burger icon
Casino Days Review Canada
Sign Up

Privacy Policy

This Privacy Policy explains how Casino Days, operating the website casinodays-play.ca ("Casino Days", "we", "us", "our"), collects, uses, discloses, and protects your personal data when you visit our websites or use our online casino services. It applies to players and other visitors from Canada and, where applicable, from other countries who access our services. This Privacy Policy is effective as of 1 January 2026.

Who We Are

Casino Days operates as part of the "Casino Days" brand through the domain casinodays-play.ca. Depending on your location, your data may be processed by one or both of the following entities:

  • For players in Ontario, Canada: White Star Digital North Limited, a private company established in Ontario, Canada, licensed by iGaming Ontario (iGO) and regulated by the Alcohol and Gaming Commission of Ontario (AGCO) for online gaming operations in Ontario.
  • For players in the rest of Canada (e.g., BC, AB, QC, etc.): White Star B.V., incorporated in Curaçao (registration no. 153150), operating online gaming services under the Curaçao Master License 8048/JAZ issued to Antillephone N.V.

These entities may jointly determine certain purposes and means of processing your data in connection with the Casino Days brand. Registered office street addresses and certain corporate details may change from time to time and are available on request.

Contact for Privacy Matters

  • Data Protection contact (DPO / privacy office): [email protected]
  • Website: https://casinodays-play.ca
  • Postal contact: Privacy Office, White Star Digital North Limited, Ontario, Canada; or Privacy Office, White Star B.V., Curaçao (exact mailing details provided upon request).

This Privacy Policy does not apply to regulator or directory sites such as igamingontario.ca or agco.ca, or to other domains such as casinodays.com and casinodays.ca unless expressly stated.

What Personal Data We Collect

Identification and Contact Data

  • Account information: full name, date of birth, username, password, security questions/answers.
  • Contact details: email address, telephone number, preferred language, province/territory and country of residence.
  • Verification/KYC data: copies or details of identity documents (e.g., passport, driver's licence), proof of address, information obtained from sanctions/PEP and age-verification checks where required by law.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone, and language settings.
  • Log data: login and logout times, session duration, pages viewed, clickstream data, referring URLs, crash logs, and error reports.

Payment and Financial Data

  • Transaction data: deposits, withdrawals, currency, payment methods used, partial payment card details (tokenised or truncated), payment confirmations, chargeback information.
  • Financial verification data: limited information needed to meet anti-money-laundering (AML) and affordability requirements, such as proof of income or source-of-funds statements, where requested.

Behavioural and Profile Data

  • Gaming activity: betting and wagering history, games played, time spent, wins and losses, bonuses used, cumulative limits and self-exclusion settings.
  • Profile inferences: segments or risk scores derived from your behaviour for responsible gambling monitoring, anti-fraud checks, and service personalization.
  • Communication data: records of emails, chat conversations, form submissions, and marketing preferences (opt-in/opt-out status).

Cookies and Similar Technologies

  • Cookies: small text files stored on your device to remember your settings, maintain sessions, and understand website usage.
  • Similar technologies: pixels, tags, local storage, SDKs and device identifiers used for analytics, security, and (where permitted) marketing.

For more detail on cookies and tracking technologies, please see the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

We process personal data in accordance with applicable Canadian privacy laws (including Canada's Personal Information Protection and Electronic Documents Act - PIPEDA - and substantially similar provincial laws), as well as, where relevant, the EU General Data Protection Regulation (GDPR) and Mexican data protection law. The main legal bases and equivalents are:

  • Consent / Opt-in (GDPR Art. 6(1)(a); Mexican LFPDPPP consent; PIPEDA meaningful consent):
    • When you create an account, accept cookies that are not strictly necessary, or opt in to marketing communications.
    • You may withdraw your consent at any time, without affecting prior lawful processing, by adjusting your account settings or contacting us.
  • Contractual necessity (GDPR Art. 6(1)(b); PIPEDA "appropriate purposes"; Mexican LFPDPPP contractual necessity):
    • To create and manage your account, provide access to games, process deposits and withdrawals, verify wins, and offer customer support.
    • Without this processing, we cannot provide the Casino Days services you request.
  • Legitimate interests (GDPR Art. 6(1)(f); parallel concepts under PIPEDA and Mexican law):
    • To prevent fraud and abuse, secure our systems, improve services, conduct analytics, and tailor our offerings.
    • We balance these interests against your rights and implement safeguards (e.g., pseudonymisation, minimization, opt-out mechanisms where appropriate).
  • Compliance with legal obligations (GDPR Art. 6(1)(c); PIPEDA and Mexican statutory obligations; AML/CTF rules):
    • To comply with gaming, AML, counter-terrorist financing, financial reporting, and responsible gambling requirements imposed in Canada (including Ontario), Curaçao, and other relevant jurisdictions.
    • To respond to lawful requests from regulators, law enforcement, and supervisory authorities.
  • Vital interests / public interest (where applicable):
    • In rare cases, to protect you or others from serious harm, such as significant gambling-related harm, criminal activity, or threats to life or safety.

Purpose of Processing

Service Delivery and Account Management

  • To provide casino services: creating and managing accounts, enabling gameplay, processing deposits and withdrawals, calculating and paying winnings, and delivering bonuses and loyalty offers according to our terms.
  • Customer support: handling enquiries, complaints, technical issues, and responsible gambling requests (e.g., self-exclusion, cooling-off periods, limit-setting).

Compliance and Risk Management

  • KYC/AML and regulatory compliance: verifying identity and age, monitoring transactions for suspicious activity, reporting where required by law, and documenting our compliance efforts.
  • Fraud and security: detecting and preventing account takeover, bonus abuse, chargebacks, money laundering, and other prohibited activities.

Improvement, Personalization, and Analytics

  • Service improvement: analysing how players use our sites and apps to improve performance, usability, game selection, and customer experience.
  • Personalization: customizing content such as recommended games, promotions, or responsible gambling messages based on your activity and preferences.

Marketing and Communications

  • Marketing communications: sending emails, SMS, in-site messages, or push notifications about new games, promotions, or news where you have consented or where permitted by law with appropriate opt-out options.
  • Analytics and attribution: using cookies and IDs to measure the effectiveness of our campaigns and affiliates, and to prevent marketing fraud.

Other Legitimate Business Purposes

  • Corporate governance: internal audits, reporting, and business planning.
  • Legal defence and enforcement: handling disputes, enforcing our Terms and Conditions, and defending our legal rights.

Disclosure & Sharing

We do not sell your personal data in the traditional sense. We may share data with carefully selected third parties under appropriate safeguards and only for the purposes described in this Policy.

Within the Casino Days Group and Operators

  • Group companies and operators: White Star Digital North Limited (Ontario) and White Star B.V. (Curaçao) may share data for operational, compliance, risk management, and support purposes, particularly where you move between Ontario and Rest-of-Canada environments.

Service Providers and Partners

  • Payment processors and banks: to process deposits, withdrawals, and chargebacks and to comply with AML and financial regulations.
  • Identity and verification providers: to carry out age verification, KYC, sanctions, and fraud checks.
  • IT, hosting, and security providers: for infrastructure, data storage, cybersecurity monitoring, and technical support.
  • Analytics and optimization providers: for website and app analytics, A/B testing, error monitoring, and performance improvement.
  • Marketing and affiliate partners: advertising networks, email and SMS platforms, and affiliate tracking providers, but only where permitted by law and, where required, based on your consent.

Regulators, Authorities, and Legal Recipients

  • Gaming and financial regulators: including iGaming Ontario, AGCO, and Curaçao licensing bodies, in connection with regulatory reporting and audits.
  • Law enforcement and public authorities: where required by law, court order, or to protect our rights, players, or the public.
  • Professional advisors: lawyers, auditors, and consultants under confidentiality obligations.

Corporate Transactions

  • Business transfers: in the event of a merger, acquisition, restructuring, or sale of all or part of our business, your data may be transferred to the acquiring entity subject to this Policy or an equivalent level of protection.

International Transfers

Because our operations and many of our providers are located in multiple countries, your personal data may be transferred to, and processed in, jurisdictions that may have different data protection laws than your home jurisdiction, including:

  • Canada: including Ontario and other provinces and territories where we or our providers operate.
  • Curaçao: where White Star B.V. is incorporated and licensed.
  • European Economic Area (EEA), United Kingdom, and Switzerland: where some service providers or group functions may be located.
  • United States and other third countries: primarily for cloud hosting, analytics, payment processing, and security services.
  • Mexico: in limited cases where Mexican players interact with our services or where service providers operate from Mexico.

When transferring data internationally, we take appropriate safeguards, which may include:

  • Contractual protections: using Standard Contractual Clauses or equivalent instruments for transfers from the EEA/UK/Switzerland, and contractual clauses consistent with Mexican LFPDPPP requirements for cross-border transfers from Mexico.
  • Organizational and technical measures: access controls, encryption, minimization, and strict need-to-know access within our group and suppliers.
  • Regulatory compliance: ensuring that transfers are necessary for the performance of your contract, for important public interest reasons (e.g., AML/CTF), or based on your explicit consent where required.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including meeting legal, regulatory, accounting, and reporting requirements. Retention periods may vary by jurisdiction. As a general guideline:

  • Account and identification data: kept while your account is active and typically for up to 5 years after account closure, to comply with gaming and AML laws and to handle potential disputes.
  • Transaction and payment records: normally kept for at least 5 years after the relevant transaction in line with financial and AML regulations.
  • Responsible gambling and behavioural data: stored while necessary to monitor and manage risk and to comply with responsible gambling obligations, typically up to 5 years after account closure unless a longer period is required by law or to protect vital interests.
  • Marketing data: retained while you remain subscribed and for a short period (usually up to 2 years) after you opt out, to maintain records of your preferences and comply with legal obligations relating to suppression lists.
  • Technical logs and security data: stored for security and audit purposes for periods typically ranging from 6 months to 5 years, depending on the sensitivity and regulatory context.

When data is no longer required, we will delete it securely or irreversibly anonymize it. We may also shorten retention periods where feasible. If you request deletion, we will honour your request subject to any overriding legal obligations to retain certain data (for example, AML or regulatory requirements).

Your Rights

Your privacy rights depend on your place of residence and the laws that apply, including Canadian privacy laws, the GDPR for players in the EEA/UK (or where GDPR applies extraterritorially), and Mexican privacy law (including the Federal Law on Protection of Personal Data Held by Private Parties - LFPDPPP). We will always try to give you a consistently high level of protection.

Core Rights (Canada, GDPR, Mexico)

  • Right of access: you can request confirmation of whether we hold personal data about you and obtain a copy of that data, together with information about how we use it.
  • Right to rectification/correction: you can request that inaccurate or incomplete data be corrected. You can also update many details directly in your account.
  • Right to deletion/erasure ("cancellation" under ARCO in Mexico): you can ask us to delete your personal data when it is no longer needed, when you withdraw consent, or when processing is unlawful. We may retain certain data where required by law (e.g., AML, financial, gaming regulations).
  • Right to restriction of processing: in certain circumstances (for example, while we verify accuracy or legal basis), you may request that we restrict how we use your data.
  • Right to object: where we process data based on legitimate interests or for direct marketing, you may object. We will stop processing unless we have compelling legitimate grounds or a legal obligation to continue.
  • Right to data portability: where technically feasible and required by GDPR or Mexican law, you may request that we provide your data in a structured, commonly used, and machine-readable format or transfer it to another provider.
  • Right to withdraw consent: where processing is based on your consent (for example, marketing or certain cookies), you may withdraw it at any time, without affecting prior lawful processing.

Exercising Your Rights

  1. Submit a request: contact us at [email protected] and clearly state which right you wish to exercise. You may be asked to use in-account tools where available.
  2. Identity verification: to protect your account, we may request additional information to verify your identity before acting on your request.
  3. Response timeframe: we aim to respond within 30 days of receiving your request. If your request is complex or numerous, we may extend this period in line with applicable law, and we will inform you of any extension and reasons.
  4. Fees: we generally handle requests free of charge. A reasonable fee or refusal may apply only where a request is manifestly unfounded or excessive, as permitted by law.

Residents of Mexico may also exercise the ARCO rights (Access, Rectification, Cancellation, Opposition) under LFPDPPP through the same contact channels, and we will process such requests in line with Mexican law.

Cookies & Tracking Technologies

Types of Cookies We Use

  • Session cookies: temporary cookies that exist only while your browser or app session is active and are deleted when you log out or close your browser. They help maintain your login and keep your bet slips or game sessions active.
  • Persistent cookies: remain on your device for a defined period to remember your preferences (such as language, region, or cookie choices) and to help us understand returning usage.
  • First-party cookies: placed directly by casinodays-play.ca to operate the site and remember your choices.
  • Third-party cookies: set by service providers, such as analytics platforms, security tools, or (where allowed) advertising networks and affiliate tracking providers.

Purposes of Cookies

  • Strictly necessary / functional: required for the site to function, including login, account management, game loading, security, and preventing fraud.
  • Performance and analytics: to measure traffic, understand how users interact with pages and games, identify errors, and improve usability.
  • Personalization: to remember your settings and present content tailored to your preferences.
  • Advertising and affiliate tracking: to measure the effectiveness of our marketing and affiliate campaigns and, where permitted, to deliver or limit certain promotional content.

Managing Cookies

  • Browser settings: you can usually configure your browser to refuse all or some cookies, or to alert you when websites set cookies. If you block strictly necessary cookies, some features may not work properly.
  • Internal tools: where available, you may use our in-site cookie or privacy settings panel to manage non-essential cookies.
  • Opt-out of marketing: you can opt out of marketing communications at any time via account settings, unsubscribe links, or by contacting us. This may not stop all cookie-based analytics but will prevent direct marketing using your contact details.

Data Security

We implement technical and organizational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. While no system is completely secure, we continuously work to maintain a security level consistent with industry best practices.

Technical Measures

  • Encryption in transit and at rest: data transmitted between your device and our services is protected using TLS 1.2 or higher. Sensitive data is stored using strong encryption and hashing techniques.
  • Access control: access to personal data is restricted to authorized personnel and service providers on a need-to-know basis, enforced by authentication, role-based access, and logging.
  • Network and application security: firewalls, intrusion detection and prevention systems, anti-malware, and regular vulnerability scanning and patching are used to protect our infrastructure.

Organizational and Procedural Measures

  • Policies and training: staff receive training on data protection, confidentiality, and secure handling of personal data. Internal policies govern how data is accessed, used, and shared.
  • Security assessments: we conduct regular security reviews and may engage independent experts to test the robustness of our systems. We strive to align our practices with recognised standards such as ISO/IEC 27001 and SOC 2 where applicable, without implying formal certification unless expressly disclosed.
  • Incident response: we maintain incident response procedures to detect, investigate, and mitigate security events. Where required by law, we will notify affected individuals and relevant authorities of data breaches without undue delay.

Complaints & Contacts

Contacting Us

  • Email - primary contact: [email protected]
  • Website: https://casinodays-play.ca
  • Postal address: Privacy Office, White Star Digital North Limited, Ontario, Canada; or Privacy Office, White Star B.V., Curaçao (full mailing details available on request).

How to Make a Complaint to Us

  1. Step 1 - Contact our privacy office: send a detailed email to [email protected] explaining your concern, including any relevant account details and supporting documents.
  2. Step 2 - Acknowledgement: we will acknowledge receipt of your complaint as soon as reasonably possible, usually within 5 business days.
  3. Step 3 - Investigation: we will review your complaint, gather relevant information, and, if necessary, contact you for clarification.
  4. Step 4 - Response: we aim to provide a substantive response within 30 days. If we cannot respond within this timeframe due to complexity, we will inform you of the delay and the expected resolution date.
  5. Step 5 - Escalation: if you are dissatisfied with our response, you may escalate your complaint to the appropriate supervisory authority.

Supervisory and Regulatory Authorities

  • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - see https://www.priv.gc.ca for contact details and complaint procedures.
  • Canadian provinces/territories: depending on your location, you may also contact your provincial or territorial privacy commissioner (for example, in Alberta, British Columbia, or Quebec) for matters within their jurisdiction.
  • European Union / European Economic Area: if GDPR applies to you, you may lodge a complaint with your local data protection authority in the EU/EEA or with the authority of your habitual residence, place of work, or place of alleged infringement.
  • Mexico: residents of Mexico may contact the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) regarding the handling of their personal data - see https://home.inai.org.mx for up-to-date contact information.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy practices. When we make material changes, we will take appropriate steps to inform you.

How We Notify You of Changes

  • Email notifications: where you have an active account and we have your valid email address, we may send you an email describing the key changes.
  • On-site notices: we may display banners, pop-ups, or notifications on casinodays-play.ca or in your account dashboard.
  • Policy versioning: the "Last updated" date at the end of this Privacy Policy indicates the most recent revision. We may also keep a brief changelog of significant updates.

Advance Notice and Your Options

  • Advance notice: for significant changes that materially affect your rights or how we use your data, we will, where practicable, provide at least 30 days' advance notice before the changes take effect.
  • Your continued use: if you continue to use our services after the effective date of the updated policy, you are deemed to accept the changes, except where your explicit consent is required.
  • Right to object or close your account: if you do not agree with the changes, you may object by contacting us or close your account. We will then stop processing your data for the affected purposes, except where we have other lawful grounds (for example, legal obligations) to continue processing.

Last updated: January 2026.