burger icon
Coolbet Casino Canada
Log In

Privacy Policy

We value your privacy. This Privacy Policy explains how coolbet-casino-canada collects, uses, discloses, and safeguards personal information for visitors and players using coolbet777-ca.com in Canada (excluding Ontario). It applies to site visitors, registered account holders, and marketing recipients. Effective date: 1 October 2025.

Who We Are

OBSERVE: Identify the legal operator and contact channels for privacy oversight.

EXPAND: Clarify licensing, corporate entities, and regional scope for Canada.

REFLECT: Provide verifiable corporate details and a dedicated privacy contact.

  • Operator: Polar Limited (Malta), company reg. no. C87805, licensed by the Malta Gaming Authority (MGA) under licence MGA/CRP/681/2019 for online gambling services offered to Canada (outside Ontario).
  • Registered address (operator): Regent House, Office 21, Bisazza Street, Sliema SLM1640, Malta.
  • Group entity (operations): StayCool OÜ, registry code 12814989, Kai tn 4, 10111, Tallinn, Harju maakond, Estonia.
  • Data Protection Office (DPO): Polar Limited, Regent House, Office 21, Bisazza Street, Sliema SLM1640, Malta.
  • Privacy contact: Email: [email protected] | Postal: Attn: Data Protection Office, address above. Phone: not available.

What Personal Data We Collect

OBSERVE: We collect only what is necessary to provide and secure our services.

EXPAND: Categories include identifiers, technical telemetry, payments, compliance/KYC, and behavioural data.

REFLECT: Below are the data types we process on coolbet777-ca.com.

  • Identity and contact: Full name, date of birth, address, email, phone, province/territory, language preferences; age/identity verification documents (e.g., passport/ID, proof of address), selfies/liveness checks.
  • Account and behavioural: Account credentials, preferences, responsible gaming settings, self-exclusion and limits, login history, session activity, betting and gaming history, deposit/withdrawal history, communications with support, clicks and navigation events.
  • Payment and financial: Payment method details (tokenized where possible), transaction identifiers, bank details required for payouts, chargeback data, AML screening results.
  • Technical: IP address, device/user-agent, OS and browser details, screen resolution, language, time zone, referrer URLs, geolocation approximations, device identifiers, fraud signals and device fingerprinting data.
  • Cookies and similar tech: Session and persistent cookies, web beacons, SDKs, local storage for authentication, analytics, personalization, and advertising (where consented).
  • Records for legal compliance: KYC/AML results, sanctions/PEP screening outcomes, dispute and complaint files, audit logs.
  • Minors: We do not knowingly collect data from persons below the legal gambling age in their province/territory (18 or 19). Accounts are closed if discovered.

Legal Basis for Processing

OBSERVE: Canadian privacy law (PIPEDA and provincial laws) requires appropriate purposes and consent; EU/EEA processing by our operator requires a lawful basis.

EXPAND: We map each processing activity to the relevant lawful ground and record our assessments.

REFLECT: Our principal legal grounds are:

  • Consent: For marketing communications, certain analytics/advertising cookies, and voluntary features. CASL applies; you may withdraw at any time.
  • Contractual necessity: To register and operate your account, verify eligibility, process deposits and withdrawals, settle bets, provide support, and deliver the site's core functionality.
  • Legitimate interests: To secure our platform, prevent fraud/abuse, ensure integrity of games, perform non-essential analytics and service improvement, and defend legal claims-balanced against your privacy rights.
  • Legal obligations: KYC/AML/CTF checks, sanctions and PEP screening, responsible gambling requirements, tax and accounting records, regulatory reporting, and compliance with valid law enforcement requests.

Purpose of Processing

OBSERVE: Users need a clear, purpose-limited list.

EXPAND: Link purposes to core services, safety, compliance, and transparency.

REFLECT: We use your data to:

  • Provide, operate, and personalize casino and sports services on coolbet777-ca.com.
  • Verify identity, age, and location; process payments and withdrawals; prevent fraud and account takeover.
  • Meet licensing, AML/CTF, and responsible gambling obligations, including self-exclusion and limit enforcement.
  • Offer customer support, resolve disputes, and maintain service quality.
  • Conduct analytics and performance monitoring to improve features and stability.
  • Send service notices and, with consent, marketing and promotional communications; measure campaign effectiveness.
  • Perform security monitoring, incident detection, and auditing.

Disclosure & Sharing

OBSERVE: Disclosures are limited, purpose-bound, and safeguarded by contracts.

EXPAND: We vet providers for security and privacy and execute appropriate data processing agreements.

REFLECT: We may share data with:

  • Payment and banking partners: Card processors, payment gateways, payout facilitators, and banks to process transactions and prevent fraud.
  • KYC/AML vendors: Identity verification, sanctions/PEP screening, liveness/biometric verification (where permitted), document validation.
  • Technology and security providers: Hosting/cloud services, DDoS protection, email/SMS delivery, analytics and anti-fraud tools.
  • Affiliates and group companies: For consolidated compliance, auditing, and support, under intra-group agreements.
  • Advertising partners: Only with your consent for marketing cookies/identifiers; we prohibit use for their own purposes absent consent.
  • Regulators and authorities: Malta Gaming Authority (MGA), other competent regulators, and law enforcement where legally required.
  • Corporate transactions: In mergers, acquisitions, or reorganization, with continued protection and notice where required.

International Transfers

OBSERVE: Data can be processed in Malta and Estonia and may transit to other countries (e.g., EU/EEA, the United States for certain cloud/email services).

EXPAND: Canadian law requires transparency and comparable protection; EU law requires appropriate safeguards for onward transfers.

REFLECT: We implement:

  • Contractual safeguards: Standard Contractual Clauses (SCCs) for transfers to non-EEA providers, with transfer impact assessments and supplementary measures where needed.
  • Certifications where applicable: For U.S. transfers, we prefer vendors certified under the EU-U.S. Data Privacy Framework or apply SCCs.
  • Intra-group agreements: Binding contractual controls among Polar Limited and StayCool OÜ.
  • Notice: By using coolbet777-ca.com, your data may be processed in Malta, Estonia, and other countries with protective contracts and security controls.

Data Retention

OBSERVE: Keep data only as long as necessary and as required by law.

EXPAND: Align with AML, tax, and regulatory rules under MGA and applicable laws.

REFLECT: Typical retention periods are:

  • Account and KYC files: For the life of the account and 5 years after closure (or last transaction), to meet AML/regulatory obligations.
  • Transaction and payment records: Up to 7 years for accounting, chargeback, and regulatory purposes.
  • Betting and gameplay history: For the life of the account and up to 5 years post-closure for auditing and dispute resolution.
  • Customer support and complaints: 3-5 years after resolution, depending on risk and legal requirements.
  • Security logs and device data: 12-24 months, unless needed longer for investigations.
  • Marketing data: Until you withdraw consent or after 24 months of inactivity, whichever is sooner.
  • Cookies: Per cookie type/expiry (see Cookies section).

We may retain limited data longer to establish, exercise, or defend legal claims or comply with law. Data is securely deleted or anonymized when no longer needed.

Your Rights

OBSERVE: Canadian users have access and correction rights and can withdraw consent; Quebec adds portability. We also serve cross-border users.

EXPAND: We align our practices with PIPEDA and comparable provincial laws and, where applicable, with GDPR and Mexico's ARCO rights.

REFLECT: You may:

  • Access: Request a copy of your personal information and learn how it is used and disclosed.
  • Correction/Rectification: Ask us to correct inaccurate or incomplete data.
  • Deletion/Erasure: Request deletion where no longer needed or where consent is withdrawn and no other legal basis applies. Legal and regulatory retention may limit deletion.
  • Restriction/Objection: Request we limit processing or object to processing based on legitimate interests, including profiling for fraud prevention, where permitted by law.
  • Portability: Obtain data in a portable format where feasible (including as required in Quebec) and, where applicable, under GDPR.
  • Marketing choices: Withdraw consent/unsubscribe at any time; we comply within 10 business days under CASL.
  • ARCO (Mexico) and GDPR alignment: If applicable to you, we support ARCO rights (Access, Rectification, Cancellation, Opposition) and GDPR rights (including transparency and automated decision-making safeguards).

How to exercise rights: Email [email protected] with your request and sufficient identity verification. We respond within 30 days (extendable once where permitted). Requests are free of charge unless manifestly unfounded or excessive. If we decline in part, we will explain why and identify available recourse.

Cookies & Tracking Technologies

OBSERVE: Cookies support functionality, security, analytics, and ads (with consent).

EXPAND: Provide control options and clear purposes.

REFLECT: We use:

  • Session cookies: Essential operations (authentication, bet slip, security). Deleted on browser close.
  • Persistent cookies: Preferences, remembering login (where enabled), performance metrics. Retained per cookie lifespan.
  • Third-party cookies/SDKs: Analytics, fraud prevention, and-only with consent-advertising/retargeting.

Purposes: Functional/strictly necessary; performance/analytics; personalization; advertising (opt-in only).

Controls: Use our cookie banner/settings to manage non-essential cookies; adjust browser settings (e.g., block or delete cookies); use "Do Not Track" or Global Privacy Control where supported. Blocking essential cookies may impair site functionality.

Data Security

OBSERVE: Gambling data requires robust, layered security.

EXPAND: Protect data in transit and at rest, harden access, and prepare for incidents.

REFLECT: We implement:

  • Encryption: TLS 1.2+ (preferably TLS 1.3) in transit; strong encryption (e.g., AES-256) at rest for sensitive fields.
  • Access controls: Role-based access, least privilege, MFA for staff and admins, IP allow-listing for critical systems.
  • Security operations: Continuous monitoring, logging, vulnerability management, pen tests, and regular security audits.
  • Data governance: DPIAs for high-risk processing (e.g., KYC/biometrics), key management, backup and disaster recovery.
  • Staff measures: Background checks where lawful, confidentiality obligations, and ongoing security/privacy training.
  • Incident response: Formal playbooks, rapid containment and remediation, user and regulator notifications as legally required.
  • Standards: We follow industry best practices and align our controls with frameworks such as ISO/IEC 27001; we prefer vendors that maintain SOC 2 Type II or equivalent, where appropriate.

Complaints & Contacts

OBSERVE: Provide clear channels and escalation paths.

EXPAND: Include Canadian and relevant cross-border authorities.

REFLECT: Contact us first; we aim to resolve promptly.

  • Contact coolbet-casino-canada (preferred):
    • Email: [email protected] (privacy rights, questions, complaints)
    • Postal: Data Protection Office, Polar Limited, Regent House, Office 21, Bisazza Street, Sliema SLM1640, Malta
  • Our complaint handling: We acknowledge within 5 business days and aim to resolve within 30 days. Complex cases may take longer; we will inform you of reasons and timelines.
  • Escalation-Canada:
    • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/
    • Alberta OIPC: https://oipc.ab.ca/ | BC OIPC: https://www.oipc.bc.ca/ | Quebec CAI: https://www.cai.gouv.qc.ca/
  • Escalation-EU (where applicable): Office of the Information and Data Protection Commissioner (IDPC Malta): https://idpc.org.mt/
  • Escalation-Mexico (where applicable): INAI: https://www.inai.org.mx/
  • Gambling regulator support: Malta Gaming Authority Player Support: https://www.mga.org.mt/support/

Updates

OBSERVE: Users must know when and how changes occur.

EXPAND: Provide advance notice for material updates and user options.

REFLECT: We will:

  • Post updates on this page, with a clear "Last updated" date.
  • Notify you of material changes via email, account dashboard alerts, or website banners at least 30 days in advance.
  • Allow you to object to changes that materially affect your rights; you may close your account if you do not agree.
  • Maintain a changelog of significant updates.

Version control: Last updated: October 2025.

Recent material changes:

  • Added clarity on Canadian provincial rights (Quebec portability) and CASL timelines.
  • Expanded international transfer safeguards (SCCs and Data Privacy Framework references).
  • Detailed security and incident response measures and retention schedules.

Regional Compliance Note: This Privacy Policy is tailored for Canada (excluding Ontario) and operated under MGA licence MGA/CRP/681/2019 by Polar Limited. Where we reference GDPR or Mexico's LFPDPPP, those rights apply if you are protected by those laws; we voluntarily align core rights for consistency.