burger icon
BetOnline Сasino
Log In

Privacy Policy

This Privacy Policy explains how bet-online collects, uses, discloses, and protects personal information of visitors and players who access bet-online-ca.com. It applies to website visitors, registered account holders, and recipients of our communications. Effective date: October 1, 2025.

Who We Are

Observe: Users need to know the operator's identity and how to reach us. Expand: We integrate available corporate facts and provide a dedicated privacy contact. Reflect: We will update this section as soon as verified corporate particulars are available.

  • Operator/Brand: bet-online, operating the website https://bet-online-ca.com for Canadian users (outside the Ontario regulated market).
  • Corporate Identity & Registration: As of 2025, public sources report operation under Panama oversight; a verifiable company name, registration number, and legal address are not yet published. We are actively verifying and will update upon confirmation.
  • Gaming License Status: Widely reported licensing with the Panama Gaming Commission (unverified; number not available as of 2025). This Privacy Policy focuses solely on privacy and data protection and is not a representation of gaming licensure.
  • Responsible contact (interim): Data Protection Team (DPT), Email: [email protected]
  • Executive reference: CEO: Eddie Robbins III (not a privacy contact channel).

Regional Compliance Note (CA): We operate for Canada (outside Ontario) and apply Canadian privacy laws, including PIPEDA and relevant provincial private-sector laws.

What Personal Data We Collect

Observe: We collect data necessary to deliver gambling services and meet regulatory duties. Expand: Categories are grouped by purpose and source. Reflect: We collect only what is proportionate for our services and legal obligations.

  • Identification and contact data: full name, date of birth, residential address, email, phone number, government-issued ID details (for KYC), nationality, and age verification results.
  • Account and behavioral data: username, preferences, session history, betting and gaming activity, deposit/withdrawal history, responsible gambling settings, interactions with support, clicks and navigation events.
  • Payment and financial data: masked card details, payment instrument type, transaction identifiers, amounts, timestamps, chargeback data, and AML screening results (sanctions/PEP checks as permitted by law).
  • Technical data: IP address, device identifiers, device type, OS/browser version, language, time zone, log files, referrer URLs, and performance telemetry.
  • Cookies and similar tech: session and persistent cookies, local storage, tracking pixels, SDKs (for analytics, fraud prevention, and advertising with consent where required).
  • Communications: emails, in-site messages, survey responses, and marketing preferences.

Legal Basis for Processing

Observe: Different laws require clear grounds for processing. Expand: We align with Canadian law and, where applicable, GDPR/Mexico requirements. Reflect: We identify the minimum lawful basis for each purpose.

  • Consent: for non-essential cookies/advertising, direct marketing (per Canada's Anti-Spam Legislation, CASL), and certain optional features. You may withdraw consent at any time.
  • Contractual necessity: to create and service your account, verify age/eligibility, process deposits/withdrawals, provide games, offer support, and honor promotions according to our Terms.
  • Legitimate interests: to maintain platform integrity, prevent fraud and abuse, secure systems, improve services and user experience, and perform aggregated analytics (balanced against your privacy rights).
  • Legal obligations: compliance with KYC/AML requirements under Canadian anti-money laundering laws (PCMLTFA/FINTRAC guidance), recordkeeping, sanctions screening where permitted, tax/reporting duties, and responses to lawful requests.
  • GDPR/Mexico alignment (where applicable): For EU/EEA/UK users we rely on GDPR bases (Art. 6); for Mexico we process in accordance with LFPDPPP and its Regulations.

Purpose of Processing

Observe: Users need clarity on why we use their data. Expand: Purposes mapped to services and compliance. Reflect: We avoid incompatible secondary uses without notice or consent where required.

  • Provide and operate services: account setup, eligibility checks, gameplay, payments, customer support, responsible gambling tools, and dispute handling.
  • Compliance and risk: KYC/AML checks, fraud monitoring, sanctions screening where permitted, security monitoring, and regulatory reporting.
  • Improve and personalize: diagnostics, A/B testing, feature analytics, usability enhancements, and content personalization.
  • Marketing (with consent as required): email/SMS/app notifications about offers, bonuses, and updates; preference management and opt-outs respected under CASL.
  • Corporate governance: audits, bookkeeping, legal claims defense, and business continuity.

Disclosure & Sharing

Observe: Certain processing requires trusted third parties. Expand: We disclose under contracts with safeguards and only for stated purposes. Reflect: We do not sell personal information.

  • Payment partners: acquirers, payment gateways, banks, and chargeback processors to process deposits/withdrawals and detect fraud.
  • Verification and compliance vendors: identity verification (KYC), sanctions/PEP screening (as permitted), fraud-prevention and anti-abuse tools.
  • Technology providers: hosting and cloud infrastructure, content delivery networks, analytics providers, communications platforms, customer support tools.
  • Affiliates and advertising networks: only with your consent for marketing/attribution and subject to cookie preferences and CASL requirements.
  • Professional advisors: auditors, legal counsel, and consultants under confidentiality obligations.
  • Regulators and law enforcement: FINTRAC and other competent authorities pursuant to law, courts under lawful process, and to enforce our rights or protect users.
  • Corporate transactions: in mergers, acquisitions, financing, or asset transfers, subject to continued protection and notice where required.

Safeguards: All vendors are bound by data processing or equivalent agreements, confidentiality, security standards, and restricted purpose clauses.

International Transfers

Observe: Cross-border processing requires transparency and safeguards. Expand: We identify typical regions and applicable transfer tools. Reflect: We assess transfer risks and implement contractual and technical measures.

  • Destinations: Personal data may be processed in Canada and transferred to the United States, Panama, the European Economic Area (EEA), the United Kingdom, and other locations where our providers operate.
  • Safeguards for EEA/UK data (where applicable): EU Standard Contractual Clauses (SCCs), UK IDTA/Addendum, and supplementary measures following transfer impact assessments. For transfers to the U.S., participation of vendors in the EU-U.S. Data Privacy Framework (DPF) may be relied upon where applicable.
  • Canada/Quebec requirements: For organizations subject to PIPEDA and Quebec Law 25, we use contractual protections and conduct privacy/transfer assessments to ensure a level of protection equivalent to Canadian standards.
  • Ongoing reviews: We periodically reassess recipients' legal environment and security controls.

Data Retention

Observe: Retention must be limited and justified. Expand: We align durations with operational need and law. Reflect: We delete or anonymize when the purpose ends unless a legal duty requires longer retention.

  • Account identification and KYC records: typically 5 years after account closure to comply with AML/FINTRAC recordkeeping, or longer if required by law or for legal claims.
  • Transaction and payment records: at least 5 years after the transaction or account closure, subject to financial and AML obligations.
  • Gameplay and behavioral logs: 2 years from collection for fraud detection and dispute resolution, then aggregated/anonymized.
  • Support communications: 2 years after resolution, or longer if part of an active dispute.
  • Marketing data: until you opt out or your account is closed, then retained only as necessary to record your opt-out.
  • Technical logs and security telemetry: 12-24 months depending on security needs, then aggregated/anonymized.
  • Backups: encrypted backups roll off per standard cycles (typically 30-90 days).

Deletion criteria: upon purpose completion, expiry of mandated retention, successful anonymization, or your valid request (subject to legal exemptions and our need to retain certain data for AML, security, or legal claims).

Your Rights

Observe: Rights differ by jurisdiction. Expand: We honor Canadian rights and align with GDPR and Mexican ARCO rights for eligible individuals. Reflect: We provide clear processes, verification, and timely responses.

  • Canada (PIPEDA and applicable provincial laws):
    • Access: obtain information about our processing and access to your personal information.
    • Correction: request corrections for inaccuracies; we update and, where appropriate, notify third parties.
    • Withdrawal of consent: for optional processing (e.g., marketing, non-essential cookies).
    • Challenge compliance and complain to regulators: see "Complaints & Contacts."
    • Quebec Law 25: enhanced transparency on cross-border transfers; portability upon regulation and feasibility.
  • EU/EEA/UK (where GDPR applies to you): rights of access, rectification, erasure, restriction, objection (including to direct marketing), portability, and to lodge a complaint with a supervisory authority.
  • Mexico (LFPDPPP): ARCO rights-Access, Rectification, Cancellation, and Opposition-plus withdrawal of consent and limitation of disclosure as applicable.

How to exercise your rights

  1. Submit a request: Email [email protected] with your name, account ID (if any), request type (e.g., access, correction), and the scope/timeframe.
  2. Verify identity: We may request reasonable information to verify your identity and account ownership (not exceeding what is necessary).
  3. Response time: We aim to respond within 30 days. Where permitted, we may extend once (an additional 30 days) for complex requests and will notify you of the reason.
  4. Fees: Requests are free of charge. A minimal fee may apply for repeated/excessive requests as permitted by law, which we will disclose in advance.
  5. Limitations: We may decline or redact data where necessary to protect others' privacy, trade secrets, or to comply with AML/legal obligations, providing reasons where legally required.

Cookies & Tracking Technologies

Observe: Cookies support core functionality and analytics. Expand: We separate essential from optional tracking. Reflect: You control optional cookies via our tools and your browser.

  • Types:
    • Session cookies: expire when you close your browser; required for login and gameplay continuity.
    • Persistent cookies: remain for a defined period to remember preferences and measure performance.
    • Third-party cookies/SDKs: set by analytics, fraud prevention, and advertising partners (with your consent where required).
  • Purposes:
    • Functional/strictly necessary: authentication, load balancing, security.
    • Analytics/performance: usage metrics, error diagnostics, A/B testing.
    • Advertising/personalization: tailored offers and attribution (enabled only with consent).
  • Controls: manage preferences via our Cookie Settings panel and/or your browser settings (e.g., blocking cookies, clearing storage). Disabling essential cookies may impair site functionality.

Data Security

Observe: Gambling platforms process sensitive and financial data. Expand: We apply layered technical, organizational, and procedural defenses. Reflect: No system is perfectly secure, but we continuously improve and promptly address incidents.

  • Encryption: TLS 1.2+ in transit; strong encryption (e.g., AES-256) for key data at rest, with key management and rotation.
  • Access controls: least-privilege, role-based access, multi-factor authentication for administrators, session management, and segregation of environments.
  • Monitoring & testing: centralized logging, anomaly detection, vulnerability scanning, and periodic penetration testing.
  • Secure development: code review, dependency management, and change control.
  • Vendor management: security and privacy due diligence, contractual security obligations, and ongoing oversight.
  • Training & awareness: regular staff training on privacy, security, AML, and incident response.
  • Incident response: documented IR playbooks, rapid containment, notification to users and regulators when legally required, and post-incident remediation.
  • Standards alignment: practices aligned with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where applicable; we do not claim certification unless expressly stated.

Complaints & Contacts

Observe: Users need clear channels and escalation paths. Expand: We provide internal resolution first, then supervisory authorities. Reflect: We respond promptly and transparently.

Contact us

  • Data Protection Team (interim): [email protected]
  • Website: https://bet-online-ca.com
  • Postal: Pending publication of verified legal address; until then, use email for privacy requests.

Complaint procedure

  1. Submit your concern to our Data Protection Team with relevant details.
  2. We will acknowledge receipt and provide a case reference.
  3. Investigation and response within 30 days; if more time is needed, we will notify you and explain why.
  4. If unresolved, you may escalate to the appropriate authority below.

Supervisory authorities

  • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca, Toll-free: 1-800-282-1376.
  • Alberta: Office of the Information and Privacy Commissioner - https://www.oipc.ab.ca
  • British Columbia: Office of the Information and Privacy Commissioner - https://www.oipc.bc.ca
  • Quebec: Commission d'accès à l'information (CAI) - https://www.cai.gouv.qc.ca
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - https://www.inai.org.mx
  • EU/EEA: Contact your local supervisory authority; list available via the European Data Protection Board - https://edpb.europa.eu

Note: This Privacy Policy applies to privacy matters only and does not address gaming disputes; however, privacy complaints about your data remain within the above process.

Updates

Observe: Policies evolve with services and laws. Expand: We provide clear versioning and notice. Reflect: You can object to material changes and close your account.

  • Last updated: October 2025
  • Effective date of this version: October 1, 2025
  • Notice of material changes: We will notify you at least 30 days in advance via email (if available), an on-site banner, and/or an account dashboard alert.
  • Your options: If you do not agree to material changes, you may adjust your settings or close your account before the effective date. Continued use after the effective date constitutes acceptance.
  • Changelog (material updates):
    • Added Quebec Law 25 cross-border transparency and transfer assessment commitments.
    • Clarified AML/FINTRAC-aligned retention periods (5+ years for KYC/transactions).
    • Updated international transfer tools to reference EU SCCs, UK IDTA, and the EU-U.S. DPF.
    • Expanded rights section to align with GDPR and Mexican ARCO rights.

General disclaimer: This Privacy Policy is intended to be accurate as of the date above. Where corporate identity or licensing details are pending verification, we will update promptly upon confirmation. In any conflict between this Policy and mandatory law, the latter prevails.