Privacy Policy

This Privacy Policy explains how king-maker collects, uses, discloses, and protects personal information for players and website visitors of king-maker-ca.com. It applies to individuals in Canada (service not offered in Ontario) and, where applicable, to users located in other jurisdictions described below. Effective date: October 1, 2025.

Who We Are

LoT OBSERVE -> We identify the accountable organization and contacts. EXPAND -> We disclose license claims and jurisdictional scope. REFLECT -> We provide clear channels for privacy inquiries while pending corporate confirmations.

• Accountable organization (Canada): For the purposes of Canada's PIPEDA, king-maker (the "Service") is accountable for personal information under its control. The brand launched in 2025 for Canada (outside Ontario).
• Operator legal entity: Final legal name, legal address, and registration number are under verification. This section will be updated upon confirmation. Until then, the king-maker Privacy Team is your primary contact for privacy matters.
• Regulatory and licensing statements (disclosure):
  • The brand reports offshore gaming licenses including: Gaming Board of Anjouan (license ALSI-152406028-F12) and Curacao (license details under clarification). These claims are being verified and do not constitute authorization to operate in Ontario, Canada.
  • No iGaming Ontario (AGCO) license: The service is not offered in Ontario. Ontario residents should not use the Service.
• Primary contact channels (Data Protection Team):
  • Email (general privacy and access requests): support@king-maker-ca.com
  • Email (complaints/escalations): complaints@king-maker-ca.com
  • Website: https://king-maker-ca.com
  • Live chat: 24/7 via the website Help Center
  • Postal details: To be published in this section upon corporate confirmation

What Personal Data We Collect

LoT OBSERVE -> We list data categories. EXPAND -> We include technical/behavioral data and cookies. REFLECT -> We align categories with gaming compliance (KYC/AML and fraud prevention).

• Identity and contact data: full name, date of birth, address, country/province, email, phone, government-issued ID data (for KYC), selfies/face match (where required), account username.
• Account and usage data: account settings, communication preferences, session logs, support tickets, live chat transcripts.
• Technical data: IP address, device identifiers, operating system, browser, screen resolution, language, referrer/UTM, connection timestamps, diagnostic logs, fraud/device fingerprinting signals.
• Gaming and behavioral data: deposits/withdrawals, wagering history, game events, wins/losses, risk scoring flags, clicks/scrolls on product pages, bonus usage, self-exclusion or limits set.
• Payment and financial data: partial card/bank/wallet details (tokenized where possible), payment tokens, transaction IDs, chargeback history, billing address; we do not store full raw card PANs when using PCI-compliant PSPs.
• Compliance data: sanctions/PEP screening results, source-of-funds documentation, adverse media findings, dispute/complaint records.
• Cookies and similar technologies: session and persistent cookies, third-party analytics/advertising cookies (with consent), SDKs, pixels, local storage, and similar identifiers. See Cookies section.

Legal Basis for Processing

LoT OBSERVE -> We state the lawful bases for different jurisdictions. EXPAND -> We map bases to use cases. REFLECT -> We ensure multi-regime compatibility (Canada, GDPR, Mexico).

• Canada (PIPEDA and substantially similar provincial laws):
  • Consent: We obtain implied or express consent for most processing (account setup, gameplay, personalization, marketing where applicable).
  • Reasonable purposes without consent: Where permitted (e.g., fraud detection, security, internal audits) and as limited by law.
  • Legal obligations: Compliance with anti-money laundering and recordkeeping laws (e.g., PCMLTFA/FINTRAC guidance), tax, and reporting duties.
• EEA/UK (if applicable to you): Contract necessity (service provision, payments), legal obligation (KYC/AML where applicable), legitimate interests (security, analytics, improvement), and consent (marketing, non-essential cookies).
• Mexico (if applicable to you): Consent and exceptions under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), including ARCO rights; transfers require appropriate notices and, where required, consent.

Purpose of Processing

LoT OBSERVE -> We enumerate purposes. EXPAND -> We connect purposes to product operations and compliance. REFLECT -> We limit use to specified purposes and compatible uses.

• Provide and operate the Service: account creation, identity verification, age/geolocation controls, gameplay, processing deposits/withdrawals, customer support.
• Compliance and risk management: KYC/AML screening, transaction monitoring, sanctions/PEP checks, fraud prevention, dispute handling, audit logs, regulatory reporting.
• Improve and personalize: diagnostics, performance monitoring, A/B testing, personalization of content and offers, user experience optimization.
• Marketing and communications: service announcements, promotions and newsletters (with consent where required), bonus lifecycle communications, surveys and feedback.
• Analytics and measurement: aggregated usage metrics, product insights, business intelligence with appropriate de-identification where feasible.
• Security: access controls, anomaly detection, incident response, abuse prevention, and enforcing our Terms.

Disclosure & Sharing

LoT OBSERVE -> We identify recipients. EXPAND -> We specify scenarios and safeguards. REFLECT -> We restrict sharing to necessity and legal compliance.

• Payment partners and banks: to process deposits/withdrawals, verify payments, and manage chargebacks (PCI-compliant PSPs, card schemes, wallet providers).
• Service providers (processors): hosting/cloud, analytics, identity verification, sanctions/PEP screening, email/SMS, customer support platforms, anti-fraud vendors-bound by contracts and confidentiality.
• Regulators and law enforcement: where required by law or to protect rights (e.g., AML reporting, lawful requests, court orders).
• Affiliates and group companies: limited sharing for operations, support, and compliance; subject to intra-group agreements and safeguards.
• Advertising/retargeting partners: only with your consent for non-essential cookies or where permitted by law; you may withdraw consent at any time.
• Business transactions: during due diligence or completion of a merger, acquisition, financing, or asset sale, under confidentiality and subject to this Policy.

International Transfers

LoT OBSERVE -> We note cross-border flows. EXPAND -> We describe safeguards. REFLECT -> We ensure lawful transfer mechanisms and risk mitigation.

• Destinations: Your data may be processed in Canada; the European Economic Area/UK; the United States (cloud and communications providers); Curacao; Anjouan (Union of the Comoros); and other locations of vetted vendors.
• Safeguards:
  • For EEA/UK personal data: European Commission/UK ICO Standard Contractual Clauses (SCCs), transfer impact assessments, encryption-in-transit/at-rest, and access controls. Where providers participate in the EU-US Data Privacy Framework, we take that into account but rely primarily on SCCs.
  • For Canada: contractual protections to ensure a comparable level of protection when information is processed outside Canada.
  • For Mexico: cross-border transfers accompanied by privacy notices and, where required, consent consistent with LFPDPPP.

Data Retention

LoT OBSERVE -> We define retention by category. EXPAND -> We align with AML and business needs. REFLECT -> We delete or de-identify when no longer needed.

• Account and identity records (KYC): retained for the life of the account and up to 5 years after closure to comply with AML and audit obligations, then securely deleted or anonymized.
• Transaction and payment records: retained up to 7 years after the related fiscal year for accounting, tax, chargeback, and audit purposes.
• Gaming history and behavioral logs: retained for account servicing, dispute resolution, and compliance for up to 5 years after account closure, unless a longer period is legally required or permitted.
• Technical logs and security data: typically retained 12-24 months for security, troubleshooting, and fraud prevention, unless an incident requires longer retention.
• Marketing preferences and consents: retained until you withdraw consent or your account is closed, with records of consent maintained for compliance.
• Deletion criteria: expiry of the retention period, fulfillment/cessation of purposes, successful verified deletion request (subject to legal holds), or regulatory instruction.

Your Rights

LoT OBSERVE -> We enumerate rights under multiple regimes. EXPAND -> We provide procedures and timelines. REFLECT -> We balance rights with legal obligations and security.

• Canada (PIPEDA/Quebec Law 25/AB/BC PIPA analogues):
  • Access: Obtain confirmation of processing and a copy of your personal information.
  • Correction: Request correction of inaccurate or incomplete data.
  • Withdrawal of consent: Withdraw consent for non-essential processing (e.g., marketing) at any time.
  • Challenge compliance/complain: Contact us to challenge our compliance practices and escalate to the Office of the Privacy Commissioner of Canada (OPC) or applicable provincial authority.
• EEA/UK (if applicable): rights of access, rectification, erasure, restriction, portability, objection to processing (including profiling/legitimate interests), and withdrawal of consent; you may complain to your local supervisory authority.
• Mexico (if applicable): ARCO rights-Access, Rectification, Cancellation, and Opposition-under the LFPDPPP; you may also revoke consent subject to legal/contractual restrictions.
• How to exercise your rights:
  • Submit a request via support@king-maker-ca.com or live chat. For complaints/escalations, email complaints@king-maker-ca.com.
  • Verification: We may request information to verify your identity (e.g., account email confirmation, KYC check) before acting on your request.
  • Response times: We aim to respond within 30 days. If more time is needed due to complexity, we will notify you of the extension and reason.
  • Fees: Requests are free of charge unless manifestly unfounded or excessive; if fees apply, we will explain why before proceeding.
  • Limits: We may refuse or redact where disclosure would reveal third-party information, compromise security/fraud controls, or conflict with legal holds (e.g., AML obligations).

Cookies & Tracking Technologies

LoT OBSERVE -> We classify cookies. EXPAND -> We explain purposes and controls. REFLECT -> We honor consent and provide opt-out tools.

• Types:
  • Session cookies: expire when you close your browser; essential for navigation and authentication.
  • Persistent cookies: remain for a defined period to remember preferences and improve performance.
  • Third-party cookies/SDKs: analytics, advertising, and anti-fraud tools from vetted partners.
• Purposes:
  • Strictly necessary/functional: login, security, load balancing, preferences.
  • Analytics: usage measurement, performance diagnostics, product improvement.
  • Advertising/retargeting: personalized offers and campaigns (only with your consent where required).
• Controls:
  • Use our on-site cookie banner/panel to accept, reject, or customize non-essential cookies.
  • Browser controls: block or delete cookies in settings (may affect functionality).
  • Do Not Track: we honor applicable consent signals where legally required; otherwise we treat DNT as a preference signal to the extent technically feasible.

Data Security

LoT OBSERVE -> We outline protections. EXPAND -> We detail technical/organizational controls. REFLECT -> We commit to continuous improvement and transparent incident handling.

• Encryption: TLS 1.2+ for data in transit; strong encryption for data at rest for sensitive datasets (keys managed with restricted access).
• Access controls: role-based access, least privilege, multi-factor authentication for privileged accounts, session management, segregation of duties.
• Secure development and testing: code reviews, dependency scanning, vulnerability management, change control, and environment hardening.
• Monitoring and audits: centralized logging, anomaly detection, periodic security assessments and penetration tests; vendor risk assessments for third parties.
• Staff training: onboarding and annual training on privacy, security, phishing, and incident response.
• Incident response: documented playbooks, prompt containment/notification consistent with applicable law; we will notify you and/or regulators when legally required.
• Standards: Our controls are modeled on recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where feasible. We do not claim certification unless expressly stated on the website.

Complaints & Contacts

LoT OBSERVE -> We provide channels. EXPAND -> We set timelines and escalation paths. REFLECT -> We ensure independent oversight avenues.

• Contact us first:
  • Email (privacy requests): support@king-maker-ca.com
  • Email (complaints/escalations): complaints@king-maker-ca.com
  • Live chat: 24/7 via the website Help Center
  • Postal address: to be published upon corporate confirmation (see Updates)
• Procedure:
  1. Submit: Send your complaint or request with sufficient detail to identify you and your concern.
  2. Acknowledgment: We acknowledge within 5 business days and may request verification information.
  3. Investigation: We investigate and aim to resolve within 30 days; complex cases may require an extension with written notice.
  4. Outcome: We provide a written response including reasons and any corrective actions.
• Escalation in Canada: Office of the Privacy Commissioner of Canada (OPC), 30 Victoria Street, Gatineau, Quebec K1A 1H3; Tel: 1-800-282-1376; Website: priv.gc.ca. You may also contact your provincial privacy commissioner, where applicable.
• Escalation in the EEA/UK (if applicable): Your local supervisory authority; see the EDPB directory: edpb.europa.eu.
• Escalation in Mexico (if applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI); Website: inai.org.mx.

Updates

LoT OBSERVE -> We manage versioning and notice. EXPAND -> We explain change impacts and options. REFLECT -> We provide advance notice and maintain a changelog.

• Notices: We will notify you of material changes via email, website banners, and/or account dashboard alerts.
• Advance notice: For significant changes (e.g., new purposes, new categories of recipients), we provide at least 30 days' advance notice before the changes take effect, unless immediate changes are required by law or for security.
• Your options: You may object to material changes that rely on consent by withdrawing consent or closing your account before the effective date; we will explain any impacts on your access to services.
• Version control: Last updated: October 2025. Earlier versions are available upon request.
• Changelog (material highlights):
  • 2025-10: Added clarity on offshore license claims under verification; refined international transfer safeguards; expanded multi-jurisdiction rights (PIPEDA, GDPR, Mexico LFPDPPP); specified AML-related retention periods.