burger icon
King Casino
Log In

Privacy Policy

Introduction
OBSERVE: This Privacy Policy explains how personal information is collected, used, disclosed, and protected when you visit or use king-casino-ca.com in Canada (excluding Ontario) and when you interact with our services as a website visitor or registered player.
EXPAND: It applies to all features on king-casino-ca.com, including account registration, gameplay, payments, promotions, support, and cookies/tracking technologies.
REFLECT: By using our services, you acknowledge this Policy. Effective date: 01 October 2025.

Who We Are

OBSERVE: The online service available at https://king-casino-ca.com ("king-casino") is operated for international (non-UK) markets under the Malta Gaming Authority licence MGA/CRP/148/2007 held by Aspire Global International LTD. Operations in Great Britain are under AG Communications Limited with UKGC licence 39483; this UK entity does not govern Canadian use of king-casino-ca.com.

EXPAND: For Canadian users (excluding Ontario), Aspire Global International LTD is the principal operator and accountable organization for your personal information under Canadian privacy laws (PIPEDA and substantially similar provincial laws where applicable). The service is not licensed in Ontario and is not offered to persons located in Ontario.

REFLECT: Operator and licensing details
- Legal entities: Aspire Global International LTD (MGA/CRP/148/2007); AG Communications Limited (UKGC 39483).
- Jurisdictional scope: Canada (excluding Ontario) under the MGA licence; Great Britain under UKGC licence.
- Registered address: Provided by the Maltese corporate registry and MGA public register (see: https://www.mga.org.mt/licensee). We will include the full registered address here upon confirmation.

Privacy officer / DPO contact
OBSERVE: A dedicated privacy contact point is required.
EXPAND: Until a direct email/phone channel is published, please contact our "Privacy Team" through one of the channels below.
REFLECT: How to reach us for privacy matters:
- Website: https://king-casino-ca.com (use the site's support/help area for "Privacy Request").
- Postal: Aspire Global International LTD - Privacy Team, (registered office as listed on the MGA register).
- We will publish a dedicated DPO email and telephone number on this page; interim requests will still be processed.

What Personal Data We Collect

OBSERVE: We collect information necessary to operate a regulated online casino and to provide secure, compliant services.

EXPAND: Categories of personal information

  • Identity and contact data: full name, date of birth, residential address, email, phone number, proof of identity/age, KYC/AML documents.
  • Account and usage data: username, account settings, session information, customer support records, communication preferences.
  • Technical data: IP address, device identifiers, browser type/version, operating system, language, time zone, referral URLs, page interactions, server logs, approximate geolocation derived from IP or device settings when permitted.
  • Payment and transactional data: payment instrument details (tokenized where possible), deposits/withdrawals, currency, billing details, chargebacks, financial verification records.
  • Behavioral and gaming data: betting and gameplay history, stakes, outcomes, return-to-player interactions, bonuses used, risk markers, responsible gambling limits and checks.
  • Marketing and communications data: newsletter/offer opt-ins, campaign interactions, unsubscribe records.
  • Cookies and similar technologies: session cookies, persistent cookies, SDKs, pixels, tags, local storage for functional, analytics, and advertising purposes (see Cookies section).

REFLECT: We collect data from you (forms, uploads), from your device (automatic logs/cookies), from payment and KYC partners (verification results), and from fraud/AML screening providers as part of regulatory obligations.

Legal Basis for Processing

OBSERVE: In Canada, we rely on meaningful consent and statutory obligations; for EEA/UK visitors (if any), GDPR/UK GDPR legal bases apply as noted.

EXPAND: Legal grounds

  • Consent: Creating/maintaining your account; marketing communications; optional cookies; responsible gambling tools that require explicit activation. You may withdraw consent at any time (see Your Rights).
  • Contractual necessity: Operating your account, processing deposits/withdrawals, providing games, customer support, prize/payout administration.
  • Legitimate interests / reasonable purposes: Fraud prevention, network and information security, service analytics, personalization, and service improvement, balanced against your privacy rights and expectations.
  • Legal obligations: KYC/age verification, AML/CTF screening and recordkeeping, regulatory reporting, complaint handling, accounting and tax requirements.

REFLECT: Where we rely on consent, refusal or withdrawal may affect the availability of certain features (e.g., marketing, certain cookies). We document assessments and apply additional safeguards for sensitive data.

Purpose of Processing

OBSERVE: Processing is limited to appropriate, necessary purposes for a regulated casino service.

EXPAND: We use your data to:

  • Provide and operate services: account creation, authentication, age/KYC checks, access to games, wallet management, payouts, support.
  • Improve and secure our services: troubleshooting, analytics, testing, monitoring, protecting against fraud/abuse, ensuring platform integrity.
  • Compliance and risk: AML/CTF, sanctions checks, responsible gambling monitoring, audit logs, regulatory reporting.
  • Marketing and personalization: send offers with your consent, manage preferences, measure campaign performance, present relevant content.
  • Business operations: recordkeeping, billing, accounting, dispute management, and corporate governance.

REFLECT: We adhere to data minimization; we do not use your data for unrelated purposes without informing you or obtaining consent where required.

Disclosure & Sharing

OBSERVE: We disclose personal information to third parties that enable core operations and compliance.

EXPAND: Categories of recipients

  • Payment and banking partners: card processors, e-wallets, banks for deposits, withdrawals, chargeback management, and fraud screening.
  • KYC/AML and age verification providers: identity verification, sanctions and PEP screening, document authentication, affordability and responsible gambling checks where applicable.
  • Technology and security vendors: hosting, cloud infrastructure, DDoS protection, logging, monitoring, security scanning, customer support tools.
  • Game suppliers and platform providers: to deliver games, ensure fairness, resolve game-related incidents.
  • Analytics and measurement: site and app analytics; where advertising cookies are used, only with consent.
  • Affiliates and marketing partners: to attribute referrals and measure campaigns, subject to your consent and applicable law.
  • Regulators and law enforcement: Malta Gaming Authority or other competent authorities, FINTRAC-related AML request contexts, tax and judicial authorities, where legally required.
  • Corporate transactions: during mergers, acquisitions, or restructuring, subject to appropriate safeguards and notices.

REFLECT: We require service providers to protect personal information via written contracts, confidentiality, and robust security; they may process data only on our instructions and for specified purposes.

International Transfers

OBSERVE: Personal information may be processed in Malta (EEA), the UK, Canada, the United States, and other countries where our vendors operate.

EXPAND: Safeguards for cross-border transfers

  • Accountability (Canada): We remain responsible for personal information transferred to service providers outside Canada and ensure comparable protections via contractual and organizational measures.
  • EEA/UK safeguards (if applicable): Standard Contractual Clauses (SCCs) and, where relevant, UK IDTA/Addendum, plus transfer risk assessments and supplementary measures.
  • DPF participation (where applicable): For U.S. vendors, reliance on EU-U.S. and UK-U.S. Data Privacy Framework participation where the vendor is certified; otherwise SCCs apply.
  • Notice: Foreign jurisdictions may have different privacy and access laws; data may be accessible to law enforcement under those laws.

REFLECT: You may contact us for more information on transfer mechanisms and to request a copy of key contractual safeguards (with redactions for confidentiality).

Data Retention

OBSERVE: We retain personal information only as long as necessary for the purposes set out above and to meet legal/regulatory requirements.

EXPAND: Typical retention periods

  • Account and identity/KYC records: at least 5 years after account closure or last transaction, to comply with AML/CTF recordkeeping and audit requirements.
  • Transaction and payment data: 5 years, or longer if required for tax, accounting, chargeback, or dispute purposes.
  • Gaming/behavioral logs: 3 years from collection, unless needed longer for investigations, self-exclusion, or regulatory requirements.
  • Customer support communications: 2 years from last interaction, extendable if tied to an open complaint or legal claim.
  • Security logs: 12-24 months, adjusted to threat and regulatory contexts.
  • Marketing data: until you withdraw consent or your account is closed, then moved to a suppression list to honor future opt-outs.
  • Cookies: session cookies expire on logout/close; persistent cookies typically 3-24 months (see Cookies section).

REFLECT: Upon expiry, we securely delete, anonymize, or aggregate data unless retention is legally required or necessary to establish, exercise, or defend legal claims.

Your Rights

OBSERVE: Canadian privacy laws (PIPEDA and substantially similar provincial laws) provide rights to access and correct personal information, and to withdraw consent, among others. If you are in the EEA/UK, GDPR/UK GDPR rights may apply. We do not target Mexico; references below apply only if Mexican law applies to you.

EXPAND: Exercising your rights (we usually respond within 30 days; we may extend once for a further 30 days where permitted and will inform you of reasons and timing)

  • Access: Obtain confirmation and access to your personal information, including a description of how it has been used and to whom it has been disclosed, subject to lawful exceptions.
  • Correction/rectification: Request correction of inaccurate or incomplete information. Where disagreement exists, we will note the dispute where required.
  • Withdrawal of consent: Withdraw consent for non-essential processing (e.g., marketing, certain cookies). Core operational processing may continue where permitted/required by law.
  • Deletion/erasure: In Canada, deletion applies where information is no longer necessary or required to be retained; otherwise we will securely de-identify where appropriate. GDPR erasure applies for EEA/UK users as set out in Article 17, subject to exceptions.
  • Restriction/objection: For EEA/UK users, object to processing based on legitimate interests and request restriction in certain circumstances. We will consider similar requests from Canadian users case-by-case.
  • Data portability: For EEA/UK users, request data portability where processing is based on consent or contract and carried out by automated means. We will accommodate Canadian portability requests where technically feasible.

How to submit a request: Use the website support area with the subject "Privacy Request" and specify your request type (access, correction, etc.). We will authenticate your identity before processing. Requests are free of charge; reasonable cost-recovery fees may apply for complex or repetitive requests as permitted by law, with advance notice.

REFLECT: Supervisory guidance and references
- Canada: Office of the Privacy Commissioner of Canada (OPC) and, where applicable, provincial authorities (AB OIPC, BC OIPC, Quebec CAI).
- EEA/UK (if applicable): your local Data Protection Authority.
- Mexico (if applicable only): rights under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) overseen by INAI; our service is not targeted to Mexico.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies to make our services work, keep them secure, and improve performance.

EXPAND: Types and purposes

  • Strictly necessary (session/persistent): authentication, load balancing, fraud prevention, consent storage. Without these, the site will not function properly.
  • Functional: remembering preferences, language, and settings to enhance user experience.
  • Analytics: measuring usage, diagnosing issues, improving site performance. Where required, used with your consent.
  • Advertising/marketing (third-party): delivering and measuring promotions and bonuses across channels; only used with your explicit consent.

Managing cookies: You can manage cookies via your browser settings and (where available) our on-site consent banner/preferences centre. Disabling certain cookies may impact functionality. For mobile SDKs, manage permissions in your device settings.

REFLECT: We periodically review our cookie inventory and update this section. Cookie durations typically range from session-only to 24 months.

Data Security

OBSERVE: Protecting your information is critical to gaming integrity and regulatory compliance.

EXPAND: Security measures

  • Encryption: TLS 1.2+ in transit; strong encryption at rest for sensitive data and keys with strict key management.
  • Access control: least-privilege role-based access, multi-factor authentication for privileged accounts, segregation of duties, session timeouts.
  • Network and infrastructure: hardened systems, segmentation, continuous monitoring, vulnerability scanning, patching cadence, WAF/DDoS protection.
  • Operational controls: secure software development lifecycle, change management, logging and audit trails, data loss prevention where appropriate.
  • Third-party oversight: due diligence, contractual security requirements, breach notification obligations, and periodic assessments.
  • Training and awareness: mandatory staff privacy/security training and role-specific refreshers.
  • Incident response: documented plan including triage, containment, investigation, notification to authorities and affected users where required by law, and post-incident reviews.

REFLECT: Our security program aligns with recognized frameworks (e.g., ISO/IEC 27001 control families, SOC 2 principles). Unless expressly stated, alignment does not imply formal certification.

Complaints & Contacts

OBSERVE: You are entitled to clear channels to ask questions, exercise rights, or raise concerns.

EXPAND: Contact and complaint procedure

  1. Contact us first: Submit a request via the site's support/help area with the subject "Privacy Inquiry" or "Privacy Complaint." Provide enough detail to identify your account and issue.
  2. Acknowledgement: We aim to acknowledge within 5 business days and provide a substantive response within 30 days. If more time is needed, we will explain why and provide a new timeline.
  3. Escalation: If unresolved, ask for escalation to the Privacy Officer. We will conduct a further review and provide a final position.

Supervisory authorities (escalation outside king-casino):

  • Canada - Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca, Toll-free: 1-800-282-1376.
  • Alberta - Office of the Information and Privacy Commissioner: https://www.oipc.ab.ca
  • British Columbia - Office of the Information and Privacy Commissioner: https://www.oipc.bc.ca
  • Quebec - Commission d'accès à l'information (CAI): https://www.cai.gouv.qc.ca
  • EEA/UK (if applicable): Contact your local Data Protection Authority.
  • Mexico (if applicable only): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - https://www.inai.org.mx

REFLECT: We prefer to address concerns directly and fairly, but you may contact a regulator at any time.

Updates

OBSERVE: Privacy laws and our practices evolve; we will update this Policy accordingly.

EXPAND: How we notify you

  • Material changes: We will provide advance notice of at least 30 days via email (if available), in-account alerts, and/or a prominent site banner before material changes take effect.
  • Minor updates: We will post the updated Policy with a new "Last updated" date.
  • Your choices: If you do not agree to changes affecting optional processing (e.g., marketing), you may withdraw consent or close your account before changes take effect.

Version control
Last updated: October 2025
Changelog (material highlights):
- Clarified Canadian applicability (excluding Ontario) and operator accountability under MGA licence.
- Expanded cross-border transfer safeguards (SCCs/DPF).
- Streamlined rights response timelines and complaint pathways.
- Updated retention ranges and cookie categories.

REFLECT: We encourage you to review this Policy periodically. Continued use after the effective date signifies acceptance of the updated terms.

Regional Compliance Note: This Policy is tailored for users in Canada (excluding Ontario). If you access king-casino-ca.com from the EEA/UK, GDPR/UK GDPR provisions in the relevant sections apply in addition to this Policy. We do not target Mexico; any Mexican rights references apply only if Mexican law otherwise governs your use.