Privacy Policy

This Privacy Policy explains how power-play at https://power-play-ca.com collects, uses, discloses, and protects personal information of players and site visitors. It applies to all visitors and registered players, including those located in Canada and, where applicable, in Ontario under the iGaming Ontario framework. Effective date: 27 October 2025.

Who We Are

power-play is operated for Canadian players by Deck Entertainment B.V., a private limited company registered in Curaçao (company no. 144851), with its legal address at Pletterijweg 43, 1st Floor, KeyDoS Building, Curaçao, Dutch Caribbean. Payment services for certain methods may be provided by Finacol Limited, Athinon 5, Agios Antonios, 1015 Nicosia, Cyprus. For players located in Ontario, operations are conducted under registration with the Alcohol and Gaming Commission of Ontario (AGCO) and an operating agreement with iGaming Ontario (iGO).

Data Protection Contact (DPO/Data Protection Office):

Email: privacy@power-play-ca.com
Postal: Data Protection Office, Deck Entertainment B.V., Pletterijweg 43, 1st Floor, KeyDoS Building, Curaçao, Dutch Caribbean

If you are an Ontario player, some personal information is processed as part of iGO's conduct-and-manage framework. We will coordinate with iGO on privacy requests where required by Ontario's framework.

What Personal Data We Collect

Identity and contact: full name, date of birth, address, nationality, email, phone, government-issued IDs for KYC, proof of address.
Account and behavioral data: username, preferences, responsible gambling settings, session activity, clicks, bet and game history, bonuses, loyalty data.
Financial and transactional: payment method details (tokenized where possible), deposits/withdrawals, currency, IBAN/last 4 digits of card, chargeback data, tax and audit trails.
Technical: IP address, device identifiers, OS/browser data, language, geolocation approximations, connection logs, fraud indicators, cookies and similar technologies.
Compliance and risk: sanctions/PEP screening results, source-of-funds/source-of-wealth documentation, self-exclusion status, RG interactions.
Communications: emails, chat transcripts, support tickets, marketing preferences, consent records.
Cookies and trackers: session, persistent, and third‑party cookies; SDKs and pixels for functionality, analytics, and (with consent) advertising.

Legal Basis for Processing

Consent (PIPEDA, provincial PIPA equivalents): we obtain express or implied consent to create and operate your account, send optional marketing, use non-essential cookies, and conduct certain analytics. You may withdraw consent at any time, subject to legal or contractual limits.
Contractual necessity: to provide the gaming service, verify age/eligibility, process payments, credit bonuses, pay winnings, provide support, and operate your account.
Legitimate interests / appropriate purposes: fraud prevention, security, service analytics, service improvement, and safeguarding the integrity of gaming, balanced against your privacy rights and expectations.
Legal obligations: identity verification, anti‑money laundering and anti‑terrorist financing (e.g., Canada's PCMLTFA), sanctions screening, recordkeeping, audit, tax reporting, regulatory reporting to AGCO/iGO (Ontario) and other regulators.
Ontario players: certain processing is required to meet iGO/AGCO standards and may involve sharing with iGO as conduct-and-manage authority.
If GDPR applies (EEA visitors): consent, contract, legitimate interests, legal obligations, and establishment/exercise of legal claims may apply as legal bases.

Purpose of Processing

Provide, operate, and secure gaming accounts and services, including responsible gambling tools and player support.
Process payments, fulfill withdrawals, prevent fraud and chargebacks, and investigate suspicious activities.
Meet regulatory, AML/CTF, sanctions, and audit obligations, including mandatory reporting.
Maintain service quality, perform troubleshooting, analytics, testing, and product improvement.
Personalize experience, present relevant content, and-where consented-send promotions and offers.
Handle disputes, complaints, and enforce terms, including debt recovery where lawful.

Disclosure & Sharing

Payment and banking partners: card acquirers, banks, e-wallets, and payment processors (including Finacol Limited in Cyprus for certain methods) to process deposits/withdrawals and prevent fraud.
KYC/AML and risk providers: identity verification, sanctions/PEP screening, fraud detection, geolocation services, and chargeback management vendors.
Regulators and authorities: AGCO and iGaming Ontario (for Ontario players), Curaçao Gaming Authority (license oversight), law enforcement, courts, and tax/audit authorities, when required.
Technology and security vendors: hosting, cloud, CDN, DDoS protection, logging/monitoring, email/SMS gateways, and analytics providers under data processing agreements.
Affiliates and marketing partners: only where permitted by law and your consent/preferences; advertising networks and measurement providers receive limited data or pseudonymous IDs.
Corporate transactions: in mergers, acquisitions, financings, or asset transfers, subject to confidentiality and applicable law.
iGO framework (Ontario): we may share necessary player and transaction data with iGO and AGCO to meet Ontario requirements.

International Transfers

We may transfer personal information to jurisdictions outside your province or Canada, including Curaçao (CW), Cyprus (CY), the European Economic Area (EEA), the United States, and other locations where our service providers operate. We use contractual and technical safeguards appropriate to the sensitivity of the data, such as:

Data processing agreements with Standard Contractual Clauses (for EEA transfers), and vendor risk assessments.
Vendors certified under the EU-U.S. Data Privacy Framework where applicable, or equivalent safeguards.
Encryption in transit and at rest, strict access controls, and minimization/pseudonymization where feasible.

Transfers are conducted in compliance with PIPEDA/provincial laws. For Ontario players, transfers and sharing follow iGO/AGCO privacy and security requirements.

Data Retention

We retain personal information only as long as necessary for the purposes described or as required by law. Typical periods:

Category	Typical retention
Account profile and identity (KYC)	5-7 years after account closure to satisfy AML/audit obligations
Transaction and betting history	7 years for audit, tax, dispute resolution
Compliance and RG records	7 years or longer if legally required
Support communications	2-5 years after closure of the ticket, depending on context
Marketing preferences and consent logs	While active and up to 2 years after withdrawal of consent (audit trail)
Cookies/analytics data	90 days to 2 years depending on cookie type and necessity

Deletion criteria include account closure, expiry of statutory periods, withdrawal of consent where applicable, or completion of the processing purpose. We may retain limited data to meet legal obligations or resolve disputes.

Your Rights

Canada (PIPEDA and applicable provincial laws)

Access: request confirmation and a copy of personal information we hold.
Correction: request updates to inaccurate or incomplete data.
Withdrawal of consent: opt out of marketing and withdraw consent for non-essential processing, subject to legal/contractual limits.
Portability (where feasible): request your data in a commonly used format.
Complaints: lodge a complaint with us and with the Office of the Privacy Commissioner of Canada (OPC).

Ontario players

Some information is managed under iGaming Ontario's conduct-and-manage framework. We will coordinate privacy requests with iGO as required. You may also contact iGO about your information.

European Economic Area (if GDPR applies)

Rights of access, rectification, erasure, restriction, portability, and objection; rights related to automated decision-making, including profiling, where applicable.

Mexico (if LFPDPPP applies)

ARCO rights: Access, Rectification, Cancellation, and Opposition, subject to statutory exceptions.

How to exercise your rights

Submit a request to privacy@power-play-ca.com, from your registered email, describing the right you wish to exercise.
Verification: we may request additional information to confirm your identity and jurisdiction.
Response time: we aim to respond within 30 days. If an extension is needed, we will notify you with reasons and a new timeline.
Fees: requests are free of charge, except reasonable costs permitted by law for repetitive or manifestly excessive requests.

Legal limitations may apply (e.g., AML recordkeeping, security, or regulatory requirements). We will explain the basis if we cannot fulfill a request.

Cookies & Tracking Technologies

Session cookies: essential for login, security, and core site functions; expire when you close your browser.
Persistent cookies: remember preferences and improve performance; retained for a defined period.
Third‑party cookies/SDKs: analytics, anti‑fraud, and-with consent-advertising/measurement pixels.

Purposes include site functionality, security/fraud prevention, audience measurement, personalization, and marketing (subject to consent). You can manage cookies in your browser settings, use our in‑site cookie controls where available, or opt out of advertising cookies through industry tools. Disabling essential cookies may impair site functionality.

Data Security

TLS 1.2+ encryption in transit; encryption at rest for sensitive datasets.
Role‑based access control, least privilege, MFA for administrative access, secure key management.
Secure SDLC, code reviews, vulnerability scanning, and periodic penetration testing.
Network security with firewalls, WAF/CDN, DDoS mitigation, and continuous monitoring/logging.
Vendor security due diligence, DPAs, and ongoing oversight.
Employee privacy/security training and background checks where appropriate.
Incident response plan including detection, containment, notification (as required by law), and remediation.

We align our controls with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where appropriate; we do not claim certification unless explicitly stated. No system is perfectly secure, but we continuously improve our safeguards.

Complaints & Contacts

Contact us

Data Protection Office: privacy@power-play-ca.com
Postal: Deck Entertainment B.V., Pletterijweg 43, 1st Floor, KeyDoS Building, Curaçao, Dutch Caribbean

Contact our DPO with your concern; include relevant details and your account email.
We will acknowledge receipt and aim to resolve within 30 days.
If unresolved, you may escalate as described below.

Regulatory escalation

Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/
Ontario (iGaming players): iGaming Ontario - https://www.igamingontario.ca/en; Information and Privacy Commissioner of Ontario - https://www.ipc.on.ca/
EEA (if GDPR applies): Contact your local Data Protection Authority - https://edpb.europa.eu/about-edpb/board/members_en
Mexico (if applicable): Instituto Nacional de Transparencia (INAI) - https://www.inai.org.mx/

Updates

We may update this Privacy Policy to reflect legal, regulatory, or operational changes. We will notify you of material changes via email, account dashboard alerts, and/or a website banner on https://power-play-ca.com. For significant changes, we will provide at least 30 days' advance notice where feasible. If you do not agree to the changes, you may adjust your preferences or close your account before the effective date.

Version control: Last updated: October 2025.

Material change log examples: clarifications to Ontario/iGO sharing; updates to international transfer safeguards; retention schedule refinements.

We will maintain prior versions upon request where required by law.