burger icon
Kudos Casino
Log In

Privacy Policy

Introduction - Observe: This Privacy Policy explains how kudos-casino, operating at https://kudos-casino-ca.com, collects, uses, discloses, and protects personal information of players and website visitors in Canada. Expand: It applies to account holders, prospective players, affiliate inquiry submitters, and casual visitors interacting with our site, apps, live chat, and support channels. Reflect: By using our services, you consent to this Policy and any jurisdiction-specific notices presented to you. Effective date: 27 October 2025.

Who We Are

Observe: Operator identity and contacts.

  • Operator: IG Services N.V., a company incorporated in Curaçao, operating kudos-casino exclusively via https://kudos-casino-ca.com for Canadian users.
  • Registration and licensing: Curaçao jurisdiction claimed. License number and company registration number were not provided on the source site and remain under verification as of 27 October 2025. We will update this Policy once verified.
  • Registered/Legal address: Not publicly disclosed at the time of writing. Official corporate address details will be provided upon verification or on request through our privacy contact below.
  • Data Protection contact (DPO/data protection desk): [email protected] (24/7). Please include "Privacy Request" in the subject line for faster routing.
  • Other contact channels: 24/7 live chat via our website.

Reflect: Until formal corporate particulars are published, all privacy requests and regulatory correspondence should be sent to the email above; we will acknowledge and route them to the accountable privacy lead.

What Personal Data We Collect

Observe: We collect information needed to operate a real-money gaming platform and meet legal obligations. Expand: Categories include:

  • Identification and contact data: full name, username, date of birth, address, email, phone, government-issued ID and selfies for KYC, proof of address.
  • Account and behavioral data: registration details, preferences, wagering and game history, session duration, wins/losses, bonuses claimed, responsible gambling settings, support interactions, clicks and navigation events.
  • Financial and payment data: payment instrument type (e.g., card BIN, e-wallet handle), masked card data, transaction timestamps, amounts, deposit/withdrawal status, chargeback records.
  • Technical data: IP address, device identifiers, OS/browser, language, time zone, approximate geolocation, referral URLs, log files, device risk scores.
  • Compliance and risk data: AML screening outcomes, sanctions/PEP checks, fraud signals, self-exclusion status, dispute records.
  • Cookies and similar technologies: session and persistent cookies, SDK storage, pixels, and tags used for functionality, analytics, and, with consent, advertising.

Reflect: We collect only what is necessary for service delivery, safety, compliance, and user choices you enable.

Legal Basis for Processing

Observe: Our processing is grounded in applicable laws, notably Canada's PIPEDA and, where relevant, GDPR and other regimes. Expand:

  • Consent: for account creation, non-essential cookies, marketing communications (CASL), and optional features; you may withdraw at any time.
  • Contractual necessity: to create and administer your account, process deposits/withdrawals, provide support, and deliver games and bonuses you request.
  • Compliance with legal obligations: KYC/AML, fraud monitoring, self-exclusion, record-keeping, tax and regulatory reporting under our licensing and applicable laws.
  • Legitimate interests (where permitted): securing our platform, preventing fraud/abuse, service analytics and improvement. For EEA users, we apply a GDPR balancing test; for Canada, these purposes are pursued in a manner a reasonable person would consider appropriate under PIPEDA.

Reflect: When laws differ, we apply the most protective basis required for your location, and we seek consent for uses not otherwise required or permitted by law.

Purpose of Processing

Observe: We use data to run a safe, compliant casino. Expand:

  • Service delivery: account setup, age/identity verification, payments, game access, bonus management, customer support.
  • Safety and compliance: AML/sanctions screening, fraud prevention, dispute handling, self-exclusion and responsible gambling tools, audit logs.
  • Analytics and improvement: performance monitoring, troubleshooting, feature development, quality assurance.
  • Marketing (with consent under CASL): promotional emails, SMS or in-app messages; you can opt out anytime.
  • Legal defense and business continuity: to manage incidents, enforce terms, and maintain secure operations.

Reflect: We do not sell personal information. We minimize use to what is necessary for stated purposes.

Disclosure & Sharing

Observe: We share data with trusted parties to provide services and meet laws. Expand:

  • Payment and banking partners: card processors, e-wallets, payout intermediaries for deposits/withdrawals and fraud checks.
  • KYC/AML and risk service providers: identity verification, document authenticity, sanctions/PEP screening, device fingerprinting and fraud scoring.
  • Technology vendors: hosting/CDN, cybersecurity, analytics, customer support tools, email/SMS providers.
  • Affiliates and marketing networks: only with your consent for advertising or attribution, using pseudonymous identifiers where possible.
  • Regulators and authorities: gaming and financial regulators, law enforcement, tax and reporting bodies when required by law or to protect legal rights.
  • Corporate transactions: in mergers, acquisitions, or asset sales, subject to confidentiality and consistent privacy safeguards.

Reflect: All vendors are contractually bound to strict confidentiality, security, and purpose limitation obligations.

International Transfers

Observe: Data may be processed outside your province/Canada (e.g., Curaçao, United States, European Economic Area). Expand: We implement appropriate safeguards:

  • Contractual protections: vendor data protection agreements requiring confidentiality, robust security, and onward-transfer limits. For EEA data, we use EU Standard Contractual Clauses and conduct transfer impact assessments.
  • Quebec (Law 25) assessments: for transfers outside Quebec, we assess legal regime equivalence and implement mitigation where needed.
  • Access and transparency: you may contact us for details of specific transfer safeguards applicable to your data.

Reflect: Regardless of location, we require partners to protect your information to standards comparable to Canadian law.

Data Retention

Observe: We keep data only as long as needed. Expand: Typical periods:

  • Account and identity (KYC) records: for the life of the account and up to 5 years after closure to meet AML and audit obligations, unless a longer legal period applies.
  • Transaction and payment records: up to 5 years after the related transaction or account closure, whichever is later.
  • Compliance and dispute files: until the matter is resolved plus up to 5 years, or longer if legally required.
  • Marketing data: until you withdraw consent or after 24 months of inactivity, whichever occurs first.
  • Technical logs and risk data: 12-24 months, unless needed to investigate security incidents or fraud.
  • Cookies: session cookies expire when you close your browser; persistent cookies typically last 3-24 months unless cleared sooner.

Reflect: We securely delete or irreversibly de-identify data when retention periods end or when processing purposes cease.

Your Rights

Observe: Rights vary by jurisdiction; we strive to honor the most protective standard applicable to you. Expand:

  • Canada (PIPEDA and provincial private-sector laws): access your personal information, request corrections, withdraw consent to non-essential processing (e.g., marketing), challenge our compliance, and obtain information about our practices and cross-border transfers.
  • EU/EEA (GDPR): rights of access, rectification, erasure, restriction, objection (including to profiling/legitimate interests), data portability, and the right to lodge a complaint with a supervisory authority. Where we rely on consent, you may withdraw it at any time.
  • Mexico (LFPDPPP): ARCO rights-Access, Rectification, Cancellation, and Opposition-plus withdrawal of consent and limitation of use/disclosure. We also provide portability where legally required.

How to exercise your rights

  1. Submit: email [email protected] with "Privacy Request" and specify your request (access, correction, deletion, etc.). You may also use live chat for initial routing.
  2. Verify: we may request additional information to confirm identity and protect your account.
  3. Response time: we aim to respond within 30 days of receipt. Where local law requires a shorter period (e.g., Mexico generally 20 business days), we will honor the shorter statutory timeframe.
  4. Cost: requests are handled free of charge unless manifestly unfounded or excessive; if fees apply, we will explain why and provide options.

Reflect: Some rights may be limited by legal obligations (e.g., AML retention). We will explain any denial or limitation with reasons.

Cookies & Tracking Technologies

Observe: We use cookies and similar tools. Expand: Types and purposes:

  • Essential (session/persistent): security, authentication, load balancing, preferences; required for the site to function.
  • Analytics (first/third-party): performance and usage measurement to improve services; implemented with privacy controls.
  • Advertising/affiliates (third-party): ad measurement and attribution; used only with your consent where required (e.g., Quebec Law 25, EU ePrivacy/GDPR).

Managing cookies

  • Consent banner: use our on-site preferences panel to accept, reject, or fine-tune non-essential cookies.
  • Browser settings: block or delete cookies via your browser; doing so may impact functionality.

Reflect: We honor your preferences across sessions where technically feasible by storing a minimal essential cookie.

Data Security

Observe: We implement layered safeguards. Expand: Measures include:

  • Encryption: TLS 1.2+ in transit; industry-standard encryption at rest for sensitive fields.
  • Access controls: role-based access, MFA for administrators, least-privilege principles, and credential vaulting.
  • Monitoring and testing: logging, anomaly detection, regular vulnerability scans, and independent penetration testing.
  • Operational resilience: segmented environments, backups, and disaster recovery procedures.
  • People and process: staff background checks where lawful, security and privacy training, and vendor due diligence.
  • Incident response: defined playbooks, user and authority notifications where required by law, and post-incident reviews.

Reflect: Our controls align with recognized industry frameworks (e.g., ISO/IEC 27001 and SOC 2) as best practices; we do not claim formal certification unless expressly stated on our site.

Complaints & Contacts

Observe: We provide clear channels for concerns. Expand:

  • Primary contact (DPO desk): [email protected]
  • Live chat: 24/7 via our website for initial triage.
  • Procedure: send a description of your issue and desired outcome. We will acknowledge within 5 business days and provide a substantive response within 30 days.

Escalation to authorities

  • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/en/
  • Quebec: Commission d'accès à l'information - https://www.cai.gouv.qc.ca/
  • British Columbia: OIPC BC - https://www.oipc.bc.ca/
  • Alberta: OIPC Alberta - https://oipc.ab.ca/
  • EU/EEA (if applicable): find your authority via the EDPB - https://edpb.europa.eu/about-edpb/board/members
  • Mexico: INAI - https://www.inai.org.mx/

Reflect: Please contact us first so we can address your concern promptly; you always retain the right to complain to a regulator.

Updates

Observe: We may revise this Policy to reflect changes in law, technology, or our services. Expand:

  • Notice methods: email notifications, prominent website banners, and account dashboard alerts.
  • Advance notice: for material changes, we will provide at least 30 days' notice before the new terms take effect; continued use after the effective date constitutes acceptance.
  • User options: you may object to material changes that reduce your rights; if you do not agree, you may close your account and request data deletion subject to legal retention.
  • Versioning: Last updated: October 2025. We maintain a changelog of material updates upon request.

Reflect: We encourage you to review this Policy periodically to stay informed about our privacy practices.