Betty Casino Privacy Policy

Scope, Definitions, and Applicability

Betty Casino operates bettycasinoo.ca and adopts this Betty Casino Privacy Policy to describe how personal data is handled in connection with the website, associated services, and related data processing activities. For the purposes of this document, personal data means any information that identifies or can reasonably be used to identify an individual, alone or combined with other information. Data processing includes collection, use, disclosure, storage, modification, deletion, and any comparable operation performed on personal data. This policy applies to privacy, users, and interactions occurring through the website, including account creation, verification, gameplay-related operations, and support communications. The policy does not apply to third-party services that are not controlled by the operator, even where links or integrations are presented.

This policy is intended to align with applicable Canadian personal data protection requirements, including the Personal Information Protection and Electronic Documents Act and substantially similar provincial private-sector legislation where applicable. Where operations involve individuals in jurisdictions that apply GDPR principles, the operator implements comparable safeguards such as data minimization, purpose limitation, storage limitation, and accountability. This document is not intended to create contractual rights beyond those required under applicable law, and it shall be interpreted in a manner consistent with mandatory statutory requirements. If a conflict arises between this policy and a mandatory legal obligation, the legal obligation prevails. The operator maintains internal governance measures to document compliance and to support demonstrable accountability.

Regulatory Framework and Governance Approach

Canadian privacy law is principles-based and requires organizations to identify purposes for personal data collection, obtain meaningful consent where required, and implement safeguards proportionate to sensitivity and risk. This policy is drafted to reflect those obligations and to incorporate GDPR-aligned concepts when cross-border processing or service architecture makes such alignment appropriate. Accountability is implemented through documented procedures, access controls, and role-based responsibility assignment for data processing activities. Oversight includes periodic reviews of data security measures and the adequacy of operational controls, including encryption practices and monitoring of administrative access. The operator maintains written records of categories of personal data, purposes, and recipients to support governance and audit readiness.

Betty Casino appoints a data protection officer function responsible for coordinating compliance, responding to inquiries, and supporting the handling of rights requests. The governance approach includes training of relevant personnel, restrictions on internal access to identification data and financial data, and escalation pathways for suspected incidents. Where service providers are used, contractual protections are implemented to require confidentiality, limited processing, and appropriate safeguards. Security testing and control evaluations may occur at least 2 times per year or upon material changes to systems. These measures are designed to reduce the risk of unauthorized disclosure, loss, or misuse of personal data.

Categories of Personal Data Processed

The operator processes identification data and registration data provided during account creation and verification, including name, date of birth, address, and similar identifiers required for legal compliance. Login details such as usernames, hashed credentials, device identifiers, and authentication events may be processed to facilitate secure access and account integrity. Financial data may be processed to enable deposits, withdrawals, refunds, chargeback handling, and fraud prevention, including payment instrument tokens and transaction references. Communications with customer support may contain personal data and may be retained to evidence requests, complaints, and resolutions. Technical data associated with use of the website may include IP address, device attributes, browser information, and activity logs relevant to security and operational performance.

The operator may process information derived from user activity, such as session metadata, responsible gaming indicators, and risk signals associated with suspicious activity. Where legally required for age and identity verification, additional identification data may be processed, including government-issued document details and verification outcomes. The operator does not seek to collect special categories of personal data as defined under GDPR principles, except where required by law, necessary to establish or defend legal claims, or where explicit consent is obtained in a compliant manner. Data minimization is applied so that only personal data necessary for stated purposes is collected and retained. Where possible, sensitive elements are tokenized or masked to limit exposure.

Operational Collection Methods and Source Channels

Personal data is collected through operational interactions with the website, including account registration, verification workflows, payment initiation, and support ticket submission. Information may also be collected through automated means such as server logs, security monitoring, and cookies that record session continuity and fraud signals. Data may be received from payment processors, identity verification vendors, and fraud prevention partners where such transfers are necessary to provide services and to meet legal obligations. The operator may obtain updated or corrected information from third-party sources to maintain accuracy, for example where address validation is required for compliance. Records may be generated internally as part of routine data processing, including audit logs, consent records, and risk assessments.

Where casino Betty services are accessed via mobile devices, device-specific metadata and application-related telemetry may be processed to prevent account takeover and to maintain platform integrity. Communications channels such as email, live chat, and secure forms may collect personal data provided in the content of messages and attachments. If an individual contacts the operator on behalf of another person, the operator may request evidence of authority before processing that request to protect privacy and data security. The operator does not intentionally collect personal data from individuals who are under the applicable legal age for participation, and safeguards are designed to detect and address suspected underage activity. If such information is identified, it will be handled in accordance with legal requirements and internal controls.

Purposes of Processing and Use Limitations

The operator uses personal data to establish and administer accounts, to provide access to the website, and to perform core service functions such as account authentication and transaction processing. Data processing also supports compliance activities, including age verification, anti-fraud controls, prevention of prohibited access, and maintenance of records required by law. Personal data may be used to investigate suspicious activity, to protect the integrity of gameplay systems, and to support dispute resolution and chargeback handling. Communications data is used to respond to inquiries, resolve complaints, and evidence the handling of requests within documented timelines. Technical data and logs support service continuity, incident response, and performance monitoring.

Limitations are applied through purpose specification and internal access controls so that personnel access is restricted to what is necessary for assigned duties. Where casino Betty activities require additional verification steps, the operator limits use of submitted documentation to identity checks and related compliance determinations. Analytics used for operational improvement is conducted using aggregated or de-identified data where feasible, and raw personal data is not used beyond defined purposes without a valid legal basis. Personal data is not processed for incompatible purposes, and any proposed new use is evaluated against the original purposes and applicable consent requirements. Records are maintained to support accountability and to evidence compliance with personal data protection obligations.

This Betty Casino Privacy Policy identifies the principal legal bases used for data processing activities under Canadian privacy law and GDPR-aligned principles where relevant. Processing may occur with consent, including express consent for sensitive personal data or when required by law, and implied consent for routine processing within reasonable expectations for the service. Processing may also be necessary to perform a contract or to take steps at the request of an individual prior to entering a contract, such as creating an account and enabling secure login. Where applicable, processing may be required to comply with legal obligations, including verification, record keeping, and responding to lawful requests by competent authorities. Processing may also be based on legitimate interests, such as fraud prevention and data security, provided that such interests are balanced against the rights and reasonable expectations of individuals.

Consent records are maintained to demonstrate when consent was captured, the scope of the consent, and any subsequent withdrawal. Withdrawal of consent is implemented where feasible; however, certain processing may continue where required for legal compliance, dispute resolution, or protection against fraud and misuse. Where casino Betty services integrate third-party verification services, those services may require data processing under their own legal bases, and contractual controls are used to restrict use to the intended purposes. The operator applies proportionality principles so that intrusive processing is limited to what is necessary to achieve stated compliance and security outcomes. Any reliance on legitimate interests is documented and periodically reviewed to ensure ongoing appropriateness.

Data Retention, Storage Limitation, and Deletion Practices

Retention is determined by legal obligations, operational necessity, and the need to establish, exercise, or defend legal claims, while applying storage limitation principles. Account and transaction records may be retained for up to 7 years to satisfy statutory record keeping, taxation, anti-fraud, and audit requirements, subject to applicable provincial rules. Verification artifacts may be retained for 12 months after verification completion where necessary to evidence compliance, after which they are deleted or irreversibly de-identified unless a longer period is required by law. Support communications may be retained for 24 months to ensure continuity, complaint handling, and evidence of responses. Security logs may be retained for 180 days to support incident detection, investigation, and forensic integrity.

When an account is closed or becomes inactive, personal data is reviewed for deletion or anonymization, except where retention is required for compliance, dispute handling, or fraud prevention. Deletion is performed using methods appropriate to the storage medium, and access is restricted during any retention period. Backups may retain certain files for a limited period due to technical constraints, and such backups are protected by access controls and encryption where feasible. Where casino Betty operations require retention beyond the standard periods, the operator documents the justification and applies additional safeguards. Retention schedules are periodically reviewed at least once every 18 months to confirm that they remain necessary and proportionate.

Personal data may be disclosed to service providers that support operation of the website, such as hosting providers, payment processors, identity verification vendors, fraud monitoring partners, and customer support tooling providers. Disclosures are limited to what is necessary for the defined purpose, and service providers are required by contract to implement safeguards, confidentiality obligations, and restrictions on further processing. Data may be shared with professional advisors such as legal counsel, auditors, and consultants where necessary for compliance, risk management, or dispute resolution. Where required by law, personal data may be disclosed to regulatory bodies, law enforcement, or courts in response to valid and binding requests. Any disclosure is evaluated for legality, proportionality, and scope, and records of disclosures may be maintained for accountability.

The operator does not sell personal data as a business model, and sharing is restricted to operational necessity and legal requirements. When casino Betty activity indicates potential fraud or prohibited conduct, personal data may be shared with relevant payment networks or fraud prevention partners to protect the platform and affected parties. If corporate restructuring occurs, such as a merger, acquisition, or asset transfer, personal data may be transferred as part of that transaction subject to confidentiality and continued compliance obligations. Where feasible, individuals will be notified of material changes in control that affect personal data handling. All recipients are expected to handle personal data in accordance with applicable personal data protection standards.

Cross Border Processing and International Transfers

Because service infrastructure may involve global cloud services and specialized vendors, personal data may be processed or stored outside Canada, including in jurisdictions with different legal standards. Transfers are conducted under contractual controls requiring the recipient to apply safeguards comparable to those required under Canadian law and consistent with GDPR principles where applicable. The operator assesses transfer risks, including the sensitivity of the personal data and the nature of access that may be requested by foreign public authorities. Where appropriate, encryption and pseudonymization are used to reduce the risk associated with cross border processing. Transfer arrangements are reviewed periodically to ensure that safeguards remain effective.

Individuals should understand that foreign jurisdictions may permit access by public authorities under local law, and such access may occur without notice where legally prohibited. The operator seeks to limit international access to personal data through role-based permissions, data minimization, and controlled administrative access. For casino Betty services, payment processing may involve international routing; in those cases, payment data is handled primarily by regulated payment providers and limited data is stored by the operator. Where vendor locations change or new vendors are introduced, transfer impact is evaluated and governance documentation is updated accordingly. The operator remains accountable for personal data transferred to third parties, subject to applicable legal limitations.

Cookies, Files, and Tracking Technologies

This Betty Casino Privacy Policy addresses the use of cookies and similar files that enable core functionality, security controls, and measurement of service performance. Cookies may include session identifiers, preference storage, and security tokens used to protect accounts from unauthorized access. Some cookies are strictly necessary for authentication and transaction security, and disabling them may impair access to essential features. Non-essential cookies, where used, are deployed in a manner consistent with consent requirements and are limited to stated purposes such as aggregated analytics. The operator does not use tracking technologies in a manner that defeats reasonable user expectations or applicable consent frameworks.

Cookie data may include identifiers that can be linked to personal data when combined with other records, and such processing is treated as personal data processing where linkability exists. Retention of cookie identifiers varies by purpose, and certain cookies may persist for up to 13 months unless deleted earlier through browser settings. The operator configures security-related cookies to reduce exposure, including setting appropriate attributes where supported and limiting scope to necessary domains. Where casino Betty operations rely on third-party tools, those providers may set their own cookies; contractual and configuration measures are used to limit collection to permitted purposes. Cookie preferences may be adjusted through available settings, although certain cookies remain necessary to maintain data security and secure login details.

Information Security, Encryption, and Incident Handling

Security measures are implemented using a risk-based approach proportionate to the sensitivity of personal data and the operational context of iGaming services. Technical safeguards may include encryption in transit and at rest where feasible, network segmentation, vulnerability management, and monitoring for anomalous activity. Administrative safeguards include role-based access controls, logging of privileged access, and procedures for secure handling of identification data and financial data. Physical safeguards may be applied through controlled access to facilities and secure management of hardware where applicable. The objective is to reduce risks such as unauthorized access, accidental loss, and unlawful disclosure.

The operator applies layered controls, and internal targets may include maintaining at least 99.5% availability for security monitoring systems, although no system can be guaranteed to be free of risk. Incident response procedures include detection, containment, investigation, remediation, and post-incident review to strengthen data security. Where a breach of security safeguards creates a real risk of significant harm, notifications will be considered and issued in accordance with applicable Canadian requirements and any relevant contractual obligations. For casino Betty accounts, additional controls may include multi-factor authentication options and automated alerts for unusual login patterns. Evidence generated during investigations is handled as part of regulated data processing and retained only as long as necessary for security and legal purposes.

Rights of Individuals and Request Handling

Rights-based protections apply to individuals whose personal data is processed, including the right of access and the right to request correction of inaccurate or incomplete information. This Betty Casino Privacy Policy also recognizes rights to withdraw consent where processing is consent-based and where withdrawal is feasible under applicable law. Individuals may request information about how personal data has been used and whether it has been disclosed to third parties, subject to lawful limitations such as solicitor-client privilege, security concerns, and the privacy rights of others. Requests may require verification of identity to protect personal data and to prevent unauthorized disclosure. The operator documents and tracks requests to ensure accountability and consistent handling.

Response timeframes are applied in accordance with applicable law, and the operator aims to respond within 30 days, subject to permissible extensions where the request is complex or where additional verification is required. Corrections are implemented where appropriate, and updated information may be shared with service providers where necessary to maintain accuracy. Where deletion is requested, the operator evaluates whether retention is required for legal obligations, fraud prevention, or dispute resolution before acting. For casino Betty account holders, account-level tools may allow updates to certain registration data; however, core identification data may be restricted where changes would undermine verification integrity. If a request is refused or limited, reasons will be provided to the extent permitted by law, along with information about available recourse.

Complaints, Supervisory Escalation, and Recourse

Individuals may submit privacy complaints to the operator, and complaints are investigated according to internal procedures designed to support fairness and timely resolution. The operator may request supporting information to clarify the issue and to identify relevant data processing records. Where a complaint relates to a vendor, the operator coordinates with the vendor while remaining accountable for the overall handling. If the outcome is not satisfactory, individuals may have the right to contact the Office of the Privacy Commissioner of Canada or applicable provincial authorities, depending on the circumstances. The operator retains complaint records for a reasonable period, such as 36 months, to evidence handling and to improve controls.

Contact, Data Protection Officer Function, and Verification Steps

Operationally, requests related to privacy, personal data, and rights should be submitted through designated support channels available on bettycasinoo.ca to ensure traceability and secure handling. The data protection officer function coordinates receipt, verification, and response, and may request limited additional information to confirm identity. Verification may include confirming account attributes, recent transaction references, or other elements that do not expose full financial data. If a representative acts on behalf of an individual, evidence of authority may be required before any disclosure. The operator seeks to minimize data collection during verification while maintaining adequate protection against unauthorized access.

For casino Betty related requests, the operator may route inquiries to specialized teams handling payments, security, or compliance to ensure accuracy. Requests should include sufficient detail to locate relevant records, such as account identifiers and the nature of the request, without providing excessive sensitive content. Where feasible, responses are delivered through secure channels, and attachments containing identification data are handled with heightened precautions. If the operator cannot process a request due to inadequate verification, it will explain what additional steps are required, consistent with personal data protection obligations. The operator maintains records of requests and responses to demonstrate compliance and to support audits.

Policy Changes, Accountability, and Continued Compliance

This Betty Casino Privacy Policy may be amended to reflect changes in legal requirements, regulatory guidance, operational practices, data processing activities, or security controls. Amendments are adopted under an internal review process that considers purpose limitation, data minimization, and ongoing adequacy of safeguards, including encryption and access controls. Where changes are material, notice may be provided through the website or account communications, and the effective date will be updated to reflect implementation. The operator maintains version control and retains prior versions for a reasonable period, such as 5 years, to support accountability and evidence of governance decisions. Nothing in this policy limits statutory rights, and any ambiguity shall be interpreted to give effect to applicable Canadian personal data protection requirements.

Compliance commitment is implemented through documented roles, periodic assessments, and remediation actions, including review of vendor arrangements, files handling practices, and cookies configurations. The operator monitors evolving guidance and, where relevant, applies GDPR principles as a benchmark for transparency, fairness, and lawful data processing, without displacing applicable Canadian rules. For casino Betty operations, changes in product features or verification processes are reviewed to ensure that collection of registration data and identification data remains necessary and proportionate. Requests and complaints continue to be handled under the established procedures, with an objective to respond within 30 days unless a lawful extension applies, and to apply retention limits such as 12 months for certain verification artifacts where permitted. Continued use of the website after a policy update constitutes acknowledgment of the updated terms where consent is not otherwise required, while consent-based processing continues to rely on appropriate consent mechanisms and the ability to withdraw consent when feasible.