burger icon
Betfair Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how betfair-casino-canada at betfair-casino-ca.com collects, uses, discloses, and safeguards personal information. It applies to site visitors and prospective players who access Betfair-branded services via links from this website. It also explains how data is handled when you proceed to betfair.com, where the relevant Betfair group company acts as a separate data controller. Effective date: 1 November 2025.

Who We Are

OBSERVE: Identify the parties responsible for processing personal information and applicable points of contact. EXPAND: Distinguish between this regional website and the operator of Betfair-branded gambling services. REFLECT: Provide clear contacts to exercise privacy rights.

  • Site operator and scope: "betfair-casino-canada" refers to the regional website at betfair-casino-ca.com (the "Site"). The Site provides informational and referral content about Betfair-branded casino services. When you browse this Site, the Site acts as the data controller for your personal information collected here.
  • Betfair-branded services operator: If you create an account or transact on betfair.com, your data is processed by PPB Counterparty Services Limited (UKGC Licence No. 39439) and/or other Flutter Entertainment group entities under their own privacy notices. See betfair.com for the applicable policy and controller details.
  • Contact for this Site (DPO/Data Protection Lead): Email: [email protected]. Postal inquiries: Privacy Office, betfair-casino-canada (betfair-casino-ca.com), Attn: Data Protection Lead, PO Box 2025, Toronto ON M5C 3C6, Canada. We currently provide privacy support by email/post; telephone support is not available for privacy requests.
  • Parent brand reference: Betfair is part of Flutter Entertainment plc; licensing referenced for transparency only. Brand availability may vary by jurisdiction and may not be available in Canada.

Regional Compliance Note: Primary compliance for this Site is aligned with Canada's PIPEDA and substantially similar provincial laws (AB PIPA, BC PIPA, Québec Law 25). GDPR and Mexico LFPDPPP apply where users are located in those jurisdictions.

What Personal Data We Collect

OBSERVE: Enumerate data categories collected by the Site and via linked services. EXPAND: Include cookies/telemetry and affiliate referral parameters. REFLECT: Explain how and why each category is gathered.

  • Identification and contact data: Name, email address, province/territory, and communications preferences when you subscribe or contact us.
  • Technical and usage data: IP address, device identifiers, browser type/version, operating system, pages viewed, time on page, referral URLs, UTM parameters, and clickstream logs captured via analytics tools.
  • Cookie and similar technologies: Session and persistent cookies, local storage, pixels, tags, and SDKs for functionality, analytics, fraud prevention, and (with consent) advertising.
  • Marketing and behavioral data: Campaign engagement, click-through on outbound links to betfair.com, and aggregate interest segments. We do not receive your wager-level or account data from betfair.com unless they share it to fulfill a lawful purpose and with appropriate safeguards.
  • Payment/financial data: The Site does not process payments. Any payment or KYC/AML data you provide on betfair.com is handled by the Betfair operator under its own policy.
  • Age and eligibility checks: We may request a self-declared age gate to prevent underage access to certain content. We do not knowingly collect data from persons under the legal gambling age.

Regional Compliance Note: We apply data minimization and purpose limitation per PIPEDA; where GDPR/LFPDPPP apply, we maintain records of processing activities and implement transparency duties.

Legal Basis for Processing

OBSERVE: State lawful grounds consistent with Canadian law and, where applicable, GDPR/Mexico. EXPAND: Map typical gambling/affiliate operations to each basis. REFLECT: Provide examples to aid understanding.

  • Consent: Your opt-in to newsletters, cookies requiring consent (analytics/advertising where required), and marketing communications. Under PIPEDA, consent may be express or implied depending on context and sensitivity.
  • Contract/performance of services: To provide content you request (e.g., subscriptions, requested communications), operate the Site, and fulfill referral attribution where necessary.
  • Legitimate interests (GDPR users) / appropriate purposes (PIPEDA): Site security, fraud prevention, analytics to improve content and user experience, and measurement of campaign performance, balanced against your privacy rights.
  • Legal obligations: Responding to lawful requests, record-keeping required by advertising and compliance standards, and honoring opt-out/consent withdrawal obligations.
  • Vital interests/public interest (rare): To prevent serious harm or comply with urgent law enforcement requests, where permitted by law.

Regional Compliance Note: For Canadian users, consent principles under PIPEDA prevail; for EU/UK users, GDPR Articles 6 and 49 may apply; for Mexico, transfers and processing rely on consent and ARCO framework per LFPDPPP and its Regulations.

Purpose of Processing

OBSERVE: Define why we process data. EXPAND: Include operational, analytics, marketing, and safety purposes. REFLECT: Tie each purpose to data categories and controls.

  • Provide and operate the Site: Deliver pages, maintain functionality, ensure availability and performance.
  • Improve services and analytics: Understand content performance, fix issues, and enhance user experience using aggregated metrics.
  • Marketing communications: Send newsletters and promotions with opt-in consent; honor unsubscribe at any time.
  • Referral attribution: Measure outbound click performance to betfair.com and affiliates using non-sensitive identifiers and UTM tags.
  • Security and fraud prevention: Detect bots, abuse, and malicious activity; protect the integrity of our services.
  • Compliance: Maintain records of consent, manage requests, and respond to regulators or lawful authorities.

Regional Compliance Note: Purposes are limited, specified, and legitimate per PIPEDA; marketing uses consent or applicable implied consent and always provides easy opt-out.

Disclosure & Sharing

OBSERVE: Identify types of recipients and conditions for disclosure. EXPAND: Include processors, affiliates, regulators, and advertising partners. REFLECT: Provide safeguards and examples.

  • Service providers (processors): Hosting, cloud, analytics, security, email delivery, and customer support tools, bound by written data protection terms.
  • Payment/KYC partners: Not used by this Site; if you proceed to betfair.com, those providers are engaged by the Betfair operator under its policies.
  • Regulators and authorities: Law enforcement or regulators in applicable jurisdictions (e.g., Canada, UK, EU, Malta) when required by law or to protect rights, safety, or integrity.
  • Affiliates and referral networks: Limited sharing of pseudonymous identifiers and performance metrics strictly for attribution. Advertising networks receive data only with your consent where required.
  • Corporate transactions: In a merger, acquisition, or asset transfer, data may be transferred subject to continuity of protections and notice.
  • With your direction: We share information when you instruct us to do so (e.g., respond to your inquiries to partners).

Regional Compliance Note: We ensure contractual safeguards (e.g., confidentiality, security, breach notice) and provide openness regarding cross-border disclosures per PIPEDA guidelines.

International Transfers

OBSERVE: Cross-border data flows are inherent to cloud and affiliate operations. EXPAND: Identify destinations and safeguards. REFLECT: Provide mechanisms and user choices.

  • Destinations: Your data may be processed in Canada, the United States, the United Kingdom, and EU/EEA locations (e.g., Ireland, Malta) where our vendors or Betfair group entities operate.
  • Safeguards: Standard Contractual Clauses (EU 2021/914), UK International Data Transfer Addendum (IDTA), and transfer impact assessments. For US recipients, we prefer vendors participating in the EU-US Data Privacy Framework, where applicable.
  • Transparency: We disclose cross-border transfers and associated risks, and we remain accountable for personal information transferred to service providers.

Regional Compliance Note: For Canadian users, we provide notice of cross-border processing and maintain comparable protections through contracts and oversight. For EU users, GDPR Chapter V safeguards apply; for Mexico, we obtain consent and include transfer clauses per LFPDPPP.

Data Retention

OBSERVE: Set retention aligned to purpose and legal duty. EXPAND: Categorize periods and deletion triggers. REFLECT: Balance necessity and minimization.

  • Site analytics and logs: 24 months from collection, then deleted or aggregated.
  • Marketing subscription records: Until you unsubscribe; proof of consent and opt-out logs retained for up to 3 years after last action to demonstrate compliance.
  • Contact/support inquiries: 2 years after resolution unless legal holds apply.
  • Cookie identifiers: Per cookie lifespan (see Cookies section), typically 1 day to 24 months.
  • Referral attribution data: Up to 24 months for performance reporting, then aggregated.
  • Legal/compliance records: As required by law or limitation periods (generally up to 7 years for audit defense).

Deletion occurs upon expiry of the applicable period, successful erasure request where legally permissible, or when data is no longer necessary. Backup media will purge on routine cycles.

Regional Compliance Note: We retain only as long as needed for identified purposes and legal requirements under PIPEDA; GDPR/Mexico users' erasure rights are honored subject to exemptions.

Your Rights

OBSERVE: Enumerate rights across Canada (PIPEDA/Provincial), GDPR, and Mexico LFPDPPP. EXPAND: Provide procedures, timelines, and cost rules. REFLECT: Clarify scope when you use betfair.com.

  • Canada (PIPEDA, AB PIPA, BC PIPA, Québec Law 25): Access and obtain information about our data holdings; request corrections; withdraw consent (including marketing); challenge compliance; request information about cross-border transfers. We respond within 30 days (or inform you if an extension is needed). Requests are free of charge, except reasonable fees for transcription/duplication where permitted and with prior notice.
  • EU/UK (GDPR/UK GDPR): Access, rectification, erasure, restriction, objection (including to profiling/marketing), portability, and withdrawal of consent. Right not to be subject to solely automated decisions with legal or similarly significant effects; you may request human review. Response within 30 days (extendable per law).
  • Mexico (LFPDPPP): ARCO rights-Access, Rectification, Cancellation, and Opposition-plus withdrawal of consent and limitation of use/disclosure. Response within 30 days in accordance with the Law and its Regulations.
  • How to exercise: Email [email protected] with your request, jurisdiction, and sufficient information to verify your identity. If your request concerns an account on betfair.com, we will direct you to the relevant Betfair operator's privacy team.
  • Verification and representation: We may request additional information solely to verify identity and protect your data. Authorized agents may submit requests where permitted by law with proof of authority.

Regional Compliance Note: We document decisions and provide reasons for refusals with citation to applicable exemptions and appeal options. Marketing opt-outs take effect promptly and no later than 10 business days in Canada.

Cookies & Tracking Technologies

OBSERVE: Categorize cookies and purposes. EXPAND: Provide management controls. REFLECT: Balance functionality with user choice.

  • Session cookies: Essential to deliver pages and maintain security; expire when you close your browser.
  • Persistent cookies: Remember preferences, measure performance, and support analytics; lifespans typically 1-24 months.
  • Third-party cookies/pixels: Analytics (e.g., aggregated metrics) and, with consent where required, advertising/retargeting and affiliate attribution.
  • Purposes: Functional (site operation), analytics (usage insights), advertising (with consent), fraud prevention/security.
  • Controls: Use our cookie banner/settings (where presented) to manage preferences; adjust browser settings to block or delete cookies; opt out of interest-based ads via NAI/DAA/DAAC tools in Canada.

Regional Compliance Note: We obtain consent for non-essential cookies where required and honor your preferences on subsequent visits.

Data Security

OBSERVE: Outline administrative, technical, and physical safeguards. EXPAND: Include encryption, access controls, audits, and incident response. REFLECT: Avoid overstatement of certifications while ensuring accountability.

  • Encryption: TLS 1.2+ for data in transit; encryption at rest for stored personal information where technically applicable.
  • Access controls: Role-based access, MFA for administrative accounts, least-privilege and need-to-know principles, and vendor access restrictions.
  • Monitoring and testing: Logging, vulnerability management, periodic security assessments, and supplier due diligence. We favor vendors with recognized frameworks (e.g., ISO 27001-aligned controls, SOC 2 Type II reports) and review attestations where available.
  • Organizational measures: Security and privacy training, confidentiality obligations, change management, and data protection impact assessments for higher-risk processing.
  • Incident response: Documented procedures for detection, containment, investigation, notification, and remediation. We notify affected users and regulators as required by applicable law.

Regional Compliance Note: Breach reporting to the Office of the Privacy Commissioner of Canada (and provincial commissioners where applicable) is performed in accordance with Canadian law, including record-keeping of all breach events.

Complaints & Contacts

OBSERVE: Provide clear contact channels and escalation paths. EXPAND: Include stepwise process and supervisory authorities. REFLECT: Set expectations and timelines.

How to contact us

  • Data Protection Lead (Canada Region): [email protected]
  • Postal: Privacy Office, betfair-casino-canada (betfair-casino-ca.com), PO Box 2025, Toronto ON M5C 3C6, Canada

Complaint procedure

  1. Submit: Email us with a description of your concern, relevant dates, and any supporting documents.
  2. Acknowledge: We acknowledge within 5 business days and may request identity verification.
  3. Investigate: We investigate and aim to resolve within 30 days. If more time is needed, we will explain why and provide a new date.
  4. Outcome: We will communicate our decision, actions taken, and any remedies available.

Escalation to authorities

  • Canada (primary): Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec K1A 1H3; 1-800-282-1376; https://www.priv.gc.ca/en/
  • Provinces (as applicable): Alberta OIPC (oipc.ab.ca), BC OIPC (oipc.bc.ca), Québec Commission d'accès à l'information (www.cai.gouv.qc.ca)
  • EU/UK users: Your local Data Protection Authority (see EDPB list: https://edpb.europa.eu/about-edpb/board/members_en)
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), https://www.inai.org.mx/

Regional Compliance Note: You may lodge a complaint with a supervisory authority without first contacting us; however, we encourage you to allow us the opportunity to resolve your concern.

Updates

OBSERVE: Communicate how we will notify material changes. EXPAND: Include versioning and advance notice. REFLECT: Provide options to object or close accounts with partners.

  • Notification methods: We post updates on this page, display banners on the Site, and email subscribers when changes are material.
  • Advance notice: For significant changes (e.g., new purposes, new categories of recipients), we provide at least 30 days' notice before the effective date, or obtain new consent where required.
  • Your options: You may adjust cookie settings, unsubscribe from marketing, or stop using the Site. For betfair.com accounts, please follow the operator's procedures to object or close your account.
  • Version control: Last updated: October 2025. Material changes in this version: clarified controller roles between the Site and betfair.com; expanded cross-border transfer safeguards; added provincial references (AB, BC, QC); updated complaint pathways and timelines.

Regional Compliance Note: We maintain records of prior versions and will provide access upon request.