Privacy Policy

This Privacy Policy explains how Club Player Casino, operated via the website https://clubplayerbet-ca.com (the "Website"), collects, uses, discloses, and protects personal information of players and Website visitors from Canada. It applies to all users who access or use the Website, create an account, participate in games, promotions, or communicate with us. By using the Website, you consent to the practices described in this Policy. This Privacy Policy is effective and applies to processing activities carried out on and after 01 January 2026.

Who We Are

OBSERVE: Users need to know who controls their data and how to contact them. We draw on the profile data indicating operation by the Virtual Casino Group from Costa Rica and adapt it for Canadian-facing operations.

EXPAND: Although the Costa Rican registration is known (Corporate ID 3-102-348249), a detailed postal address is not specified. We therefore clearly state the controlling entity, its jurisdiction, and contact methods, in line with Canadian privacy best practices (PIPEDA) and international standards.

REFLECT: We provide a transparent operator description, including data protection contact points for privacy requests and complaints.

The Website clubplayerbet-ca.com, marketed in Canada as Club Player Casino ("we", "us", "our", "Club Player Casino"), is operated by:

• Operator / Controller: Virtual Casino Group (also known as GWages network)
• Corporate Registration ID: 3-102-348249
• Registered Jurisdiction: Costa Rica
• Primary Market: Canadian players accessing clubplayerbet-ca.com

Because a full postal address has not been specified in the source documentation, all privacy-related communications should be directed to our data protection contact channels:

• Data Protection & Privacy Contact (DPO function / Data Protection Department):
• Email (primary): [email protected]
• Email (finance-related data queries): [email protected]
• Website: https://clubplayerbet-ca.com

When you contact us about privacy matters, please indicate that your request relates to the "Privacy Policy - Club Player Casino" so we can route it to the appropriate data protection personnel.

What Personal Data We Collect

OBSERVE: Operation of an online casino for Canadian users requires collection of identity, contact, technical, financial, and behavioral data to provide services and comply with KYC/AML and security practices.

EXPAND: Beyond obvious identifiers, we must account for logs, device information, cookies, marketing preferences, and customer support records, which are all considered personal information or linked to individuals under many privacy regimes.

REFLECT: We categorize data for clarity, aligning with Canadian PIPEDA principles and international best practices, and clearly explain what is optional versus mandatory.

Identity and Contact Data

• Full name, date of birth, and gender (where provided).
• Residential address, country and province of residence, and postal/ZIP code.
• Email address (e.g., the address you use to register or to contact [email protected]).
• Telephone number or mobile number, where voluntarily provided.
• Copies of identification documents (e.g., passport, national ID, driver's licence) and, where required, proof of address (e.g., utility bill or bank statement) for age/identity verification and fraud prevention.

Account and Gameplay Data

• Username, account ID, password (stored in encrypted form), security questions and answers.
• Account settings, language and communication preferences.
• Gameplay history, including games played, timestamps, session duration, wins/losses, stakes, and bonus usage.
• Responsible gaming settings you choose to apply (deposit limits, loss limits, self-exclusion flags).

Financial and Transaction Data

• Payment details provided to our payment partners (e.g., partial card details, payment method type, masked card numbers).
• Deposit and withdrawal history, including amounts, currency (CAD or other supported currencies), payment provider used, and transaction timestamps.
• Records of chargebacks, refund requests, and financial disputes.

Technical and Usage Data

• IP address, approximate geolocation derived from IP (country, region, city), and associated connection metadata.
• Device identifiers and characteristics, such as device type, operating system, browser type and version, screen resolution, and language settings.
• Server logs, including access times, pages visited, referral URLs, and error logs.
• Clickstream data and interaction information on the Website (buttons clicked, navigation paths, time spent on pages).

Communications and Support Data

• Content of emails, live chat transcripts, and other communications with our support team or finance department.
• Records of complaints, dispute correspondence, and internal notes necessary to resolve issues.

Marketing and Preference Data

• Subscription status for email marketing, SMS, in-account notifications, and push notifications (where applicable).
• Records of your consent to receive marketing, the date/time of consent or withdrawal, and your topic preferences.

Cookies and Similar Technologies

• Session identifiers and authentication cookies to keep you logged in and secure.
• Preferences cookies to remember your language, region, and other settings.
• Analytics cookies and similar technologies to measure traffic, detect technical problems, and improve performance.
• Advertising and affiliation cookies (where applicable and subject to your consent) to track campaign performance and deliver relevant offers.

When data is collected on a voluntary basis (for example, participation in surveys or optional promotions), this will be clearly indicated, and you may choose not to provide it; however, certain core services may not be available without essential data.

Legal Basis for Processing

OBSERVE: For Canadian users, privacy law is primarily governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws. International best practices such as GDPR concepts (consent, contract, legitimate interests) are also referenced as comparative standards.

EXPAND: We align our processing activities with commonly recognised grounds: consent, contractual necessity, legal obligations (especially related to fraud, anti-money laundering, and accounting), and legitimate interests such as service improvement and security.

REFLECT: We explain each ground in clear language and associate it with categories of processing, enabling users to understand when consent is required and when processing is necessary for operation or compliance.

Consent

• We rely on your explicit or implied consent when you:
  • Register an account and provide personal information for that purpose.
  • Opt in to receive marketing communications (e.g., promotional emails and SMS).
  • Accept cookies that are not strictly necessary (e.g., analytics or advertising cookies).
• You may withdraw your consent to non-essential processing (such as marketing) at any time, as described in the "Your Rights" section.

Performance of a Contract

• We process personal information that is necessary to enter into and perform our contract with you, including:
  • Creating and managing your gaming account.
  • Providing access to games, bonuses, promotions, and loyalty programs.
  • Processing deposits, wagers, and withdrawals.
  • Providing customer support and handling your requests.

Compliance with Legal and Regulatory Obligations

• We process your data where required by law or regulation, including but not limited to:
  • Age and identity verification, Know Your Customer (KYC) procedures.
  • Anti-Money Laundering (AML) and fraud prevention checks.
  • Accounting, tax, and financial reporting requirements in applicable jurisdictions.
  • Responding to lawful requests from governmental or regulatory authorities.
• Although Costa Rica is the stated operational jurisdiction, we also take into account obligations triggered by serving Canadian residents, particularly regarding consumer protection and privacy under PIPEDA and provincial laws.

Legitimate Interests

• We may process your data based on our legitimate interests, provided these are not overridden by your rights and freedoms, including:
  • Ensuring the security and integrity of our systems, detecting and preventing fraud, abuse, or cheating.
  • Improving our services, Website functionality, and user experience through analytics.
  • Protecting our legal rights, enforcing our Terms and Conditions, and defending against legal claims.
  • Operating affiliate and marketing programs, measuring campaign performance, and presenting relevant offers, to the extent allowed by applicable laws.

Purpose of Processing

OBSERVE: Data is collected for specific, explicit purposes: running the casino, meeting legal requirements, improving the platform, and marketing.

EXPAND: We map each major category of processing to its purpose to ensure transparency and purpose limitation, essential under PIPEDA and internationally recognised privacy principles.

REFLECT: The purposes listed below aim to be comprehensive yet understandable so players can anticipate how their information will be used.

Provision and Management of Casino Services

• Creating and verifying user accounts.
• Allowing you to access and use games, bonuses, and tournaments.
• Operating loyalty or VIP programs and tracking your status.
• Processing deposits, bets, wins, and withdrawals in cooperation with payment partners.

Customer Support and Communications

• Responding to your questions submitted via email, live chat, or other contact methods.
• Notifying you of account-related events (e.g., security notifications, account restrictions, changes to terms or policies).
• Handling complaints, disputes, chargebacks, and technical issues.

Legal, Regulatory, and Risk Management

• Conducting age verification, identity confirmation, and KYC/AML checks.
• Monitoring transactions and gameplay for suspicious or fraudulent patterns.
• Maintaining records necessary for audits, regulatory inquiries, and legal proceedings.

Analytics and Service Improvement

• Analyzing Website usage, device statistics, and gameplay patterns to improve performance and user experience.
• Testing and developing new features, products, and promotional concepts.
• Aggregating or anonymizing data (where possible) to create reports and insights without identifying individuals.

Marketing and Personalization

• Sending you promotional communications about games, bonuses, and special offers, subject to your consent and applicable law.
• Customizing content, bonuses, and offers to your preferences and playing habits.
• Measuring the effectiveness of campaigns, ads, and affiliate traffic.

Disclosure & Sharing

OBSERVE: Operating an online casino requires sharing data with payment providers, IT vendors, affiliates, and sometimes public authorities.

EXPAND: We distinguish routine service providers from authorities and marketing partners, clarifying the legal basis and safeguards surrounding each disclosure.

REFLECT: This section gives players visibility into when their information leaves our direct control, under what conditions, and with what protections.

Service Providers and Processors

• We engage third-party companies to assist in operating the Website and providing services, including:
  • Payment processors and financial institutions for deposits and withdrawals.
  • Identity verification and KYC/AML service providers.
  • Hosting providers, IT support, and security vendors.
  • Email delivery and communication platforms.
  • Analytics and performance monitoring tools.
• These third parties process personal data only on our instructions and are contractually bound to maintain confidentiality, apply appropriate security measures, and use the data solely for the specified purposes.

Group Companies and Affiliates

• We may share necessary information with other entities in the Virtual Casino Group (e.g., operationally connected brands such as Planet 7, Cool Cat Casino, Royal Ace), to:
  • Ensure consistent risk management and fraud prevention across the group.
  • Provide group-level support or handle escalated complaints.
  • Administer cross-brand self-exclusion, where applicable.
• We may also share limited data with marketing affiliates for attribution and commission calculation, such as anonymized or pseudonymized identifiers, campaign codes, and traffic source information.

Regulators, Authorities, and Legal Proceedings

• We may disclose personal data where required by law, regulation, or valid legal process, including:
  • Responding to requests from law enforcement agencies.
  • Cooperating with financial intelligence units or AML authorities.
  • Complying with court orders, subpoenas, or similar procedures.
• We may also disclose information to legal advisors, auditors, and other professional consultants to protect our rights, pursue or defend legal claims, or for audit and compliance purposes.

Advertising Partners and Networks

• Where you have provided consent for advertising cookies or similar technologies, we may share certain data (such as cookie identifiers, device information, geolocation approximations, and interaction data) with:
  • Advertising networks and partners that deliver tailored ads or measure campaign performance.
  • Affiliate networks responsible for tracking referrals and commission structures.
• You may manage or withdraw consent for such cookies at any time, as described in the "Cookies & Tracking Technologies" section.

Business Transfers

• In the event of a merger, acquisition, reorganization, or sale of all or part of our business, personal data may be transferred to the acquiring or successor entity, subject to appropriate confidentiality and security safeguards and, where required, notice to affected users.

International Transfers

OBSERVE: The operator is based in Costa Rica and accepts Canadian players; data will move across borders for hosting, processing, and support.

EXPAND: We need to explain that information may be processed outside Canada, in countries that may have different data protection laws, and that we implement contractual and technical safeguards to protect it.

REFLECT: Users are informed of transfer destinations and protections, helping them evaluate the associated risks.

• Your personal information may be transferred to and processed in:
  • Costa Rica - primary operational and corporate jurisdiction of Virtual Casino Group.
  • Data centre locations used by our hosting, cloud, and IT service providers, which may be situated in various countries, including but not limited to members of the European Economic Area (EEA), the United States, and other jurisdictions.
  • Other countries where our payment processors, analytics providers, and professional advisors are located.
• Some of these jurisdictions may not provide the same level of data protection as your home jurisdiction. In such cases, we implement appropriate safeguards, which may include:
  • Contractual protections requiring recipients to safeguard personal data and use it only for authorized purposes (e.g., data processing agreements with confidentiality and security obligations).
  • Technical measures such as encryption in transit and at rest, strict access controls, and pseudonymization where feasible.
  • Internal policies limiting transfer to only those parties and purposes necessary for service provision or legal compliance.
• By using the Website and providing your information, you acknowledge that your data may be transferred to and processed in these jurisdictions, subject to the protections described in this Privacy Policy.

Data Retention

OBSERVE: We must not keep personal information longer than necessary for the purposes for which it was collected, while also respecting mandatory legal retention requirements (especially financial and AML records).

EXPAND: Different categories of data require different retention periods; we specify typical periods aligned with gaming industry practice and legal risk management.

REFLECT: We present retention periods in a structured way and explain criteria for deletion or anonymization.

General Principles

• We retain personal data only for as long as necessary to:
  • Provide the services and maintain your account.
  • Comply with legal, regulatory, and accounting obligations.
  • Resolve disputes and enforce our agreements.
• When data is no longer required, we will securely delete it or irreversibly anonymize it.

Indicative Retention Periods

• Account and Identification Data: Generally retained for the duration of your active account and for up to 5 years after account closure, to comply with AML/KYC, fraud prevention, and record-keeping requirements.
• Financial and Transaction Data: Retained for at least 5 - 7 years from the date of the transaction or account closure (whichever is later), in line with typical financial and tax record-keeping obligations.
• Gameplay and Behavioral Data: Retained for as long as your account is active and for up to 5 years after closure, primarily for dispute resolution, fraud detection, and compliance purposes.
• Customer Support and Complaint Records: Retained for up to 7 years from the date of the last communication or resolution of the matter.
• Marketing and Preference Data: Retained until you withdraw your consent or object to processing, or until the data is no longer relevant, plus a short period necessary to record and respect your opt-out request.
• Technical Logs and Security Data: Retained for a shorter period, typically between 6 months and 2 years, unless required longer for security investigations or legal purposes.

Deletion and Anonymization Criteria

• Data is deleted or anonymized when:
  • You request erasure and we have no overriding legal grounds for continued retention.
  • The retention period associated with the data category has expired.
  • The data is no longer needed for the purposes for which it was collected, including legal, accounting, or dispute resolution purposes.

Your Rights

OBSERVE: Canadian privacy law (PIPEDA and similar provincial acts) and international standards inspired by the EU GDPR grant individuals a set of rights over their personal information.

EXPAND: Even though the reference prompt mentions Mexican law, our primary focus is Canadian users; we therefore align rights with GDPR-style principles (access, rectification, deletion, restriction, portability, objection) and adapt them to the Canadian context: access, correction, and complaint mechanisms, with clear timelines and free-of-charge guarantees.

REFLECT: We offer a practical procedure for exercising rights, including contact methods, verification steps, and expected response times (typically 30 days).

Right to Access

• You may request confirmation of whether we hold personal information about you and obtain a copy of that information, together with an explanation of how it is used and shared.

Right to Correction (Rectification)

• You may request that we correct or complete any inaccurate or incomplete personal information we hold about you (for example, updating your address or contact details).

Right to Deletion (Erasure)

• You may request deletion of certain personal information when:
  • It is no longer necessary for the purposes for which it was collected.
  • You have withdrawn consent (where consent was the basis) and there is no other legal ground for processing.
  • Processing is unlawful or you successfully object to processing.
• We may need to retain some data where mandated by law (e.g., financial and AML records) or for the establishment, exercise, or defense of legal claims.

Right to Restrict Processing

• You may request that we restrict processing of your personal information in certain circumstances, such as:
  • While we verify the accuracy of data you contest.
  • Where processing is unlawful but you prefer restriction over deletion.
  • Where we no longer need the data but you require it for legal claims.

Right to Object

• You may object to:
  • Processing of your data based on our legitimate interests, on grounds relating to your particular situation.
  • Use of your data for direct marketing, in which case we will immediately stop using it for that purpose.

Right to Data Portability

• To the extent technically feasible and applicable, you may request that we provide you with certain personal information you have provided to us, in a structured, commonly used, and machine-readable format, or that we transmit it directly to another controller where this is technically possible.

Right to Withdraw Consent

• Where processing is based on your consent (for example, marketing communications or certain cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal.

Exercise of Rights, Response Time, and Cost

• You may exercise your rights by contacting our Data Protection & Privacy contact:
  • Email: [email protected]
• We may request additional information to verify your identity before acting on your request, especially for sensitive data.
• We aim to respond to all valid requests within 30 days. If your request is particularly complex or we receive multiple requests, we may extend this period, but we will inform you of any delay and the reasons.
• We do not normally charge a fee for handling rights requests. However, where permitted by law, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for secure sessions and user experience but also used for analytics and marketing.

EXPAND: We classify cookies by duration (session vs. persistent) and purpose (functional, analytics, advertising) and explain management options via browser and internal tools.

REFLECT: This helps users understand how online tracking works and how to control it.

Types of Cookies We Use

• Session Cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They enable core functions like login sessions, secure navigation, and placing bets.
• Persistent Cookies: Cookies stored on your device for a defined period or until you delete them. They remember preferences (e.g., language, previously visited pages) and help us understand user behavior over time.
• First-Party Cookies: Set directly by clubplayerbet-ca.com to enable essential Website features and preferences.
• Third-Party Cookies: Set by external providers (e.g., analytics platforms, advertising networks, affiliate tracking systems) to measure performance, track referrals, and, where applicable, deliver targeted content.

Purposes of Cookies

• Strictly Necessary / Functional Cookies: Required for Website operation, security, and basic features (login, account navigation, transaction processing). You cannot opt out of these through our cookie tools because the Website would not function properly.
• Analytics Cookies: Help us understand how users interact with the Website (e.g., pages visited, time spent, error messages). The information is typically aggregated and used to improve performance, usability, and content relevance.
• Advertising and Affiliate Cookies: Used to:
  • Track the performance of promotional campaigns and affiliates.
  • Limit the number of times you see certain offers.
  • Provide content that is more relevant to your interests, where allowed by law and subject to your consent.

Managing Cookies and Tracking

• You can control cookies through:
  • Browser Settings: Most browsers allow you to block or delete cookies, or to alert you before a cookie is stored. Please refer to your browser's help documentation for instructions.
  • Internal Cookie/Preferences Panel (where available): We may provide an on-site preferences tool that allows you to enable or disable certain non-essential cookie categories, such as analytics or advertising cookies.
• Please note that disabling or blocking certain cookies may affect the Website's functionality and your ability to use some features, including gaming, login, or secure transaction processing.

Data Security

OBSERVE: Online gambling platforms are high-value targets for fraud and cyberattacks, requiring robust security measures.

EXPAND: We implement layered technical, organizational, and procedural safeguards from encryption to staff training and incident response, referencing common international standards (e.g., ISO 27001, SOC 2) as benchmarks where applicable.

REFLECT: While no system is entirely risk-free, transparency about our security controls builds trust and clarifies our commitment to protecting user data.

Technical Measures

• Encryption in Transit: Data exchanged between your browser and our servers is protected using industry-standard Transport Layer Security (TLS) protocols, version 1.2 or higher, to mitigate interception and tampering.
• Encryption at Rest: Sensitive information, including passwords and certain financial-related data, is stored in encrypted or hashed form, with strong cryptographic algorithms and restricted key management.
• Access Controls: Access to production systems and databases is limited to authorized personnel based on the "need to know" and "least privilege" principles, protected by strong authentication measures, including multi-factor authentication wherever feasible.
• Network and System Security: Firewalls, intrusion detection/prevention systems, anti-malware solutions, and regular patch management are employed to guard against unauthorised access and vulnerabilities.

Organizational and Procedural Measures

• Security Policies and Training: Staff involved in handling personal information receive training on confidentiality, data protection, and security protocols, and are bound by contractual confidentiality duties.
• Data Minimization and Segregation: We limit data collection to what is necessary and separate environments (e.g., development/test vs. production) to reduce risk.
• Vendor Management: Third-party service providers with access to personal data are assessed for security capabilities and required to implement appropriate safeguards via contractual obligations.

Monitoring and Incident Response

• We continuously monitor systems for suspicious activity and potential security incidents.
• We maintain incident response procedures aimed at:
  • Identifying and containing incidents quickly.
  • Assessing the scope and impact on personal information.
  • Notifying affected users and relevant authorities where required by applicable laws.
  • Implementing remediation and preventive measures to reduce the likelihood of recurrence.

While we strive to apply controls aligned with recognized standards such as ISO/IEC 27001 and SOC 2 where applicable, you acknowledge that no online service can guarantee absolute security. You are responsible for keeping your account credentials confidential and for using secure devices and networks when accessing the Website.

Complaints & Contacts

OBSERVE: Users must have clear channels to raise privacy-related concerns and escalate unresolved issues.

EXPAND: We specify contact details, outline the complaint-handling process, and reference oversight authorities appropriate for Canadian residents.

REFLECT: A transparent complaint mechanism supports accountability and trust.

Contacting Us

• Primary Privacy & Data Protection Contact (DPO Function):
• Email: [email protected]
• Finance-related data issues: [email protected]
• Website: https://clubplayerbet-ca.com

Internal Complaint Procedure

1. Submission: Send a detailed description of your concern (including your username, contact details, and any relevant evidence) to [email protected], indicating that it is a "Privacy Complaint".
2. Acknowledgment: We aim to acknowledge receipt of your complaint within 5 business days.
3. Investigation: Your complaint will be reviewed by the appropriate department (including, where necessary, our finance and security teams). We may contact you for additional information.
4. Response: We will strive to provide a substantive response within 30 days of receiving all relevant information. If we require more time due to complexity, we will inform you of the delay and expected timeframe.
5. Escalation: If you are not satisfied with our response, you may request further review or escalate the matter to the relevant privacy authority.

Escalation to Supervisory Authorities (Canada)

If you are a resident of Canada and are not satisfied with how we handle your personal information or your complaint, you may contact the federal or applicable provincial privacy regulator. For many Canadians, the primary authority is:

• Office of the Privacy Commissioner of Canada (OPC)
• Website: https://www.priv.gc.ca
• Contact information: Available at https://www.priv.gc.ca/en/contact-the-opc

Depending on your province of residence, you may also have the right to contact your provincial privacy commissioner (for example, in Quebec, British Columbia, or Alberta). Contact details for these authorities can be obtained via the OPC website or the respective provincial government websites.

Updates

OBSERVE: Privacy policies may change as services, technology, and legal requirements evolve.

EXPAND: We must describe how we will inform users about changes, maintain version control, and allow users to object or close accounts when material changes affect their rights.

REFLECT: Clear update procedures promote transparency and ongoing compliance.

Policy Updates and Notifications

• We may update this Privacy Policy from time to time to reflect changes in:
  • Our services, technologies, or business operations.
  • Applicable laws, regulations, or guidance.
  • Our internal practices and risk assessments.
• When we make material changes that significantly affect your rights or the way we process your data, we will:
  • Post a prominent notice on the Website (e.g., banner or pop-up).
  • Where feasible, send an email to the address associated with your account.
  • Display an alert in your account dashboard after login.
• We will provide, where reasonable and appropriate, at least 30 days' advance notice before material changes take effect, unless immediate implementation is required by law or for security reasons.

Version Control and Changelog

• The current version of this Privacy Policy is identified at the bottom of the page by the "Last updated" date.
• Where feasible, we will maintain a brief changelog summarizing material amendments (e.g., new data categories collected, new purposes of processing, or new categories of recipients).

Your Options When the Policy Changes

• If you do not agree with the updated Privacy Policy, you may:
  • Stop using the Website and request account closure via [email protected].
  • Request deletion or restriction of your personal information, subject to our legal obligations.
• Your continued use of the Website after the effective date of the updated Policy will constitute your acceptance of the changes, to the extent permitted by applicable law.

Last updated: January 2026