Privacy Notice

Version 2.0

Last update: April 2026

Introduction

Your privacy and trust are important to Romanix Limited (“Company”, “we”, “our” or “us”). We are committed to treating your personal data with the utmost care and transparency.

This Privacy Notice is intended to inform you about the types of personal data we collect, how we use it, and the steps we take to protect it while you enjoy our platforms (the Website and the mobile application). We will also explain your rights regarding your personal data and how you can exercise them.

Who we are

Romanix Limited, based at Quad Central, Birkirkara, CBD 1040, Malta, is responsible for managing how and why your personal data is collected, used and stored when you use our Services. As a "Data Controller" under the European Union's General Data Protection Regulation (GDPR), we ensure that your data is processed responsibly and meets regulatory requirements.

How to contact us

If you have any questions or concerns about how we handle your personal data, or if you would like to exercise your data protection rights, please do not hesitate to contact us:

Data Protection Officer

Email: dpo@romanixltd.com

Mailing address: Romanix Limited, Quad Central, Birkirkara, CBD 1040, Malta

What personal data we collect

We may collect and process personal data about you depending on how you use our platforms, including:

Category	Description
Account data	Name, surname, date of birth, email address, residential address, telephone number, IP address, language, password, personal identification number, ID card/passport details, postal code, city, country, username, and gender.
Identity verification data (AML, KYC, fraud, and risk)	Proof of address, profession, and employment history; expected and actual income levels; source of funds and source of wealth; selfies/photos, bank statements, and tax information; adverse media, criminal conviction report, PEP status, sanctions screening, and proof of bank account ownership.
Transactional data (financial and gaming)	Bank account details, payment instrument details, deposits, withdrawals, refunds, date/time/status of financial transactions, real and bonus account balances, betting and game history (e.g. games played, bets/winnings, session duration), as well as betting events and results.
Communication data	Support tickets, chat transcripts, email transcripts, voice/video and audio call recordings, conversation transcripts, real-time transcription data and automated risk indicators generated during phone interactions, survey responses and customer feedback.
Device and usage data	Login/logout date and time, IP addresses, device identifiers, operating system, browser type/version/setting, login location, time zone, cookies and tracking data (including pixels, web beacons, etc.), and preferred channels for accessing the services.
Marketing data and preferences	Marketing communication preferences (opt-ins/opt-outs), updating preferences, and inclusion in marketing lists.
Special category of personal data	Responsible Gaming (RG) data, such as self-exclusion details, RG scores, interaction history, and any other data indicating potential problematic gambling behaviors. Any other sensitive data required for regulatory compliance.

Why we process your personal data

We process your personal data for the following purposes:

Purpose of processing	Description	Legal basis
Providing services	To provide and deliver our services, including creating and maintaining your account, and to allow you to access our services and features.	The entry into and/or performance of a contract
Customer support and security notifications	To provide support and notify you about security incidents and service availability.	Legitimate Interests Legal obligations
Security and functionality of services	To ensure technical availability, perform data analysis, testing, troubleshooting, and to protect you against security threats and unauthorized access. To protect our rights, systems, and intellectual property, and to take legal action, if necessary, to protect us against claims or disputes.	Legitimate Interests Legal obligations
Analysis and improvement of services	To analyze usage trends and conduct research to develop services, including through the use of statistical analysis to enhance the performance, quality, and user experience.	Legitimate Interests
Risk management and responsible gambling	To detect, deter, prevent and report any suspicious or fraudulent activities, such as abnormal gaming patterns, suspicious manipulation or payment fraud. To promote responsible gambling practices by managing controls, verifying self-exclusion, detecting pathological behavior, and monitoring for signs of potential gambling addiction. When high-risk indicators are identified through automated monitoring systems, relevant interactions are escalated to specialized internal teams for immediate review and appropriate intervention.	Legal obligations Legitimate Interests Substantial public interest
Legal compliance	To perform KYC processes, prevent minor access, comply with AML, anti-fraud, responsible gaming and other regulatory obligations, and to implement fraud prevention measures in accordance with legal and regulatory requirements. This includes real-time risk assessment and escalation protocols in order to ensure player safety and regulatory compliance, including automated monitoring systems that identify and escalate high-risk situations that require immediate human intervention. If necessary, we may also process personal data to ensure compliance with internal policies and procedures directly related to these obligations.	Compliance with legal obligations
Marketing and communication	To send you marketing communications, service updates and surveys via email, text messages, calls (including robocalls), website/app messages, push notifications, or post notifications, or phone calls via AI bots (including real-time, recorded, and synthesized voice messages) tailored to your interests and preferences. We will make automated or AI-assisted calls for direct marketing purposes only if we have your prior consent. You may withdraw your consent at any time, including during a call via an automated opt-out option, by updating your marketing preferences, or by contacting us. We will also comply with applicable rules regarding call ban lists and your marketing choices. Opting out of marketing calls will not affect service or compliance calls that we are bound to make. To allow you to participate in interactive features, such as contests, loyalty programs, promotional events, or engagement surveys. To classify our audience into segments for better targeted communication based on behavior, demographics, or preferences. To provide personalized ads and offers, including creating lookalike audiences and targeting similar customer profiles.	Consent Legitimate Interests
Social features	To enable the linking of social media accounts, referral programs, and content sharing on social media, with your consent.	Consent
User profiling and personalization	To personalize the user experience by analyzing user behavior and providing tailored recommendations for games and offers.	Legitimate Interests Consent (for profiling)
Legal actions and dispute resolution	To establish, exercise or defend legal claims, including the management of legal disputes, regulatory investigations, or compliance with law enforcement requests.	Compliance with legal obligations Legitimate Interests

Where we collect personal data from

We collect your personal data from a variety of sources to provide and personalize our services, as well as to comply with our legal obligations, including:

Directly from you: Information you provide when you use our Website and applications, create or manage your account, and interact with our customer support services.
Publicly available sources: Data from social media, online directories, public databases, and publicly shared media content, such as your name, contact information, and online activities, among others.
Third-party databases and entities: Information from credit agencies, financial institutions, fraud prevention agencies and regulatory bodies, used for identity verification, fraud prevention and anti-money laundering compliance.
Automatically collected data: Information collected through your use of our Website and applications, including device data (such as IP address, device ID, operating system, browser type), usage data (such as login time, pages visited, and interactions), and location data derived from an IP address. We use cookies, web beacons, and other tracking technologies to collect this information and enhance your experience.
Referrals from other users: Information collected if another user refers you to our platform, such as through a “Refer a Friend” program. This may include the contact details provided by the referring individual in order to send you the referral.

Who we share your personal data with

We may share your personal data with the following categories of recipients to provide our services, enhance your experience, and comply with legal obligations:

1. Internal teams and affiliates

Authorized employees, contractors, agents, affiliates and subsidiaries within our business group or associated with our parent company. Access is strictly limited to those who need it to perform their duties, including:

Compliance Teams: For regulatory oversight, responsible gambling interventions, and crisis response;

Customer Support Teams (including escalation levels): For immediate player assistance, account management, and human takeover of automated interactions when necessary;

Risk and Fraud Teams: For security monitoring and fraud prevention;

Legal and Audit Teams: For compliance verification and incident documentation.

When high-risk situations are identified through our automated monitoring systems (such as responsible gambling concerns, safety or crisis indicators, or explicit requests for human assistance), relevant information is shared through secure internal communication channels only with those team members who require immediate access to respond appropriately. All of these escalations create a time-stamped audit trail for compliance and quality assurance purposes.

2. Business transactions

In the event of a change in ownership, control or business structure, such as a merger, acquisition, reorganization, sale of assets, joint venture or other similar transaction, your personal data may be transferred to the relevant parties involved. Any such entity or partner will be required to process your personal data in accordance with this Privacy Notice and applicable data protection laws.

3. Regulatory and law enforcement authorities

We may disclose your personal data to law enforcement agencies, regulators and other government authorities to comply with legal requirements, court orders, investigations or regulatory requests. This includes obligations related to anti-money laundering, fraud prevention, responsible gambling and other regulatory compliance needs.

4. Third-party service providers:

Game providers: We share limited data with trusted providers to provide you with a variety of games.
Customer support providers: Third-party support teams for efficient service management, including our AI bot call provider.
Payment providers: Secure payment processors for transactions, including KYC data if required.
Email, AI bot call and text message providers: For service-related and marketing communications.
Social Media and Digital Platforms: Platforms for social sharing and advertising, with your consent.
Analytics providers: Services like Google Analytics for usage information.
Security and IT providers: Trusted IT and security providers to host, maintain and protect our systems. This includes data hosting services, cybersecurity providers, and infrastructure support to ensure the availability, security, and performance of our platform.
Other providers: Support services such as maintenance, legal services, fraud detection, auditing and marketing.

5. Specialized agencies and bodies

Credit and fraud platforms, identity verification services and other public or private bodies relevant to security and compliance.

6. Advertising and marketing partners

We may share your personal data with advertising and marketing partners, including advertisers, affiliate networks and third-party agencies. These partners help us deliver personalized ads, remarketing campaigns, and targeted promotions across various platforms, including through the use of AI bot calls. This data sharing allows us to optimize marketing strategies and tailor advertisements to your preferences.

7. Data analysis

We work with analytics providers who help us understand user behavior, enhance the platform performance, and refine user experiences. These providers generate insights from data, including usage patterns, engagement metrics, and interaction trends, helping us enhance our services.

International data transfers

Our partners and suppliers operate globally, so we may need to transfer and store your personal data outside the country from which you access our services, including outside the EU/EEA. If your personal data is transferred outside the EU/EEA, we ensure that it is protected by at least one of the following measures:

The destination country has received an adequacy decision from the European Commission, confirming that it provides an adequate level of protection for your personal data;
Your explicit consent has been obtained for the transfer;
The transfer is legally justified and protected by robust safeguards, such as the EU Standard Contractual Clauses or Binding Corporate Rules approved by an EU authority.

If you would like more information about these safeguards, you can contact us by email at dpo@romanixltd.com.

Cookies and third-party tracking technologies

We use cookies and third-party tracking technologies to enhance your experience on our platform, improve the website and network security, analyze the usage, and provide personalized content. For detailed information about the types of cookies we use, their purposes and how you can manage your preferences, please see our Cookie Notice.

Data security

We take the security of your personal data seriously and have implemented robust technical and organizational measures to protect it against unauthorized access, alteration, loss, or misuse. While no method of data transmission or storage is completely secure, we have taken appropriate measures to protect your information. Our security measures include advanced encryption protocols, access controls, regular security audits, and employee training on data protection practices. These measures are regularly reviewed and updated to align with industry standards and to address evolving security threats.

Data retention

We retain your personal data for as long as your account remains active and as long as necessary to fulfill the purposes for which it was collected, including compliance with regulatory, legal, accounting, or reporting obligations. If your account is closed, we determine the appropriate retention period based on several factors, such as:

Volume, nature and sensitivity of the data;
Potential risk of harm from unauthorized use or disclosure;
Applicable legal, jurisdictional, and regulatory requirements;
Our internal policies and industry best practices;
The purposes for which we process your data and whether those purposes can be achieved through other means.

Upon expiry of the retention period, we will securely delete or anonymize your data and ensure it can no longer be associated with you, in which case we may retain and use this anonymized data indefinitely.

Please note that for our customer due diligence purposes, we are bound to retain all documents related to KYC processes for a period of 5 years, starting from the end of the contractual period or the occasional transaction.

Please note that calls made by the AI bot may be recorded or transcribed for quality assurance, compliance, training, and security purposes, and will only be retained for as long as is reasonably necessary for these purposes, in accordance with applicable laws and regulations. Where applicable, you may opt out of recording; if the recording is required to comply with legal or regulatory obligations, we may provide you with alternative contact channels.

Escalated interactions flagged for high-risk indicators (such as responsible gambling concerns, crisis situations, or requests for human intervention) are documented with time-stamped audit trails and may be retained for longer periods, as required for regulatory compliance, player protection, and incident response verification.

Your data protection rights

1. Right of access

You have the right to request a copy of the personal data we hold about you and to receive information about how we process your data.

2. Right to rectification

If your information is inaccurate or incomplete, you may request corrections or updates.

3. Right to erasure

You may request the erasure of your personal data, in whole or in part. We will erase your data if it is no longer necessary for the purposes for which it was collected and there is no commercial or legal requirement to retain it. We will provide you with a response and our reasons for refusal if we are unable to comply with your request.

4. Right to restriction of processing

You may request that we limit the processing of your data under certain conditions, such as while we verify the accuracy of your data or resolve an objection.

5. Right to data portability

You have the right to request the transfer of your data to yourself or to another service provider in a structured, commonly used, and machine-readable format. This right may only be exercised if the data was previously processed based on your consent or for the performance of a contract and only if the data was processed by automated means.

6. Right not to be subject to automated decision-making

As a general rule, you have the right not to be subject to automated decision-making if it produces legal effects or similarly significantly affects you.

7. Right to object

You may object to the processing of your personal data, including for direct marketing purposes or based on our legitimate interests. We may request the reasons for your objection to the processing so that we can respond appropriately to your request.

8. Right to withdraw consent

If you have given your consent for certain processing activities, such as direct marketing, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent given before its withdrawal.

9. Right to lodge a complaint

If you have any concerns about how we handle your data, we encourage you to contact us first so that we can resolve the issue. You may contact us at dpo@Romanix.eu. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority or to seek a remedy before the competent courts.

How to exercise your rights

To exercise any of these rights, please contact us by email at dpo@romanixltd.com. For verification and security purposes, we may require you to provide proof of identity before fulfilling your request. We aim to respond to all legitimate requests within one month, although occasionally this may take longer depending on the complexity and volume of requests. If you wish to lodge a complaint with your local data protection authority or the competent courts, you may contact them directly.

Governing language

This personal data Privacy Notice has been drafted in Romanian. In the event of any discrepancies or conflicts between versions in different languages, the Romanian version will prevail and will be considered the official version for legal and interpretative purposes.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes to our practices, legal requirements, or for other operational or regulatory reasons. Any significant changes will be communicated to you via our Website, by email or by other direct means, as appropriate.

Each version of this Privacy Notice will include the effective date at the top. We encourage you to review this Notice from time to time to stay informed about how we protect your personal data. Your continued use of our services after any changes become effective indicates your acceptance of the updated terms.