burger icon
Betus Casino

Privacy Policy

OBSERVE: This privacy policy explains how betus-casino at https://betus-ca.com collects, uses, discloses, and protects personal information. EXPAND: It applies to players and visitors in Canada and, where applicable, to users located in other jurisdictions (e.g., EU/EEA, Mexico). REFLECT: By providing a clear, current statement of practices, we meet legal obligations and support informed user choice. Effective date: January 15, 2025.

Who We Are

OBSERVE: Users need the identity of the data controller and contact channels. EXPAND: Our operations are run from Costa Rica and serve Canadian users; some corporate particulars are under verification. REFLECT: We provide verified contacts now and will update registration details when confirmed.

  • Controller/Operator: betus-casino, operating the website https://betus-ca.com
  • Registered/Operational location: San Jose, Costa Rica (full registered address and company registration number pending verification and will be published once confirmed)
  • Data Protection Contact (DPO/Privacy Office): Data Protection Team, email: [email protected] (use subject line "Privacy")
  • Support: 24/7 live chat (via site), email [email protected]
  • Note: betus-casino is a privately held company founded in 1994 and operates in the grey market for Canada. It is not licensed by iGaming Ontario. Licensing assertions in Curaçao, Costa Rica, or Mwali are under clarification.

What Personal Data We Collect

OBSERVE: We gather information necessary to provide betting and account services. EXPAND: Data spans identity, technical, financial, and behavioral categories, plus cookies. REFLECT: Collection is limited to stated purposes and subject to user choices where required.

  • Identity and contact: full name, date of birth, address, email, phone, government ID for KYC, self-exclusion and responsible gambling records.
  • Account and behavioral: usernames, preferences, session history, betting and gaming history, deposits/withdrawals, interactions (clicks, page views), communications with support.
  • Technical: IP address, device identifiers, OS/browser, language, referrer/UTM, network info, log files, approximate location derived from IP.
  • Payments: payment method details (tokenized by providers), transaction amounts, timestamps, outcomes, anti-fraud signals.
  • Cookies/SDKs: session, persistent, and third-party cookies; pixels and tags for functionality, analytics, and advertising (subject to consent where required).
  • Inferences: risk scores (anti-fraud/AML), user segments for marketing (with consent as required by CASL).
  • Minors: We do not knowingly collect data from persons below the provincial age of majority; accounts require 18+ or as required by local age limits.

Legal Basis for Processing

OBSERVE: Canadian law (PIPEDA) requires knowledge and consent and appropriate purposes; AML laws impose mandatory processing. EXPAND: Some users may have GDPR/Mexican rights; we align legal bases accordingly. REFLECT: We process only what is necessary and proportionate.

  • Consent (PIPEDA/CASL): account creation, marketing emails/SMS, optional analytics/advertising cookies. Consent may be withdrawn at any time.
  • Contractual necessity: to open, operate, and secure accounts; accept bets; process payments and payouts; provide support; honor promotions and loyalty programs.
  • Legitimate interests (GDPR-aligned where applicable): prevent fraud/abuse, ensure network and information security, service improvement and analytics, and defend legal claims-balanced against user privacy.
  • Legal obligations: identity verification, recordkeeping, reporting, and monitoring under Canada's PCMLTFA and related regulations; responding to lawful requests by authorities.

Purpose of Processing

OBSERVE: Users need clear reasons for data use. EXPAND: We group purposes by service delivery, safety, and growth. REFLECT: No use beyond these purposes without notifying you or obtaining consent where required.

  • Provide and operate services: account registration, age/KYC checks, accepting bets, game access, payments, withdrawals, customer support.
  • Safety and integrity: fraud detection, risk scoring, AML monitoring, self-exclusion enforcement, security auditing, and incident response.
  • Service improvement: performance monitoring, troubleshooting, product analytics, user experience optimization.
  • Marketing and personalization: with consent under CASL-newsletters, offers, segmentation, and advertising (including retargeting via third-party networks, where permitted).
  • Compliance and disputes: recordkeeping, reporting, preventing prohibited conduct, responding to regulators and courts, debt collection, and exercising/defending legal claims.

Disclosure & Sharing

OBSERVE: Processing requires trusted third parties. EXPAND: We disclose on a need-to-know basis with contractual safeguards. REFLECT: No sale of personal information; targeted ads only with required consent.

  • Payments and banking: PSPs, card schemes, banks for deposits/withdrawals, chargeback handling, and AML checks.
  • KYC/AML and fraud vendors: identity verification providers, sanctions/PEP screening, device intelligence, anti-bot and anti-cheat tools.
  • Technology providers: hosting, cloud infrastructure, content delivery networks, game studios, CRM and email service providers, analytics platforms.
  • Affiliates and group companies: limited sharing for consolidated support, accounting, and internal compliance.
  • Advertising partners: ad networks and social platforms for measurement and retargeting only where consent is obtained and subject to opt-outs.
  • Regulators and law enforcement: when required by applicable law, court order, or for the detection/prevention of illegal activity.
  • Corporate transactions: due diligence and transfer in mergers, acquisitions, financing, or asset sales with continuity of protections.

International Transfers

OBSERVE: Data may be processed outside Canada. EXPAND: We use legal and technical safeguards for cross-border transfers. REFLECT: Equivalent protection is sought through contracts, minimization, and encryption.

  • Destinations: Costa Rica (operations/support), United States (cloud, analytics, email), Curaçao/Mwali-Comoros (certain vendors), and other locations of service partners.
  • Safeguards for Canadian data: contractual obligations requiring comparable protection, access controls, encryption in transit/at rest, vendor due diligence and audits.
  • EU/EEA data (where applicable): EU Standard Contractual Clauses (2021/914) with supplementary measures; for US recipients, consideration of EU-US Data Privacy Framework participation where relevant.
  • Notice: Foreign laws may allow access by authorities; we assess requests case-by-case and challenge unlawful or overbroad demands where feasible.

Data Retention

OBSERVE: Retention aligns with law and business needs. EXPAND: We apply category-based periods and secure deletion. REFLECT: We retain no longer than necessary for the purposes stated.

  • Account/KYC records: kept for the life of the account and 5 years after closure or last transaction to meet PCMLTFA obligations.
  • Transaction and betting history: life of account plus 5 years for audit, AML, and dispute purposes.
  • Security and access logs: 12-24 months, unless required longer for investigations.
  • Marketing preferences: until you withdraw consent or your account is deleted, with prompt suppression thereafter.
  • Self-exclusion and RG data: for the exclusion period and up to 7 years to enforce responsible gambling commitments.
  • Cookies: per cookie lifespan (see Cookies section); analytics identifiers typically 13-26 months.
  • Deletion criteria: expiry of retention period, withdrawal of consent where applicable, successful objection, or fulfillment of processing purpose-subject to legal holds.

Your Rights

OBSERVE: Users in Canada have rights under PIPEDA; some users may also benefit from GDPR or Mexican law (LFPDPPP). EXPAND: We implement a unified, user-friendly process. REFLECT: Requests are handled without charge within legal timelines.

  • Access and portability: obtain a copy of your personal information and, where feasible, a machine-readable export of core data (account, transactions, profile).
  • Correction (rectification): update inaccurate or incomplete information.
  • Deletion (erasure): request deletion where data is no longer needed, where consent is withdrawn and no other legal basis applies, or where required by law. Legal retention (e.g., AML) may limit immediate deletion.
  • Restriction/objection: restrict or object to processing for certain purposes, including direct marketing; we will honor marketing opt-outs immediately.
  • Consent withdrawal: withdraw marketing and non-essential cookies consent at any time (does not affect prior lawful processing).
  • How to exercise: email [email protected] with "Privacy Request," your account email, and request details. We may request identity verification. Response within 30 days; we may extend once by up to 30 days for complex requests and will inform you.
  • Regulatory references: Canada (PIPEDA and provincial private-sector laws), EU (GDPR, where applicable), Mexico (LFPDPPP). We apply the most protective applicable rule to your situation.
  • Cost: Requests are free of charge unless manifestly excessive or unfounded (we will explain any fee before proceeding).

Cookies & Tracking Technologies

OBSERVE: Cookies enable functionality, analytics, and advertising. EXPAND: Users need control mechanisms. REFLECT: We honor your choices and minimize non-essential tracking.

  • Types:
    • Session cookies: essential operations (login, bets); expire when you close the browser.
    • Persistent cookies: save preferences, keep you signed in, analytics identifiers.
    • Third-party cookies/pixels: analytics and advertising partners, subject to consent where required.
  • Purposes: functionality (site operation, security), analytics (usage measurement, performance), advertising (offers and retargeting with consent).
  • Controls: use your browser settings to block/clear cookies; adjust preferences via our on-site cookie controls (where available). Opt out of marketing communications via links in emails and your account settings.

Data Security

OBSERVE: Betting data is sensitive and targeted by fraud. EXPAND: We implement layered technical and organizational controls. REFLECT: We continually improve, recognizing no system is perfectly secure.

  • Encryption: TLS 1.2+ for data in transit; AES-256 or equivalent for data at rest where feasible.
  • Access controls: role-based access, least privilege, MFA for administrative access, strong authentication for users.
  • Security lifecycle: secure development practices, vulnerability scanning, penetration testing, change management.
  • Vendor management: security due diligence, contractual security requirements, ongoing monitoring.
  • Monitoring and detection: logging, anomaly detection, anti-fraud tooling, automated alerts.
  • Training: staff privacy and security awareness and periodic refreshers.
  • Incident response: documented playbooks; if a breach creates a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada (and other authorities as required) without undue delay.
  • Standards: we align our controls with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where applicable; we do not claim formal certification unless expressly stated on https://betus-ca.com.

Complaints & Contacts

OBSERVE: Users need clear redress channels. EXPAND: We provide an internal process and regulatory escalation. REFLECT: We aim for prompt, fair resolution.

  • Contact us first: Data Protection Team, [email protected] (subject "Privacy Complaint"). Include your account email, a description of the issue, and supporting screenshots or dates.
  • Process: acknowledgment within 5 business days; substantive response within 30 days; complex matters may require an additional 30 days (we will inform you).
  • Postal address (for privacy correspondence): Data Protection Team, betus-casino, San Jose, Costa Rica.
  • Live chat: available 24/7 via the site for general assistance; for privacy matters, please follow up by email for a formal record.
  • Escalation in Canada: Office of the Privacy Commissioner of Canada (OPC), 30 Victoria Street, Gatineau, QC K1A 1H3; toll-free 1-800-282-1376; https://www.priv.gc.ca/
  • Provincial authorities: if applicable, you may also contact your provincial privacy commissioner (e.g., BC OIPC, Alberta OIPC, Commission d'accès à l'information du Québec).
  • EU/EEA and Mexico (if applicable): you may contact your local Data Protection Authority. Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), https://www.inai.org.mx/

Updates

OBSERVE: Practices and laws evolve. EXPAND: We provide versioning and advance notice of material changes. REFLECT: Transparency lets you make informed choices, including opting out or closing your account.

  • Version control: This policy is reviewed at least annually. Last updated: January 2025.
  • Notifications: material changes will be communicated via email, website banners, and/or account dashboard alerts at least 30 days before the effective date, when a change requires new consent or significantly impacts your rights.
  • Your options: you may object to changes that rely on consent, adjust settings, or close your account before the effective date. Continued use after the effective date signifies acceptance.
  • Changelog (examples of material changes we would note):
    • New categories of personal information collected or new purposes for processing.
    • New advertising partners or international transfer destinations.
    • Changes to retention periods or your rights process.

If any operator identity or registration details change, we will update the "Who We Are" section and re-issue notices consistent with the above procedure.