burger icon
CanPlay Casino
Log In

Privacy Policy

This Privacy Policy explains how can-play-casino, available at https://canplay777-ca.com, collects, uses, discloses, retains, and protects personal information. It applies to players and website/app visitors who access our services. Effective date: 23 October 2025.

Who We Are

OBSERVE: Users need to know the operator, contact channels, and accountability. Available corporate fields are not yet specified in our records.

EXPAND: Canadian privacy law (PIPEDA and applicable provincial acts) requires identifying the organization responsible and a contact for privacy matters.

REFLECT: can-play-casino operates through the domain https://canplay777-ca.com for Canada. The operator's full legal name, legal address, and registration details will be published once finalized and will be incorporated into this policy.

  • Controller/Operator: can-play-casino (operating via canplay777-ca.com). Full legal entity details: to be published.
  • Privacy contact (DPO/Data Protection Team): Use the Support/Help channel available on https://canplay777-ca.com to submit privacy requests and complaints. Phone and email contacts will be added once available.
  • Mailing address: To be published; until then, please use the online Support/Help channel.

What Personal Data We Collect

OBSERVE: We collect information necessary to deliver regulated gaming, payment, security, and support services.

EXPAND: Categories reflect PIPEDA principles, AML/KYC obligations, fraud prevention, and service improvement needs.

REFLECT: We collect the following categories (as applicable to your use):

  • Identity and contact data: full name, date of birth, address, email, phone, government ID data (for KYC), account identifiers, and verification records.
  • Account and behavioral data: gameplay/betting history, deposits/withdrawals, session lengths, preferences, clicks/navigation, communications with support, responsible-gaming settings (limits, self-exclusion).
  • Payment data: masked card/bank details, payment tokens, transaction metadata, chargeback and payout records.
  • Technical data: IP address, device and browser data, OS, app version, language, time zone, cookies, SDK identifiers, log files, approximate location derived from IP.
  • Compliance and risk data: sanctions/PEP screening results, fraud signals, dispute/chargeback files, suspicious activity reports (where required by law).
  • Marketing and consent data: newsletter and promo opt-ins, communication preferences, consent logs, campaign attribution.
  • Cookies and similar technologies: session, persistent, and third-party cookies; pixels; local storage; analytics tags.

Legal Basis for Processing

OBSERVE: Canadian frameworks emphasize consent and appropriate purposes; gaming also triggers AML/recordkeeping duties. International users may be covered by GDPR/Mexico LFPDPPP.

EXPAND: We map each activity to a lawful basis and minimize data use.

REFLECT: Our legal grounds include:

  • Consent (PIPEDA and CASL; GDPR Art. 6(1)(a)): marketing communications, non-essential cookies, certain profiling. You may withdraw consent at any time (without affecting prior lawful processing).
  • Contractual necessity (GDPR Art. 6(1)(b)) / Reasonable purposes under PIPEDA: account creation, identity verification for account operation, processing deposits/withdrawals, enabling gameplay, customer support, service notices.
  • Legal obligations (GDPR Art. 6(1)(c)): KYC/AML screening and recordkeeping under Canada's PCMLTFA/FINTRAC guidance, tax/reporting duties, security breach notification obligations, regulator requests.
  • Legitimate interests (GDPR Art. 6(1)(f)) / Appropriate purposes (PIPEDA): fraud detection, service analytics, network and information security, product improvement, prevention of abusive use-balanced against your privacy rights.
  • Mexico (if you are located in Mexico - LFPDPPP): processing pursuant to ARCO principles with consent where required and permitted business purposes under applicable law.

Purpose of Processing

OBSERVE: Gaming operations require identity checks, secure payments, and fair play monitoring.

EXPAND: Purposes align with transparency and data minimization principles.

REFLECT: We use personal data to:

  • Provide and operate services: create/manage accounts, verify identity, enable gameplay, process deposits/withdrawals, deliver support, honor self-exclusion and limits.
  • Compliance and risk management: perform KYC/AML checks, monitor for suspicious activity, maintain regulatory logs, meet reporting obligations.
  • Security and integrity: detect/prevent fraud and abuse, ensure system reliability, enforce terms.
  • Improvement and analytics: analyze performance and usage, fix bugs, optimize user experience, evaluate new features.
  • Marketing (with consent where required): send promotions and offers, personalize content, manage preferences and opt-outs.
  • Business administration: accounting, audits, incident handling, dispute resolution, and exercise/defense of legal claims.

Disclosure & Sharing

OBSERVE: Data may be shared with vendors and authorities under contract or law.

EXPAND: We use contracts, confidentiality, and security controls with service providers.

REFLECT: We may disclose personal data to:

  • Payment partners and banks: to process deposits/withdrawals, handle chargebacks, and prevent fraud.
  • Identity/KYC/AML and fraud vendors: to verify identity, conduct screening, and detect suspicious activity.
  • IT and cloud providers: hosting, storage, communications, analytics, customer support tools (as processors under our instructions).
  • Game and platform providers: to enable gameplay features and fair play monitoring.
  • Affiliates and marketing partners: for aggregated analytics; for direct marketing only with your valid consent and in compliance with CASL.
  • Regulators, supervisory authorities, and law enforcement: where required by law, court order, or to protect rights, property, or safety.
  • Professional advisors: auditors, legal counsel, and consultants under confidentiality.
  • Corporate transactions: in mergers, acquisitions, financing, or asset sales, subject to legal safeguards.

International Transfers

OBSERVE: Service providers may be located in Canada, the United States, the EEA/UK, and other jurisdictions.

EXPAND: Cross-border transfers require contractual and technical safeguards.

REFLECT: Where data is transferred outside your province or country, we implement protections appropriate to the destination and law:

  • Canada (PIPEDA/Quebec Law 25): we conduct transfer impact assessments (as applicable) and use contractual, organizational, and technical measures to ensure comparable protection.
  • EEA/UK data (if applicable): EU Standard Contractual Clauses and, for the UK, the ICO IDTA or UK Addendum to the SCCs, plus supplementary measures where needed.
  • United States transfers: contractual safeguards and encryption, with access controls and least-privilege permissions.
  • On request: you may obtain a copy of key transfer safeguards (with redactions for confidentiality).

Data Retention

OBSERVE: Retention reflects legal obligations (e.g., AML) and operational needs.

EXPAND: We keep data only as long as necessary for the stated purposes or legal requirements.

REFLECT: Typical periods (subject to holds for investigations, disputes, or legal requirements):

CategoryRetention
Account and identity (KYC) recordsFor the life of the account plus 5 years (PCMLTFA/FINTRAC requirements)
Transaction and payment recordsAt least 5 years from transaction date (AML/financial recordkeeping)
Gameplay and behavioral logsUp to 5 years after account closure for dispute and regulatory purposes
Support tickets and communications2 years after resolution, unless a dispute/legal hold applies
Marketing preferences and consent logs3 years after last outbound message to demonstrate CASL compliance
Technical logs and telemetry12-24 months, depending on security and operational needs
CookiesPer cookie type; see Cookies section and your browser settings

Deletion occurs upon expiry of the retention period, withdrawal of consent (where applicable), or completion of the processing purpose, subject to legal or regulatory obligations.

Your Rights

OBSERVE: Rights differ by location and law; we provide transparent, no-cost mechanisms.

EXPAND: We verify identity, act promptly, and explain any lawful limitations.

REFLECT: You can submit requests via the Support/Help channel on https://canplay777-ca.com.

  • Canada (PIPEDA; provincial laws where applicable): access your personal information; request corrections; withdraw consent (subject to legal/contractual restrictions and reasonable notice); challenge our compliance; file a complaint. We generally respond within 30 days.
  • EU/EEA (if applicable under GDPR): rights of access, rectification, erasure, restriction, objection (including to profiling), portability, and to withdraw consent; lodge a complaint with your supervisory authority. Response time: one month (extendable per GDPR).
  • Mexico (if applicable under LFPDPPP): ARCO rights (Access, Rectification, Cancellation, Opposition). We follow applicable timelines (generally 20 business days to respond and 15 business days to implement), or 30 days where a unified timeframe applies under this policy.
  • Process: we may request information to verify identity and clarify scope; we will explain reasons if we cannot fulfill a request (e.g., legal/AML obligations, records relating to other individuals, or privileged information).
  • Fees: Requests are free of charge, unless manifestly unfounded or excessive (in which case a reasonable fee may be charged as permitted by law).

Cookies & Tracking Technologies

OBSERVE: Cookies support core functionality, analytics, and advertising.

EXPAND: We separate essential and non-essential uses and provide controls.

REFLECT: Types and purposes:

  • Session cookies: essential site/app functions (login, gameplay continuity); expire when you close the browser/app.
  • Persistent cookies: remember preferences, device trust, and performance settings for a defined period.
  • Third-party cookies/pixels: analytics (e.g., usage measurement) and advertising/retargeting (only with consent where required).
  • Purposes: functional (operate the service), analytics (improve performance), advertising (personalize offers with consent), and security (fraud detection).
  • Controls: manage cookies via your browser/device settings and, where available, our on-site cookie banner/preferences panel. Blocking some cookies may affect functionality.

Data Security

OBSERVE: Gaming platforms require strong safeguards for payments, identity data, and fair play.

EXPAND: We combine technical, organizational, and contractual controls proportionate to the risks.

REFLECT: Key measures include:

  • Encryption: TLS 1.2+ in transit; strong encryption for sensitive data at rest; key management and HSMs where applicable.
  • Access controls: role-based access, MFA for privileged users, least-privilege permissions, secure admin tooling, session management.
  • Secure development and testing: code review, dependency scanning, vulnerability management, change control, and environment segregation.
  • Monitoring and audits: logging, anomaly detection, periodic risk assessments, independent audits where applicable (we align with recognized frameworks such as ISO/IEC 27001 or SOC 2, without implying certification unless expressly stated).
  • Vendor management: data processing agreements, security due diligence, transfer safeguards, and ongoing oversight.
  • Training and awareness: staff privacy/security training and confidentiality commitments.
  • Incident response: documented procedures, rapid containment/notification. Where required by Canadian law (e.g., PIPEDA; Quebec Law 25), we notify regulators and affected individuals of breaches of security safeguards that pose a real risk of significant harm.

Complaints & Contacts

OBSERVE: Users require clear channels and escalation paths.

EXPAND: We provide stepwise resolution and regulatory contacts.

REFLECT: How to contact and escalate:

  1. Contact us: Submit requests or complaints via the Support/Help channel on https://canplay777-ca.com, addressed to the Data Protection Team. Phone/email/postal details will be published when available.
  2. Our response: We acknowledge within 5 business days and aim to resolve within 30 days. If more time is needed, we will inform you of the reason and new timeline.
  3. Escalation (Canada): If unresolved, you may contact the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/ (toll-free 1-800-282-1376; 30 Victoria Street, Gatineau, QC K1A 1H3). Provincial regulators may also assist: Quebec Commission d'accès à l'information (https://www.cai.gouv.qc.ca), OIPC British Columbia (https://www.oipc.bc.ca), OIPC Alberta (https://oipc.ab.ca).
  4. EU/EEA (if applicable): You may complain to your local supervisory authority; see the EDPB list: https://edpb.europa.eu/about-edpb/board/members_en.
  5. Mexico (if applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): https://www.inai.org.mx.

Updates

OBSERVE: Policies evolve with services and law.

EXPAND: We provide transparency, version control, and advance notice for material changes.

REFLECT:

  • Last updated: 23 October 2025.
  • Notification: We will notify you of material changes at least 30 days in advance via email (where available), in-account alerts, and/or website banners on https://canplay777-ca.com.
  • Versioning and changelog: We maintain policy versions and summaries of material changes (e.g., new categories of data, new purposes, new sharing partners, or transfer mechanisms).
  • Your options: If you object to changes that materially affect your rights, you may adjust preferences, withdraw consent (where applicable), or close your account before the effective date, subject to outstanding obligations (e.g., AML, disputes).

If there is any inconsistency between translated versions, the English version governs. This policy applies solely in connection with canplay777-ca.com.