Privacy Policy

This Privacy Policy explains how Ethereum Casino, operating through the website https://ethereum-ca.com (the "Website", "we", "us", "our"), collects, uses, discloses and protects personal information of players and visitors in connection with our online gambling services. It applies to all individuals who access or use the Website, register an account, interact with our services, or communicate with us by any means. By using the Website, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective from 01 January 2025 and is intended to remain in force, subject to updates described below, through at least 31 December 2026.

Who We Are

For the purposes of this Privacy Policy, the data controller for personal data processed in connection with the operation of Ethereum Casino via ethereum-ca.com is:

Operator: Web3 Gaming Group N.V.
Trading Brand: Ethereum Casino (Ethereum Casino project for Canadian players)
Registered office / legal address: not specified (Curaçao-based online gaming operator)
Licensing jurisdictions: Curaçao eGaming (License No. 1668/JAZ) and Kahnawake Gaming Commission (Remote Gaming License No. 00885, jurisdiction Kahnawake, Canada)

Certain payment processing and related back-office services may be performed by our subsidiary:

Payment Processor: PayBlock Ltd, Cyprus (acting as a payment processing subsidiary and service provider on our behalf).

Contact details

Official website: https://ethereum-ca.com
Customer support email: [email protected]
General information email: [email protected]
Press and media enquiries: [email protected]

We have designated an internal contact for privacy and data protection matters (Data Protection Officer function):

Data Protection Contact / DPO function:
Email: [email protected] (or, if unavailable, please use [email protected] with the subject "Privacy request").
Postal address for privacy correspondence: Web3 Gaming Group N.V. - Privacy, (legal address as updated on the Website from time to time).

What Personal Data We Collect

We collect only the personal information that is necessary to provide and improve our services, comply with legal obligations, and protect our legitimate interests. The categories of data we process include, but are not limited to, the following:

Identification and contact data

Account and identity details: full name, date of birth, nationality, residential address, username, password, security questions and answers, copies or details of government-issued identification documents (e.g., passport, ID card, driver's licence), proof of address (e.g., utility bill, bank statement).
Contact information: email addresses (such as the email used for registration, communication and verification), telephone numbers, preferred language of communication, and any other contact channels you provide.

Technical and device data

Technical identifiers: IP address, device identifiers, browser type and version, operating system, time zone settings, device model, and other device characteristics.
Usage and log information: login and logout timestamps, pages visited, navigation paths, clickstream data, referrer URLs, access dates and times, session duration, error logs, and similar diagnostic data.

Financial and transaction data

Payment information: limited payment details necessary to process deposits and withdrawals, including transaction identifiers, payment method type (e.g., crypto wallet address, card brand via our processor, e-wallet type), currency, amount, and timestamps.
Cryptocurrency data: blockchain wallet addresses, transaction hashes, token type (e.g., ETH and other supported cryptocurrencies), and transaction history on our platform.
Anti-fraud and risk data: chargeback history, deposit and withdrawal patterns, sanctions and watchlist screening outcomes (where applicable), and results of risk scoring tools used in our AML/KYC processes.

Gaming and behavioural data

Gameplay information: betting history, game preferences, stakes and winnings, bonuses claimed, participation in tournaments or promotions, session duration and frequency of play.
Behavioural and interaction data: clicks, scrolls, selections, interactions with banners and offers, responses to surveys and feedback forms, and engagement with responsible gambling tools.

Communication and support data

Customer support interactions: records of emails and messages sent to [email protected] or other addresses, live chat transcripts, internal notes documenting the handling of your requests, and complaint records.
Marketing preferences: your consents, preferences and opt-out choices for receiving marketing communications, newsletters, push notifications or SMS (where applicable).

Cookies and similar tracking technologies

Cookies: small text files stored on your device, including session cookies, persistent cookies and cookies set by third parties (e.g., analytics, advertising partners), which may contain online identifiers, device identifiers and preference information.
Similar technologies: web beacons, pixels, tags, local storage and software development kits (SDKs) that help us recognize your browser or device, analyse usage and deliver content and advertisements.

Where we are required by law or our licensing conditions (including those in Curaçao and Kahnawake, Canada) to collect certain data - for example, to execute KYC (Know Your Customer) and AML (Anti-Money Laundering) checks - we may not be able to provide you with services if you do not supply such information.

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so under applicable data protection laws, including but not limited to principles aligned with the EU General Data Protection Regulation (GDPR) and Canadian privacy frameworks such as PIPEDA (where applicable for Canadian users). Depending on the specific processing activity, we rely on one or more of the following legal grounds:

Performance of a contract

Account creation and management: We process your identification, contact, technical and transactional data to register and maintain your gaming account, authenticate you, and provide access to the Website and games.
Provision of gambling services: Processing of stakes, bets, game results, bonuses, loyalty rewards and customer support interactions is necessary to fulfil our contractual obligations to you as a registered player.
Payments and withdrawals: We use your financial and transactional data to process deposits, pay out winnings, handle refunds and manage payment-related queries.

Compliance with legal obligations

Regulatory and licensing requirements: As a licensed operator under Curaçao eGaming (License No. 1668/JAZ) and the Kahnawake Gaming Commission (Remote Gaming License No. 00885), we are obliged to conduct KYC and AML checks, verify age and identity, prevent fraud and money laundering, and maintain certain records for prescribed periods.
Tax and accounting: We process relevant transactional and financial information to comply with applicable tax, accounting, reporting and record-keeping obligations.
Law enforcement and regulatory cooperation: We may be required to process and disclose personal data in response to valid requests from courts, regulators or law enforcement authorities.

Legitimate interests

Service security and integrity: We process technical, device and behavioural data to protect our systems and services against abuse, fraud, cheating, money laundering, cyber-attacks and other illegal or harmful activities, and to ensure the integrity of our games.
Service improvement and analytics: Usage and analytics data are used to understand how visitors and players use the Website, to improve user experience, develop new features, optimize performance and correct errors.
Business management: We may process data for internal reporting, risk management, business continuity, internal audits and corporate governance, provided such processing is proportionate and does not override your fundamental rights and freedoms.

Consent

Marketing communications: Where required by applicable law, we will obtain your explicit consent before sending you marketing emails, newsletters, promotional offers or push notifications. You may withdraw your consent at any time.
Non-essential cookies and tracking: We may rely on your consent to use non-strictly necessary cookies and similar technologies for analytics and advertising purposes, where required by law.
Special categories of data: We generally do not request or process sensitive personal data. If, in exceptional cases, such processing is necessary, we will request your explicit consent or rely on another lawful basis permitted by law.

Where we rely on legitimate interests, we conduct a balancing assessment to ensure that our interests do not override your rights and expectations. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

Purpose of Processing

We collect and process personal data for specific, explicit and legitimate purposes, and we do not process it in a manner incompatible with those purposes. The main purposes include:

Provision and management of casino services

Creating, verifying and managing your account on ethereum-ca.com as part of the Ethereum Casino offering for Canadian players.
Providing access to online casino games, sports betting (if applicable) and related functionalities, including participation in tournaments and promotional campaigns.
Processing deposits, withdrawals, internal transfers and other transactions, including crypto-based payments via PayBlock Ltd and other payment partners.
Providing user support, answering your questions and resolving technical or operational issues.

Compliance, risk management and fraud prevention

Conducting age and identity verification, KYC, AML and source-of-funds checks, in line with our licensing obligations in Curaçao and Kahnawake (Canada) and applicable international standards.
Detecting, investigating and preventing fraud, cheating, abuse of bonuses and promotions, chargebacks, account takeovers and any other misuse of our services.
Monitoring transactions and gameplay for suspicious patterns and reporting to competent authorities where required by law.

Service improvement and personalization

Analysing aggregated and pseudonymized data to understand how players use our services, identify trends, and improve the design and functionality of the Website.
Personalizing content, offers and recommendations based on your preferences, activity and profile, within the limits set by your privacy and marketing preferences.
Testing new features, updating our user interface, and performing quality assurance and troubleshooting.

Marketing, promotions and communications

Sending you service-related communications (e.g., account notifications, transactional emails, changes to our terms and policies) that are necessary for the performance of our contract or compliance with legal obligations.
With your consent where required, sending you marketing messages about our products, services, promotions, tournaments and loyalty programs, tailored to the extent permitted by law.
Conducting surveys, contests or feedback campaigns to better understand your experience and expectations.

Legal, regulatory and business purposes

Complying with our legal and regulatory obligations, responding to lawful requests from authorities, and protecting our legal rights and interests.
Keeping appropriate records for audit, compliance, tax and accounting purposes.
Supporting corporate transactions (e.g., restructuring, financing, transfer of business) where personal data may be processed in accordance with applicable laws and subject to appropriate safeguards.

Disclosure & Sharing

We do not sell your personal data. However, we may disclose or share your information with carefully selected third parties for the purposes described in this Privacy Policy and in accordance with applicable law. These recipients include:

Service providers and technical partners

Payment and crypto processing partners: Third-party payment providers, including PayBlock Ltd (Cyprus), banks, card processors, e-wallet providers and crypto exchange or gateway providers that process deposits and withdrawals on our behalf.
IT and infrastructure providers: Hosting providers, cloud computing services, content delivery networks, security and DDoS protection services, data storage and backup providers.
Game and platform providers: Licensed game studios, software providers and platform partners who supply games and related functionalities accessible on ethereum-ca.com.
Analytics and performance tools: Providers of analytics, monitoring, error tracking and performance optimization tools that help us understand and improve how our services are used.

Professional advisers and corporate affiliates

Affiliates and group entities: Other entities within our corporate group (including Web3 Gaming Group N.V. and its subsidiaries, such as PayBlock Ltd) that support operational, financial or compliance functions, always under appropriate confidentiality and data protection safeguards.
Professional advisers: Lawyers, auditors, consultants and other professionals who provide services to us and are bound by confidentiality obligations.

Regulators, authorities and dispute bodies

Gaming regulators: Curaçao eGaming authority, Kahnawake Gaming Commission and any other relevant regulatory body that supervises our operations, for compliance reporting, audits, investigations or licensing matters.
Law enforcement and public authorities: Police, courts, tax authorities and other governmental or supervisory bodies, where disclosure is required by law, court order or to protect our legitimate interests (e.g., to prevent crime or enforce legal claims).
Alternative dispute resolution entities: Independent dispute resolution bodies or mediators (if and when engaged) for handling complaints or disputes raised by players.

Marketing and advertising partners

Affiliates and marketing networks: Selected affiliate partners and advertising networks that promote ethereum-ca.com, with whom we may share limited pseudonymized or aggregated data for tracking conversions and campaign performance, subject to your consent where required.
Analytics and advertising cookies: Third-party cookies and tracking technologies used for analytics and, where permitted, targeted advertising, as described in the Cookies & Tracking Technologies section.

Business transfers

In the event of a merger, acquisition, restructuring, sale of assets, or transfer of all or part of our business, personal data may be transferred to the acquiring or successor entity, subject to appropriate safeguards and in accordance with applicable law. In such cases, we will use reasonable efforts to inform you of any material change in data controller identity or applicable practices.

Whenever we share personal data with third parties, we do so on the basis of written agreements that require such parties to implement appropriate security measures and process personal data only in accordance with our instructions and applicable laws.

International Transfers

Due to the international nature of online gaming and crypto-based payment processing, your personal data may be transferred to and processed in countries outside your province or country of residence, including outside Canada and the European Economic Area (EEA). These countries may have different data protection standards than those in your home jurisdiction.

Categories of cross-border transfers

To Curaçao and other non-EEA jurisdictions: As Web3 Gaming Group N.V. is licensed in Curaçao, and certain core systems are operated there, your data may be processed on servers or by entities located in Curaçao or other non-EEA jurisdictions.
To Cyprus and other service locations: Payment processing and supporting services provided by PayBlock Ltd (Cyprus) and other technical partners may involve transfers to Cyprus and additional jurisdictions where their infrastructure is hosted.
To global service providers: Cloud hosting, analytics, security and other service providers may operate from various countries worldwide, including the EU/EEA, the United States and other regions.

Safeguards for international transfers

Contractual protections: Where required, we implement appropriate contractual safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent instruments, to ensure that personal data transferred outside the EEA receives an adequate level of protection.
Regulatory and contractual obligations: We require our service providers and partners to comply with applicable data protection laws and to maintain robust security measures in line with industry standards (e.g., ISO 27001 or SOC 2 where applicable).
Risk assessments: We assess the legal and technical environment of destination countries and implement additional safeguards where necessary (e.g., encryption, access controls, data minimization).

By using ethereum-ca.com and providing your personal data, you acknowledge that your information may be transferred and processed outside your jurisdiction as described above, subject to the safeguards we implement.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the category of data and applicable law, including the requirements of Curaçao eGaming and the Kahnawake Gaming Commission.

General retention periods

Account and identification data: Typically kept for the duration of your account and, following account closure, for a period not exceeding five (5) years, unless a longer period is required by AML, gaming, tax or other applicable laws or justified by ongoing disputes.
KYC/AML documentation: Copies of identity documents, proof of address and related verification records may be retained for a minimum of five (5) years after the end of the business relationship or from the date of the last transaction, in accordance with relevant AML regulations and licensing obligations, potentially extended where legally required.
Transaction and gaming records: Bet histories, transaction logs, winnings, losses and game results are generally stored for at least five (5) years from the relevant transaction or account closure date, to meet regulatory, accounting and audit requirements.
Technical and usage logs: Server logs and technical data may be stored for shorter periods, typically between six (6) months and three (3) years, depending on security, troubleshooting and analytics needs.
Marketing data: Information relating to marketing communications and preferences is kept for as long as you remain subscribed and for a reasonable period thereafter to demonstrate compliance with consent requirements and to manage opt-out records.
Customer support and complaint records: Communications with support and complaint files are generally retained for up to five (5) years after resolution, or longer if necessary for legal defence or regulatory investigations.

Deletion and anonymization

When personal data is no longer needed for its original purposes and no longer required by law, we will securely delete, anonymize, or aggregate it so that it can no longer be associated with an identifiable individual.
If you request deletion of your data, we will assess whether we can honour your request in full or in part, subject to legal retention obligations (e.g., AML rules may require us to retain certain information despite a deletion request).

We periodically review the data we hold and update our retention schedules to ensure compliance with evolving legal and regulatory requirements through at least 2026.

Your Rights

Depending on your place of residence and the applicable laws, you may have various rights in relation to your personal data. We aim to provide a level of protection aligned with internationally recognized standards such as the EU GDPR, as well as Canadian privacy laws (including principles similar to those in PIPEDA). While the reference in this section to Mexican law is included for alignment with broader privacy frameworks, our primary legal focus for Ethereum Casino is compliance with our licensing jurisdictions and Canadian players' expectations.

Key data protection rights

Right of access: You have the right to obtain confirmation as to whether we process personal data about you and, if so, to receive a copy of such data and additional information about the processing.
Right to rectification: You may request correction of inaccurate personal data and completion of incomplete information (e.g., updating your address or contact details).
Right to erasure ("right to be forgotten"): In certain circumstances, you may request deletion of your personal data, for example where the data is no longer necessary, you withdraw consent (where consent was the sole legal basis), or you believe the processing is unlawful. This right is subject to legal retention obligations.
Right to restriction of processing: You may ask us to restrict processing of your data in specific situations, such as when you contest the accuracy of the data or object to processing and we are verifying such request.
Right to object: Where we process your data based on legitimate interests or for direct marketing purposes, you may object at any time. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests or such processing is necessary for legal claims.
Right to data portability: Where technically feasible and where processing is based on consent or contract and carried out by automated means, you may request to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to have it transmitted to another controller.
Right to withdraw consent: Where processing is based on your consent (e.g., marketing communications, certain cookies), you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Right not to be subject solely to automated decision-making: Where applicable, you may have the right to request human review of decisions that are based solely on automated processing and that significantly affect you.

How to exercise your rights

Submit your request: Contact us via email at [email protected] (or [email protected] with the subject "Privacy Request") from the email address associated with your account, or provide sufficient information for us to verify your identity.
Verification: We may request additional information or documents to confirm your identity and ensure that we do not disclose data to an unauthorized person.
Processing your request: We will respond to your request as soon as reasonably practicable and, in any case, within thirty (30) days of receipt, unless a longer period is permitted by law due to complexity or number of requests. If an extension is necessary, we will inform you of the reasons and the extended timeframe.
Fees: We will handle your requests free of charge, unless they are manifestly unfounded or excessive (for example, repeated requests). In such cases, we may charge a reasonable fee or refuse to act on the request, as permitted by law.

Some rights may be subject to limitations under applicable law (e.g., where disclosure would adversely affect the rights of others, or where we must retain data due to AML or gaming regulations). If we cannot fully meet your request, we will explain the reasons, subject to legal and regulatory constraints.

Cookies & Tracking Technologies

We use cookies and similar technologies on ethereum-ca.com to enable core functionality, enhance user experience, perform analytics and, where permitted, deliver personalized content and advertisements.

Types of cookies we use

Strictly necessary (session) cookies: These cookies are essential for the operation of the Website and the provision of our services (e.g., to maintain your session, enable secure login, and process transactions). They are usually session-based and expire when you close your browser.
Functional (persistent) cookies: These cookies remember your preferences, such as language, region, and display settings, and may remain on your device for a longer period to make your future visits more convenient.
Analytics and performance cookies: Set by us or third-party analytics providers, these cookies help us understand how visitors use the Website (e.g., pages visited, time spent, error reports) so we can improve performance and user experience. Data may be aggregated and anonymized.
Advertising and affiliate cookies: These cookies may be used to track the effectiveness of our marketing campaigns, attribute traffic to our affiliate partners, and, where permitted, deliver or measure personalized advertisements. They may be set by us or by our marketing and affiliate partners.

Managing cookies

Browser settings: Most web browsers allow you to manage, block or delete cookies through their settings. You can typically configure your browser to block all cookies, accept only certain types, or notify you when a site places a cookie. Blocking cookies may impact the functionality of the Website.
In-site controls: Where available, we may provide an internal cookie management panel or banner to allow you to accept or reject non-essential cookies (e.g., analytics or advertising cookies).
Opt-out from analytics/advertising tools: Some third-party providers offer their own opt-out mechanisms (e.g., browser add-ons or opt-out pages). Details, where relevant, will be provided in our cookie notices.

By continuing to use the Website without adjusting your browser or in-site settings, you consent (where legally required) to the use of cookies and similar technologies as described in this Policy.

Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. While no system can be guaranteed as completely secure, we strive to maintain security measures consistent with industry best practices and, where applicable, international standards.

Technical security measures

Encryption in transit and at rest: Data transmitted between your browser and ethereum-ca.com is protected using TLS 1.2 or higher. Where appropriate, we use strong encryption algorithms to protect sensitive data at rest in our databases and backups.
Access controls and authentication: Access to personal data is restricted to authorized personnel and service providers who require it for their duties, using role-based access control, unique credentials and, where feasible, multi-factor authentication.
Network and infrastructure security: We employ firewalls, intrusion detection and prevention systems, DDoS protection, and secure configuration practices to protect our infrastructure and services.

Organizational and procedural measures

Policies and training: We maintain internal policies on data protection, information security and acceptable use. Staff who handle personal data receive appropriate training regarding confidentiality and data protection obligations.
Vendor management: We carefully select service providers and require them to implement appropriate security measures. Data processing agreements are in place where required by law.
Regular audits and testing: We may perform security assessments, vulnerability scans and, where appropriate, penetration testing of critical systems to identify and remediate potential weaknesses.
Incident response: We maintain procedures for identifying, assessing and responding to data security incidents. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals and relevant authorities in accordance with applicable law.

While we take considerable steps to protect your data, you also play a role in security. You should keep your account credentials confidential, use strong passwords, enable additional security features where available, and promptly notify us at [email protected] if you suspect unauthorized access to your account.

Complaints & Contacts

If you have questions, concerns or complaints about this Privacy Policy or how we handle your personal data, you are encouraged to contact us first so that we can attempt to resolve the issue directly.

Contacting us

Privacy and data protection contact: [email protected]
General and support enquiries: [email protected] or [email protected]
Postal correspondence: Web3 Gaming Group N.V. - Privacy, (current legal or mailing address as provided on https://ethereum-ca.com).

Internal complaint procedure

Submit your complaint: Send a detailed description of your concern, including relevant dates, account details and any supporting evidence, to [email protected] or via any available contact form indicated on the Website.
Acknowledgement: We will acknowledge receipt of your complaint as soon as practicable, generally within five (5) business days.
Investigation: We will review your complaint, gather relevant information and, where necessary, consult with internal departments or service providers involved in the processing.
Response: We aim to provide a substantive response within thirty (30) days of receipt of your complaint or request, unless a shorter or longer period is mandated by applicable law. If additional time is required due to complexity, we will inform you of the extension and the reasons.
Escalation: If you are not satisfied with our response, you may request further review or escalate the matter by responding to our decision email, providing your reasons and any additional information.

Supervisory authorities and external remedies

Depending on your location and the applicable law, you may have the right to lodge a complaint with a competent data protection or privacy supervisory authority in your jurisdiction. For Canadian players, this may include, for example:

Office of the Privacy Commissioner of Canada (OPC):
Website: https://www.priv.gc.ca
Contact details are available on the OPC's website.
Provincial privacy commissioners: In some Canadian provinces, separate privacy commissioners or information and privacy commissioners may be competent for certain matters (e.g., Alberta, British Columbia, Quebec). Their contact details can be found on their respective official websites.

Nothing in this Privacy Policy limits your right to seek other remedies available under applicable law.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal or regulatory requirements, or for other operational reasons relevant to Ethereum Casino and the operation of ethereum-ca.com.

How we will inform you

Website publication: The latest version of this Privacy Policy will always be available on https://ethereum-ca.com. We will indicate the "Last updated" date at the top or bottom of the Policy.
Email notifications: For material changes that significantly affect how we process your data or your rights, we will endeavour to notify registered players by email using the address associated with their account.
On-site notices: We may display banners, pop-ups or dashboard alerts within your account to draw your attention to important updates.

Effective date of changes and your options

Advance notice: Where feasible and required for material changes (e.g., changes that significantly broaden data uses or introduce new categories of recipients), we will provide at least thirty (30) days' advance notice before the updated Policy becomes effective.
Review and acceptance: Continued use of ethereum-ca.com after the effective date of an updated Privacy Policy will constitute your acknowledgment and, where relevant, consent to the updated terms.
Right to object or close account: If you do not agree with material changes, you may choose to stop using the Website and, where applicable, request account closure and exercise your rights regarding your personal data as described above. In such cases, we will continue to process your data only to the extent necessary for legal, regulatory and legitimate business purposes.

Last updated: January 2025 (intended to remain applicable, subject to further updates, through at least 2026).