burger icon
Сloudbet Сanada Сasino
Log In

Privacy Policy

This Privacy Policy explains how cloudbet-casino-canada collects, uses, discloses, and protects personal information of players and visitors who access or use the services offered at cloudbet777-ca.com. It applies to account holders, prospective players, and site/app visitors located in Canada. Effective date: 01 October 2025.

LoT: OBSERVE - Canadian users and visitors of cloudbet777-ca.com; EXPAND - online gambling context with KYC/AML; REFLECT - set clear scope, audience, and effective date.

Who We Are

cloudbet-casino-canada is operated for Canadian users of cloudbet777-ca.com by Halcyon Super Holdings B.V., a company registered in Curaçao (No. 148526), with its registered address at Abraham Mendez Chumaceiro Boulevard 03, Willemstad, Curaçao. Payments and certain support functions may be provided by our group subsidiary, Solas Technologies Limited, Limassol, Cyprus. Gambling services are provided under Curaçao Gaming Authority licence OGL/2025/328/0599 (valid through 2025).

  • Data controller (primary): Halcyon Super Holdings B.V., Curaçao
  • Group processor/agent: Solas Technologies Limited, Limassol, Cyprus
  • Privacy contact (DPO/Data Protection Team): [email protected]
  • Postal for privacy matters: Halcyon Super Holdings B.V., Abraham Mendez Chumaceiro Boulevard 03, Willemstad, Curaçao

LoT: OBSERVE - legal entities, licence, addresses; EXPAND - identify controller/processor roles; REFLECT - provide direct privacy contact channel.

What Personal Data We Collect

  • Identity and contact data: full name, date of birth, address, email, phone, country, verification documents (e.g., ID, proof of address), selfie/biometric verification results (where required for KYC/AML).
  • Account and transactional data: username, account settings, deposits/withdrawals, wagers, wins/losses, bonus use, responsible gambling limits, communications with support.
  • Payment data: payment instrument type, masked identifiers or wallet addresses, transaction tokens, and anti-fraud checks (processed mainly by payment providers; we do not store full card PANs).
  • Technical data: IP address, device identifiers, OS/browser, language, time zone, session logs, performance and error logs, approximate location derived from IP.
  • Behavioral and analytics data: page views, clicks, time on page, referral sources, marketing attribution, game session telemetry and betting history.
  • Cookies and similar technologies: session/persistent cookies, SDKs, pixels, and local storage for authentication, preferences, analytics, and (with consent) advertising.

LoT: OBSERVE - categories explicitly listed; EXPAND - include KYC/AML and device data; REFLECT - organize by clear data types.

Legal Basis for Processing

  • Consent: we rely on your consent for optional uses (e.g., marketing emails, certain analytics/advertising cookies). You may withdraw consent at any time via provided controls.
  • Contractual necessity: to create and manage your account, verify eligibility, process payments, provide games, handle support, and pay out winnings.
  • Appropriate purposes/legitimate interests: under Canada's PIPEDA "appropriate purposes" test (and GDPR Art. 6(1)(f) when applicable), we process data for fraud prevention, security, service analytics, and service improvement, applying proportionality and safeguards.
  • Legal obligations: to meet KYC/AML, sanctions screening, gambling, tax, anti-fraud, and recordkeeping obligations arising under applicable laws and our licence conditions.
  • Vital and public interests (rare): to protect users or the public from significant harm or comply with lawful requests from authorities.

LoT: OBSERVE - Canadian PIPEDA plus gambling context; EXPAND - map purposes to lawful grounds; REFLECT - distinguish consent vs. necessity and obligations.

Purpose of Processing

  • Service delivery: account registration, age/identity verification, deposits/withdrawals, gameplay, responsible gambling tools, customer support.
  • Compliance and risk: AML/sanctions screening, fraud detection, dispute management, chargeback prevention, security monitoring.
  • Operations and improvement: performance monitoring, troubleshooting, quality assurance, product development, A/B testing (with safeguards).
  • Analytics: measuring service usage, game performance, marketing attribution, and cohort analysis using de-identified or aggregated data where possible.
  • Marketing (opt-in): newsletters, offers, and personalized recommendations via email, SMS, push, or in-account messaging, subject to consent and local law.
  • Legal and business continuity: recordkeeping, audits, regulatory reporting, and ensuring platform integrity.

LoT: OBSERVE - enumerated purposes; EXPAND - responsible gambling and de-identification; REFLECT - clear mapping to user expectations.

Disclosure & Sharing

  • Service providers (processors): KYC/AML vendors, payment processors, fraud and risk platforms, cloud hosting/CDN, analytics, customer support tools, security providers-bound by contracts and confidentiality.
  • Group companies: Solas Technologies Limited (payments and operational support) and other entities within the Halcyon group for intra-group services under data transfer safeguards.
  • Regulators and authorities: Curaçao Gaming Authority, financial intelligence units, tax and law enforcement agencies, and competent courts, when legally required.
  • Affiliates and marketing networks: only with your consent and in accordance with cookie/advertising preferences; identifiers are limited or pseudonymized where feasible.
  • Business transfers: in mergers, acquisitions, or restructuring, data may transfer to a successor subject to this Policy and notice.
  • With your direction: disclosures you request (e.g., account verification to third parties) or where you choose to integrate third-party wallets/providers.

LoT: OBSERVE - enumerate recipients; EXPAND - add contract and confidentiality safeguards; REFLECT - maintain necessity/minimization.

International Transfers

  • Where data may be processed: Curaçao (operations/regulatory), Cyprus (payments/operations), EEA/UK (certain vendors), United States and other locations where vetted providers are based.
  • Transfer safeguards: Standard Contractual Clauses (EU 2021/914) and, where applicable, UK IDTA/Addendum; vendor risk assessments; technical and organizational measures (encryption, access controls).
  • Canadian requirements: when using foreign service providers, we use contractual and technical safeguards to ensure a comparable level of protection as required by PIPEDA and provide notice of cross-border processing.
  • Additional frameworks: for U.S. vendors, we consider participation in the EU-U.S. Data Privacy Framework (where relevant) alongside SCCs.

LoT: OBSERVE - cross-border nature; EXPAND - list destinations and instruments; REFLECT - align with PIPEDA notice and safeguards.

Data Retention

  • Account and KYC records: retained for up to 5 years after account closure or last transaction, or longer if required for AML/regulatory obligations or ongoing disputes.
  • Transaction and betting history: retained for up to 5 years after account closure, with selected records archived longer if legally necessary.
  • Technical logs and security data: typically 12-24 months, unless needed to investigate incidents or comply with law.
  • Marketing data: kept until consent is withdrawn or after 24 months of inactivity, whichever occurs first.
  • Cookies: session cookies expire when you close your browser; persistent cookies typically 3-24 months (see cookie settings for details).
  • Deletion criteria: expiry of purpose, withdrawal of consent (for optional processing), successful objection, or legal retention period end, subject to backup and audit constraints.

LoT: OBSERVE - explicit timeframes requested; EXPAND - AML/dispute extensions; REFLECT - clear criteria that trigger deletion.

Your Rights

  • Access and explanation: request confirmation whether we hold your personal information and obtain access to it and an account of its use and disclosures.
  • Correction: request correction of inaccurate or incomplete data; we may ask for documentation to verify changes.
  • Withdrawal of consent: withdraw consent for optional processing (e.g., marketing) at any time without affecting service where processing is not required.
  • Restriction/objection: object to processing for direct marketing at any time; request restrictions where accuracy or legal basis is contested (applied where available under applicable law).
  • Portability (where available): request an export of certain data in a commonly used format; we will provide reasonable portability consistent with applicable laws (including GDPR if you are in the EEA).
  • How to exercise: email [email protected] with your request, proof of identity, and account email. We respond within 30 days, free of charge for the first copy; reasonable fees may apply for repetitive or excessive requests.

LoT: OBSERVE - PIPEDA core rights and timelines; EXPAND - add objection/portability with jurisdictional caveats; REFLECT - clear procedure, identity checks, fee policy.

Cookies & Tracking Technologies

  • Session cookies: essential for authentication and navigation; expire when the browser closes.
  • Persistent cookies: remember preferences, keep you signed in, support analytics; typical lifetime 3-24 months.
  • Third-party cookies/SDKs: analytics and advertising technologies may set identifiers; advertising technologies load only with your consent.
  • Purposes: functional (security, login), performance (usage analytics), personalization (content), advertising (only if opted-in).
  • Controls: manage cookies in your browser settings and via our on-site cookie banner/preferences panel. Blocking some cookies may impact functionality.

LoT: OBSERVE - cookie types and purposes; EXPAND - consent gating for ads; REFLECT - user controls and impact disclosure.

Data Security

  • Encryption and transport: TLS 1.2+ for data in transit; encryption at rest for sensitive data; key management segregation.
  • Access controls: least-privilege, MFA for privileged accounts, role-based access, logging and monitoring.
  • Secure development and testing: code reviews, dependency scanning, staging environments, change management, and periodic penetration testing.
  • Operational safeguards: hardened cloud infrastructure, DDoS protection, regular backups, disaster recovery and business continuity plans.
  • Governance and training: staff background checks where appropriate, mandatory security and privacy training, vendor risk management.
  • Standards and audits: alignment with ISO/IEC 27001 and SOC 2 principles where applicable; independent assessments at regular intervals.
  • Breach response: incident response plan with prompt investigation, containment, remediation, and notification to affected individuals and authorities where required by PIPEDA (real risk of significant harm) and other applicable laws.

LoT: OBSERVE - required controls; EXPAND - add governance/audits and breach duties; REFLECT - concise safeguards across people/process/tech.

Complaints & Contacts

  • Contact us first: [email protected] or write to the postal address above. Include your name, account email, country, and a clear description of your concern.
  • Process: we acknowledge within 5 business days, investigate, and aim to respond with findings and actions within 30 days. Complex issues may require more time; we will inform you of delays and reasons.
  • Escalation: if unresolved, you may contact the Office of the Privacy Commissioner of Canada (OPC): 1-800-282-1376; https://www.priv.gc.ca; 30 Victoria Street, Gatineau, Quebec, K1A 1H3.
  • Provincial authorities (where applicable): BC OIPC (https://www.oipc.bc.ca), Alberta OIPC (https://oipc.ab.ca), Quebec CAI (https://www.cai.gouv.qc.ca).
  • EEA residents: if GDPR applies to you, you may also lodge a complaint with your local supervisory authority in the EEA.

LoT: OBSERVE - provide channels and timelines; EXPAND - add Canadian regulators and EEA option; REFLECT - stepwise, transparent escalation path.

Updates

We may update this Policy to reflect legal, technical, or business changes.

  • Notice: material changes will be communicated via email, in-account alerts, and/or prominent banners on cloudbet777-ca.com at least 30 days before the effective date.
  • Your options: if you do not agree to changes, you may adjust your privacy settings, withdraw consent for optional processing, or close your account before the new terms take effect.
  • Versioning: we maintain a change log summarizing material updates and indicate the effective date on this page.

Last updated: October 2025

LoT: OBSERVE - need for transparent version control; EXPAND - advance notice and user choices; REFLECT - clear timestamp and change governance.

Regional Compliance Note (Canada): This Policy is designed to comply with PIPEDA and substantially similar provincial laws. Where GDPR applies (e.g., to EEA users), we align processing with GDPR requirements in addition to the above.