burger icon
Crypto Games Casino
Log In

Privacy Policy

OBSERVE: This Privacy Policy explains how crypto-games-casino collects, uses, discloses, and protects personal information for players and visitors of https://crypto-games-casino-ca.com. EXPAND: It applies to account holders, website/app visitors, marketing recipients, and support contacts. REFLECT: We publish this to meet Canadian privacy laws (including PIPEDA and applicable provincial laws), gaming/AML obligations, and industry best practices. Effective date: 22 October 2025.

Who We Are

OBSERVE: The service is operated for Canada as "crypto-games-casino" via https://crypto-games-casino-ca.com. EXPAND: The licensed operator is MuchGaming B.V., regulated by the Curaçao Gaming Control Board (GCB). REFLECT: For Canadian privacy purposes, MuchGaming B.V. is the organization responsible for personal information collected through our services.

  • Legal entity (data controller): MuchGaming B.V. (Curaçao). Online gaming license: Curaçao GCB OGL/2025/1336/1047.
  • Registered office / legal address: Curaçao (full registered address and corporate registry particulars are available upon written request to our Data Protection Officer due to licensing publishing constraints).
  • Operating website: https://crypto-games-casino-ca.com
  • Data Protection Officer (DPO) / Privacy Team (Canada): Email: [email protected]

What Personal Data We Collect

OBSERVE: We collect only what is necessary for lawful gaming, payments, security, and support. EXPAND: Categories below include information you provide, information generated by your use of services, and data from partners. REFLECT: Collection is limited, proportionate, and subject to your choices and legal obligations.

  • Identity and contact data: name or username, date of birth (for eligibility), country/province, address (where applicable), email, phone, government ID/KYC data (only when required by law or risk rules).
  • Account and behavioral data: account credentials, preferences, gameplay logs, betting and transaction history, responsible gaming settings, chat/support communications, referral codes.
  • Technical and usage data: IP address, device/browser type, OS, language, time zone, session identifiers, event logs, crash diagnostics, site/app navigation, clickstream.
  • Payment/financial data: wallet addresses and transaction hashes, payment processor references, deposit/withdrawal amounts, risk scores, AML screening results. We do not store full payment card details on our servers.
  • Fraud and compliance data: sanctions/PEP screening outcomes, geolocation consistency, multi-account indicators, chargeback and abuse signals.
  • Marketing and communications: newsletter opt-ins, campaign interactions, unsubscribe preferences.
  • Cookies and similar technologies: session and persistent cookies, local storage, web beacons, SDKs, and analytics tags as described in the Cookies section.

Legal Basis for Processing

OBSERVE: Canadian privacy law (PIPEDA and applicable provincial statutes) requires appropriate purposes and consent. EXPAND: For users in the EEA/UK/Mexico, additional legal bases may apply. REFLECT: We match each purpose to a valid legal ground and limit use accordingly.

  • Consent: signing up, receiving marketing, placing optional cookies, and certain KYC steps when not strictly mandated. You may withdraw consent at any time (CASL-compliant for marketing).
  • Provision of services/contractual necessity: creating/maintaining your account, enabling gameplay, processing deposits/withdrawals, customer support, service notifications.
  • Legitimate business purposes (reasonableness under Canadian law): security, anti-fraud, service analytics, service improvement, preventing misuse, and ensuring integrity and fairness-balanced against your privacy interests.
  • Legal obligations: identity verification, recordkeeping, reporting and monitoring under anti-money laundering and anti-terrorist financing laws (e.g., Canada's PCMLTFA/FINTRAC rules), sanctions screening, tax and regulatory requirements.
  • GDPR/UK addendum (if applicable): consent (Art. 6(1)(a)), contract (b), legal obligation (c), legitimate interests (f) with balancing tests. Special-category data is not sought; if exceptionally required, we will apply an appropriate Article 9 condition or avoid collection.

Purpose of Processing

OBSERVE: We process data to deliver a safe, lawful, and reliable crypto gaming service. EXPAND: We minimize personal information and use technical safeguards. REFLECT: Each use is tied to clear purposes and retention.

  • Provide and operate the casino: account creation, eligibility checks, gameplay, fairness assurance, service communications.
  • Payments and withdrawals: verifying ownership, processing transfers, preventing chargebacks, resolving payment issues.
  • Security and fraud prevention: detect bots, abuse and multi-accounting, AML screening, risk modeling, incident response.
  • Compliance: meet licensing/AML/recordkeeping duties, dispute handling, audit trails, regulator inquiries.
  • Analytics and service improvement: performance metrics, feature usage, troubleshooting, A/B testing with privacy safeguards.
  • Marketing (with consent): newsletters, promotions, surveys, affiliate attribution, frequency capping, preference management.
  • Responsible gaming: enforcing limits, cool-offs/self-exclusion, and supportive messaging.

Disclosure & Sharing

OBSERVE: We disclose personal information only as needed and with safeguards. EXPAND: We use vetted providers under contracts that protect your data. REFLECT: We do not sell personal information.

  • Payment and blockchain partners: payment processors, wallet infrastructure, on/off-ramp services, and fraud/chargeback providers.
  • Verification and compliance vendors: KYC/AML screening, sanctions/PEP checks, geolocation consistency, device fingerprinting where lawful.
  • Hosting and security providers: cloud hosting, CDN, DDoS protection, logging, and monitoring services.
  • Analytics and marketing (with consent where required): analytics platforms, email/SMS providers, A/B testing tools, affiliate networks, ad platforms (for non-essential tracking, consent-based).
  • Corporate and professional services: auditors, legal counsel, accountants, insurance, and advisors bound by confidentiality.
  • Regulators and law enforcement: gaming authorities, FINTRAC, and competent authorities when legally required or permitted to prevent unlawful activity.
  • Corporate transactions: mergers, acquisitions, or reorganization, subject to confidentiality and continued protection of personal information.

Protective clauses: We require service providers to follow written data protection terms, process data only on our instructions, and implement appropriate security. We do not permit re-selling of your data.

International Transfers

OBSERVE: Our operator is established in Curaçao and uses global service providers. EXPAND: Data may be transferred to Curaçao, Canada, the EEA/UK, and the United States (or other locations of vetted vendors). REFLECT: We use contractual and technical safeguards for cross-border transfers.

  • Safeguards: Standard Contractual Clauses (EU) and UK IDTA/Addendum where applicable; transfer risk assessments; Quebec Law 25 transfer assessments; encryption in transit/at rest; access controls.
  • US providers: preference for vendors participating in the EU-US Data Privacy Framework (if relevant to EEA data) or bound by SCCs and equivalent protections.
  • Notice: Different countries may have different laws; we ensure comparable protection through contracts and technical measures.

Data Retention

OBSERVE: We keep data only as long as necessary. EXPAND: Legal/AML rules may require minimum retention periods. REFLECT: When retention ends, we securely delete or anonymize.

  • Account and identity data: for the life of your account and typically 5 years after closure to meet AML, fraud, and recordkeeping obligations (e.g., PCMLTFA/FINTRAC). Where longer is required by law or for dispute resolution, we retain as needed and then delete/anonymize.
  • KYC/AML records and transaction records: minimum 5 years from the date of the transaction or the end of the relationship, per applicable AML laws.
  • Gameplay and audit logs: 5 years after account closure unless needed longer for regulatory purposes.
  • Technical logs (security/operational): 12-24 months depending on purpose, unless required longer for investigations.
  • Marketing data: until you withdraw consent or 24 months of inactivity, whichever occurs first, unless a longer period is legally permissible and disclosed.
  • Cookies: session cookies expire when you close your browser; persistent cookies last 1-24 months unless you delete them sooner.

Deletion criteria: request granted, expiry of legal obligations, end of purpose, or successful anonymization.

Your Rights

OBSERVE: Your rights depend on your residence and applicable law. EXPAND: We honor Canadian rights and, where applicable, GDPR/UK and Mexican rights. REFLECT: We provide accessible processes, free of charge, with verification and timely responses.

Canada (PIPEDA and applicable provincial laws, e.g., Quebec Law 25, BC/AB PIPA)

  • Access: request a copy of your personal information and information about how it is used/disclosed.
  • Correction: request corrections for inaccuracies or add a statement of disagreement.
  • Withdrawal of consent: opt out of marketing and, where applicable, withdraw consent for non-essential processing, subject to legal/contractual limits.
  • Portability (Quebec Law 25): where technically feasible, receive certain data in a structured, commonly used format.
  • Restriction/objection: request limits on processing where permitted by law (e.g., for analytics/advertising).
  • Breach notification: you will be notified of security incidents posing a real risk of significant harm, and regulators will be informed as required.

EEA/UK (if GDPR/UK GDPR applies to you)

  • Rights of access, rectification, erasure, restriction, objection, and portability; right to withdraw consent; and the right to lodge a complaint with your supervisory authority.

Mexico (if you are a resident using our services)

  • ARCO rights under LFPDPPP: Access, Rectification, Cancellation, and Opposition, plus withdrawal of consent and limitation of disclosure.

How to exercise your rights

  1. Submit a request: email [email protected] with your account ID and the right you wish to exercise.
  2. Identity verification: we may request limited information to verify your identity before acting on your request.
  3. Response time: we aim to respond within 30 days (with a possible 30-day extension where permitted; we will notify you of any extension and reasons).
  4. Fees: requests are free of charge unless manifestly unfounded or excessive, in which case a reasonable fee may apply as permitted by law.

Cookies & Tracking Technologies

OBSERVE: Cookies help our site function and improve. EXPAND: We categorize cookies by purpose and duration and offer control options. REFLECT: Non-essential cookies are subject to your consent.

  • Session cookies (functional/security): keep you logged in, maintain session integrity; expire when you close the browser.
  • Persistent cookies (preferences/analytics): remember settings, measure performance; last 1-24 months unless deleted.
  • Third-party cookies/SDKs (analytics/advertising): aggregate usage metrics, affiliate attribution, limited advertising; set only with your consent where required.

Managing cookies: use your browser settings to block/delete cookies; adjust preferences in our cookie banner or account privacy panel (where available). Blocking some cookies may reduce functionality.

Data Security

OBSERVE: We apply layered security to protect personal information. EXPAND: Controls cover people, processes, and technology. REFLECT: While no system is perfect, we continuously improve and respond to incidents promptly.

  • Encryption: TLS 1.2+ in transit; strong encryption (e.g., AES-256) for sensitive data at rest.
  • Access controls: least-privilege access, MFA for administrators, role-based permissions, logging and monitoring.
  • Secure development: code reviews, dependency scanning, vulnerability management, change control.
  • Operational defenses: WAF/CDN, DDoS protection, intrusion detection, integrity monitoring, backups and disaster recovery testing.
  • Third-party risk: vendor due diligence, contractual security obligations, ongoing oversight.
  • Staff training: security and privacy awareness, acceptable use, phishing simulations, need-to-know handling.
  • Audits and testing: periodic security assessments and penetration testing; controls aligned with ISO/IEC 27001 and SOC 2 principles (no certification claimed unless expressly stated on our site).
  • Incident response: formal procedures for detection, containment, eradication, and recovery; breach notifications to regulators and affected individuals where required by law.

Complaints & Contacts

OBSERVE: You should be able to reach us easily and escalate concerns if unresolved. EXPAND: We provide direct channels and regulator contacts. REFLECT: We respond promptly and cooperate with authorities.

Contact us first

  • DPO/Privacy Team: [email protected]
  • Postal (privacy): Data Protection Officer, MuchGaming B.V., Curaçao (full registered address provided upon verified request)
  1. Step 1: Send your concern to our DPO with details and your account ID.
  2. Step 2: We will acknowledge receipt within 7 days and aim to resolve within 30 days.
  3. Step 3: If more time is needed, we will explain why and provide a new timeline.

Escalation to supervisory authorities

  • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/report-a-concern/
  • Quebec (Commission d'accès à l'information): https://www.cai.gouv.qc.ca/
  • British Columbia (OIPC): https://www.oipc.bc.ca/
  • Alberta (OIPC): https://www.oipc.ab.ca/
  • EEA/UK (if GDPR/UK GDPR applies): contact your local authority via https://edpb.europa.eu/about-edpb/board/members_en
  • Mexico (if applicable): INAI - https://www.inai.org.mx/

Updates

OBSERVE: Privacy laws and our services evolve. EXPAND: We will notify you of material updates in advance. REFLECT: Your continued use after notice means you accept the updated policy unless you object and close your account.

  • Notifications: email, website banner, and/or in-account alerts for significant changes.
  • Advance notice: at least 30 days before changes that materially affect your rights or how we use your data (unless immediate changes are required by law or security).
  • Version control: this policy shows the effective date and a summary of material changes.
  • Your options: review changes, update your preferences, withdraw consent for marketing, or close your account if you do not agree.

Last updated: October 2025

Changelog (material changes):

  • October 2025: CA-focused policy issued; clarified AML retention (5 years), added Quebec Law 25 portability, expanded cross-border transfer safeguards, and formalized breach notification language.

Regional compliance note: This policy is designed for Canada (PIPEDA and applicable provincial laws), with additional rights pathways for EEA/UK and Mexico users when those laws apply to you.