Privacy Policy

Effective Date: November 2024

This Privacy Policy describes how Snatch Casino ("we", "our", "us") collects, uses, protects, and shares your personal information when you access or use snatchcasino-canada.com. By registering an account or using our platform, you acknowledge and accept the practices outlined in this document.

We are committed to protecting your privacy in accordance with applicable data protection laws including GDPR standards and Canadian privacy legislation. This policy uses clear language to ensure transparency about our data practices.

Data Controller Information

The entity responsible for processing your personal data is Goodwin N.V., registered in Curaçao under company number HE 404194. Our registered office is located at Abraham de Veerstraat 9, Willemstad, Curaçao.

For privacy matters, reach us at: [email protected]

Personal Information We Collect

Collection occurs through multiple channels depending on your interaction with our platform.

Information You Directly Provide

• Registration Data: Full name, email address, date of birth, gender, phone number, home address, chosen username and password
• Identity Verification: Copies of government ID (passport, driver's license, national ID), proof of residence documents (utility bills, bank statements), verification selfies
• Financial Information: Payment method details (partial card numbers, e-wallet accounts, crypto addresses), deposit and withdrawal transaction records
• Communication Records: Live chat conversations, email correspondence, survey responses, complaint submissions
• Account Preferences: Language selection, currency choice, notification settings, favorite games, set deposit limits

Automatically Collected Information

• Device and Technical Data: IP address, browser type and version, device identifiers, operating system, time zone settings, screen resolution
• Behavioral Data: Games accessed, betting patterns, win/loss history, session timestamps, page navigation, feature usage
• Cookies and Trackers: Session identifiers, authentication tokens, preference cookies, analytics tags (see Cookie section below)
• Geolocation: Approximate location derived from IP address (city/province level, not precise GPS)

Third-Party Sources

• Payment Vendors: Transaction status, fraud screening results, chargeback notifications
• Verification Providers: Identity confirmation results, database checks against fraud/AML watchlists
• Marketing Affiliates: Referral tracking if you registered through partner links

Why We Process Your Data

Each category of data serves specific operational, legal, or business purposes.

Service Provision and Account Operations

• Establishing and maintaining your player account
• Processing financial transactions (deposits, withdrawals, adjustments)
• Facilitating game access and tracking balances/bets
• Crediting bonuses and promotional offers
• Implementing responsible gaming tools and limits
• Delivering customer support and resolving issues

Regulatory and Legal Obligations

• Verifying age and identity per KYC requirements
• Conducting anti-money laundering (AML) screening
• Fulfilling licensing conditions from Curaçao regulators
• Complying with legal requests from law enforcement
• Enforcing our Terms and Conditions
• Maintaining records for dispute resolution

Fraud Prevention and Security

• Monitoring for suspicious activity patterns
• Preventing unauthorized account access
• Detecting and blocking duplicate accounts
• Investigating terms violations or abuse
• Protecting against bonus hunting schemes
• Securing platform infrastructure

Marketing Communications (Consent-Based)

• Sending promotional emails about bonuses, tournaments, new games
• Providing personalized game suggestions
• Distributing newsletters and platform updates
• Conducting player satisfaction surveys

Important: Marketing communications require your consent. Opt out anytime via account settings or email unsubscribe links. Transactional messages (withdrawal confirmations, security alerts) are non-optional.

Platform Analytics and Enhancement

• Understanding user behavior and preferences
• Improving website functionality and user experience
• A/B testing new features before full deployment
• Optimizing game portfolio based on popularity
• Identifying and fixing technical issues

Data Sharing and Recipients

Your personal information is never sold. Sharing occurs only when necessary for operations or legally required.

Payment Processing Partners

Financial institutions, card networks, e-wallet providers, and cryptocurrency services receive transaction-related data (amounts, payment methods, identity confirmation) to execute deposits and withdrawals.

Identity Verification Services

Specialized KYC/AML vendors process your identification documents and conduct database checks against fraud registries and watchlists. These providers operate under strict confidentiality agreements.

Software and Game Suppliers

Game providers receive pseudonymous data (user IDs, bet data) to deliver gameplay functionality. They do not receive personally identifiable details like your real name or contact information.

Regulatory Bodies

Curaçao Gaming Control Board and other relevant authorities may access player records during license audits, compliance reviews, or investigations. We provide data as mandated by regulatory obligations.

Legal Authorities

Law enforcement agencies, courts, or government bodies receive information when compelled by valid legal process (subpoenas, court orders, statutory requirements). This includes cooperation in fraud or criminal investigations.

Professional Service Providers

Legal counsel, accountants, auditors, and consultants access data when professionally necessary. These parties are bound by confidentiality obligations.

Corporate Transactions

In case of merger, acquisition, reorganization, or sale of assets, your data may transfer to the acquiring entity. We will notify you of ownership changes affecting data handling.

Technical Service Providers

Cloud hosting companies, email platforms, analytics tools, CRM systems, and customer support software process data on our behalf under data processing agreements specifying security requirements and usage limitations.

Data Retention Timelines

Retention duration depends on data type and legal requirements.

During Active Account Period

All data necessary for service provision remains accessible while your account is active and functional.

Post-Closure Retention

After voluntary account closure, deletion schedules vary:

• Profile Information: Deleted within 30 days (name, contact details, preferences)
• Financial Records: Retained 5-7 years per financial regulations and tax laws
• KYC Documents: Retained 5-7 years for AML compliance
• Gaming History: Retained 5 years for licensing requirements and dispute handling
• Self-Exclusion Records: Maintained for exclusion duration plus 5 years
• Dispute Documentation: Kept until resolution finalized plus 6 months

Anonymization

Certain datasets are anonymized (all identifying elements stripped) for permanent retention for statistical purposes. Anonymized data cannot be reverse-engineered to identify individuals.

Information Security Protocols

We deploy comprehensive security measures to protect data from unauthorized access, loss, misuse, or alteration.

Technical Controls

• Encryption Standards: TLS/SSL 128-bit encryption for all data transmission, AES encryption for stored sensitive data
• Network Security: Firewalls, intrusion detection systems, DDoS mitigation services
• Access Management: Role-based permissions, mandatory multi-factor authentication for staff, audit logging of all data access
• Password Security: Bcrypt or similar one-way hashing (passwords are not recoverable by us)
• Payment Security: PCI-DSS compliant processing, tokenization replacing sensitive card data
• Vulnerability Management: Regular penetration testing, security audits, patch management

Administrative Controls

• Comprehensive staff training on data protection requirements
• Binding confidentiality agreements for all employees and contractors
• Documented incident response procedures for potential breaches
• Regular security policy reviews and updates
• Vendor management ensuring third-party compliance

Your Role in Security

Account security requires your participation:

• Create strong passwords combining letters, numbers, symbols
• Never reuse passwords from other sites
• Enable two-factor authentication in account settings
• Protect login credentials from others
• Use secure networks (avoid public WiFi for financial transactions)
• Log out after sessions on shared devices
• Monitor account activity and report anomalies immediately

Your Legal Rights Regarding Personal Data

Privacy regulations grant you specific rights over your information.

Access Right

Request confirmation of what personal data we hold and receive copies in accessible format. We respond within 30 days of verified requests.

Correction Right

Demand correction of inaccurate or incomplete data. Many details are editable directly in account settings; contact support for others.

Deletion Right

Request erasure when data is no longer necessary or you withdraw consent. Subject to regulatory retention obligations that may prevent immediate deletion of certain records.

Processing Restriction Right

Request limitation on data processing in specific situations (accuracy disputes, objections to processing, legal claims pending).

Portability Right

Obtain your data in structured, commonly-used, machine-readable format for transfer to other service providers.

Objection Right

Object to processing based on legitimate interests or for direct marketing purposes. Marketing opt-outs are immediate; other objections assessed case-by-case.

Consent Withdrawal Right

Revoke consent for consent-based processing anytime. Withdrawal doesn't affect lawfulness of prior processing.

Automated Decision-Making Rights

Request human review of decisions made solely through automated processing that significantly affect you.

How to Exercise Rights

Submit requests to [email protected] with subject line "Data Rights Request". Include sufficient information for identity verification. We respond within 30 days, potentially extending to 90 days for complex requests (with notification). Most requests are free; excessive or repetitive requests may incur reasonable fees.

Cookies and Similar Technologies

We employ cookies and comparable tracking technologies to enhance functionality and gather insights.

Cookie Categories

• Strictly Necessary: Enable core functions like login, security, session management. Cannot be disabled without breaking site functionality.
• Functional: Remember preferences (language, currency display, game favorites). Enhance experience but optional.
• Performance/Analytics: Collect aggregated data on site usage via Google Analytics and similar platforms. Help identify improvement areas.
• Targeting/Advertising: Track campaign effectiveness and enable retargeting. Only deployed with explicit marketing consent.

Cookie Management

Browser settings allow cookie control (blocking, deletion, selective acceptance). Disabling necessary cookies will impair site functionality. Adjust preferences through our cookie consent interface or browser settings.

Third-Party Cookies

External services (analytics, payment processors, game providers) may set cookies governed by their privacy policies. We cannot control third-party cookie behavior.

Other Tracking Technologies

Web beacons, pixel tags, and local storage may supplement cookies for similar analytical purposes.

International Data Transfers

Operating globally means data may cross borders to Curaçao (our headquarters), provider locations, and vendor facilities in various countries.

Destination countries may have weaker data protection laws than Canada. We ensure adequate safeguards through:

• European Commission-approved standard contractual clauses
• Binding data processing agreements with all vendors
• Equivalent technical/organizational security measures regardless of location
• Regular compliance assessments of international partners

By using our services, you consent to these international transfers under described protections.

Protection of Minors

Our platform is exclusively for adults meeting Canadian provincial age requirements (18+ in most provinces, 19+ in Alberta, Manitoba, Quebec).

We do not knowingly collect data from minors. Age verification during registration and KYC prevents underage access. If we discover a minor has registered, we immediately:

• Suspend and permanently close the account
• Void all transactions
• Refund deposits to original source
• Delete all collected personal information

Parents or guardians suspecting underage account creation should contact [email protected] urgently with relevant details.

Policy Modifications

This Privacy Policy may be updated to reflect legal changes, operational developments, or enhanced privacy practices.

Material modifications will be communicated via:

• Email notification to all registered users
• Prominent homepage banner announcement
• Updated effective date at policy beginning
• Account login notification requiring acknowledgment

Continued platform use after notification period constitutes acceptance of revised terms. Users disagreeing with changes should close accounts before new policy effective date.

We maintain archived versions of previous policies available upon request.

Privacy Inquiries and Complaints

Questions, concerns, or complaints regarding privacy practices:

Contact Email: [email protected]
Email Subject: Mark as "Privacy Inquiry" or "Data Request"
Required Information: Account details, specific request/concern, preferred response method
Response Timeframe: Acknowledgment within 5 business days, full response within 30 days

Unsatisfied with our response? You may escalate complaints to:

• Office of the Privacy Commissioner of Canada
• Your provincial privacy commissioner
• Relevant European data protection authority (for GDPR-covered individuals)

Additional Privacy Information

Language: This policy is provided in English. Translations to other languages are for convenience; English version prevails in case of discrepancies.

Legal Basis: We process data based on: contract performance (providing gambling services), legal obligations (KYC/AML), legitimate interests (fraud prevention, analytics), and consent (marketing).

Consequences of Non-Provision: Refusing to provide required data prevents account creation and service access. Optional data refusal limits certain features but doesn't block core functionality.