burger icon
Sportaza Casino
Log In

Privacy Policy

This privacy policy explains how sportaza-casino, operating exclusively via sportaza-casino-ca.com, collects, uses, and protects personal information of players and website visitors. It is designed to comply with applicable Canadian laws and international industry standards. This policy applies to all users accessing sportaza-casino-ca.com, and is effective as of November 6, 2025.

Who We Are

OBSERVE: sportaza-casino is operated by Rabidi N.V., with international operations and data flows. EXPAND: Legal identity, registration, and accountability must be transparent for CA compliance. REFLECT: Full disclosure of company and Data Protection Officer (DPO) contact details ensures user trust and regulatory clarity.

  • Legal Operator: Rabidi N.V., registered in Curacao under company number 151791, with legal address at Scharlooweg 39, Willemstad, Curacao, CW.
  • Regional Payment Processing Partner: Tilaros Limited, Agiou Georgiou Makri, 44, 6037, Larnaca, Cyprus (Company Registration HE 406322).
  • Contact Information: For privacy concerns, email support@sportaza-casino-ca.com or info@sportaza-casino-ca.com. The Data Protection Officer can be reached via these channels. No phone number specified.
  • Licensing: E-Gaming License 8048/JAZ valid through 2025, issued by Antillephone N.V. (Curacao government).

What Personal Data We Collect

OBSERVE: Canadian privacy standards require full transparency about data categories. EXPAND: Both direct and indirect data collection methods must be declared. REFLECT: Data types are presented with legal clarity and commitment to data minimization.

  • Personal Identification Data: Full name, date of birth, email address, phone number, postal address, account credentials.
  • Technical Data: IP address, device identifiers, browser type, operating system, session logs, and usage data.
  • Payment Data: Credit/debit card numbers (tokenized), bank account details, e-wallet identifiers, transaction records (processed via compliant partners).
  • Behavioral Data: Game activity, betting history, deposit/withdrawal patterns, clickstream data, navigation paths.
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party analytics and advertising cookies (see "Cookies" section below).
  • Regulatory Data: KYC/AML documentation, identity verification documents, communications with support.

Legal Basis for Processing

OBSERVE: CA and international laws mandate clear legal grounds for processing. EXPAND: Complex requirements for consent, contract, legitimate interest, and legal obligations must be addressed. REFLECT: Each processing activity aligned with specific legal justification.

  1. User Consent: Processing for marketing communications, non-essential cookies, and optional promotions is based on explicit user consent. Users may withdraw consent at any time via account settings or by contacting support.
  2. Contractual Necessity: Data processing required to operate accounts, verify identity, process payments, and provide requested services is based on fulfillment of contract with the user.
  3. Legitimate Interests: Data used for fraud prevention, security monitoring, service optimization, and statistical analysis is processed under legitimate business interests, balanced against user rights.
  4. Legal Obligations: Compliance with KYC/AML requirements, regulatory reporting, and dispute resolution mandates processing as required by applicable laws and licensing authorities.

Regional Compliance Note: All legal bases are aligned with the Personal Information Protection and Electronic Documents Act (PIPEDA), relevant provincial laws, and international standards.

Purpose of Processing

OBSERVE: Purposes must be explicit to meet CA and international compliance. EXPAND: All operational, security, and marketing uses must be disclosed. REFLECT: Clear listing of purposes ensures user awareness and legal defensibility.

  • Service Provision: To facilitate account registration, gameplay, deposits, withdrawals, and customer support.
  • Legal and Regulatory Compliance: To meet KYC/AML requirements, prevent fraud, and fulfill regulatory obligations.
  • Service Improvement: To analyze user behavior, enhance user experience, optimize website functionality, and resolve technical issues.
  • Marketing and Promotions: To send relevant promotional materials, bonuses, and service announcements (with consent).
  • Security and Risk Management: To monitor accounts for suspicious activity, perform security audits, and protect both users and the platform from unauthorized access or abuse.

Disclosure & Sharing

OBSERVE: Canadian and international law require full disclosure of data sharing practices. EXPAND: Identify all recipient categories and conditions for lawful disclosure. REFLECT: Users are informed of all parties with potential access to their data and the legal protections in place.

  • Payment Partners: Data shared with financial institutions and payment processors (including Tilaros Limited in Cyprus) for transaction execution.
  • Service Providers: Third-party providers for IT infrastructure, platform hosting, analytics, customer support, and verification services, bound by confidentiality and data protection agreements.
  • Regulatory Authorities: Information disclosed to government and licensing authorities as required by law and gaming license (Curacao, CA regulatory agencies where applicable).
  • Affiliates and Advertising Networks: Data shared with marketing partners and affiliates only with user consent, limited to permitted purposes.
  • Legal Requirements: Disclosure to law enforcement, courts, or other governmental bodies as mandated by applicable law or in response to valid legal process.

Protective Clause: All disclosures are subject to strict contractual safeguards and are limited to the minimum necessary to achieve the specified purpose.

International Transfers

OBSERVE: Offshore operation (Curacao, Cyprus) triggers cross-border data transfer obligations under CA law. EXPAND: Data protection adequacy and contractual safeguards are required. REFLECT: Transfers are conducted with internationally recognized security standards and legal protections.

  • Countries of Transfer: Personal data may be transferred to Curacao (headquarters), Cyprus (payment processing), and other jurisdictions where service providers operate. Data is not stored in Canada.
  • Protection Measures: All transfers use Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure an adequate level of protection, as required by PIPEDA and international standards.
  • Third-Party Compliance: All third-party recipients are contractually obligated to adhere to strict data protection and confidentiality requirements.

Regional Compliance Note: Users acknowledge and consent to international transfers as a condition of using sportaza-casino-ca.com services.

Data Retention

OBSERVE: CA and Curacao regulations require defined retention periods and deletion criteria. EXPAND: Specify timelines for all main categories of data. REFLECT: Regular reviews and user-triggered deletion rights are embedded.

  • Account Data: Retained for the duration of the user's account, and for no more than five (5) years after account closure or last activity, to comply with KYC/AML and regulatory obligations.
  • Transaction and Payment Data: Stored for a minimum of five (5) years following transaction completion, in line with anti-money laundering regulations.
  • Marketing Data: Retained until consent is withdrawn or user unsubscribes from communications.
  • Cookies and Technical Data: Retention varies by cookie type (see "Cookies" section), with maximum duration not exceeding two (2) years.
  • Deletion Criteria: Data is deleted or anonymized upon user request, expiration of statutory retention period, or when no longer required for original processing purposes.

Your Rights

OBSERVE: Alignment with GDPR and CA (PIPEDA) user rights is mandatory. EXPAND: Include all material rights: access, correction, erasure, restriction, portability, objection, consent withdrawal. REFLECT: Explicit procedural guidance and response timelines provided for user empowerment and compliance.

  1. Right to Access: Users may request confirmation of whether their personal data is processed, and obtain a copy of such data, free of charge.
  2. Right to Correction: Users may request correction of inaccurate or incomplete personal data.
  3. Right to Erasure ("Right to be Forgotten"): Users may request the deletion of personal data where no legal or regulatory retention obligation exists.
  4. Right to Restrict Processing: Users may request restriction of data processing in specific circumstances (e.g., while a correction request is pending).
  5. Right to Object: Users may object to processing based on legitimate interests or for direct marketing purposes.
  6. Right to Data Portability: Users may request a structured, commonly used, machine-readable copy of their personal data to transfer to another controller.
  7. Right to Withdraw Consent: Users may withdraw marketing or non-essential processing consent at any time, with no effect on prior lawful processing.
  8. Procedures: Requests can be submitted via email to support@sportaza-casino-ca.com. sportaza-casino will respond within thirty (30) days of receipt, free of charge, unless requests are manifestly unfounded or excessive.
  9. Regional Regulations: All rights are provided in accordance with Canadian PIPEDA and, where applicable, international frameworks (GDPR).

Cookies & Tracking Technologies

OBSERVE: Full disclosure of cookie types, purposes, and user controls is required by CA law. EXPAND: Third-party tracking and user opt-out mechanisms must be clear. REFLECT: Structured cookie information and management options enhance transparency.

  • Session Cookies: Temporary files essential for secure authentication and session continuity, deleted when the browser is closed.
  • Persistent Cookies: Remain on user devices up to two years to remember preferences and facilitate smoother navigation.
  • Third-Party Cookies: Deployed by analytics and advertising partners to measure performance and deliver targeted content (subject to user consent).
  • Purposes: Functionality, analytics, advertising, security, and personalization.
  • Management: Users can manage or disable cookies through browser settings or, where available, via the internal cookie management panel on sportaza-casino-ca.com. Disabling cookies may impact website functionality.

Data Security

OBSERVE: Canadian and international standards require robust technical and organizational security measures. EXPAND: Specific controls and certifications must be articulated. REFLECT: Multi-layered protections and incident response plans are in place.

  • Encryption: All data is protected during transmission using TLS 1.2+ and encrypted at rest using industry-standard algorithms.
  • Access Controls: User data is accessible only to authorized personnel with strict role-based access and multi-factor authentication.
  • Security Audits: Regular internal and external audits assess system integrity and compliance with ISO 27001 and SOC 2 standards.
  • Staff Training: Ongoing security awareness programs ensure all employees understand privacy obligations and cybersecurity best practices.
  • Incident Response: Documented procedures for prompt response to suspected data breaches, including notification to affected users and authorities as required by law.

Complaints & Contacts

OBSERVE: Legal standards require accessible complaint channels and escalation paths. EXPAND: Procedures and timelines must be clear; regulatory contacts must be provided. REFLECT: Users are empowered with effective recourse mechanisms.

  • Primary Contact: All privacy complaints or inquiries should be directed to the Data Protection Officer at support@sportaza-casino-ca.com or info@sportaza-casino-ca.com.
  • Complaint Procedure:
    1. Submit your complaint via email, including relevant details and supporting documentation.
    2. sportaza-casino will acknowledge receipt within five (5) business days and provide a substantive response within thirty (30) days.
    3. If unsatisfied with the response, users may escalate the complaint to the appropriate data protection authority.
  • Supervisory Authorities: In Canada, users may contact the Office of the Privacy Commissioner of Canada (OPC), 30 Victoria Street, Gatineau, Quebec K1A 1H3, https://www.priv.gc.ca/.

Updates

OBSERVE: Users must be notified of material changes with sufficient notice. EXPAND: Version control, changelog, and objection/closure rights are required. REFLECT: Ongoing transparency and user autonomy are maintained.

  • Notification Procedures: Users will be informed of material policy changes via email, prominent website banners, and account dashboard alerts.
  • Advance Notice: For significant changes, at least thirty (30) days' notice will be provided prior to the effective date. Users may object or close their account before changes take effect.
  • Version Control: This policy is marked "Last updated: November 6, 2025."
  • Changelog: Material changes are summarized in the policy changelog on sportaza-casino-ca.com/privacy-policy.

Regional Compliance Note: All updates and notifications are managed in accordance with CA law and best industry practice.