Quick Navigation
1 Who We Are
Coin Casino operates coin-casino-canada.com and is the data controller responsible for the personal information you provide to us. We hold a Curaçao gaming licence (MGA/CRP/7823/2025) and operate our platform in accordance with applicable data protection standards, including the principles of the General Data Protection Regulation (GDPR) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
This Privacy Policy applies to all personal data collected through our website, mobile platform, live chat, email communications, and any other channel through which you interact with us. By registering an account or continuing to use our services, you confirm that you have read and understood this policy. Questions or concerns? Contact our privacy team at [email protected].
2 What Data We Collect
We collect only the data that is necessary to provide you with a secure, legal, and enjoyable casino experience. Here is a breakdown of the categories of personal data we process:
Registration Information
Full legal name, date of birth, residential address, email address, phone number, username, and password (stored encrypted). Collected when you create your account.
Payment Information
Transaction history, deposit/withdrawal amounts, payment method type (e.g. Visa, Interac, crypto wallet address). We do not store full card numbers — those are processed by PCI-DSS compliant payment partners.
Gameplay Data
Game sessions, bets placed, wins and losses, game types played, active bonus data, and responsible gaming tool settings. Used for account management, regulatory compliance, and responsible gaming monitoring.
Technical & Device Data
IP address, browser type and version, operating system, device type, screen resolution, session timestamps, and referring URL. Collected automatically when you access our platform.
Identity Verification (KYC)
Government-issued ID documents (passport, driving licence), proof of address documents, selfie/liveness check data, and proof of payment method. Required under AML regulations before withdrawals are processed.
Communications Data
Live chat transcripts, support emails, survey responses, and promotional opt-in preferences. Kept to maintain a record of our communications and resolve disputes.
3 How We Use Your Data
We use your personal data for the following purposes. Each use is matched to a legal basis in Section 4 below.
-
Account Management
Creating, maintaining, and securing your player account. Verifying your identity and age. Processing deposits, withdrawals, and balance management.
-
Legal and Regulatory Compliance
Meeting our obligations under anti-money laundering (AML) regulations, Know Your Customer (KYC) requirements, responsible gaming legislation, and our gaming licence conditions.
-
Fraud Prevention and Security
Detecting and preventing fraudulent transactions, bonus abuse, multi-accounting, and other violations of our Terms. Protecting the integrity of our platform and the funds of all players.
-
Service Improvement
Analysing anonymised usage patterns to improve site functionality, game selection, payment options, and overall player experience. No identifiable personal data is used for this purpose.
-
Customer Support
Processing and responding to your support requests, complaints, and general enquiries.
-
Marketing and Promotions
Sending you promotional emails, bonus notifications, and personalised offers — but only where you have given us explicit consent to do so. You can withdraw consent at any time by clicking 'Unsubscribe' in any marketing email or via your account settings.
-
Responsible Gaming Monitoring
Monitoring gameplay patterns to identify potential problem gambling indicators. This is done in your interest, in line with our responsible gaming obligations.
4 Legal Basis for Processing
We process your personal data on the following legal bases under applicable data protection law:
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Performance of contract |
| KYC / Age verification | Legal obligation |
| AML / Fraud prevention | Legal obligation + Legitimate interests |
| Processing transactions | Performance of contract |
| Responsible gaming monitoring | Legal obligation + Legitimate interests |
| Marketing communications | Consent |
| Platform analytics (anonymised) | Legitimate interests |
| Customer support | Performance of contract + Legitimate interests |
5 Data Retention
We retain your personal data for as long as necessary to fulfil the purposes set out in this policy and to meet our legal obligations. Here is a summary of our standard retention periods:
| Data Type | Retention Period |
|---|---|
| Account registration data | 5 years after account closure |
| KYC / Identity documents | 5 years after account closure (AML requirement) |
| Transaction records | 5 years (financial regulation) |
| Gameplay logs | 2 years |
| Support chat / email logs | 2 years |
| Marketing consent records | Until consent withdrawn + 1 year |
| Website cookies (analytics) | Up to 13 months |
After the retention period expires, we securely delete or anonymise your data so it can no longer be linked to you as an individual. Where deletion is not immediately possible (e.g. data held in backup systems), the data remains protected and is excluded from further active processing until deletion is complete.
7 Third-Party Data Sharing
We do not sell your personal data to third parties. Full stop. We may share your data with carefully selected third parties only where necessary to operate our services or comply with legal obligations. Every third party we engage with is contractually bound to handle your data in accordance with applicable data protection law and our data processing agreements.
The categories of third parties we may share data with include: payment processors and financial institutions (for transaction processing and fraud checks), identity verification providers (for KYC/AML compliance), game providers (to validate game results and resolve disputes), cloud hosting and infrastructure providers (for secure data storage), analytics providers (anonymised data only), and regulatory authorities or law enforcement agencies (where we are legally required to disclose information, e.g. under anti-money laundering laws, court order, or licence conditions).
We never share your data with third-party advertisers or data brokers for the purpose of selling advertising audiences. Where we engage marketing analytics tools, those tools receive only aggregated, non-identifiable information.
8 Your Rights
Under applicable data protection legislation, including PIPEDA and GDPR principles, you have the following rights regarding your personal data. We take all rights requests seriously and aim to respond within 30 days:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data where we no longer have a legal basis to retain it. Note that data subject to AML retention obligations cannot be deleted early.
Right to Restriction
Ask us to limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format for transfer to another controller.
Right to Object
Object to processing based on legitimate interests, including profiling.
Right to Withdraw Consent
Withdraw any consent you have given at any time, without affecting the lawfulness of processing based on consent before withdrawal.
Right to Complain
Lodge a complaint with your relevant data protection authority if you believe we have mishandled your data.
To exercise any of these rights, email us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most rights requests.
9 Data Security
We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include: TLS/SSL encryption for all data in transit, AES-256 encryption for data at rest, multi-factor authentication for administrative access, regular penetration testing and security audits, strict access controls on a need-to-know basis, and continuous monitoring for suspicious activity.
Despite these measures, no system is entirely impenetrable. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and take all reasonable steps to contain and remediate the breach. We will also notify the relevant supervisory authorities as required by law.
10 International Data Transfers
As an international operator, your personal data may be processed in countries outside Canada or the European Economic Area. Where we transfer data internationally, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses approved by relevant data protection authorities, or transfers to countries recognised as providing an adequate level of data protection.
You may request further information about our international transfer mechanisms by contacting our privacy team at [email protected].
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by email and display a prominent notice on the site before the changes take effect. The date of the most recent update is shown at the top of this page. We encourage you to review this policy periodically.
12 Contact Our Privacy Team
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us. We aim to respond to all privacy-related enquiries within 5 business days.