burger icon
Roletto United Kingdom
Log In

Privacy Policy

Effective date: 15 January 2026

This Privacy Policy explains how your personal data is collected, used, stored, shared and protected when you visit or use the Roletto online gambling services available on raletton.com, including the Roletto version of the Website for players and visitors in the United Kingdom. It applies to all Website visitors, registered players and users of related services and communications. Please read it carefully before using our services, as it describes your rights and our obligations under applicable data protection laws.

1. Who We Are

Data controller. The services offered through raletton.com (including Roletto) are operated by Santeda International B.V. ("Roletto", "we", "us", "our"), which is the data controller for the processing of your personal data in connection with the Website and our gambling services.

Corporate and licensing information. Santeda International B.V. is a limited liability company (B.V.) licensed as an online gambling operator under licence number ALSI-112310012-F15 issued by the Government of the Autonomous Island of Anjouan, Union of Comoros. This is an offshore licence and we are not licensed by the UK Gambling Commission. As a result, UK-specific gambling protections such as UKGC oversight, IBAS dispute resolution and GamStop do not apply to our gambling operations, although we still seek to comply with UK data protection laws where they apply to us.

Registered/Legal address. Our precise registered office and mailing address are not specified in this version of the policy and will be updated once confirmed. Until then, you can contact us using the channels provided on the Website.

Data protection contact (DPO / privacy team). We have appointed a data protection point of contact responsible for handling privacy-related queries. You can reach our data protection team by using the contact or support options made available on raletton.com (for example, the support chat or contact forms) and indicating "Privacy" in the subject line. Where a dedicated privacy or DPO email address is published on the Website, you should use that address for exercising your data protection rights.

Group and platform context. Roletto operates on the Upgaming platform infrastructure and is part of a group of related brands managed within the Santeda International B.V. network (including, for example, MyStake, GoldenBet, Velobet and Cosmobet). This corporate and platform context is relevant to how and with whom your data may be shared for operational, security and compliance purposes, as explained in later sections.

What Personal Data We Collect

We collect only the data that is necessary to provide our services, fulfil legal obligations, protect our legitimate interests and respect your rights. Depending on how you use Roletto on raletton.com, we may collect the following categories of data:

  • Identification and contact data. This includes your full name, date of birth, country of residence, address, email address, telephone number, username, account ID, and copies or details of identification documents (such as passport, ID card, driving licence, proof of address) collected for KYC/AML purposes.
  • Account and profile data. Registration details, account settings, language preferences, communication preferences (including marketing consents), self-exclusion or limits you set, and records of your interactions with our customer support.
  • Payment and transaction data. Information related to deposits, wagers and withdrawals, such as payment method type (e.g. card, bank transfer, e-wallet, cryptocurrency where available), partial payment details, transaction identifiers, amounts, timestamps, payment provider used and related anti-fraud checks. In some cases, your bank or payment provider may flag transactions related to offshore gambling operators such as those coded to "Santeda", which we record as part of our transaction logs and risk assessments.
  • Technical and usage data. IP address, approximate location (based on IP), device information (browser type and version, operating system, device identifiers), login timestamps, security logs, session information, referral URLs, and other technical data generated when you access or interact with our Website and apps.
  • Behavioural and gaming data. Detailed betting and gaming history (games played, markets selected, stakes, outcomes, wins and losses), interactions with bonuses and promotions, click-stream data (pages visited, buttons clicked, time spent), responsible gambling indicators (patterns suggesting risky play) and activity across related Santeda brands where necessary for fraud prevention or responsible gambling.
  • Communications data. Copies of your messages, chats, emails and call recordings with our customer support, including complaints, KYC/AML queries, self-exclusion requests and any feedback you provide through surveys or forms.
  • Cookies and similar technologies. We use cookies, web beacons, pixels, SDKs and similar tracking technologies to recognise your browser or device, remember your preferences, secure your sessions, perform analytics and deliver or measure marketing. These may include first-party cookies set by raletton.com and third-party cookies set by analytics or advertising partners, as described in the Cookies & Tracking section.
  • Special category and sensitive data (limited). We generally do not seek to collect special categories of data (such as health or political opinions). However, information related to responsible gambling (e.g. self-exclusion due to gambling harm) or documents containing such information may indirectly reveal sensitive data. We handle such information with heightened protection and only where strictly necessary under law or with your explicit consent.

Legal Basis for Processing

We process your personal data in line with applicable data protection laws, including the UK GDPR (as incorporated into UK law by the Data Protection Act 2018), the EU GDPR where it applies, and other relevant frameworks such as Mexican data protection laws for affected users. Our main legal bases are:

  • Performance of a contract. We process your data when it is necessary to perform the contract between you and Santeda International B.V., including:
    • creating and managing your player account on Roletto at raletton.com;
    • processing deposits, bets and withdrawals;
    • providing casino, sportsbook and related services via the Upgaming platform;
    • providing customer support and resolving operational issues.
  • Compliance with legal and regulatory obligations. As an offshore gambling operator licensed in the Autonomous Island of Anjouan, Union of Comoros, we must comply with anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, sanctions and responsible gambling rules. We may also be subject to certain UK, EU and other national laws with extraterritorial effect. Under this basis we:
    • conduct identity verification (KYC) and affordability checks;
    • monitor transactions and gameplay for suspicious activity;
    • retain records for minimum periods required by law or regulators;
    • respond to lawful requests from competent authorities.
  • Legitimate interests. We rely on our legitimate interests, carefully balanced against your rights and freedoms, to:
    • secure our systems and services (e.g. security logs, access controls, fraud detection across Santeda brands);
    • prevent abuse, multiple account creation, bonus misuse and chargebacks;
    • improve and optimise the Website, games and user experience through aggregated analytics;
    • manage business operations, group reporting and risk management, including responding to regulatory changes (such as transitions in licensing from Curacao to Anjouan).
  • Consent. We rely on your consent where required by law, for example:
    • sending you electronic marketing communications (email, SMS, push, in-account messages) not strictly necessary for providing the service;
    • using certain non-essential cookies or similar technologies for advertising or cross-site tracking;
    • processing any special category data where applicable, such as information relating to health or problem gambling indicators, when not otherwise mandated by law.
    You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Protection of vital interests and legal claims. In rare cases, we may process data to protect your vital interests or those of another person (for example where we identify acute gambling harm), or to establish, exercise or defend legal claims in courts, regulatory proceedings or alternative dispute mechanisms.

Purpose of Processing

We use your personal data only for specific, explicit and legitimate purposes. In particular, we process your data for the following purposes:

  • Provision of gambling services. To register and authenticate you as a player, operate your Roletto account, process deposits and withdrawals, enable you to place bets and play games, and provide all essential features of the Website and related services on raletton.com.
  • Account management and customer support. To manage your profile, communication preferences, bonus eligibility, loyalty schemes and responsible gambling settings; to respond to your questions, complaints and requests through our support channels; and to provide clear information on risks associated with offshore gambling, including Non-GamStop status for UK users.
  • Risk management, fraud prevention and security. To prevent fraud, money laundering, bonus abuse and other prohibited activities; to detect suspicious behaviour across Santeda International B.V. brands (including MyStake, GoldenBet, Velobet and Cosmobet); and to secure our systems, prevent unauthorised access, mitigate payment disruptions (for example where UK banks or other institutions block transactions to offshore merchants coded as "Santeda") and manage domain access risks (including possible ISP blocks requiring VPN access).
  • Legal and regulatory compliance. To comply with the requirements of our Anjouan gambling licence and other applicable laws, including AML/CTF, sanctions, accounting and tax rules; to cooperate with competent authorities; and to maintain records demonstrating compliance in the event of audits or regulatory changes.
  • Analytics and service improvement. To analyse aggregated and pseudonymised usage data (e.g. game popularity, device statistics, regional trends) in order to improve performance, reliability, security, game selection and user experience; and to adapt content to the needs of UK players while remaining a global platform.
  • Marketing and personalisation. With your consent where required, to send targeted offers, promotions, newsletters and service updates; to personalise content and bonuses based on your activity; and to measure the effectiveness of campaigns, including via affiliates and advertising networks.
  • Responsible gambling and player protection. To monitor gameplay, deposit patterns and behavioural indicators to identify potential gambling-related harm; to apply self-exclusion, time-out or deposit limits; and to share relevant flags internally across Santeda brands where necessary to uphold responsible gambling commitments, even though UK-specific schemes like GamStop do not apply.

4. Disclosure & Sharing

We treat your personal data as confidential and only share it when necessary, proportionate and lawful. Depending on the specific processing activity, your data may be disclosed to the following categories of recipients:

  • Group companies and related brands. Santeda International B.V. and its managed brands (such as Roletto, MyStake, GoldenBet, Velobet and Cosmobet) may share limited data for group-level risk management, fraud prevention, self-exclusion enforcement and internal reporting, always subject to appropriate safeguards and access controls.
  • Platform and technology providers. Our core gambling services are delivered on the Upgaming platform, which acts as a data processor on our behalf. We may also use other processors for hosting, data storage, analytics, customer support tools, email delivery, SMS, identity verification and payment processing. These providers are bound by contractual obligations to process your data only on our instructions and to implement adequate security measures.
  • Payment service providers and banks. We share relevant transaction data with payment processors, card schemes, banks, e-wallet and cryptocurrency providers to process deposits, withdrawals and refunds, and to prevent fraud and chargebacks. In some cases, your financial institution may independently assess and potentially block payments to offshore gambling operators coded as "Santeda"; we may receive related transaction status information as part of these processes.
  • Regulators and competent authorities. We may be required to disclose data to regulatory, supervisory or law enforcement authorities, courts and dispute bodies in the Autonomous Island of Anjouan, the UK, the EU or other jurisdictions, for example in response to lawful requests, AML/CTF investigations, sanctions screening, tax reporting or regulatory audits. While we are not under the UK Gambling Commission regime, data protection regulators (such as the UK Information Commissioner's Office) may still have competence under UK data protection law for certain processing affecting UK residents.
  • Professional advisers. Lawyers, auditors, consultants, accountants and other professional advisers may access your data where necessary for the provision of their services (for example, in the context of legal claims, regulatory enquiries, audits, corporate restructuring or licensing transitions, such as our move from Curacao to Anjouan).
  • Affiliates and marketing partners. With your consent where required, limited data may be shared with affiliate networks, marketing and advertising partners (including providers of tracking technologies, analytics and campaign measurement) to attribute traffic, perform conversion tracking and measure the effectiveness of campaigns, particularly in the UK and other market regions.
  • Business transfers. In the event of a merger, acquisition, sale of assets or similar corporate transaction involving Santeda International B.V. or its brands, your personal data may be transferred to the acquiring entity subject to appropriate confidentiality and data protection commitments.

We do not sell your personal data for monetary consideration. Any sharing for marketing or analytics purposes is carried out under strict contractual controls and, where required, based on your consent.

3. International Transfers

Roletto is a global, offshore-operated platform, and your personal data may therefore be transferred to and processed in countries outside your country of residence, including outside the UK and the European Economic Area (EEA). These countries may have data protection laws that are different from those in your jurisdiction and, in some cases, may provide a lower level of protection.

  • Where your data may be processed. Depending on the service and providers involved, your data may be processed in:
    • the United Kingdom and EEA countries, where certain hosting, payment and analytics providers are located;
    • the Autonomous Island of Anjouan (Union of Comoros), our licensing jurisdiction;
    • other third countries where Upgaming infrastructure, cloud services or support teams are based;
    • additional jurisdictions involved in payment processing, fraud prevention or international customer support.
  • Safeguards for UK and EEA users. Where we transfer personal data from the UK or EEA to a country that is not recognised as providing an "adequate" level of protection, we implement appropriate safeguards, such as:
    • standard contractual clauses (SCCs) approved under EU and UK law;
    • the UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs, where relevant;
    • technical and organisational measures (encryption, access controls, data minimisation) to reduce risks associated with cross-border transfers.
  • Onward transfers by processors. Our processors (such as Upgaming and payment providers) are contractually required to obtain our authorisation before engaging sub-processors and to ensure that any onward transfers provide equivalent protection through contracts or other lawful mechanisms.
  • Regulatory and oversight context. Because we operate under an Anjouan licence and not under the UK Gambling Commission, certain regulatory protections for UK gamblers (e.g. IBAS or GamStop) do not apply to our gambling operations. However, data protection authorities such as the UK Information Commissioner's Office and relevant EU regulators may still exercise jurisdiction over our data processing activities that significantly affect residents in their territories, including in relation to international transfers.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal and regulatory obligations and to resolve disputes. Retention periods depend on the type of data and the context of processing, and are determined in line with applicable laws (including AML/CTF rules) and industry standards. In general:

  • Account and identification data. Core account details, identification documents and KYC/AML records are typically retained for the duration of your relationship with us and for a period of 5 to 7 years after your account is closed, to comply with AML/CTF, tax and regulatory record-keeping obligations and to defend against legal claims.
  • Transaction and gaming history. Betting records, transaction logs and gaming histories are retained for the lifetime of the account and for at least 5 years after closure, in order to meet AML/CTF and licensing requirements, resolve disputes, verify historical account activity and support responsible gambling analysis.
  • Customer support and complaint data. Communications with customer support, including complaints and KYC interactions, are usually retained for up to 5 years after the matter has been resolved, unless a longer period is required by law or necessary to defend legal claims.
  • Marketing and consent data. Information about your marketing preferences and consents is kept for as long as you remain subscribed and for a short period thereafter (generally up to 2 years) to document compliance with consent and opt-out requests. If you withdraw consent, we may retain a minimal record of that withdrawal.
  • Technical and log data. Security logs, access logs and technical diagnostic data are typically retained for 6 to 24 months, depending on the log type, in order to investigate security incidents, prevent fraud and maintain system integrity.
  • Cookies and tracking data. Retention periods for cookies are set out in our cookie tools and browser settings, and vary from session-only cookies to longer-lived cookies (e.g. up to 24 months) used for analytics or marketing, subject to your consent.

When data is no longer required for the purposes for which it was collected and no legal obligation requires its retention, we will either securely delete it, anonymise it so that it can no longer be linked to you, or aggregate it for statistical purposes. We periodically review our retention schedules to ensure they remain appropriate and up to date.

Your Rights

Depending on your place of residence and the laws that apply to our processing of your data, you may have various rights in relation to your personal data. For UK and EEA users, these rights derive mainly from the UK GDPR and EU GDPR. For users in Mexico, similar rights are recognised under the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP). We respect these rights and provide mechanisms to exercise them.

  • Right of access. You can request confirmation as to whether we process your personal data and obtain a copy of the data we hold about you, together with information about how we process it.
  • Right to rectification. You can ask us to correct inaccurate or incomplete personal data. In many cases you can update basic details directly in your Roletto account settings on raletton.com.
  • Right to erasure ("right to be forgotten"). You can request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and no other legal basis applies), or where you successfully object to processing. We may be required to retain certain data for legal, regulatory or AML/CTF reasons, which we will explain to you if relevant.
  • Right to restrict processing. You can request that we restrict the processing of your data in certain circumstances (for example, while we verify its accuracy or consider an objection).
  • Right to object. You can object at any time to processing based on our legitimate interests, including profiling related to such interests. You also have the right to object at any time to the processing of your personal data for direct marketing purposes, in which case we will stop processing for those purposes.
  • Right to data portability. Where processing is based on your consent or on a contract and carried out by automated means, you may request to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to have that data transmitted to another controller where technically feasible.
  • Rights related to consent and marketing. You may withdraw your consent at any time where processing is based on consent (for example, marketing communications or non-essential cookies), without affecting the lawfulness of processing before withdrawal. You can manage marketing preferences in your account or by using the unsubscribe links in our communications.
  • Mexican ARCO rights. If Mexican data protection law applies to you, you also have ARCO rights (Acceso, Rectificación, Cancelación y Oposición) under LFPDPPP. These correspond broadly to access, rectification, cancellation (erasure) and opposition (objection) to processing, and we will handle such requests in line with applicable Mexican requirements.

How to exercise your rights. To exercise any of the rights above, please contact our data protection team via the contact methods indicated on raletton.com, clearly specifying that your request concerns data protection and indicating your country of residence. We may need to verify your identity before acting on your request (for example, by asking you to log in or confirm certain account details).

Response times and costs. We aim to respond to all valid requests within one month (30 days) of receipt. If your request is particularly complex or we have received multiple requests, we may extend this period by up to two further months, in which case we will inform you of the extension and reasons. Exercising your rights is generally free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in line with applicable law.

Cookies & Tracking Technologies

When you access Roletto on raletton.com, we and our partners may use cookies and similar technologies to make the Website work, to improve its performance and to personalise your experience. Cookies are small text files placed on your device by your browser.

  • Types of cookies we use.
    • Strictly necessary cookies. These cookies are essential for the operation of the Website and enable core functions such as logging in, navigating between pages, maintaining your session, executing payments and ensuring security. The Website cannot function properly without these cookies.
    • Functional (preference) cookies. These remember your choices and settings, such as language, region, game view preferences and login status, to provide a more personalised experience.
    • Analytics and performance cookies. These collect information about how visitors use the Website (for example, which pages are visited most often, how long sessions last, and whether users encounter errors). We use this information in aggregate form to improve performance and user experience.
    • Advertising and targeting cookies. With your consent where required, these cookies and similar technologies (including pixels and tags) are used to deliver relevant advertising, measure campaign effectiveness, and track conversions, often in collaboration with affiliate and advertising partners.
    • Session vs persistent cookies. Session cookies expire at the end of your browsing session, while persistent cookies remain on your device for a defined period or until you delete them.
  • Third-party cookies. Some cookies may be set by third-party service providers, such as analytics tools, advertising networks, social media platforms or payment providers. These third parties may collect information about your online activities over time and across different websites, in line with their own privacy practices.
  • Managing cookies. You can manage or disable cookies in several ways:
    • via our cookie consent tools or banners (where available), which allow you to accept or reject certain categories of cookies;
    • through your browser settings, where you can block or delete cookies or configure your browser to notify you before a cookie is stored;
    • by opting out of third-party advertising networks via their tools, where available.
    Please note that disabling certain cookies, particularly strictly necessary or functional cookies, may affect the functionality and performance of the Website, and you may not be able to use all features of Roletto.

9. Data Security

We take the security of your personal data seriously and implement technical and organisational measures designed to protect it against unauthorised access, alteration, disclosure or destruction. While no online service can guarantee absolute security, we strive to maintain a level of security appropriate to the risks associated with offshore online gambling operations and cross-border data transfers.

  • Encryption and secure transmission. We use industry-standard encryption technologies, such as TLS 1.2 or higher, to protect data in transit between your device and our servers. Where appropriate, we apply encryption and pseudonymisation to data at rest within our infrastructure and within the Upgaming platform.
  • Access controls and authentication. Access to personal data is restricted to authorised employees, contractors and service providers who need it for their work and who are bound by confidentiality obligations. We use role-based access controls, authentication mechanisms and, where appropriate, multi-factor authentication for administrative access.
  • Infrastructure and platform security. Our systems are hosted in secure environments operated by reputable providers and the Upgaming platform. Measures may include firewalls, intrusion detection and prevention systems, network segmentation, backup and recovery procedures, and regular monitoring of system performance and security events.
  • Security testing and audits. We perform internal reviews, risk assessments and technical testing (such as vulnerability scans) to identify potential weaknesses in our systems. Where appropriate, we may engage external experts to perform independent assessments of our security posture. We seek to align our security practices with recognised international standards (such as ISO 27001 and SOC 2) where applicable, without implying formal certification unless explicitly stated on the Website.
  • Staff training and policies. Our personnel receive training on data protection, information security and responsible gambling obligations relevant to their roles. We maintain policies and procedures governing access to systems, acceptable use, incident response and retention of personal data.
  • Incident response. We have procedures in place to detect, investigate and respond to potential data breaches or security incidents. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by law, including UK and EU data protection rules where they apply.

Complaints & Contacts

We are committed to handling your personal data fairly and transparently. If you have questions, concerns or complaints about how we process your data, or if you wish to exercise any of your rights, you should contact us first so that we have an opportunity to resolve the issue.

  • Contacting us about privacy. You can contact our data protection team or designated Data Protection Officer by using the support and contact options available on raletton.com. Please clearly state that your query concerns privacy or data protection, and include your account details and country of residence so we can locate your records.
  • Handling of complaints.
    • Step 1 - Initial contact: Submit your complaint through our support channels (e.g. live chat or contact form), specifying that it relates to data protection.
    • Step 2 - Review: Our privacy team will review your complaint, request any additional information needed and investigate the matter.
    • Step 3 - Response: We aim to provide a substantive response within 30 days. If we need more time due to complexity or volume, we will inform you and explain the reasons for the delay.
    • Step 4 - Escalation: If you are not satisfied with our response, you may request further internal escalation or contact a relevant supervisory authority.
  • Supervisory authorities in the UK and EU.
    • UK residents may lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk or using the contact details published on their website.
    • Residents of the EU may contact their national data protection authority. Details of EU data protection authorities are available on the website of the European Data Protection Board (EDPB).
  • Mexican data protection authority. If Mexican data protection law applies to you, you may also have the right to lodge a complaint with the National Institute for Transparency, Access to Information and Protection of Personal Data (INAI), whose contact details are available at https://www.inai.org.mx.

Please note that these complaint mechanisms relate to data protection and privacy matters. As Roletto is operated under an offshore Anjouan licence and not regulated by the UK Gambling Commission, UK-specific gambling dispute mechanisms such as IBAS or GamStop do not apply to our gambling services. This does not affect your ability to raise privacy complaints with data protection authorities as described above.

24. Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, regulatory environment (including changes in licensing jurisdictions or oversight trends), technologies or business practices. When we make material changes, we will take appropriate steps to inform you in advance and to give you an opportunity to review the updated policy.

  • Notification methods. We may notify you of changes by:
    • displaying a prominent notice or banner on raletton.com (including the Roletto pages);
    • sending you an email or in-account message, where we have your contact details;
    • providing alerts or messages in your account dashboard.
  • Advance notice for significant changes. Where a change is material and likely to significantly affect your rights or the way we process your data (for example, a change in main processing purposes, new categories of data collected, or the involvement of new categories of recipients in high-risk jurisdictions), we will provide, where reasonably practicable, at least 30 days' advance notice before the change becomes effective.
  • Your options. If you do not agree with the updated Privacy Policy, you should stop using our services and may request the closure of your account and, where applicable, deletion or restriction of your data in accordance with this policy and applicable law. Continuing to use the Website after the effective date of changes generally indicates your acceptance of the updated policy.
  • Version control and history. We maintain records of previous versions of this Privacy Policy and their effective dates. Upon request, we can provide you with information on key changes between versions, such as our transition from a Curacao licence to an Anjouan licence, updates to international transfer mechanisms or changes in retention practices.

Last updated: 15 January 2026 (revising the November 2025 version to reflect updated licensing information, expanded international transfer safeguards, enhanced explanations of user rights including Mexican law references, and clarifications regarding UK Non-GamStop status and regulatory risk context for offshore operations).