burger icon
Instant Casino
Log In

Privacy Policy

Observe: Privacy safeguards are essential for a real‑money gaming service to explain what data we collect, how we use it, and how players can exercise control. Expand: This policy applies to players and visitors of instant-casino on instant-casinoz.com in Canada (excluding Ontario) and to others who interact with our services. Reflect: Effective as of October 1, 2025; it complements applicable laws and our licence obligations.

Who We Are

Observe: Users need to know the legal operator and how to reach us. Expand: Our corporate and licensing details inform jurisdiction and oversight; contact channels enable rights requests. Reflect: We provide verified licensing facts and clear escalation paths while noting pending corporate particulars.

Operator: instant-casino is operated for instant-casinoz.com by Simba N.V., a company incorporated in Curaçao and licensed by the Curaçao Gaming Control Board (GCB).

  • Trading name: instant-casino (instant-casinoz.com)
  • Licence: Curaçao GCB Remote Gaming Licence No. OGL/2025/1788/1030 (status reported active as of 2025-10)
  • Legal entity: Simba N.V. (Curaçao). Registered office and company number: to be published here upon confirmation. Verification available via the GCB public register.

Data protection responsibility: Simba N.V. is the data controller for personal data processed via instant-casinoz.com. A dedicated Data Protection Officer (DPO) role is planned; until then, our Privacy Team handles requests and complaints. See "Complaints & Contacts" for all channels.

What Personal Data We Collect

Observe: Gaming operations require identity, technical, transactional, and behavioral data. Expand: We collect only what is necessary for account operation, legal compliance (KYC/AML), security, and service improvement. Reflect: Categories below clarify scope and examples.

  • Identity and contact data: full name, date of birth, address, email, phone; KYC documents (ID, proof of address, payment ownership proofs).
  • Account data: username, preferences, account settings, communication opt-ins/opt-outs.
  • Technical data: IP address, device identifiers, OS/browser, language, time zone, connection metadata, session identifiers, error logs.
  • Usage and behavioral data: page views, clicks, game selections, session duration, responsible gambling tools usage.
  • Gaming and transaction data: deposits, withdrawals, payment instrument metadata (tokenized by providers), bet/wager history, wins/losses, bonus usage, risk flags (anti-fraud/AML).
  • Communications: support tickets, chat transcripts, marketing preferences and interactions.
  • Cookies and similar technologies: session and persistent cookies, local storage, SDKs/pixels for functional operation, analytics, and-where consented-advertising.

Legal Basis for Processing

Observe: Canadian PIPEDA requires appropriate purposes and consent; gambling also triggers AML/KYC obligations. Expand: We align with PIPEDA principles and, when relevant, GDPR/Mexican frameworks. Reflect: Each basis is matched to typical casino operations.

  • Consent: creating an account; optional marketing; non-essential cookies/analytics; certain geolocation checks. Consent may be withdrawn at any time (affects future processing only).
  • Contractual necessity: opening and maintaining your account, enabling gameplay, processing payments and payouts, customer support, bonus administration.
  • Legitimate interests: network and account security, fraud prevention, anti-abuse, service analytics and improvement, defending legal claims. We balance these interests against your privacy rights.
  • Legal obligations: identity verification (KYC), anti-money laundering and counter-terrorist financing (AML/CTF), sanctions screening, accounting and tax, responding to lawful requests from authorities and regulators.

Purpose of Processing

Observe: Users should know why data is used. Expand: Our purposes reflect operational, compliance, and user-experience needs. Reflect: We limit use to the purposes below or compatible ones.

  • Provide and operate services: account setup, gameplay, payments, customer care.
  • Compliance: KYC/AML screening, responsible gambling tools, recordkeeping, regulatory reporting.
  • Security and integrity: detect/prevent fraud and abuse, incident response, service resilience.
  • Service improvement and analytics: performance monitoring, troubleshooting, product development.
  • Marketing and personalization (where permitted): offers, newsletters, in-product recommendations, preference management.
  • Dispute management: handling complaints, chargebacks, legal claims.
  • Corporate governance: audits, compliance testing, risk management.

Disclosure & Sharing

Observe: Third parties are necessary for payments, KYC, hosting, and compliance. Expand: We share minimally, under contracts with confidentiality and security obligations. Reflect: Categories and triggers are listed below.

  • Payments and banking partners: processors, acquiring banks, payout providers for deposits/withdrawals and chargeback handling (payment data typically tokenized).
  • KYC/AML service providers: identity verification, sanctions/PEP screening, fraud scoring.
  • Technology and security vendors: hosting/CDN, DDoS protection, logging/monitoring, analytics (non-essential analytics only with consent where required).
  • Regulators and authorities: Curaçao GCB and competent Canadian/federal/provincial bodies, tax or law enforcement agencies, if legally required.
  • Affiliates and marketing partners: only where you have provided consent or where permitted by law; data is restricted to necessary metrics and pseudonymous identifiers where possible.
  • Professional advisers: auditors, legal counsel, compliance consultants under confidentiality duties.
  • Corporate transactions: in a merger, acquisition, or asset sale, subject to continued protections and notice.

International Transfers

Observe: Cross-border flows occur for global hosting, KYC, payments, and licensing in Curaçao. Expand: PIPEDA allows transfers with comparable protections; GDPR/UK rules require transfer tools for EEA/UK data subjects. Reflect: We implement layered safeguards.

  • Destinations: Canada, Curaçao (operator), the European Economic Area, the United Kingdom, and the United States (cloud/security/analytics), and other locations where vetted vendors operate.
  • Safeguards: data processing agreements; technical and organizational measures; for EEA/UK personal data, EU Standard Contractual Clauses (and UK IDTA/Addendum); vendor risk assessments; encryption in transit/at rest.
  • Additional measures: data minimization, access controls, pseudonymization where feasible. For U.S. recipients participating in the EU-U.S. Data Privacy Framework, we prefer certified vendors.
  • Notice: By using instant-casinoz.com, you understand your data may be processed outside your province/country with protections as described.

Data Retention

Observe: Retention must meet legal/audit needs and storage limitation principles. Expand: Gambling AML and tax rules drive certain minimum periods. Reflect: We retain the least amount for the shortest time consistent with obligations.

CategoryTypical retention
Account & identity (incl. KYC docs)5-7 years after account closure (to meet AML/CTF and audit duties)
Gaming and transaction records7 years from transaction date (accounting/tax/AML)
Security and access logs12-24 months (security, fraud investigation)
Support communicationsUp to 6 years (dispute resolution, legal defense)
Marketing preferences and consentUntil withdrawn; proof of consent kept up to 3 years after last send
Cookies/analytics dataSession to 24 months, depending on cookie type

Deletion criteria: expiry of purpose or legal period, successful verified request, or regulatory instruction. Backups purge on rolling cycles. We may retain minimal data to comply with law or to establish/defend legal claims.

Your Rights

Observe: Rights differ across jurisdictions; players need clear, actionable steps. Expand: We align with Canadian PIPEDA and, where applicable, GDPR and Mexico's LFPDPPP (ARCO). Reflect: Procedures and timeframes are standardized to at least 30 days where permitted.

Canada (PIPEDA and applicable provincial laws)

  • Access and portability (where feasible): obtain information about personal data we hold and request a copy.
  • Correction: request rectification of inaccurate or incomplete data.
  • Withdrawal of consent: opt out of marketing and non-essential cookies at any time.
  • Challenge compliance: raise questions or complaints about our privacy practices.
  • Response time: we aim to respond within 30 days.

European Economic Area/UK (GDPR/UK GDPR, where you are located there)

  • Rights: access, rectification, erasure, restriction, objection (including to profiling/legitimate interests), portability, and not to be subject to solely automated decisions with legal/similar significant effects.
  • Legal bases: see "Legal Basis for Processing." You may withdraw consent at any time.
  • Response time: one month (extendable as permitted). No charge unless requests are manifestly unfounded/excessive.

Mexico (LFPDPPP - ARCO rights, where you are located there)

  • ARCO: Access, Rectification, Cancellation, and Opposition; plus consent revocation and limitation of use/disclosure.
  • Timeframes: we will acknowledge within 30 days. Where Mexican law applies, we will follow statutory periods (generally 20 days to respond and 15 days to implement), or faster when feasible.

How to exercise your rights

  1. Submit a request via the channels listed in "Complaints & Contacts." Indicate your jurisdiction and the rights you seek to exercise.
  2. Complete verification: we may request information or documents to confirm identity and account ownership.
  3. Receive our outcome within the applicable timeframe. If we cannot fully comply due to legal obligations (e.g., AML retention), we will explain why.

All rights requests are generally free of charge unless manifestly unfounded or excessive.

Cookies & Tracking Technologies

Observe: Cookies power core functions and optional analytics/ads. Expand: We separate essential from non-essential purposes, honoring consent. Reflect: Controls are offered at entry and on an ongoing basis.

  • Types: session (expire on close), persistent (fixed duration), and third-party (set by service partners).
  • Purposes:
    • Functional/strictly necessary: login, load balancing, fraud prevention, preference storage.
    • Analytics: performance metrics, troubleshooting, product improvement (set only with consent where required).
    • Advertising/personalization: targeted offers or retargeting (used only with your consent).
  • Controls: use our cookie banner/preferences tool on instant-casinoz.com at first visit and anytime thereafter; or manage via your browser settings (blocking or deleting cookies may impact site functionality).

Data Security

Observe: Real-money gaming entails heightened security needs. Expand: We apply defense-in-depth controls tailored to risks. Reflect: Measures span technology, process, and people.

  • Encryption: TLS 1.2+ for data in transit; industry-standard encryption for data at rest.
  • Access controls: least-privilege, role-based access, MFA for sensitive systems, session management, IP allow‑listing for administration.
  • Secure development: code reviews, dependency scanning, secret management, environment segregation.
  • Monitoring & testing: continuous logging, anomaly detection, regular vulnerability scans, and periodic penetration tests.
  • Vendor security: contractual security obligations, due diligence, and periodic reassessments.
  • Training: staff privacy and security awareness, secure handling of KYC/AML data.
  • Incident response: runbooks for containment, investigation, notification to users/authorities where required by law.
  • Standards: we align our controls to recognized frameworks (e.g., ISO/IEC 27001 control families). Some subprocessors maintain SOC 2/ISO certifications.

Complaints & Contacts

Observe: Clear channels enable rights and redress. Expand: We provide a structured pathway and regulator contacts. Reflect: We aim to resolve issues promptly and transparently.

Contact instant-casino

  • Privacy Team (controller): Submit privacy requests or complaints using the support channel provided on instant-casinoz.com (account Help/Support). If you cannot access your account, please indicate this in your message via the site's contact link.
  • DPO: Upon appointment, we will publish DPO contact details on this page.
  • Postal correspondence: Our registered office details will be added once confirmed by the registrar. Until then, use electronic channels for the fastest response.
  • Response times: We acknowledge receipt and aim to resolve within 30 days (or sooner where required by law).

Escalation to authorities

  • Canada (PIPEDA): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/ - Toll‑free: 1‑800‑282‑1376.
  • European Union/EEA: You may contact your local Data Protection Authority. A list is available at https://edpb.europa.eu/about-edpb/board/members_en.
  • United Kingdom: Information Commissioner's Office (ICO) - https://ico.org.uk/.
  • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - https://www.inai.org.mx/.

We encourage you to contact us first so we can address your concerns directly.

Updates

Observe: Policies evolve with law and services. Expand: We notify users and maintain version control. Reflect: Changes that materially affect rights will be announced in advance.

  • Versioning: Last updated: October 2025. Version: 1.0 (CA).
  • Changelog (material highlights):
    • Added detailed cross-border transfer safeguards.
    • Expanded rights section for GDPR and Mexico (ARCO) alignment.
    • Clarified retention periods for AML/CTF compliance.
  • Notice of changes: We will provide at least 30 days' advance notice for material changes via email (where available), in‑account alerts, or site banners.
  • Your options: You may object to changes that rely on consent or close your account before the effective date of material changes. Continued use after the effective date signifies acceptance.

Regional compliance note: This policy is tailored for Canada (excluding Ontario) under PIPEDA and applicable laws. Where you are located in the EEA/UK or Mexico, the respective rights and transfer rules described above also apply.