Introduction

Casumo Holding, operating casumo sister sites (the “Website”), is the controller of your personal data — meaning we decide how your personal information is processed. We have a Privacy Officer responsible for this notice. For any questions, or to exercise your privacy rights, contact us at [email protected].

We may share personal data with third-party service providers such as banks, payment providers and others, as described below.

This notice explains what we collect, how and why we use it, who we share it with, and your rights under Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy laws.

What Information We Collect

Personal data means information about an identifiable individual. To provide our services we may collect, use, store and transfer:

• General information — full name, address, email, date of birth, phone number, and nationality.
• Identification details — copies of your ID or passport, government-issued ID numbers, and photographs used to verify you.
• Financial information — bank account and card details, and source-of-funds/source-of-wealth information.
• Technical information — IP address, device, browser and network data, and information about how you use the Website (collected partly through cookies — see our Cookie Policy).

We may also obtain information about you from affiliates and advertisers, credit reference and identity-verification agencies (to confirm your identity, assess risk and prevent fraud), publicly available sources, and anti-fraud databases used by the gaming industry.

If you don’t provide information we need by law or to deliver our services (for example, verification documents), we may be unable to provide services to you and may have to close your Account.

How and Why We Use Your Information

We use your information to provide our services and fulfil our agreement with you (account management, deposits and withdrawals, gameplay), for risk assessment and fraud prevention, sanctions checks, payment collection, and statistical analysis to improve our products. As part of this, we use automated tools, including AI, to help detect suspicious activity.

We rely on the following bases for processing, consistent with PIPEDA and applicable provincial law:

• Performance of our agreement with you — to operate your Account and enable play.
• Our legitimate business interests — improving services, fraud prevention, risk modelling, research and analysis, where these don’t override your rights.
• Legal and regulatory obligations — including anti-money-laundering (AML) and counter-terrorist-financing (CTF) requirements and sharing information with regulators.
• Your consent — including for marketing and advertising, which you may withdraw at any time.

More sensitive information (such as health data, where relevant) is processed only with your explicit consent, where necessary to establish or defend legal claims, or where otherwise permitted by law.

Who We Share It With

Where necessary, we share your information with: other companies within our group providing operational support (IT, legal, finance, risk and compliance, CRM); carefully appointed service providers (payment processors, administrative and verification services); anti-fraud and AML databases; professional advisors; regulators, law-enforcement and other bodies where required or permitted by law; another company if our business is sold or reorganised (under confidentiality); credit reference agencies; and any third party you have authorised.

We require all third parties to protect your data and process it only on our instructions under contract. We do not sell your personal data.

International Transfers

We and our service providers may transfer and process your personal data outside Canada. Where we do, we put safeguards in place to ensure it receives a comparable level of protection consistent with Canadian privacy law.

Data Security and Retention

We use appropriate security measures to protect your data against loss, misuse or unauthorised access, and limit access to those with a business need. We have procedures to handle data breaches and will notify you and any applicable regulator where required.

We keep your personal data only as long as reasonably necessary for the purposes we collected it, including legal, regulatory, tax and accounting requirements, and may retain it longer where there is a complaint or potential litigation.

Your Privacy Rights

Subject to applicable law, you have the right to: access the personal information we hold about you; request correction of inaccurate or incomplete data; request deletion in certain circumstances; withdraw consent to processing based on consent (including marketing); object to or restrict certain processing; and request portability of information you provided to us, in a usable format. To exercise any of these, contact us at [email protected].

How to Complain

If you have concerns about how we use your data, please contact us first at [email protected] so we can try to resolve it.

If you remain unsatisfied, you may complain to the relevant privacy authority:

• Federal (Canada): Office of the Privacy Commissioner of Canada (OPC) — https://www.priv.gc.ca
• Quebec: Commission d’accès à l’information (CAI)
• British Columbia / Alberta: the Office of the Information and Privacy Commissioner (OIPC) for your province