burger icon
Vavada Casino Canada
Log In

Privacy Policy

Privacy Policy for vavada-casino-canada - This policy explains how we collect, use, disclose, and protect personal information of players and website visitors of vavada-casino-ca.com. It applies to account holders, prospective customers, and any user interacting with our services. Effective date: March 1, 2025.

Who We Are

OBSERVE

Operator: Vavada B.V., a limited liability company (B.V.) registered in Curaçao (Reg. No. 143168). Legal/registered address: Hanchi Snoa 19, Trias Building, Curaçao. Gaming licence: OGL/2025/252/0153 issued by the Curaçao Gaming Authority (granted 2025-12-09, active 2025). Official website: https://vavada-casino-ca.com.

EXPAND

Primary contacts: support@vavada-casino-ca.com; phone: +1 404-382-0303; live chat (onsite). For privacy queries, contact our Data Protection Department using the support email and indicate "Privacy Request". Gaming licence complaints: complaints@gaminglicences.com (gaming matters, not privacy).

REFLECT

We act as the controller for personal data processed through vavada-casino-ca.com. Our Data Protection Department coordinates responses to privacy rights requests and regulator inquiries.

What Personal Data We Collect

OBSERVE

  • Identity and contact: full name, date of birth, address, email, phone, username.
  • KYC/AML data: IDs, utility bills, selfies/face match results (where lawful), sanctions/PEP screening results.
  • Account and behavioral: account settings, session history, game and betting history, deposits/withdrawals, clicks, interactions, responsible gambling limits.
  • Payment: masked card data, wallet IDs, transaction identifiers, billing address; we do not store full PAN/CVV.
  • Technical: IP address, device/OS/browser, language, time zone, approximate location, cookies, SDK identifiers, log files, crash data.
  • Marketing preferences: opt-in/opt-out status, communication history.
  • Cookies/trackers: session, persistent, and third-party cookies; pixels and similar technologies.

EXPAND

Automated decisioning may be used for fraud/risk scoring and compliance screening; human review is available on request. We do not knowingly collect data from individuals below the legal gambling age in their province/territory (or under 18, whichever is higher).

REFLECT

Collection is limited to what is necessary for service provision, security, legal compliance, and with consent where required.

Legal Basis for Processing

OBSERVE

  • Consent: marketing emails/SMS (CASL), optional cookies, certain KYC verifications.
  • Contract/requested service: account creation, gameplay, payments, customer support.
  • Legal obligations: KYC/AML, fraud prevention, sanctions screening, accounting, regulatory reporting.
  • Legitimate interests (for EEA/UK users under GDPR): service integrity, analytics, service improvement, network security, defending legal claims (balanced against user rights).

EXPAND

Canada: we follow PIPEDA's consent model and recognized exceptions (e.g., investigations, fraud). EEA/UK: Articles 6(1)(a)-(f) GDPR as applicable. Mexico: processing aligned with the LFPDPPP and its Regulations where we target or serve Mexican residents.

REFLECT

Where consent is the basis, you may withdraw at any time without affecting prior lawful processing. We document our assessments for legitimate interests and maintain records of consent (CASL).

Purpose of Processing

OBSERVE

  • Provide services: register and manage accounts, enable gameplay, process payments and withdrawals.
  • Compliance: KYC/AML checks, sanctions/PEP screening, age/eligibility verification, recordkeeping.
  • Security and fraud prevention: monitoring, risk scoring, incident response.
  • Service improvement and analytics: performance metrics, UX optimization, troubleshooting.
  • Marketing and personalization: with consent; newsletters, offers, in-product messages, audience measurement.
  • Responsible gambling: limits, self-exclusion, affordability signals (where lawful).

EXPAND

We minimize use of personal data for analytics via aggregation or pseudonymization when feasible.

REFLECT

Each purpose is tied to a compatible legal basis; incompatible secondary uses require fresh consent or are prohibited.

Disclosure & Sharing

OBSERVE

  • Payment and cash-out partners: card processors, banks, wallet providers.
  • KYC/AML and fraud vendors: identity verification, sanctions screening, anti-fraud tools.
  • Technology providers: hosting/CDN, security vendors, analytics, customer support tools, game providers.
  • Affiliates and marketing networks: only with applicable consent and contractual restrictions.
  • Professional advisers: auditors, legal counsel.
  • Regulators and authorities: Curaçao Gaming Authority, law enforcement, courts, and competent privacy regulators.
  • Corporate transactions: mergers, acquisitions, reorganizations subject to confidentiality.

EXPAND

All processors are bound by written agreements, confidentiality, and security obligations. We do not sell personal information.

REFLECT

Disclosures are limited to what is necessary, proportionate, and lawful, with records maintained for accountability.

International Transfers

OBSERVE

Data may be processed in Curaçao (operator location), Canada (users), the EU/EEA, the United States, and other countries where our vetted providers operate.

EXPAND

  • Safeguards: Standard Contractual Clauses (EU/EEA), data processing agreements with comparable protections (PIPEDA), and, where applicable, vendors certified under the EU-U.S. Data Privacy Framework.
  • Additional measures: encryption in transit/at rest, access controls, transfer risk assessments.
  • Transparency: You may request a copy of the relevant transfer safeguards (redacted for security/commercial confidentiality).

REFLECT

We notify users about cross-border transfers and rely on lawful mechanisms appropriate to the origin of data.

Data Retention

OBSERVE

  • Account/profile data: retained for the life of the account and up to 5 years after closure, unless longer is required for legal claims or AML recordkeeping.
  • KYC/AML records: typically 5 years after the end of the customer relationship or last transaction.
  • Transaction and payment records: 7 years for accounting/audit obligations.
  • Gaming and behavioral logs: 5 years (security, dispute resolution), then anonymized.
  • Marketing data: until consent is withdrawn or after 24 months of inactivity, whichever is sooner.
  • Cookies/logs: session cookies: session-only; persistent cookies: 3-24 months; server logs: up to 24 months.

EXPAND

Deletion triggers include user request (where applicable), expiry of statutory periods, or when purposes are fulfilled.

REFLECT

We prefer anonymization where possible to preserve service metrics while eliminating personal identifiability.

Your Rights

OBSERVE

  • Canada (PIPEDA and comparable provincial laws): access, correction, explanation of decisions, withdrawal of consent (where applicable), and complaint rights.
  • EEA/UK (GDPR/UK GDPR): access, rectification, erasure, restriction, portability, objection (including to profiling/marketing), and withdrawal of consent; right to lodge a complaint with a supervisory authority.
  • Mexico (LFPDPPP): ARCO rights-Access, Rectification, Cancellation, and Opposition; withdrawal of consent and limitation of use/disclosure.

EXPAND

  1. How to exercise: email support@vavada-casino-ca.com with subject "Privacy Request" or use live chat; verify identity; specify the right and scope.
  2. Response times: we aim to respond within 30 days. Complex cases may require an extension, which we will communicate.
  3. Fees: requests are free of charge unless manifestly unfounded/excessive; we will explain any permitted fee in advance.
  4. Limits: we may restrict actions that would violate law, harm others' privacy, or impair fraud/AML controls; we will justify any refusal.

REFLECT

Automated decisions with legal or similarly significant effects (e.g., fraud blocks) can be contested and reviewed by a human upon request.

Cookies & Tracking Technologies

OBSERVE

  • Session cookies: essential for navigation, authentication; expire when you close the browser.
  • Persistent cookies: remember preferences, improve performance; typically 3-24 months.
  • Third-party cookies/pixels: analytics, advertising measurement, fraud prevention.

EXPAND

  • Purposes: functional (required), analytics (service improvement), advertising (with consent), and security (bot/fraud detection).
  • Controls: manage via your browser settings and our onsite cookie panel/banner to withdraw or modify consent at any time.

REFLECT

Non-essential cookies are used only with consent; essential cookies are necessary to provide the service you request.

Data Security

OBSERVE

  • Encryption: TLS 1.2+ in transit; strong encryption at rest for sensitive data.
  • Access controls: role-based access, MFA for privileged accounts, least-privilege principles.
  • Operational security: logging/monitoring, vulnerability management, regular audits and penetration tests.
  • Training: staff privacy/security training and confidentiality obligations.
  • Incident response: documented procedures, timely notification where required by law.

EXPAND

Key vendors maintain industry certifications (e.g., ISO 27001 or SOC 2). No method is 100% secure; we continually improve safeguards proportional to risk.

REFLECT

Security measures are risk-based and reviewed periodically, including after material changes or incidents.

Complaints & Contacts

OBSERVE

  • Contact us: support@vavada-casino-ca.com; phone: +1 404-382-0303; postal: Vavada B.V., Hanchi Snoa 19, Trias Building, Curaçao; live chat (onsite).

EXPAND

  1. Step 1 - Contact: submit details of your concern to our Data Protection Department.
  2. Step 2 - Review: we acknowledge within 5 business days and aim to resolve within 30 days.
  3. Step 3 - Escalation: if unresolved, you may contact a regulator:
    • Office of the Privacy Commissioner of Canada (OPC): 30 Victoria Street, Gatineau, QC K1A 1H3; 1-800-282-1376; priv.gc.ca
    • Provincial commissioners (where applicable): Alberta OIPC, BC OIPC, Commission d'accès à l'information du Québec.
    • EEA/UK users: your local data protection authority (see the EDPB or ICO websites).
    • Mexico: INAI - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales; inai.org.mx

REFLECT

For gaming-licence matters you may also write to complaints@gaminglicences.com, but privacy complaints should be directed to privacy regulators listed above.

Updates

OBSERVE

We may update this policy to reflect legal, technical, or business changes.

EXPAND

  • Notices: material changes will be announced via email, website banner, and account dashboard alerts.
  • Advance notice: at least 30 days before significant changes take effect, where required.
  • User options: you may object to material changes or close your account before the effective date; we will explain impacts on your data.
  • Versioning: we keep a change log upon request and indicate the effective date below.

REFLECT

Last updated: March 2025. Continued use after the effective date constitutes acceptance of the updated policy, where permitted by law.