burger icon
Jackpoty Casino
Log In

Privacy Policy

This Privacy Policy explains how jackpoty-casino collects, uses, discloses, and safeguards personal information of players and website visitors of jackpoty-casino-ca.com. It applies to individuals accessing our services from Canada and, where required by law, to users from other jurisdictions. Effective date: 1 October 2025.

Who We Are

Observe: Identify the operator, legal identity, and contacts. Expand: Clarify applicable corporate and licensing context. Reflect: Provide a clear contact point for privacy matters.

  • Operator: Dama N.V., a public limited company (N.V.).
  • Registered address: Scharlooweg 39, Willemstad, Curaçao.
  • Company registration number: 152125 (Curaçao).
  • Gaming authorization: Operates under Curaçao Gaming Control Board authorization (license reference OGL/2023/174/0082; refer to the regulator's public register for current status).
  • Service covered: jackpoty-casino-ca.com (Canada-facing site of jackpoty-casino).
  • Privacy contact (DPO/Data Protection Office): [email protected]
  • Postal contact for privacy matters: Data Protection Office, Dama N.V., Scharlooweg 39, Willemstad, Curaçao.

What Personal Data We Collect

Observe: Specify categories. Expand: Include gambling/KYC/AML specifics and cookies. Reflect: Keep to data minimization.

  • Identity and contact data: full name, date of birth, address, email, phone, government-issued IDs, selfies/biometrics for KYC (where permitted), proof of address.
  • Account data: username, passwords (hashed), preferences, responsible-gambling settings, communication choices.
  • Payment and financial data: partial card details (tokenized by PCI-DSS compliant processors), e-wallet identifiers, bank transfer details, deposits, withdrawals, chargebacks.
  • Gaming and behavioral data: game sessions, bets, wins/losses, bonuses, transaction timestamps, clickstream, device interactions, referral data.
  • Technical data: IP address, device and OS, browser, language, time zone, app identifiers, cookies and similar technologies, security logs, crash diagnostics.
  • Compliance and risk data: sanctions/PEP screening results, fraud and anti-abuse flags, affordability and responsible-gambling risk indicators, dispute records.
  • Communications: support tickets, call/chat transcripts, marketing preferences, consent records.
  • Cookies/SDKs: session and persistent cookies, analytics SDKs, advertising pixels (only with consent where required). See "Cookies & Tracking Technologies."

Legal Basis for Processing

Observe: Canadian PIPEDA and related frameworks. Expand: Contract, consent, legal duties, legitimate business interests. Reflect: Map purposes to bases.

  • Consent (PIPEDA): We rely on express or implied consent for account creation, essential cookies, and marketing communications (in compliance with Canada's Anti-Spam Legislation, CASL). You may withdraw consent at any time.
  • Contractual necessity: To register, verify, operate accounts, process payments/payouts, provide games, customer support, and honor promotions you participate in.
  • Legal obligations: KYC/AML screening, recordkeeping, fraud and financial-crime compliance, tax and regulatory reporting, security incident logging, and requests from competent authorities.
  • Legitimate business interests: Service integrity, network and information security, fraud prevention, analytics to improve products, enforcing terms, defending legal claims. We apply safeguards to balance these interests with your privacy.
  • International alignment where applicable: For EU residents, GDPR legal bases (Art. 6) are applied; for Mexican residents, LFPDPPP consent and ARCO rights are respected where required.

Purpose of Processing

Observe: Core operations and compliance. Expand: Analytics, security, and marketing. Reflect: Limit purposes to what is necessary.

  • Provide and operate services: account setup, identity verification, payments, game play, customer support, responsible-gambling tools.
  • Compliance and risk management: AML/KYC checks, sanctions screening, fraud detection, dispute handling, auditing.
  • Service improvement and analytics: performance monitoring, product development, troubleshooting, A/B testing (aggregated or pseudonymized where feasible).
  • Marketing and personalization: with consent, send offers, bonuses, and recommendations; measure campaign performance.
  • Security: protect accounts, detect abuse, prevent unauthorized access, and ensure platform integrity.
  • Legal and regulatory: recordkeeping, reporting, enforcing terms, defending or establishing legal claims.

Disclosure & Sharing

Observe: Identify recipient categories. Expand: Specify conditions and safeguards. Reflect: No sale of personal information.

  • Payment and banking partners: card processors, banks, e-wallets for deposits/withdrawals (tokenization and PCI-DSS controls apply via processors).
  • KYC/AML and fraud vendors: identity verification, sanctions/PEP screening, device fingerprinting, transaction monitoring.
  • Technology and hosting providers: cloud infrastructure, content delivery, security operations, analytics, customer support tools.
  • Affiliates and marketing networks: only with your consent for advertising cookies or where permitted by law; we restrict identifiers and apply contractual safeguards.
  • Professional advisors: auditors, legal counsel, compliance consultants under confidentiality duties.
  • Regulators and authorities: lawful requests, regulatory reporting, enforcement of legal rights, prevention of crime or fraud.
  • Corporate transactions: if we undergo a merger, acquisition, or reorganization, data may transfer under equivalent protections.
  • No sale: We do not sell personal information.

International Transfers

Observe: Cross-border processing outside Canada. Expand: List typical regions and safeguards. Reflect: Explain impact and how we protect data.

  • Locations: Your data may be processed in Curaçao, the European Economic Area (EEA), the United States, and other jurisdictions where our vendors operate.
  • Safeguards for Canadian data: Contractual protections, vendor due diligence, technical and organizational measures, and access controls. We notify you that your data may be subject to foreign laws and lawful access by authorities in those jurisdictions.
  • EU/UK data (where applicable): Standard Contractual Clauses (SCCs) and transfer impact assessments; UK IDTA/Addendum; US transfers may rely on the EU-US Data Privacy Framework where a provider is certified; otherwise SCCs apply.
  • Further information: Contact [email protected] to request copies or summaries of transfer safeguards.

Data Retention

Observe: State durations. Expand: Tie to legal and business needs. Reflect: Define deletion criteria.

  • Account and profile data: retained while the account is active and for up to 5 years after closure, unless a longer period is required to meet legal, tax, or regulatory obligations or to resolve disputes.
  • KYC/AML records: at least 5 years from last transaction or account closure, whichever is later, to support anti-money laundering and regulatory compliance.
  • Transaction and financial records: up to 7 years to meet accounting/tax obligations and audit requirements.
  • Gaming and behavioral logs: up to 2 years, unless needed longer for security, dispute resolution, or legal claims.
  • Marketing preferences and consent logs: for the duration of your consent and for 2 years after your last interaction, or as required by CASL.
  • Cookies: session cookies expire on logout/close; persistent cookies typically 6-24 months (see Cookies section).
  • Deletion criteria: expiry of retention periods, withdrawal of consent (where relied upon), successful objection, or when purposes are fulfilled. Backups are purged on scheduled cycles.

Your Rights

Observe: Canadian rights with cross-jurisdiction alignment. Expand: Procedures, timeframes, verification. Reflect: Ensure clarity and free-of-charge guarantee.

Canada (PIPEDA and substantially similar provincial laws)

  • Access: Obtain confirmation and access to your personal information we hold.
  • Correction: Request correction of inaccurate or incomplete information.
  • Withdrawal of consent: Withdraw consent to non-essential processing (e.g., marketing) at any time.
  • Challenge compliance/complaint: Raise concerns with our DPO and/or the Office of the Privacy Commissioner of Canada (OPC).
  • Response time: We respond within 30 days of verified request. If we need more time, we will inform you with reasons.
  • Cost: Requests are free of charge unless manifestly unfounded or excessive; any permitted fee will be explained in advance.

EU/EEA (GDPR) - if you are located in the EU/EEA

  • Rights include: access, rectification, erasure, restriction, objection (including to profiling/marketing), and portability.
  • Legal bases: where we rely on consent or legitimate interests, you may withdraw or object respectively.

Mexico (LFPDPPP) - if you are located in Mexico

  • ARCO rights: Access, Rectification, Cancellation, and Opposition, plus withdrawal of consent where applicable.

How to exercise your rights

  1. Submit request: email [email protected] with your account email and what right you wish to exercise.
  2. Verify identity: we may request additional information to verify your identity and secure your account.
  3. Outcome: we respond within 30 days, provide reasons for any denial, and indicate available escalation options.

Cookies & Tracking Technologies

Observe: Define types and purposes. Expand: Provide management options and CASL context. Reflect: Respect user choices.

  • Types:
    • Session cookies: essential operations; expire when you close your browser.
    • Persistent cookies: preferences, analytics, security; typical lifespan 6-24 months.
    • Third-party cookies/SDKs: analytics and advertising technologies (activated only with consent where required).
  • Purposes: site functionality and security, remembering settings, performance measurement, fraud prevention, personalized offers and marketing (with consent).
  • Manage/disable: use our on-site cookie preferences panel and your browser settings to block or delete cookies. Disabling certain cookies may affect functionality.
  • Marketing communications: we comply with CASL; unsubscribe via email link or account settings to stop marketing emails.

Data Security

Observe: Outline controls. Expand: Technical/organizational measures and incident response. Reflect: No absolute security claims.

  • Technical safeguards: TLS 1.2+ encryption in transit; encryption at rest for sensitive data; network segmentation; firewalls and WAF; anti-DDoS; secrets management; hardened configurations; continuous monitoring and logging.
  • Access controls: least-privilege access, MFA for administrators, periodic access reviews, role-based segregation of duties.
  • Vendor management: due diligence, data processing agreements, security attestations; payment data handled by PCI-DSS compliant processors.
  • Organizational measures: staff background checks where appropriate, confidentiality agreements, ongoing security and privacy training.
  • Testing and assurance: vulnerability scanning, penetration testing, change management, backup and recovery procedures. We align our controls with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where appropriate; we do not claim certification unless explicitly stated.
  • Incident response: documented runbooks, prompt containment and remediation, post-incident reviews. Under PIPEDA, we will notify the OPC and affected individuals of breaches posing a real risk of significant harm and keep records of all breaches for at least 24 months.
  • Residual risk: no method of transmission or storage is 100% secure; we continuously improve our safeguards.

Complaints & Contacts

Observe: Provide channels and steps. Expand: Include supervisory authorities for Canada and, where applicable, EU/Mexico. Reflect: Set clear timelines.

Contact us first

  • Data Protection Office (primary contact): [email protected]
  • Postal: Data Protection Office, Dama N.V., Scharlooweg 39, Willemstad, Curaçao

Complaint procedure

  1. Submit: email us your concern with relevant details and any supporting evidence.
  2. Acknowledgment: we acknowledge receipt within 5 business days.
  3. Investigation and response: we aim to resolve within 30 days. If more time is required, we will inform you of the reasons and new timeline.
  4. Escalation: if you are unsatisfied, you may escalate to a supervisory authority as set out below.

Supervisory authorities

  • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - www.priv.gc.ca - Toll-free: 1-800-282-1376 - 30 Victoria Street, Gatineau, Quebec K1A 1H3.
  • Quebec: Commission d'accès à l'information (CAI) - www.cai.gouv.qc.ca
  • British Columbia: Office of the Information and Privacy Commissioner - www.oipc.bc.ca
  • Alberta: Office of the Information and Privacy Commissioner - www.oipc.ab.ca
  • EU/EEA (if applicable): contact your local Data Protection Authority; see the European Data Protection Board list at edpb.europa.eu.
  • Mexico (if applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - www.inai.org.mx

Updates

Observe: Versioning and notifications. Expand: Advance notice for material changes. Reflect: Preserve user options.

  • Version control: Last updated: October 2025.
  • Notifications: We will notify you of material changes via email (where available), an in-site banner, and/or account dashboard alerts.
  • Advance notice: For significant changes that affect how we process your data or your rights, we will provide at least 30 days' advance notice before the new terms take effect.
  • Your choices: If you object to changes, you may adjust your privacy settings, withdraw consent for non-essential processing, or close your account before changes become effective.
  • Changelog (material changes): 2025: Canada-focused policy alignment (PIPEDA/CASL), clarified international transfers, refreshed retention schedule, named privacy contact, expanded breach notification language.