Privacy Policy

This privacy policy describes how lucky-wins-casino, operating exclusively through lucky-wins-casino-ca.com, collects, uses, stores, and protects your personal information. It applies to all players and website visitors accessing our services in Canada. Effective date: November 6, 2025.

Who We Are

OBSERVE: Identified operator details and regulatory framework. EXPAND: Cross-referenced corporate data, license, and compliance contact. REFLECT: Integrated authoritative information for transparency and user assurance.

• Operator: lucky-wins-casino is operated by Dama N.V., a company registered in Curaçao (registration number: 152125), with its legal address at Scharlooweg 39, Willemstad, Curaçao.
• Gaming License: Licensed by Curaçao Gaming Control Board under license number OGL/2023/174/0082, valid through December 31, 2025.
• Data Protection Contact: For privacy concerns, contact our Data Protection Officer by email at [email protected] or via our online support form at https://lucky-wins-casino-ca.com/support.

What Personal Data We Collect

OBSERVE: Examined all data flows and categories collected. EXPAND: Mapped explicit and implicit data points, including behavioral analytics. REFLECT: Structured comprehensive list with legal and operational clarity.

• Personal Identification Data: Full name, date of birth, email address, phone number, residential address, account credentials, and government-issued identity documents (for KYC/AML compliance).
• Technical Data: IP address, device and browser information, operating system, geolocation data, access logs, and usage timestamps.
• Payment and Financial Data: Bank account details, card numbers (masked), e-wallet information, transaction history, and withdrawal requests.
• Behavioral Data: Betting and gaming history, account activity, clickstream data, preferences, and interactions with promotions or communications.
• Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party analytics and advertising cookies, and related identifiers (see "Cookies & Tracking Technologies" below).

Legal Basis for Processing

OBSERVE: Analyzed jurisdictional legal grounds for data processing. EXPAND: Included all CA-relevant obligations and sectoral best practices. REFLECT: Presented each legal basis with illustrative examples and compliance statements.

1. User Consent: We rely on your explicit consent for marketing communications, analytics, and non-essential cookies. Consent is requested during registration and may be withdrawn at any time.
2. Contract Fulfillment: Processing is necessary to deliver our gaming services, manage your account, process deposits/withdrawals, and provide customer support in line with our Terms of Service.
3. Legal Obligations: We process your data to comply with applicable legal and regulatory requirements, such as Know Your Customer (KYC), Anti-Money Laundering (AML), and financial reporting obligations under Canadian and Curaçaoan law.
4. Legitimate Interests: We process data to prevent fraud, ensure IT security, conduct analytics, and enhance our services. These interests are balanced against your privacy rights and are not used for invasive profiling.

Regional Compliance Note: All processing activities are conducted in accordance with Canadian privacy laws and relevant international standards.

Purpose of Processing

OBSERVE: Identified specific and implied processing purposes. EXPAND: Cross-checked for regulatory, operational, and commercial objectives. REFLECT: Detailed list ensures transparency and user understanding.

• Service Provision: To register and manage user accounts, enable participation in games, process transactions, and provide customer support.
• Personalization and Enhancement: To tailor gaming experiences, recommend promotions, and optimize platform functionality based on user behavior.
• Marketing Communication: To send updates, promotional offers, and service announcements (subject to user consent).
• Analytics and Research: To analyze user activity, monitor platform performance, conduct market research, and improve service quality.
• Fraud Detection and Security: To monitor, prevent, and investigate fraudulent or suspicious activity and to safeguard platform integrity.
• Legal and Regulatory Compliance: To comply with applicable laws, regulatory requirements, and requests from competent authorities.

Disclosure & Sharing

OBSERVE: Catalogued all external and internal data sharing scenarios. EXPAND: Included lawful bases and protective measures for each recipient category. REFLECT: Ensured user rights and transparency are protected.

• Payment Partners: Data may be shared with banks, payment processors, and financial institutions for transaction processing and fraud prevention.
• Service Providers: We engage IT service providers, analytics vendors, customer support partners, and security consultants under strict contractual safeguards.
• Regulatory Authorities: Data may be disclosed to regulators, law enforcement, or tax authorities in compliance with legal obligations (including Curaçao Gaming Control Board and Canadian authorities, where applicable).
• Affiliates and Marketing Partners: With your consent, selected data may be shared with affiliate networks and advertising partners for marketing purposes.
• Corporate Transactions: In the event of a merger, acquisition, or restructuring, user data may be transferred in compliance with applicable law and with advance notice.

Protective Clause: All third parties are contractually obligated to protect your data in accordance with applicable privacy legislation and industry standards.

International Transfers

OBSERVE: Assessed cross-border data flow risks and applicable safeguards. EXPAND: Considered operational realities and regulatory requirements for CA and Curaçao. REFLECT: Articulated transfer mechanisms and user protections.

• Jurisdictional Transfers: Your personal data may be transferred and processed outside Canada, including in Curaçao (headquarters jurisdiction) and other countries where our partners are located.
• Safeguards: We implement standard contractual clauses, data processing agreements, and robust security measures to ensure an adequate level of protection, regardless of destination country.
• Third-Party Compliance: All international data recipients are required to comply with applicable privacy regulations and to provide data protection standards comparable to those in Canada.

Regional Compliance Note: International transfers are carried out in strict accordance with Canadian privacy law and recognized international frameworks.

Data Retention

OBSERVE: Reviewed legal retention mandates and operational practices. EXPAND: Distinguished data categories and deletion criteria. REFLECT: Provided retention timelines and user-triggered deletion processes.

• Personal and Account Data: Retained for the duration of your active account and for no more than 5 years following account closure, as required for regulatory compliance and dispute resolution.
• Payment and Transaction Data: Retained for a minimum of 5 years after the relevant transaction, in compliance with anti-money laundering and financial reporting obligations.
• Technical and Behavioral Data: Kept for up to 2 years from the date of collection, unless required for ongoing investigations or analytics.
• Cookies and Tracking Data: Retention periods vary by type; see "Cookies & Tracking Technologies."
• Deletion Criteria: Data is securely deleted or anonymized upon expiration of retention periods, upon withdrawal of consent (where applicable), or upon user request, unless further retention is required by law.

Your Rights

OBSERVE: Mapped user rights to GDPR, Canadian, and applicable international standards. EXPAND: Included exercise procedures, response timelines, and protective disclaimers. REFLECT: Structured user empowerment and clear complaint mechanisms.

1. Right of Access: You may request confirmation as to whether we process your personal data and receive a copy of such data, free of charge, within 30 days.
2. Right to Rectification: You may request correction of inaccurate or incomplete personal data.
3. Right to Erasure ("Right to be Forgotten"): You may request deletion of your data when it is no longer necessary for the purposes collected, subject to legal retention obligations.
4. Right to Restrict Processing: You may request that we limit processing of your data under certain circumstances (e.g., data accuracy disputes or pending legal claims).
5. Right to Object: You may object to processing based on legitimate interests, including profiling for direct marketing purposes.
6. Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format for transmission to another controller.
7. Right to Withdraw Consent: You may withdraw consent for marketing or non-essential processing at any time, without affecting the lawfulness of processing based on consent before withdrawal.
8. Right to Lodge a Complaint: You may file a complaint with our Data Protection Officer or escalate to the relevant supervisory authority (see "Complaints & Contacts" below).

• Procedure: To exercise your rights, contact us at [email protected] or use the online support form. We respond to all legitimate requests within 30 days, free of charge. Identity verification may be required.

Regional Compliance Note: Rights align with Canadian privacy law and international standards. EU or Mexican residents may also exercise rights under their respective laws, where applicable.

Cookies & Tracking Technologies

OBSERVE: Catalogued all cookies and tracking mechanisms. EXPAND: Classified by function and user control options. REFLECT: Provided actionable management guidance for users.

• Session Cookies: Essential for platform operation, user authentication, and maintaining secure sessions. Automatically deleted when you close your browser.
• Persistent Cookies: Store user preferences and login status for a defined period (up to 12 months) to enhance user experience.
• Third-Party Cookies: Used for analytics (e.g., Google Analytics), advertising networks, and affiliate tracking. These may collect data across websites with your consent.
• Purposes: Functional (platform stability), analytics (usage statistics), and advertising (personalized offers, only with consent).
• Management: You can manage or disable cookies through your browser settings or our internal privacy panel. Blocking certain cookies may affect site functionality.

Regional Compliance Note: Cookie usage complies with Canadian consent requirements and international best practices.

Data Security

OBSERVE: Assessed security infrastructure and industry benchmarks. EXPAND: Detailed all technical, organizational, and procedural safeguards. REFLECT: Demonstrated comprehensive protective measures and standards compliance.

• TLS Encryption: All data transmissions are encrypted using TLS 1.2 or higher to prevent interception.
• Data Encryption at Rest: Sensitive information is encrypted in our databases to ensure confidentiality even in the event of unauthorized access.
• Access Controls: Strict access management, multi-factor authentication, and role-based permissions restrict data access to authorized personnel only.
• Security Audits: Regular security assessments, vulnerability scans, and third-party penetration testing are conducted to identify and remediate risks.
• Staff Training: All staff undergo ongoing data protection and cybersecurity training, including incident response protocols.
• Incident Response: Documented procedures ensure prompt detection, reporting, and mitigation of data breaches, with notification to affected users and regulators as required.
• International Standards: Security practices are aligned with ISO 27001 and SOC 2 requirements.

Complaints & Contacts

OBSERVE: Identified all user support and escalation channels. EXPAND: Defined stepwise complaint handling and supervisory authorities. REFLECT: Ensured transparent, accessible redress mechanisms.

• Data Protection Officer (DPO): Email [email protected] or use the online feedback form at https://lucky-wins-casino-ca.com/support.
• Complaint Procedure:
  1. Submit your complaint or inquiry to the DPO via email or support form.
  2. You will receive an acknowledgment within 5 business days.
  3. A detailed response will be provided within 30 days of receipt.
  4. If you are unsatisfied with the resolution, you may escalate your complaint to a supervisory authority as follows:
• Supervisory Authorities:
  • Canadian Privacy Commissioner: https://www.priv.gc.ca/en/contact-the-opc/
  • Curaçao Gaming Control Board: https://www.gamingcontrolcuracao.org/
  • EU Residents: Contact your national Data Protection Authority (DPA).
  • Mexican Residents: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI).

Updates

OBSERVE: Reviewed change notification requirements and timeframes. EXPAND: Included version management and user options. REFLECT: Established proactive communication and compliance mechanisms.

• Notification Procedures: Material changes to this policy will be communicated via email (where available), prominent website banners, and account dashboard alerts.
• Advance Notice: For significant changes, users will be notified at least 30 days in advance, allowing time to review, object, or close accounts if desired.
• Version Control: This policy is effective from November 6, 2025. The latest version is always available at https://lucky-wins-casino-ca.com/privacy.
• Changelog: All material changes will be summarized in a changelog accessible on the privacy page for transparency.

Last updated: November 6, 2025