Betty Casino Privacy Policy – Data Protection for Canadian Users

Scope, interpretation, and application

This Privacy policy governs the collection, use, disclosure, retention, and safeguarding of personal information in connection with betty-casino-ca.ca and related services operated under the name Betty casino. It applies to information processed through the website, account registration workflows, gameplay functions, customer support channels, and security controls associated with the service. This document is intended to reflect requirements under applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act, and relevant provincial private sector privacy statutes where applicable. It also reflects generally recognized data protection principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. Where services interact with third party technologies or service providers, this document describes the related processing roles and safeguards. Any capitalized terms not defined herein shall have the meaning assigned by the applicable terms and conditions governing use of the service.

Regulatory framework and accountability model

This Privacy policy is designed to be interpreted consistently with Canadian data protection standards that require meaningful consent, reasonable purposes, limited collection, and appropriate safeguards proportionate to sensitivity. Processing activities are assessed under an accountability framework that assigns internal responsibility for privacy governance, including documented procedures, risk based reviews, and vendor oversight. Where processing is carried out by service providers, contractual controls are implemented to maintain confidentiality and restrict processing to documented instructions, subject to lawful exceptions. Where GDPR aligned principles are relevant, they are used as interpretive guidance for cross border processing, transparency practices, and rights handling, without asserting that GDPR applies in all circumstances. The service adopts a privacy by design approach in which new features and material changes are evaluated for necessity, proportionality, and impact on individuals. Records of certain processing activities may be maintained for compliance and audit purposes, subject to retention limits described below.

Definitions and roles

For the purposes of this Privacy policy, personal information means information about an identifiable individual, including identifiers, device related data, and financial or verification attributes when linked to an individual. Processing includes any operation performed on personal information, such as collection, use, storage, disclosure, transmission, modification, restriction, or deletion. The operator acts as the organization responsible for determining the purposes and means of processing for data handled through the core service, subject to applicable law and contractual commitments. Certain third parties may act as independent organizations when they determine their own purposes, such as payment institutions or regulators, and such processing is governed by their own notices. A service provider is a processor or supplier engaged to process personal information on documented instructions, such as hosting, fraud monitoring, identity verification, or customer support tooling. References to consent include express or implied consent as recognized under Canadian law, and consent may be withdrawn subject to legal or contractual restrictions and reasonable notice.

Categories of personal information processed

The service may process identification and contact data such as full name, date of birth, email address, telephone number, and residential address, to establish and manage an account and to meet legal obligations. It may process account and gameplay data, including login events, account settings, session activity, game selections, bets, winnings, bonuses records where applicable, and responsible gaming interactions, to operate the service and maintain integrity. It may process financial and transactional data such as deposit and withdrawal history, payment method tokens, billing identifiers, and bank routing details where necessary to execute payments, prevent fraud, and meet record keeping requirements. It may process verification and compliance data, including government issued identification numbers or document images, proof of address, and screening results, when required for age verification, anti money laundering controls, and risk assessments. It may process technical and device data such as IP address, device identifiers, operating system, browser type, approximate geolocation derived from IP, and crash logs, to secure systems and ensure functional performance. It may process communications data such as chat transcripts, call recordings where permitted by law, email content, and support ticket history, to respond to inquiries and investigate incidents.

Operational sources and methods of collection

Personal information is collected through operational workflows when an account is created, identity or age is verified, deposits or withdrawals are requested, or when customer support is engaged. It may also be collected automatically through technical logs generated by servers, security tools, and application interfaces that record events for reliability and fraud prevention. Information may be received from third party sources such as payment processors, identity verification vendors, anti fraud databases, and regulatory or self exclusion registries, when permitted and necessary for compliance. Where a player chooses to link an external account or uses a third party authentication method, limited identifiers may be received to facilitate login and security, subject to the settings and policies of that third party. The service may obtain updated contact or verification details where inaccuracies are detected, provided such updates are supported by reliable sources and documented. The service does not knowingly collect personal information from individuals under the applicable legal age, and age verification controls are implemented to mitigate this risk.

Purposes of processing and service functionality

This Privacy policy describes processing undertaken to provide core functionality, including account administration, authentication, gameplay operations, payment execution, and delivery of support services. Processing is performed to verify identity and age, evaluate eligibility, and apply jurisdictional restrictions, including geolocation controls where required for lawful access. It is also performed to prevent, detect, and investigate fraud, collusion, account takeover attempts, and security incidents, using risk signals derived from device and transaction patterns. Processing supports responsible gaming measures, including risk indicators, voluntary limits, cooling off measures, and self exclusion handling, where offered or required by law. Information may be used to produce internal reports, service analytics, and performance monitoring, using aggregation or de identification where feasible, to improve stability and error resolution. Processing may be performed to satisfy legal and regulatory obligations, including anti money laundering, tax related reporting where applicable, and responding to lawful requests.

Processing is conducted on legally recognized grounds under Canadian privacy law, including consent, reasonable purposes that a reasonable person would consider appropriate in the circumstances, and legal obligations. This Privacy policy recognizes that consent may be express, such as when a person submits verification documents, or implied, such as when technical logs are generated through normal use of the website. Where consent is the primary basis, it is obtained in a manner intended to be meaningful, including disclosure of purposes, types of information involved, and reasonably foreseeable consequences. Certain processing is necessary to perform contractual obligations, such as maintaining an account, processing transactions, and enabling access to gameplay, and cannot be separated without affecting service availability. Other processing is necessary to comply with legal obligations, including identity verification, record retention, and reporting duties where applicable. When legitimate interests style assessments are used as guidance, they are documented to balance operational necessity against privacy impacts, with safeguards to reduce unnecessary collection.

Cookies and similar tracking technologies

This Privacy policy addresses the use of cookies, local storage, SDK identifiers, and similar technologies that support essential website operations and security controls. Essential cookies may be used to maintain sessions, prevent unauthorized access, and support account login, and such technologies are generally required for core functionality. Preference cookies may store settings such as language selection and region related configurations to improve usability, subject to the individual’s device settings and available consent controls. Analytics technologies may be used to measure performance, detect errors, and understand navigation patterns, and such data may be aggregated or pseudonymized where feasible. Advertising cookies are not required for the operation of the service, and where they are used, they are deployed subject to applicable consent and opt out mechanisms, including browser based controls. Cookie lifetimes vary by purpose, including session based cookies that expire when the browser is closed and persistent cookies that may remain for up to 12 months unless deleted earlier.

Personal information may be disclosed to payment service providers, financial institutions, and transaction facilitators to process deposits, withdrawals, chargebacks, and related reconciliation, subject to contractual confidentiality and security requirements. It may be disclosed to identity verification and compliance vendors to confirm age, identity, and address, and to perform screening consistent with anti fraud and anti money laundering expectations. It may be disclosed to hosting providers, security monitoring vendors, and technical support suppliers for the operation of infrastructure, incident response, and service continuity. It may be disclosed to professional advisers such as legal counsel, auditors, and insurers when necessary for compliance, dispute management, or risk assessment, subject to professional confidentiality rules where applicable. It may be disclosed to regulators, law enforcement, or other competent authorities where required or permitted by applicable law, including in response to subpoenas, court orders, or lawful requests. When a business reorganization occurs, such as a merger, acquisition, or asset sale, disclosures may occur to prospective counterparties under confidentiality controls, with continued protection and use limitation.

International and interprovincial transfers

This Privacy policy applies to processing that may involve transfers of personal information across provincial boundaries within Canada and, where service providers are located abroad, across national borders. When information is processed outside Canada, it may be subject to the laws of the destination jurisdiction and may be accessible to courts, law enforcement, or national security authorities in accordance with those laws. The service seeks to implement appropriate safeguards for cross border processing, including contractual measures, access restrictions, and security controls aligned with the sensitivity of the information. Where feasible, vendor assessments consider data residency options, incident response commitments, and audit rights or assurance reporting. Transfers are conducted for limited operational purposes, such as hosting, customer support tooling, fraud analytics, and payment processing, and are not performed for unrelated objectives. Individuals may request further information about cross border processing safeguards through the contact procedures described below.

Retention periods and deletion practices

This Privacy policy establishes that personal information is retained only for as long as necessary to fulfill the identified purposes, subject to legal and regulatory retention requirements. Account and transactional records are typically retained for at least 5 years after account closure or the last transaction, to meet anti money laundering and financial record keeping expectations where applicable. Verification documents and related audit trails may be retained for a period necessary to demonstrate compliance, which may extend to 6 years depending on the nature of the obligation and potential limitation periods. Security logs and access records may be retained for 180 days to support incident investigation and system integrity monitoring, unless an investigation requires longer preservation. Customer support records may be retained for 24 months to manage disputes, quality assurance, and continuity of service, subject to minimization. When retention expires, information is deleted, anonymized, or securely destroyed using methods appropriate to the medium, and deletion may be delayed where required by a legal hold.

Information security and protective measures

This Privacy policy reflects the implementation of administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. Security controls may include access management based on least privilege, multi factor authentication for privileged systems, encryption in transit using industry standard protocols, and encryption at rest where supported by the system architecture. The service applies monitoring and alerting to detect anomalous events, including credential stuffing, unusual transaction patterns, and automated abuse, with escalation paths for investigation. Vulnerability management processes are implemented, including patching, code review practices, and periodic security testing, and remediation actions are tracked for accountability. Service providers are subject to due diligence and contractual requirements, including confidentiality undertakings, subprocessor controls, and breach notification obligations. While no system can guarantee absolute security, the service targets an availability level of 99.9% for critical components, supported by backups and continuity planning appropriate to operational risk.

Rights, choices, and responsible processing

Individuals have rights under applicable Canadian privacy laws to request access to personal information held about them and to request corrections where information is inaccurate or incomplete. This Privacy policy also recognizes that individuals may withdraw consent for certain processing, subject to legal or contractual restrictions and reasonable notice, and withdrawal may affect the availability of parts of the service. Where applicable, individuals may request information about how personal information has been used and to whom it has been disclosed, subject to lawful limitations and exemptions. Rights may be limited where disclosure would reveal personal information about another individual, compromise security, interfere with law enforcement, or be subject to solicitor client privilege or other legal restrictions. Requests are handled through identity verification measures proportionate to the sensitivity of the information, to prevent unauthorized access or social engineering. The service aims to respond to access or correction requests within 30 days, with lawful extensions where necessary due to complexity or volume, and reasons for any extension will be documented.

Access and correction procedure

Requests for access or correction should specify sufficient detail to allow the service to identify the relevant records, including the account identifier, approximate dates, and the type of information sought. The service may request additional information to confirm identity before releasing any records, particularly where the request involves financial, verification, or security data. Access may be provided in a commonly used electronic format where reasonably practicable, or by other means that provide meaningful access. Corrections may be made by updating account settings where available or through support channels when backend verification is required. If a correction request is not granted in full, the service will provide reasons consistent with applicable law and may note a disputed correction where permitted.

Consent withdrawal may apply to non essential processing such as certain analytics, optional communications, or preference based features, depending on how the service is configured at the time of the request. Security related processing, fraud prevention controls, and legally required record keeping generally cannot be disabled on request because they are necessary to protect the service and meet legal obligations. Device level controls, including browser settings and cookie deletion, may limit certain tracking technologies, although essential cookies may still be necessary for session integrity. Where marketing communications are provided, opt out mechanisms are implemented, and suppression lists may be maintained to ensure the opt out is respected. Consent preferences are recorded and applied within a reasonable operational timeframe, and certain systems may require up to 72 hours for full propagation.

Complaints, contact routes, and data request handling

This Privacy policy sets out procedures for submitting privacy inquiries, complaints, and requests regarding personal information processed by the service. Communications should be directed to the designated privacy contact using the channels made available on betty-casino-ca.ca, and requests should include sufficient details to enable verification and retrieval. The service may require verification of identity before processing a request, which may include confirming account credentials, requesting a signed declaration, or asking for limited supporting information. Complaints are assessed through an internal review process intended to evaluate compliance, remediate issues, and implement corrective actions where warranted. Where a complaint concerns a service provider, the service will coordinate with that provider to investigate and address the matter, subject to contractual rights and lawful restrictions. Individuals may also contact the Office of the Privacy Commissioner of Canada or relevant provincial authorities if concerns remain unresolved after internal escalation.

Privacy policy updates and ongoing compliance commitments

This Privacy policy is maintained as a living compliance document and may be amended to reflect changes in legal requirements, regulatory guidance, operational practices, or security controls adopted by Betty casino. Amendments may occur when new features are introduced, when new categories of service providers are engaged, when cross border processing arrangements change, or when retention and security practices are updated based on risk assessments. Where changes materially affect the purposes of processing or the categories of personal information collected, reasonable steps will be taken to provide notice through the website and, where appropriate, through account related communications. The effective date of an updated version will be stated within the published policy text, and prior versions may be retained for audit reference for a limited period consistent with storage limitation. Continued use of the service after an update may be treated as acceptance of the revised terms where permitted by law, while consent based processing will continue to be managed through meaningful consent mechanisms. Betty casino confirms its commitment to Canadian privacy compliance, confidentiality obligations, and accountable governance, and data requests submitted under this Privacy policy will be tracked and handled with documented outcomes and response timing, including the 30 day target described above.