Betty Casino Privacy Policy

General provisions and scope

This Betty Casino Privacy Policy sets out the rules governing the collection, use, disclosure, retention, and safeguarding of personal data in connection with the website callforbids.ca/privacy-policy and related services. The data controller determines the purposes and means of data processing and administers internal controls intended to support personal data protection. The policy is drafted for Canada and is intended to align with applicable federal and provincial privacy requirements, including the Personal Information Protection and Electronic Documents Act and substantially similar provincial statutes where applicable. Where operations involve individuals located in other jurisdictions, GDPR principles such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability are applied as an interpretive baseline. This document applies to privacy, users interactions, account functions, payments, verification processes, and technical communications initiated through the website. The scope is limited to processing activities undertaken by or on behalf of the data controller and does not extend to independent third party sites accessible via links.

Regulatory framework and roles

Canadian privacy compliance is addressed through an accountability based program that assigns responsibilities for data security, incident management, vendor oversight, and rights handling. The data controller may appoint an internal privacy contact and may rely on service providers as processors acting under contractual instructions, confidentiality obligations, and security commitments. Regulatory requirements are interpreted in a manner consistent with reasonable purposes, consent management, and safeguards appropriate to the sensitivity of personal data. Where a provincial regulator or the Office of the Privacy Commissioner of Canada establishes guidance, the data controller considers such guidance within risk based assessments. Casino Betty related operations that involve identity verification and payment processing are treated as higher sensitivity activities for the purpose of administrative and technical controls. When personal data is processed for legal compliance, record keeping, or dispute management, such processing is performed in accordance with statutory requirements and defensible retention practices.

Categories of personal data

Personal data processed may include identification data such as name, date of birth, nationality, and government issued identifiers where legally required for verification. Registration data may include email address, telephone number, residential address, account preferences, consent status, and jurisdictional eligibility information. Login details may include username, password hashes, multi factor authentication status, and security questions, with plain text passwords not retained as a matter of policy. Financial data may include payment card tokens, bank identifiers necessary for withdrawals, transaction references, deposit and withdrawal history, and payment risk indicators, noting that full card numbers are typically processed by specialized providers rather than stored by the data controller. Technical data may include IP address, device identifiers, approximate location derived from network information, log files, and event records related to session integrity and fraud prevention. Communications data may include support correspondence, complaint records, and verification communications.

Methods of data collection

Personal data is collected through operational steps such as account creation, identity checks, customer support interactions, deposit and withdrawal processing, and responsible gaming related assessments. Automated collection occurs through files generated by servers and applications, including log files and security telemetry that record access events and error conditions. Cookies and similar technologies may collect technical identifiers and usage patterns to maintain sessions, support security, and measure service performance. Third party sources may provide verification results and payment confirmations, including confirmation that submitted identification data matches reference datasets, subject to lawful authorization and contractual controls. Casino Betty may also receive limited personal data from affiliates or marketing partners only where valid consent or another lawful basis is established and where notices have been provided. The data controller undertakes to avoid collecting personal data that is not reasonably necessary for the stated purposes and may request additional information only where verification, fraud prevention, or legal obligations make it proportionate.

Betty Casino Privacy Policy for legal bases of processing

This section describes the legal bases relied upon under the Betty Casino Privacy Policy, interpreted for Canada with reference to GDPR principles where relevant to transparency. Consent is used where the processing is not strictly necessary for providing the service, such as optional communications preferences and certain cookies that are not strictly required for core functionality. Contractual necessity is relied upon for data processing needed to establish and administer an account, process transactions, provide customer support, and maintain account security. Legal obligation may apply where identity verification, anti fraud controls, tax reporting, or other statutory requirements require collection and retention of specified personal data. Legitimate interests may be relied upon for security monitoring, system integrity, fraud detection, auditing, and service improvement, provided that such interests are balanced against privacy expectations and appropriate safeguards are applied. Where sensitive or high risk processing occurs, the data controller implements enhanced review measures, including access restrictions and documentation of the justification.

Purposes of data processing and operational use

Data processing is carried out to provide access to the platform, to administer registration data, and to manage account status including eligibility checks and restrictions where required. Identification data is processed to verify age, identity, and jurisdictional eligibility, and to comply with anti fraud and anti money laundering expectations in the iGaming context. Financial data is processed to accept deposits, execute withdrawals, reconcile transactions, manage chargebacks, and detect payment anomalies, while minimizing storage of raw payment credentials through tokenization practices. Login details and technical data are processed to authenticate sessions, prevent account takeover, maintain service availability, and investigate suspected unauthorized access. Files generated by systems, including log files, are used for debugging, security monitoring, and to demonstrate accountability in the event of an inquiry. Casino Betty may process personal data to respond to legal claims, to manage disputes, and to maintain records of consent and preferences.

Data retention policy and storage limitation

Retention is defined as the period during which personal data remains identifiable and accessible in operational systems, archives, or backups. Account related records are generally retained for as long as the account remains active and for up to 7 years after closure where required for financial record keeping, regulatory expectations, or dispute management, subject to applicable law. Verification records may be retained for 5 years after the completion of verification or the last relevant transaction where retention supports compliance, fraud prevention, or audit readiness. Security related logs may be retained for 180 days in active systems, with longer retention in restricted archives where necessary to investigate incidents or patterns of abuse. Support communications may be retained for 24 months to maintain continuity and evidence handling, after which records are anonymized or securely deleted unless a legal hold applies. Where de identification is feasible, the data controller may convert personal data into aggregated or anonymized forms to support analytics without retaining identifiable elements.

Disclosure, sharing, and onward processing

Personal data may be disclosed to processors that provide hosting, identity verification, payment processing, customer support tooling, analytics, and security monitoring, subject to contractual requirements consistent with confidentiality and data security. Disclosures to professional advisers, including legal counsel and auditors, may occur where necessary to establish, exercise, or defend legal rights and to satisfy compliance obligations. Information may be shared with banks, payment networks, and fraud prevention partners for the purpose of transaction execution and risk management, with limitations applied to what is reasonably required. Regulatory disclosures may occur to competent authorities where legally required, including in response to lawful requests, court orders, or statutory reporting duties. The data controller does not sell personal data as a commercial asset, and any sharing is structured around defined purposes and restrictions. Casino Betty applies due diligence to vendors and seeks assurances regarding sub processing, incident notification, and the handling of personal data in accordance with contractual instructions.

International transfers and cross border processing

Cross border processing may occur when service providers or their infrastructure are located outside Canada, including in the United States or other jurisdictions relevant to cloud hosting and specialized verification services. Where transfers occur, the data controller applies contractual and organizational safeguards designed to provide a level of protection comparable to Canadian expectations, taking into account the sensitivity of personal data and the nature of the processing. Transfer risk assessments may consider the laws of the destination jurisdiction and the practical ability to enforce contractual commitments. Where GDPR principles are applied as an additional benchmark, measures such as purpose limitation, minimization, access controls, and documented instructions to processors are implemented. If a processor engages sub processors, the data controller seeks to ensure equivalent protections, including confidentiality obligations and defined retention and deletion commitments. Casino Betty maintains records of material cross border arrangements to support transparency and accountability.

Security measures and incident management

Data security is addressed through administrative, technical, and physical measures designed to protect personal data against loss, theft, unauthorized access, disclosure, copying, use, or modification. Technical safeguards may include encryption in transit using modern cryptographic protocols, encryption at rest for certain datasets, and key management controls appropriate to risk. Access controls apply role based permissions, authentication hardening, and monitoring intended to reduce exposure of identification data, financial data, and login details. Organizational safeguards include staff confidentiality commitments, training, segregation of duties, and periodic review of access rights, with changes applied within 72 hours of role changes where feasible. Vulnerability management may include patching, secure configuration baselines, and security testing, and the data controller may track remediation completion targets such as 95% of critical patches applied within 14 days. Incident response procedures include assessment, containment, eradication, recovery, and post incident review, and notifications are issued where required by applicable law or where risk to individuals warrants prompt communication.

Rights of individuals and procedural guarantees

Rights based framing is reflected in the ability of individuals to seek access to personal data and to obtain information about data processing practices, subject to lawful limitations and identity verification. The right of access may be exercised to obtain a copy of relevant personal data and an explanation of how it has been used and disclosed, with reasonable exclusions for privileged materials, security sensitive information, or the personal data of others. Individuals may request correction of inaccurate or incomplete personal data, and the data controller may require supporting documentation where the correction relates to identification data used for verification. Where consent is the basis for processing, consent may be withdrawn at any time with prospective effect, recognizing that withdrawal may limit certain services without affecting prior lawful processing. Where applicable, individuals may request deletion, anonymization, or restriction of processing, taking account of statutory retention requirements and legitimate interests such as fraud prevention. Requests are handled within 30 days in ordinary circumstances, with extensions permitted where complexity or volume requires additional time, and explanations are provided where access cannot be granted.

Identity verification for rights requests

Operational explanation applies to the handling of requests to ensure that personal data is disclosed only to the correct individual and to prevent social engineering attempts. The data controller may request validation of login details, confirmation of registration data, or additional identification data proportionate to the sensitivity of the requested materials. Where a representative submits a request, written authorization and verification of the representative’s identity may be required. If verification cannot be reasonably completed, the request may be paused or refused with an explanation consistent with applicable law. Records of requests and responses may be retained for 3 years to demonstrate compliance and to manage repeated or abusive requests. Casino Betty applies minimized disclosure practices during verification to avoid collecting unnecessary information.

Complaints and regulatory recourse

Regulatory framing applies to the complaint handling process and the availability of recourse through competent authorities. Individuals may submit privacy complaints to the data controller for internal review, including concerns about data processing, security, access, correction, or consent management. The data controller documents investigations and outcomes and may request additional context to evaluate allegations and remedial steps. Where an individual remains dissatisfied, a complaint may be filed with the Office of the Privacy Commissioner of Canada or a relevant provincial authority, depending on jurisdiction. The data controller cooperates with lawful investigations and maintains records sufficient to demonstrate accountability. Casino Betty treats complaint handling as a controlled process designed to protect confidentiality and to ensure consistent application of privacy standards.

Cookies and tracking technologies

This section begins with a definitional statement that cookies are small files placed on a device and that similar technologies may record identifiers to support session management and other functions. Strictly necessary cookies may be used to enable authentication, maintain account state, support security controls, and prevent fraudulent access attempts. Preference cookies may store selected settings, language choices, and consent status, reducing repeated prompts and supporting consistent user experience. Analytics cookies may be used to understand service performance and detect malfunction patterns, with configuration designed to minimize personal data and to avoid unnecessary profiling. Where consent is required, cookies are activated after consent is recorded, and consent can be managed through available settings, recognizing that disabling certain cookies may affect functionality. Casino Betty retains cookie related identifiers for durations aligned to purpose, such as session cookies that expire at browser close and persistent cookies that may remain for up to 12 months unless cleared earlier.

Cookie related data processing controls

Operational measures are applied to limit access to cookie derived data and to separate it from identity information where feasible. Identifiers collected via cookies may be treated as personal data when they can be linked to an individual account or device and are protected accordingly. The data controller reviews third party cookie usage and seeks contractual commitments where third parties act as processors rather than independent controllers. Logs and consent records are maintained to demonstrate that data processing aligned with recorded choices, including time stamps and applicable configuration versions. Where analytics are used, settings may be configured to reduce precision of location and to limit retention of raw event data. Casino Betty applies periodic reviews to ensure that cookie purposes remain proportionate and consistent with disclosed practices.

Betty Casino Privacy Policy regarding children and age limitation

The Betty Casino Privacy Policy is implemented on the basis that services are not intended for individuals below the applicable legal gambling age in the relevant jurisdiction. Age verification measures are applied during registration and may be repeated when risk signals or regulatory requirements indicate the need for re verification. Where personal data is suspected to relate to an underage individual, processing may be limited, the account may be restricted, and reasonable steps may be taken to delete or de identify data unless retention is required to prevent fraud or to comply with legal obligations. The data controller does not knowingly collect personal data from children for marketing or profiling purposes. Any incidental collection identified through support interactions is handled through controlled escalation and minimization procedures. Casino Betty retains records of age verification outcomes for periods consistent with compliance and dispute resolution, subject to storage limitation principles.

Contact channels and data request procedures

Requests relating to privacy, personal data, or this policy are handled through documented procedures intended to ensure timely, consistent, and secure responses. Communications should include sufficient information to locate the relevant account, such as registration data and the email address used for login, while avoiding unnecessary disclosure of sensitive financial data. The data controller may provide secure channels for exchanging verification documents, and files submitted for verification are restricted to authorized personnel. Where a request concerns transactions, the data controller may require transaction references or dates to locate records efficiently and to reduce over collection. The response process includes intake, identity verification, internal search, review for exemptions, preparation of materials, and delivery through secure means. Casino Betty aims to resolve routine inquiries within 10 business days where feasible, while formal rights requests follow the applicable 30 day standard subject to lawful extensions.

Amendments, governance, and compliance commitment

This concluding section is governed by the accountability principle and confirms that the data controller maintains an ongoing privacy management program designed to support personal data protection in Canada. The Betty Casino Privacy Policy is reviewed when there are material changes to data processing, introduction of new technologies such as revised cookies configurations, changes in vendors, or developments in legal requirements and regulatory guidance. Amendments may be made to reflect operational changes, including new verification methods, revised retention schedules, or updated security controls, and the effective date is updated accordingly within internal governance records. Where changes materially affect rights or the manner in which personal data is used, reasonable notice is provided through the website or account communications prior to implementation, except where immediate changes are required for security or legal compliance. Continued use of the services after the effective date indicates that the updated policy applies to ongoing processing, while previously collected personal data remains subject to the version in effect at the time of collection where required by law. The data controller maintains documentation of approvals, risk assessments, and version history, and compliance monitoring includes periodic audits and vendor reviews at least once every 18 months. This section also confirms that requests and complaints are handled in accordance with the procedures described above and that incident response practices are maintained to preserve confidentiality and integrity. Casino Betty commits to transparent handling of personal data, to lawful and proportionate data processing, and to implementing safeguards consistent with evolving standards and reasonable expectations, including applicable GDPR principles where relevant for cross border contexts.