burger icon
Lucky Casino Canada
Log In

Privacy Policy

OBSERVE: This Privacy Policy explains how lucky-casino-canada collects, uses, discloses, transfers, and protects personal information of players and visitors to https://lucky-casino-canada.com.

EXPAND: It applies to users in Canada, including those in Ontario (regulated by AGCO/iGaming Ontario) and the rest of Canada (served under MGA permissions), and covers account holders, prospective users, and site visitors.

REFLECT: We comply with Canada's PIPEDA and applicable provincial laws, as well as gambling, KYC/AML, and security requirements. Effective date: 1 October 2025.

Who We Are

OBSERVE: lucky-casino-canada operates the website lucky-casino-canada.com for Canadian players.

EXPAND: For Ontario, operations are conducted by LCKY Entertainment Limited, registered with the Alcohol and Gaming Commission of Ontario (AGCO) as an online gaming operator and operating in agreement with iGaming Ontario (iGO). For the rest of Canada, services are provided under a Malta Gaming Authority (MGA) B2C license via Glitnor Services Limited.

REFLECT: Operator and regulatory details:

  • Ontario (ON): LCKY Entertainment Limited, AGCO Operator Registration No. OPIG1290291; operates in agreement with iGaming Ontario.
  • Rest of Canada: Glitnor Services Limited, MGA License No. MGA/B2C/628/2018.

Data Protection Contact

  • Data Protection Office (DPO): [email protected]
  • Postal requests: Attn: Data Protection Office, lucky-casino-canada (legal mailing details available upon request)
  • Website: https://lucky-casino-canada.com

What Personal Data We Collect

OBSERVE: We collect only what is necessary for lawful gaming, regulatory compliance, and service provision.

EXPAND: Categories include:

  • Identity and contact: full name, date of birth, address, email, phone, government-issued ID data, selfies/ID images (for KYC), proof of address.
  • Account and usage: username, preferences, communication history, responsible gambling settings (limits, self-exclusion), verification logs.
  • Gaming and behavioral: session data, wagers, wins/losses, game events, device interactions, clickstream, referral sources.
  • Technical: IP address, device identifiers, OS/browser, language, time zone, geolocation (where required for Ontario geofencing), security logs.
  • Payments and financial: deposit/withdrawal details, tokenized card info, transaction IDs, fraud risk indicators, chargeback data.
  • Cookies and similar tech: session/persistent/third-party cookies, SDKs, pixels, local storage, analytics identifiers.
  • Compliance data: sanctions/PEP screening outcomes, source-of-funds/source-of-wealth documentation, FINTRAC-related records.

REFLECT: Sensitive documents are used strictly for verification and AML/ATF obligations and are protected by enhanced security controls.

Legal Basis for Processing

OBSERVE: Our processing must be appropriate, necessary, and proportionate under Canadian law and gambling regulations.

EXPAND:

  • Consent (express or implied): account creation, optional features, marketing communications, cookies beyond strictly necessary.
  • Contractual necessity: to open, operate, and maintain your account; process deposits/withdrawals; provide games; handle support.
  • Legal obligations: KYC/AML/ATF under the PCMLTFA and FINTRAC guidelines; AGCO/iGO and MGA rules; record keeping; responding to lawful requests.
  • Appropriate purposes/legitimate business interests: fraud prevention, security, service analytics, service improvement, internal reporting-balanced against your privacy and subject to safeguards and reasonable expectations under PIPEDA.

REFLECT: Where GDPR applies (e.g., EEA data interactions), we rely on consent, contract, legal obligation, or legitimate interests as defined by GDPR, with transfer safeguards.

Purpose of Processing

OBSERVE: We collect personal information to provide lawful gaming services.

EXPAND:

  • Service delivery: account registration, age/identity verification, geolocation checks (ON), gameplay, payments, customer support.
  • Safety and integrity: AML/ATF screening, fraud and account takeover prevention, chargeback management, risk monitoring.
  • Optimization and analytics: performance monitoring, product improvement, error diagnostics, A/B testing with privacy safeguards.
  • Marketing and personalization: only with consent or as permitted by law; audience measurement; suppression list management upon opt-out.
  • Regulatory and reporting: meeting AGCO/iGO, MGA, and FINTRAC requirements; record retention; audits.

REFLECT: We do not sell personal information. We minimize use to what is necessary for the stated purposes.

Disclosure & Sharing

OBSERVE: We share data to provide services and comply with law under contracts ensuring confidentiality and security.

EXPAND:

  • Payments and banking: PSPs, acquiring banks, payout partners for processing transactions and fraud checks.
  • Identity/KYC/AML providers: verification, sanctions/PEP screening, document authentication, geolocation vendors (ON).
  • Technology and security: hosting/cloud/CDN, DDoS protection, logging/monitoring, communications, analytics providers.
  • Affiliates and group entities: Glitnor Group entities supporting operations under intercompany agreements.
  • Regulators and authorities: AGCO, iGO, MGA, and FINTRAC; law enforcement pursuant to lawful process.
  • Advertising/measurement: only with your consent and subject to cookie/ID controls.
  • Corporate transactions: in mergers, acquisitions, or reorganizations, subject to privacy safeguards and notice.

REFLECT: We require recipients to use data only for specified purposes and to implement appropriate safeguards. We maintain records of disclosures as required.

International Transfers

OBSERVE: Data may be processed in or transferred to Canada, Malta (EEA), and other locations where our service providers operate (e.g., the United States).

EXPAND: We apply transfer safeguards:

  • Contractual protections: data processing agreements, confidentiality, and security obligations for all vendors.
  • EEA-related transfers: where EU data protection law applies, we use the European Commission's Standard Contractual Clauses (SCCs) and conduct transfer risk assessments; we may use U.S. providers certified under the EU-U.S. Data Privacy Framework for qualifying transfers.
  • Technical measures: encryption in transit and at rest, access controls, and data minimization to reduce exposure.
  • Transparency: on request, we can identify material transfer destinations relevant to your account.

REFLECT: Regardless of location, we remain accountable for your personal information under PIPEDA and ensure comparable protection through contractual and technical safeguards.

Data Retention

OBSERVE: We retain data only as long as necessary for the purposes described and to meet legal requirements.

EXPAND:

  • Account and identity records: for the life of the account and generally 5 years after closure to satisfy AML/ATF, regulatory, and dispute requirements.
  • Transaction and payment records: at least 5 years, consistent with PCMLTFA/FINTRAC guidance and audit requirements.
  • Gaming and session logs: typically 2 years, or longer if required by regulator or for fraud/security investigations.
  • Compliance files (KYC, SoF/SoW): generally 5-7 years after the last transaction or account closure, per legal obligations.
  • Marketing data: until consent is withdrawn; suppression lists are kept to honor opt-outs.
  • Cookies/analytics: per cookie lifetime (see Cookies section) or sooner if you clear settings.

REFLECT: When retention ends, we securely delete or anonymize data. We may retain minimal records to demonstrate compliance or resolve disputes.

Your Rights

OBSERVE: Under PIPEDA and applicable provincial laws, you have rights regarding your personal information.

EXPAND:

  • Access: request a copy of your personal information and information about how it is used and disclosed.
  • Correction: request rectification of inaccurate or incomplete data.
  • Withdrawal of consent: opt out of marketing or other non-essential processing; this does not affect lawful processing required for the service or legal obligations.
  • Deletion: request deletion where no legal basis requires retention; we may retain data needed for AML/ATF, regulatory, or dispute purposes.
  • Portability (good-faith facilitation): where feasible, we can provide a machine-readable copy of core account data.
  • Challenge compliance: question our privacy practices and request review.

REFLECT: How to exercise:

  1. Submit a request to [email protected] and verify your identity.
  2. We respond within 30 days; extensions are communicated with reasons. Requests are free of charge unless permitted cost-recovery applies for excessive/complex requests.
  3. We will explain any lawful exceptions (e.g., legal privilege, confidential commercial information, information about other individuals, AML/ATF constraints).
If GDPR applies to you, you may also have rights to restriction, objection, and to lodge a complaint with an EU authority; we will honor those where applicable.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies to operate and improve the site.

EXPAND:

  • Types:
    • Session cookies: deleted when you close your browser; essential for login and gameplay.
    • Persistent cookies: remain for a defined period (e.g., 1-24 months) for preferences and analytics.
    • Third-party cookies/SDKs: analytics, security, and (with consent) advertising/measurement.
  • Purposes: strictly necessary (authentication, fraud prevention), functional (preferences), analytics (usage insights), advertising (with consent).
  • Controls: manage via our cookie banner/controls and your browser settings; you can delete or block cookies-some features may not function without necessary cookies.

REFLECT: Detailed cookie lists and lifetimes are available via the cookie settings panel when you visit the site.

Data Security

OBSERVE: We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data.

EXPAND:

  • Encryption: TLS 1.2+ for data in transit; AES-256 or equivalent for data at rest; key management with restricted access.
  • Access controls: least privilege, role-based access, MFA for privileged accounts, hardened admin pathways.
  • Monitoring and testing: vulnerability scanning, penetration tests, code reviews, logging and anomaly detection.
  • Operational security: change management, backup/restore testing, secure SDLC, segregation of environments.
  • Organizational measures: staff background checks where lawful, confidentiality agreements, privacy and security training.
  • Incident response: documented procedures for detection, containment, notification, and remediation; breach notifications provided as required by law and regulator guidance.
  • Standards: our information security program aligns with ISO/IEC 27001 and SOC 2 control frameworks; certification status can be provided upon request.

REFLECT: No system is perfectly secure; we continuously improve controls and encourage users to use strong, unique passwords and enable available security features.

Complaints & Contacts

OBSERVE: You can contact us or escalate concerns to privacy regulators.

EXPAND:

  1. Contact our DPO: [email protected]. Describe your concern and include relevant account details; do not send full IDs or passwords by email.
  2. Our review: We acknowledge within 5 business days and aim to resolve within 30 days. If we need more time, we will inform you of the reason and new timeline.
  3. Escalation: If unresolved, you may complain to:
    • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca | 1-800-282-1376 | 30 Victoria Street, Gatineau, Quebec K1A 1H3
    • Provincial commissioners (where applicable):
      • Alberta OIPC: https://www.oipc.ab.ca
      • BC OIPC: https://www.oipc.bc.ca
      • Quebec CAI: https://www.cai.gouv.qc.ca
    • Gambling regulators (regulatory matters): AGCO: https://www.agco.ca; iGaming Ontario: https://www.igamingontario.ca; MGA: https://www.mga.org.mt

REFLECT: We encourage resolving concerns with us first so we can address them quickly, but you can contact regulators at any time.

Updates

OBSERVE: We may update this Privacy Policy to reflect legal, technical, or operational changes.

EXPAND:

  • Notification: material changes will be communicated via email (where available), in-account notices, and/or a site banner.
  • Advance notice: for significant changes, we provide at least 30 days' notice before the effective date, except where immediate updates are required by law or security.
  • User options: you may object to changes that materially affect your rights by contacting us or closing your account; we will explain impacts and alternatives.
  • Version control and changelog: we record the "Last updated" date and summarize material changes (e.g., new processors, new purposes, retention adjustments, transfer mechanisms).

REFLECT: Last updated: October 2025. We encourage you to review this page periodically to remain informed about our privacy practices.