE: We collect personal data directly from you, automatically from your devices, and from third parties (such as payment providers and verification services) when you use the rojalbets.com services under the Roja Bet profile.

EXPAND: The main categories of data we process are:

  • Identification and contact data: Full name, username, date of birth, nationality, residential address, email address, telephone number, copy or details of identification documents (passport, ID card, driving licence), proof of address documents, and any information you provide in forms or correspondence with our support team.
  • Account and usage data: Account credentials (hashed passwords), security questions and answers, language and currency preferences, account status (active, self-excluded, closed), communication preferences, log-in times, session data and actions taken while logged in.
  • Gaming and behavioural data: Betting and gaming history (including placed bets, stakes, odds, games played, wins and losses), transaction timestamps, device and session identifiers, click-stream data, navigation paths, time spent on pages, responsible gambling interactions, and information derived from profiling for anti-fraud and safer gambling analytics.
  • Financial and payment data: Deposits and withdrawals, selected payment methods, bank and e-wallet details (such as IBAN, card type and masked card number), payment transaction identifiers, payment verification data, records of chargebacks or payment disputes, and data received from payment processors located in Cyprus or other jurisdictions.
  • Technical and device data: IP address, approximate location derived from IP, device type, operating system, browser type and version, device identifiers, log files, login and access timestamps, and security-related event logs (for example failed login attempts).
  • Cookies and similar technologies: Unique cookie identifiers, web beacons and pixels, tracking scripts, analytics tags and related data about how you use our site, as described in the "Cookies & Tracking Technologies" section.
  • Communication data: Records of chats, emails, support tickets, call notes (if applicable), complaint records, and copies of any documentation you send to us.

REFLECT: In some cases we may receive additional data from third-party verification, risk scoring or marketing partners (for example confirmation of your age, results of sanctions and politically exposed persons checks, or aggregated marketing analytics). We only collect information that is reasonably necessary for the purposes described in this Policy and for compliance with regulatory obligations applicable to offshore gambling operators serving users in the UK and other markets.

Legal Basis for Processing

OBSERVE: Under UK GDPR and comparable frameworks, we must have a valid legal basis for each processing activity. Different activities may rely on different bases.

EXPAND: We rely on the following legal grounds:

  • Performance of a contract: We process your identification, contact, account, gaming and payment data because this is necessary to create, administer and operate your Roja Bet account on rojalbets.com, to take deposits, pay out winnings, provide customer support, and otherwise deliver the services you request as part of the Roja Bet profile.
  • Compliance with legal obligations: As a licensed operator in Curaçao and as a controller subject to UK data protection law when offering services to UK users, we must perform age verification, know-your-customer ("KYC") and anti-money-laundering ("AML") checks, prevent fraud and match-fixing, keep books and records, and respond to lawful requests from competent authorities. These obligations require us to process identification, transaction and related compliance data, sometimes for extended retention periods.
  • Legitimate interests: We process certain data because it is necessary for our legitimate interests or those of third parties, provided these are not overridden by your rights and interests. These interests include:
    • running and improving our business and platforms (including stability, performance and security);
    • preventing fraud, abuse, bonus misuse and other prohibited conduct;
    • performing internal analytics and reporting (for example, understanding game popularity and sports-betting patterns at an aggregate level); and
    • defending and enforcing legal claims, managing disputes and regulatory interactions.
  • Consent: In certain situations we rely on your consent, which you may withdraw at any time. Typical examples include:
    • sending email or SMS marketing communications that go beyond what is strictly necessary for service or transactional purposes;
    • using certain non-essential cookies and tracking tools for analytics or advertising; and
    • sharing data with advertising networks and affiliates for personalised offers, where this is not covered by another legal basis.

REFLECT: Where we rely on legitimate interests, we carry out a balancing assessment to ensure that our interests do not unfairly prejudice your privacy. Where we rely on consent, we will explain clearly what you are consenting to, and you may withdraw that consent at any time using the mechanisms described in this Policy, without affecting the lawfulness of processing prior to withdrawal.

Purpose of Processing

OBSERVE: We use personal data primarily to deliver and manage offshore betting and casino services via rojalbets.com for users accessing under the Roja Bet profile, and to satisfy legal and regulatory obligations in Curaçao and other relevant jurisdictions, while aligning with UK data protection standards.

EXPAND: We process your data for the following purposes:

  • Provision of services and account administration: Creating and verifying your account, enabling deposits and withdrawals, processing bets and wagers, settling markets, crediting bonuses where applicable, communicating account-related information, and providing multilingual customer support.
  • Regulatory and legal compliance: Carrying out KYC and AML checks, preventing fraud and money laundering, complying with sanctions screening, monitoring for suspicious or irregular betting patterns, and fulfilling record-keeping obligations imposed by Curaçao eGaming rules and other applicable regulations.
  • Responsible and safer gambling: Monitoring play patterns, applying self-exclusion and cooling-off requests, enforcing deposit or loss limits where offered, and contacting you where our monitoring flags potential gambling-related risks in line with industry best practices.
  • Service improvement and analytics: Analysing aggregated usage and behavioural data to improve our products, user experience, odds models and risk management, including A/B testing and quality assurance across different markets (for example, comparing behaviour of players from Chile and the UK).
  • Marketing and promotions: Sending marketing communications (where permitted), tailoring promotional content, managing affiliate campaigns, tracking the performance of marketing sources, and preventing bonus abuse and multi-accounting.
  • Security and fraud prevention: Authenticating users, monitoring for unauthorised access attempts, protecting accounts, investigating suspicious transactions, and protecting our systems, players and partners against cyber threats.
  • Dispute resolution and enforcement: Handling complaints and disputes, responding to regulatory or law-enforcement enquiries, and enforcing our terms and conditions and other applicable rules.

REFLECT: We do not use your data for purposes that are incompatible with those listed above. If we wish to use your personal data for a new purpose, we will explain the new use, the legal basis, and your rights in advance, and obtain your consent where required by law.

Disclosure & Sharing

OBSERVE: To deliver our services and comply with applicable laws, we may need to share your personal data with carefully selected third parties inside and outside the UK and European Economic Area ("EEA").

EXPAND: Subject to appropriate safeguards and contractual protections, we may disclose personal data to:

  • Group companies and operational partners: Media Entertainment N.V. and its affiliates, including payment processing entities such as New World Times Enterprises Ltd in Cyprus, for account management, payment processing and support functions.
  • Payment service providers and banks: Card processors, e-wallet providers, bank partners and other financial institutions that process deposits, withdrawals or chargebacks on our behalf, and that may be located in Cyprus, Curaçao or other jurisdictions.
  • Technical and infrastructure providers: Hosting providers, IT security companies, analytics providers, customer support platforms and email/SMS delivery services that help us operate and secure rojalbets.com and related services.
  • Verification and risk management providers: Identity verification companies, sanctions and politically exposed person ("PEP") screening providers, anti-fraud services, and responsible gambling tools that assist us in meeting KYC/AML and safer gambling standards.
  • Affiliates and marketing networks: Affiliate partners and advertising networks may receive limited data (for example, anonymised or pseudonymised identifiers and conversion data) to measure campaign performance and, where you have consented, to personalise offers and track referrals.
  • Regulators and authorities: Curaçao Interactive Licensing N.V. and other regulatory bodies, financial intelligence units, tax authorities, police or other public authorities where required by law or in response to valid legal processes or regulatory requests.
  • Professional advisers: Lawyers, auditors, accountants and other professional advisers who assist us with regulatory and legal obligations, dispute resolution and corporate matters.
  • Business transfers: In connection with any proposed or actual merger, acquisition, asset sale, restructuring or similar transaction involving our business, where permitted by law and subject to confidentiality safeguards.

REFLECT: We do not sell your personal data in the sense prohibited by modern data protection law. Third parties may only use your data for the purposes specified in their contracts with us and must provide at least equivalent protection. Where sharing is based on your consent (for example certain marketing activities), you may withdraw that consent at any time.

International Transfers

OBSERVE: Because Media Entertainment N.V. is established in Curaçao and uses partners in Cyprus and other countries, your personal data may be transferred outside the UK and the EEA.

EXPAND: International data transfers may occur in the following situations:

  • To Curaçao: Your data is processed and stored in Curaçao, where Media Entertainment N.V. is registered and licensed under Master Licence 5536/JAZ, and where core operational and compliance functions are located.
  • To Cyprus: Payment processing and some support services may be carried out by New World Times Enterprises Ltd or other partners in Cyprus.
  • To other countries: Some of our technical, analytics, marketing or support providers may be located in other jurisdictions, including in the EEA or potentially in third countries outside the UK and EEA.

REFLECT: Where your data is transferred from the UK to a country that is not recognised by the UK Government as providing an "adequate" level of data protection, we will implement appropriate safeguards, such as:

  • using standard contractual clauses approved under UK law, combined with additional technical and organisational measures where necessary;
  • ensuring that processors are contractually bound to protect your data, to use it only for specified purposes, and to implement robust security measures; and
  • carrying out transfer risk assessments where required by UK data protection authorities.

Further details of the safeguards used for international transfers can be obtained by contacting us using the details in the "Complaints & Contacts" section, subject to legitimate confidentiality considerations.

Data Retention

OBSERVE: We keep personal data for no longer than is necessary for the purposes for which it was collected, including to satisfy legal, accounting and regulatory requirements in Curaçao and other relevant jurisdictions, while following UK data protection principles.

EXPAND: Retention periods depend on the type of data and the applicable legal obligations:

  • Account and identification data: Basic registration data and KYC documents are typically retained for the duration of your relationship with us and generally for up to five (5) years after account closure or your last transaction, in line with common AML record-keeping requirements, unless a longer period is required by law or justified for the establishment, exercise or defence of legal claims.
  • Gaming and transaction data: Betting history, transaction logs and related records are usually retained for the lifetime of the account and for at least five (5) years after closure, to comply with regulatory and auditing requirements, handle disputes and manage responsible-gambling and fraud-prevention records.
  • Technical logs and security data: Security logs, access logs and similar technical data are generally kept for shorter periods (often from a few months up to two years), unless a longer retention is needed for security investigations, legal claims or compliance purposes.
  • Marketing data: Information used solely for marketing purposes (such as subscription status and communication preferences) is retained until you withdraw your consent or object to marketing, and for a limited period thereafter to record your choice and ensure it is respected.
  • Complaints and dispute files: Records of complaints, regulatory queries and disputes may be retained for extended periods (often up to six or more years, depending on applicable limitation periods) to document the handling and outcome of each case.

REFLECT: When data is no longer needed, we either irreversibly anonymise it (so it is no longer personal data) or securely delete or destroy it. If we cannot fully delete certain data due to legal or technical constraints, we will limit access and use it only for the purposes that require its continued retention.

Your Rights

OBSERVE: As a data subject under UK GDPR, and in alignment with the EU GDPR and comparable frameworks such as the Mexican Federal Law on Protection of Personal Data Held by Private Parties, you have several rights in relation to your personal data.

EXPAND: Subject to certain conditions and limitations, your principal rights include:

  • Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of that data, together with information about how and why it is processed.
  • Right to rectification: You can request the correction of inaccurate personal data and the completion of incomplete data. This may include updating your address, contact details or identification information.
  • Right to erasure ("right to be forgotten"): You can request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (and there is no other legal basis), or where processing is unlawful. We may need to retain certain data despite your request where required by KYC/AML or other legal obligations.
  • Right to restriction of processing: You can request that we restrict the processing of your data (for example, while we verify its accuracy or assess an objection). During restriction, we will store your data but will not use it for most other purposes.
  • Right to object: You may object to processing based on our legitimate interests, including profiling related to such interests. We will stop processing unless we have compelling legitimate grounds. You always have an absolute right to object to direct marketing, including profiling related to marketing.
  • Right to data portability: For certain data that you have provided to us and that we process by automated means on the basis of your consent or a contract, you may request a copy in a structured, commonly used and machine-readable format, and you can ask us to transmit it to another controller where technically feasible.
  • Right to withdraw consent: Where processing is based on your consent (for example, certain marketing or non-essential cookies), you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal but will stop the relevant future processing.

In addition, consistent with principles found in Mexican privacy regulations (including the rights of access, rectification, cancellation and opposition, commonly known as "ARCO" rights under the Mexican Federal Law on Protection of Personal Data Held by Private Parties), we aim to provide transparent, accessible mechanisms and clear timeframes for responding to rights requests.

REFLECT: To exercise any of your rights:

  • Submit a request using the contact methods set out in the "Complaints & Contacts" section, clearly indicating that your request relates to data protection rights (for example, "Data Access Request" or "ARCO / GDPR Rights Request").
  • We may ask you for additional information to verify your identity, particularly for access, erasure and portability requests.
  • We aim to respond within one (1) month of receiving a valid request. For complex or multiple requests, this period may be extended by up to two additional months, in which case we will inform you within the initial month and explain the reasons for the delay.
  • We will handle rights requests free of charge, unless they are manifestly unfounded or excessive (for example, repeated requests). In such cases, we may charge a reasonable fee or refuse the request, as permitted by UK GDPR and comparable laws.

Cookies & Tracking Technologies

OBSERVE: Our websites and platforms use cookies and similar technologies to provide core functionality, improve performance, and support analytics and marketing activities related to rojalbets.com and the Roja Bet profile.

EXPAND: The main types of cookies and similar tools we use include:

  • Strictly necessary (functional) cookies: Session and persistent cookies that are essential for the operation of the site and your account. They enable core functions such as logging in, maintaining your session, managing the bet slip and remembering your language or currency preferences. These cookies are usually set in response to actions you take and cannot be switched off in our systems.
  • Performance and analytics cookies: Cookies (often provided by third-party analytics services) that collect aggregated information about how visitors use the site - for example, which pages are visited most frequently, how users move through the site, and whether error messages occur. This helps us improve site performance and user experience, including for UK users accessing offshore services.
  • Advertising and affiliate cookies: Cookies and tracking pixels used to measure the effectiveness of marketing campaigns, attribute traffic to affiliates, and, where permitted, personalise promotions. These may involve unique identifiers that link your activity on rojalbets.com to an affiliate or marketing campaign.
  • Functionality cookies: Cookies that remember your choices (such as language, region or display preferences) to provide a more personalised experience.

We may also use technologies such as web beacons, tracking pixels and device fingerprinting techniques to enhance security, combat fraud and support analytics.

REFLECT: You can manage cookies in several ways:

  • through your browser settings, where you can block or delete cookies from specific sites or all sites;
  • via any cookie banner or consent management tool we provide on rojalbets.com, which lets you accept or reject non-essential cookies; and
  • by adjusting your device settings to limit tracking where such options are available.

If you disable certain cookies, some features of our site and services may not function properly. For more detailed information about our use of cookies, please refer to any dedicated cookie notice or settings panel on rojalbets.com.

Data Security

OBSERVE: Protecting your personal data is a priority. As an offshore operator handling financial and gaming data for users in multiple jurisdictions, including the UK and Latin America, we implement technical and organisational measures designed to provide an appropriate level of security.

EXPAND: Our security measures include, among others:

  • Encryption in transit and at rest: We use modern transport layer security (TLS 1.2 or higher) to encrypt data transmitted between your browser and our servers, and we apply encryption and access controls to sensitive data stored on our systems.
  • Access control and authentication: Access to personal data is restricted to authorised personnel and service providers who need it for their job functions. We use authentication mechanisms, role-based access control, and logging of access to critical systems.
  • Infrastructure and network security: We operate our infrastructure in secure data centres and use firewalls, intrusion detection and prevention systems, and other industry-standard safeguards to protect against unauthorised access and cyber threats.
  • Organisational policies and training: Staff with access to personal data receive training on data protection, information security, and responsible handling of customer information. Internal policies govern how data is collected, used, stored and shared.
  • Monitoring and testing: We monitor systems for suspicious activity and may conduct periodic security assessments and audits of critical systems and third-party providers, in line with recognised industry practices.
  • Incident response: We maintain procedures to detect, respond to and mitigate personal data breaches. Where a breach poses a risk to your rights and freedoms, we will notify the appropriate data protection authorities and affected individuals in accordance with UK GDPR and other applicable laws.

REFLECT: We endeavour to align our controls with internationally recognised security standards (such as ISO 27001 and SOC 2) where proportionate, although rojalbets.com may not hold formal certifications unless explicitly indicated on our site. No system can be guaranteed to be 100% secure, but we continually review and update our measures to address evolving threats.

Complaints & Contacts

OBSERVE: You have the right to raise questions or complaints about how we handle your personal data. We encourage you to contact us first so we can try to resolve your concerns directly.

EXPAND: You can contact us using the following channels:

  • Data Protection contact / DPO function: Address any privacy-related queries or requests to the "Data Protection Officer" of Media Entertainment N.V. via the contact methods available on rojalbets.com (for example, support email or contact form). Clearly state that your request concerns data protection or privacy rights.
  • Online support and contact forms: Use any live chat, ticketing or contact forms available on rojalbets.com, specifying that your message is for the attention of the Data Protection Officer.
  • Postal address: Media Entertainment N.V., Data Protection Officer, registered office in Curaçao (full address available on request via support).

Complaint procedure (internal):

  1. Submission: Send us a detailed description of your concern or rights request, including relevant dates, account identifiers and copies of any supporting documents.
  2. Acknowledgement: We aim to acknowledge receipt within a reasonable time (typically within a few working days) and will assign a reference to your case.
  3. Assessment and investigation: We will investigate your complaint, review relevant records and, where necessary, ask you for additional information or clarification.
  4. Response: We aim to provide a substantive response within one (1) month of receiving a complete complaint or rights request. For complex cases or multiple requests, this period may be extended by up to two further months; if so, we will inform you of the extension and reasons.
  5. Follow-up: Where appropriate, we will explain corrective measures taken, reasons for refusing a request (if applicable), and any further options available to you.

Escalation to supervisory authorities: If you are not satisfied with our response, or if you prefer not to contact us first, you may have the right to lodge a complaint with a data protection authority:

  • United Kingdom: If you are in the UK, you can contact the Information Commissioner's Office (ICO). Up-to-date contact details are available at ico.org.uk (including online complaint forms, postal address and telephone numbers).
  • European Union / EEA: If you are located in the EEA, you may complain to your local data protection authority or to the authority of the EU Member State where you live, work or where an alleged infringement occurred, in accordance with EU GDPR.
  • Mexico: For users whose data is processed in alignment with Mexican privacy principles, you may have rights under the Mexican Federal Law on Protection of Personal Data Held by Private Parties and may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) using the channels published on its official website.
  • Curaçao regulator (licensing context): For issues related to our Curaçao licence (for example, concerns about regulatory compliance), you may contact the Curaçao licensing helpdesk via helpdesk@curacaolicensing.com. This is not a data protection authority, but it is a point of contact for licence-related complaints.

REFLECT: We will cooperate with competent supervisory authorities and seek to resolve any privacy concerns fairly and in line with our obligations under UK GDPR, EU GDPR where applicable, and comparable international standards, including principles reflected in Mexican privacy law.

Updates

OBSERVE: We may update this Privacy Policy from time to time, for example to reflect changes in our services, technologies, regulatory requirements or best practices for offshore gambling operators serving the UK and other markets.

EXPAND: When we make material changes, we will:

  • post the updated version on rojalbets.com with a revised "Last updated" date;
  • where appropriate, display a prominent notice (such as a banner or pop-up) on the site or within your account dashboard; and
  • for significant changes that materially affect your rights or the way we use your data, provide at least 30 days' advance notice where reasonably practicable, for example by email or account notification.

We maintain version control of this Policy and may provide a brief summary of material changes (a "changelog"), such as:

  • updates to reflect new or clarified legal bases or purposes for processing;
  • changes in our corporate structure, service providers or international transfer arrangements; and
  • enhancements to our security measures or rights-handling procedures.

REFLECT: Your continued use of rojalbets.com and related services under the Roja Bet profile after the effective date of any updated Policy will be treated as acceptance of the revised terms. If you do not agree to changes, you may close your account and exercise your rights (including access, deletion or restriction) as described in this Policy.

Last updated: November 2025.