burger icon
PSK Casino
Log In

Privacy Policy

This Privacy Policy explains how psk-casino collects, uses, discloses, and protects personal information of players and website visitors of psk-casino-ca.com. It applies to visitors and registered users accessing our services via this site. Effective date: 1 January 2025.

Who We Are

psk-casino operates the website psk-casino-ca.com for users in Canada. The brand is part of Fortuna Entertainment Group's ecosystem. Operations are primarily centered in Croatia and the European Economic Area (EEA). psk-casino is not registered with AGCO or iGaming Ontario.

  • Operator name: psk-casino (corporate entity details for psk-casino-ca.com to be confirmed and added upon verification)
  • Corporate background: Member of Fortuna Entertainment Group (FEG), Prague, Czech Republic; Croatian gambling operations licensed by the Ministry of Finance of the Republic of Croatia (KLASA: UP/I-461-04/21-02/69; URBROJ: 513-07-21-01-21-7; valid in Croatia only)
  • Registered/legal address: Not specified in current public sources for this domain; will be updated once confirmed
  • Primary website: https://psk-casino-ca.com
  • Related regional sites: https://www.psk.hr (Croatia), https://www.feg.eu/ (parent company)
  • Data Protection contact (DPO/Data Protection Department): Email: [email protected]; Phone: +385 0800 200 133 (Croatian support line; not a Canadian number; international charges may apply)

LoT Compliance Trace

  • OBSERVE: Publicly available corporate facts indicate EU/HR operations; Canadian registration not present.
  • EXPAND: Provide clear contact channels and licensing context to avoid user confusion.
  • REFLECT: Present accurate operator details and commit to update legal address/registration upon confirmation.

What Personal Data We Collect

  • Identity and contact: Full name, date of birth, residential address, email, phone, government-issued ID for KYC (where applicable).
  • Account and usage: Username, preferences, support communications, account settings.
  • Technical: IP address, device identifiers, browser/OS, language, time zone, session logs, referrer URLs, crash logs.
  • Payment and financial: Payment method details (tokenized where possible), transaction identifiers, deposits/withdrawals, chargeback data.
  • Behavioral and gaming: Game activity, bet amounts, outcomes, session length, clickstream, responsible gambling interactions (limits, self-exclusion status).
  • Compliance: KYC/AML records, sanctions/PEP screening results, source-of-funds information when required by law.
  • Cookies and similar tech: Cookies, SDKs, pixels, local storage, and device signals used for functionality, analytics, security, and advertising (subject to consent where required).

LoT Compliance Trace

  • OBSERVE: Casino operations require identity, payment, technical, and behavioral data.
  • EXPAND: Include AML/KYC and responsible gambling categories implicitly required in gambling.
  • REFLECT: Categorize data transparently to support user rights and retention logic.

Legal Basis for Processing

  • Consent (PIPEDA/GDPR/Law 25/QC): We rely on your consent for marketing, certain cookies/analytics, and optional features. You may withdraw consent at any time.
  • Contractual necessity: To create and operate your account, process payments, provide games, and deliver support.
  • Legitimate interests (GDPR) / Appropriate purposes (PIPEDA): Security, fraud detection, service analytics, service improvement, and network/information security, balanced against your rights.
  • Legal obligations: KYC/AML screening and recordkeeping, tax/reporting duties, responding to lawful requests, responsible-gambling measures.
  • Vital interests and public interest (where applicable): To protect users and the public from fraud or harm.

Regional Compliance Note: For Canada, PIPEDA applies to commercial activities; Quebec Law 25 introduces additional requirements for cross-border transfers and transparency; EU/UK users are processed under GDPR/UK GDPR where applicable; Mexican residents may rely on the LFPDPPP framework.

LoT Compliance Trace

  • OBSERVE: CA PIPEDA and global frameworks govern legal bases.
  • EXPAND: Map GDPR-style bases to PIPEDA "appropriate purposes" and AML obligations.
  • REFLECT: Present layered legal bases to cover multi-jurisdiction users consistently.

Purpose of Processing

  • Provide services: Account registration, identity verification, game access, payments, customer support.
  • Improve and personalize: Diagnose issues, optimize performance, personalize content, localize language and offers.
  • Marketing and communications: Send promotions, service updates, and surveys with your consent and subject to opt-out.
  • Analytics and research: Usage statistics, A/B testing, anti-abuse modeling, responsible gambling insights.
  • Security and fraud prevention: Detect and prevent fraud, cheating, money laundering, and unauthorized access.
  • Compliance: Recordkeeping, AML/KYC, audits, responding to regulators and law enforcement.

LoT Compliance Trace

  • OBSERVE: Core casino operations require processing for service and compliance.
  • EXPAND: Include responsible gambling and A/B testing as implicit industry practices.
  • REFLECT: Tie purposes to specific legal bases and user controls (consent/opt-out).

Disclosure & Sharing

  • Payment and banking partners: To process deposits, withdrawals, and verify transactions.
  • Service providers (processors): Hosting, cloud, security, analytics, customer support, KYC/AML vendors, game providers-bound by contracts and data protection obligations.
  • Regulators and law enforcement: Where required by law, court orders, or to enforce our rights and protect users.
  • Affiliates within FEG: For internal administration, consolidated reporting, and compliance support under appropriate safeguards.
  • Advertising partners: With your consent, we may share limited pseudonymous identifiers for ad measurement and retargeting.
  • Business transfers: In connection with mergers, acquisitions, or asset sales, under confidentiality and continuity of protection.
  • Aggregated/anonymized data: For statistics and research that cannot reasonably identify you.

LoT Compliance Trace

  • OBSERVE: Standard processors and regulators are involved.
  • EXPAND: Include affiliates and advertising networks conditioned on consent.
  • REFLECT: Contractual safeguards and minimal disclosure principles emphasized.

International Transfers

Your information may be processed in Canada, the EEA (including Croatia and the Czech Republic), and other countries where our service providers operate (including the United States and the United Kingdom).

  • Safeguards: We use Standard Contractual Clauses (SCCs) for transfers from the EEA/UK to third countries; Transfer Impact Assessments are conducted where required.
  • EU-US/UK-US frameworks: Where a US provider participates in the EU-US Data Privacy Framework (and UK Extension), we rely on that certification; otherwise, SCCs apply.
  • Canada adequacy (GDPR): Canada (PIPEDA-regulated organizations) benefits from an EU adequacy decision for certain transfers.
  • Quebec Law 25: For Quebec residents, we conduct cross-border privacy assessments and ensure contractual protections and comparable safeguards.
  • Access to copies: You may request a copy or summary of applicable transfer safeguards via [email protected].

LoT Compliance Trace

  • OBSERVE: Cross-border processing is inherent to the service.
  • EXPAND: Address SCCs, DPF, and Quebec Law 25 assessments.
  • REFLECT: Provide user access to transfer safeguard details upon request.

Data Retention

  • Account and identity data: Retained for the life of the account and up to 5 years after closure, or longer if required for AML, disputes, or legal obligations.
  • KYC/AML records: Typically retained for 5 years after the end of the relationship or per applicable law.
  • Transaction and payment records: 5-7 years for accounting, audit, and anti-fraud purposes.
  • Gaming and behavioral logs: 2 years from collection, unless needed for security or investigations.
  • Marketing data: Until you withdraw consent or 2 years after last interaction, whichever is earlier.
  • Technical logs and security data: 12-24 months, subject to system and security needs.
  • Cookies: Session cookies expire when you close the browser; persistent cookies last 3-24 months unless deleted earlier.
  • Backups: Encrypted backups retained 90-180 days, then overwritten or securely deleted.

Deletion criteria: Upon fulfillment of the purpose, expiry of statutory periods, successful objection/erasure request, or closure of the account, subject to legal holds.

LoT Compliance Trace

  • OBSERVE: AML and accounting rules drive longer retention for certain datasets.
  • EXPAND: Include backups and cookies lifecycle often overlooked.
  • REFLECT: Provide clear criteria and timeframes tied to purposes and laws.

Your Rights

We recognize rights under Canadian privacy laws (PIPEDA and provincial laws), align with GDPR where applicable, and respect Mexican ARCO rights where LFPDPPP applies.

  • Access: Obtain confirmation and a copy of your personal information and details about how it is used and shared.
  • Correction/Rectification: Request correction of inaccurate or incomplete data.
  • Deletion/Erasure (or Cancellation under ARCO): Request deletion where data is no longer needed, you withdraw consent, or processing is unlawful (subject to legal obligations such as AML).
  • Restriction: Ask us to limit processing while a dispute is resolved.
  • Objection: Object to processing based on legitimate interests or for direct marketing at any time.
  • Portability: Receive your data in a machine-readable format and have it transmitted to another organization where technically feasible (GDPR-aligned; provided under PIPEDA as a good-practice facilitation).
  • Withdraw consent: Opt out of marketing and revoke consent for optional cookies and features at any time.
  • Mexican ARCO rights: Access, Rectification, Cancellation, and Opposition mechanisms are supported where LFPDPPP applies.

How to exercise your rights

  1. Submit a request: Email [email protected] with "Privacy Request" in the subject. Include your account email, jurisdiction of residence, and the right you wish to exercise.
  2. Identity verification: We may request reasonable information (e.g., confirming account details or secure ID verification) to protect your account.
  3. Response times: We aim to respond within 30 days. Where allowed, we may extend by an additional 30 days for complex requests and will notify you of the reason.
  4. Fees: Requests are free of charge unless manifestly unfounded, excessive, or repetitive, in which case a reasonable fee may apply as permitted by law.

Note: Some rights are subject to legal exceptions (e.g., AML, anti-fraud, legal claims, or our need to retain certain records).

LoT Compliance Trace

  • OBSERVE: PIPEDA access/correction and GDPR-style rights requested, plus Mexican ARCO.
  • EXPAND: Provide clear procedures, timeframes, verification, and fee rules.
  • REFLECT: Balance rights with statutory exceptions (AML, legal holds).

Cookies & Tracking Technologies

  • Types:
    • Session cookies: Essential for login and navigation; expire at session end.
    • Persistent cookies: Preferences and remembering settings; limited lifespan.
    • Third-party cookies/SDKs: Analytics, security, and advertising (subject to consent).
  • Purposes:
    • Functional: Authentication, security, load balancing.
    • Analytics: Usage metrics, error diagnostics, service improvement.
    • Advertising: Ad measurement and personalization (only with consent, where applicable).
  • Controls: Manage preferences via the "Cookie Settings" panel in our site footer and your browser settings. Blocking some cookies may affect functionality.

LoT Compliance Trace

  • OBSERVE: Common cookie categories apply to gaming sites.
  • EXPAND: Include SDK/pixel tracking with consent boundaries.
  • REFLECT: Provide user-friendly management methods and impact notes.

Data Security

  • Encryption: TLS 1.2+ for data in transit; encryption of sensitive data at rest.
  • Access controls: Role-based access, least-privilege design, multi-factor authentication for administrative access.
  • Secure development: Code reviews, dependency scanning, and change management.
  • Monitoring and audits: Logging, anomaly detection, periodic penetration tests, and regular security assessments.
  • Staff training: Security and privacy training, confidentiality obligations.
  • Incident response: Defined procedures for detection, containment, eradication, and recovery; breach notifications provided as required by law (e.g., PIPEDA "real risk of significant harm").
  • Standards alignment: Controls aligned with ISO/IEC 27001 and SOC 2 principles where applicable; we do not claim certification unless expressly stated.

LoT Compliance Trace

  • OBSERVE: Gambling data is sensitive and attractive to fraudsters.
  • EXPAND: Combine encryption, access control, monitoring, and incident response.
  • REFLECT: Clarify alignment with standards without overstating certification.

Complaints & Contacts

Primary contact: Data Protection Department - [email protected]; +385 0800 200 133 (Croatian support line; international charges may apply).

Internal complaint procedure

  1. Submit: Email us describing your concern and desired resolution. Include your account email and jurisdiction.
  2. Acknowledge: We will acknowledge within 5 business days.
  3. Investigate: We will investigate and provide a substantive response within 30 days where feasible.
  4. Escalate: If unresolved, you may escalate to applicable supervisory authorities below.

Supervisory authorities

  • Canada (Federal): Office of the Privacy Commissioner of Canada (OPC) - 30 Victoria Street, Gatineau, QC K1A 1H3; 1‑800‑282‑1376; priv.gc.ca/en/contact-the-opc/
  • Alberta: Office of the Information and Privacy Commissioner - oipc.ab.ca
  • British Columbia: Office of the Information and Privacy Commissioner - oipc.bc.ca
  • Quebec: Commission d'accès à l'information (CAI) - cai.gouv.qc.ca
  • Mexico (where applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - inai.org.mx | plataformadetransparencia.org.mx
  • EU (if GDPR applies): You may contact your local Data Protection Authority; see the EDPB list: edpb.europa.eu

LoT Compliance Trace

  • OBSERVE: Users need clear internal and external escalation options.
  • EXPAND: Include federal/provincial CA, Mexican INAI, and EU DPAs for cross-border users.
  • REFLECT: Provide response timelines and acknowledgement practices.

Updates

  • Notification channels: We will notify you of material changes via email, website banners, and account dashboard alerts.
  • Advance notice: For significant changes, we provide at least 30 days' advance notice before the effective date.
  • User choices: If you object to changes, you may withdraw consent, adjust settings, or close your account before the effective date.
  • Versioning: Last updated: January 2025. We maintain a changelog summarizing material amendments.
  • Changelog (summary):
    • January 2025: Initial CA-focused publication; clarified international transfers and Law 25 assessments; added INAI and EU DPA escalation paths.

LoT Compliance Trace

  • OBSERVE: Users must be informed about policy evolution.
  • EXPAND: Provide multi-channel notice and advance lead time.
  • REFLECT: Offer objection/closure options and keep a transparent changelog.