burger icon
Favbet Сasino
Log In

Privacy Policy

Privacy Policy for favbet777-ca.com - This policy explains how favbet collects, uses, discloses, and protects personal information of players and website visitors who access favbet services via favbet777-ca.com. It is required to meet Canadian privacy laws and industry standards and to inform you clearly about your rights and our obligations. Effective date: 1 October 2025.

Who We Are

OBSERVE: Identify the operator and contacts. EXPAND: Include registration and licensing relevant to CA users. REFLECT: Provide a single point of contact for privacy matters.

  • Operator: Favorit United N.V., a company registered in Curaçao (registration no. 121466).
  • Brand and site: favbet, operating for Canadian users at https://favbet777-ca.com.
  • Gaming license: Curaçao Gaming Authority (CGA) License OGL/2025/300/0596, granted to Favorit United N.V. on 23 May 2025 (status: active). Verification: CGA certificate. Note: This license does not constitute Canadian provincial licensing.
  • Data Protection contact: Data Protection Department, email: [email protected] (primary channel for privacy inquiries and rights requests).

What Personal Data We Collect

OBSERVE: We collect data needed to provide gaming services and comply with laws. EXPAND: Include operational, technical, and compliance data. REFLECT: Avoid unnecessary collection; no minors allowed.

  • Identity and contact: full name, date of birth, nationality, residential address, email, phone; verification documents (government ID, proof of address, selfie/biometric check solely for one-to-one verification).
  • Account and behavioral data: account credentials, preferences, responsible-gambling settings, self-exclusion data, session times, game/bet history, stakes and outcomes, clicks and navigation events, support tickets, marketing interactions.
  • Payment and financial: payment method type, masked card details (e.g., last four digits), bank/IBAN references, transaction timestamps and amounts, payment tokens, chargeback data.
  • Technical and logs: IP address, device and browser attributes, language, time zone, cookie IDs, advertising identifiers, referrer URL, geolocation derived from IP, security logs (logins, MFA use, failed attempts).
  • Cookies and similar tech: session and persistent cookies, local storage, pixels, SDKs for analytics, security, and advertising (details below).
  • Sensitive data: We do not collect special-category data (e.g., health) for gaming. Government ID images are processed solely for KYC/AML and age verification.

Legal Basis for Processing

OBSERVE: Canadian privacy law (PIPEDA and substantially similar provincial laws) governs processing. EXPAND: We also respect GDPR bases where applicable to EEA/UK users. REFLECT: Limit processing to what is necessary and lawful.

  • Consent (PIPEDA/CASL): Express or implied consent for most collection, use, and disclosure; express consent for marketing emails/SMS and for verifying identity using biometric comparison tools.
  • Provision of services (contractual necessity, GDPR for EEA/UK users): To create and administer your account, process payments, settle bets, provide support, and honor promotions.
  • Legitimate interests (GDPR) / Permitted purposes without consent (PIPEDA): Fraud detection and security, service analytics, service improvement, and network integrity-implemented with safeguards and minimization.
  • Legal obligations: KYC/AML, sanctions screening, record-keeping, tax and audit requirements, and disclosures to competent authorities under applicable laws and our CGA license.
  • Withdrawal of consent: You may withdraw marketing consent at any time; where processing relies solely on consent, withdrawal stops future processing without affecting prior lawful use.

Purpose of Processing

OBSERVE: Define clear purposes. EXPAND: Connect purposes to data categories. REFLECT: Use data only as needed for these purposes.

  • Service delivery: account setup, age/identity verification, deposits and withdrawals, game operation, bet settlement, customer support.
  • Compliance and risk: KYC/AML checks, transaction monitoring, sanctions screening, fraud prevention, self-exclusion enforcement, dispute handling.
  • Personalization and improvement: content and odds personalization, troubleshooting, quality assurance, A/B testing, performance analytics.
  • Marketing (with consent): newsletters, bonuses, and promotions, including measurement and frequency capping.
  • Security: access controls, incident detection, logging, and service integrity.
  • Reporting: financial reconciliation, audits, and license reporting obligations.

Disclosure & Sharing

OBSERVE: We use third parties to operate the service. EXPAND: Share only what is necessary and subject to safeguards. REFLECT: Maintain accountability via contracts and oversight.

  • Payment partners: acquirers, banks, and payment gateways for deposits, withdrawals, and chargeback management.
  • KYC/AML and fraud service providers: identity verification vendors, sanctions and PEP screening, device fingerprinting, and risk scoring tools.
  • Technology providers: hosting/CDN, security monitoring, communications, analytics, and customer support tooling.
  • Affiliates and service subcontractors: group-related or contracted entities assisting with operations where lawful and under data protection agreements.
  • Regulators and authorities: Curaçao Gaming Authority, law enforcement, tax and other authorities, courts, or dispute resolution bodies where required by law.
  • Advertising networks and social media: only with your consent and subject to applicable opt-outs.
  • Business transactions: if we reorganize, merge, or sell assets, personal information may be transferred subject to confidentiality and continued protection.

International Transfers

OBSERVE: Cross-border processing occurs. EXPAND: Identify destinations and safeguards. REFLECT: Maintain comparable protection to Canadian standards.

  • Destinations: Curaçao (core operations and compliance), EU (e.g., Romania), Ukraine (support/operations), the United States and other countries (cloud, security, analytics, communications providers).
  • Safeguards (Canada): We remain accountable under PIPEDA for information transferred for processing and use contractual and organizational measures to provide a comparable level of protection.
  • Safeguards (EEA/UK data, where applicable): European Commission Standard Contractual Clauses (SCCs), UK IDTA/Addendum, and supplementary measures. Where U.S. vendors participate in the EU-U.S. Data Privacy Framework, we rely on that certification as appropriate.
  • Transparency: On request, we will provide further details of transfer mechanisms relevant to your data.

Data Retention

OBSERVE: Keep data only as long as needed. EXPAND: Align periods with legal and operational needs. REFLECT: Secure deletion or anonymization after expiry.

  • Account and identity records: for the life of the account and up to 5 years after closure for compliance and dispute purposes.
  • Transaction and financial data: up to 7 years to meet AML, audit, and tax requirements.
  • Responsible gambling and self-exclusion: at least for the exclusion period and as required to enforce ongoing safeguards (typically up to 5 years after expiry).
  • Marketing data: until you withdraw consent or after 24 months of inactivity, whichever comes first.
  • Technical logs: 24 months, unless a longer period is required for security investigations or legal claims.
  • Deletion criteria: fulfillment of purpose, expiry of retention period, successful objection/withdrawal where applicable, or legal requirement to delete. Data may be securely anonymized for analytics.

Your Rights

OBSERVE: Canadian residents have rights under PIPEDA and similar provincial laws; EEA/UK users may have GDPR rights. EXPAND: Provide procedures and timelines. REFLECT: Make rights accessible and free of charge (subject to limited exceptions).

  • Access and explanation: Request confirmation and a copy of your personal information, plus details about how it is used and disclosed.
  • Correction: Request corrections for inaccuracies; we will amend or annotate records as appropriate.
  • Withdrawal of consent: Opt out of marketing at any time; where processing relies on consent, you may withdraw it to stop future use.
  • Objection/restriction (where available): Ask us to restrict or stop certain processing where permitted by law (e.g., profiling for marketing); GDPR users may object based on legitimate interests.
  • Portability (where feasible/for GDPR users): Receive certain data in a machine-readable format or have it transmitted to another provider.
  • Automated decisions: You may request human review of decisions that significantly affect you (e.g., fraud-related decisions), subject to legal allowances.

How to exercise: Email [email protected] from your registered address and specify the right you wish to exercise. We may verify your identity. We will respond within 30 days; a single 30‑day extension may apply where permitted, and we will inform you of any extension and reasons. Requests are free of charge unless they are manifestly unfounded, repetitive, or excessive, in which case a reasonable fee or refusal (with reasons) may apply.

Cookies & Tracking Technologies

OBSERVE: Cookies support core functions and analytics. EXPAND: Distinguish types and controls. REFLECT: Offer meaningful choices.

  • Session cookies: essential for login, bet slips, and security; expire when you close the browser.
  • Persistent cookies: remember preferences, language, and authentication; last from days to months.
  • Third-party cookies/SDKs: analytics, performance monitoring, fraud prevention, and (with consent) advertising and retargeting.

Purposes: functional operation, security, analytics, personalization, and (with consent) advertising measurement. Management: use our cookie banner/controls when presented and adjust browser settings to block/delete cookies. Blocking essential cookies may impair site functionality. Some mobile/system-level advertising IDs can be reset in device settings. We do not respond to Do Not Track signals.

Data Security

OBSERVE: Protect data against unauthorized access, alteration, and loss. EXPAND: Use layered technical and organizational measures. REFLECT: Continuously improve and report material breaches as required.

  • Encryption: TLS 1.2+ for data in transit; AES‑256 (or equivalent) encryption for data at rest where appropriate; hardened key management.
  • Access controls: role-based access, least privilege, MFA for privileged accounts, segregation of duties, and audited access logs.
  • Secure development and testing: secure SDLC, code reviews, vulnerability scanning, and regular penetration testing.
  • Operational security: network segmentation, WAF/DDoS protections, EDR/AV monitoring, backup and recovery with periodic testing.
  • Governance: policies, staff training, vendor due diligence; controls consistent with ISO/IEC 27001; key vendors are expected to maintain SOC 2 Type II or equivalent assurances.
  • Incident response: a documented plan with prompt containment, investigation, and notification. Under PIPEDA, we report breaches posing a real risk of significant harm to the Office of the Privacy Commissioner of Canada (OPC) and notify affected individuals as soon as feasible.

Complaints & Contacts

OBSERVE: Provide clear channels for privacy concerns. EXPAND: Outline steps and escalation. REFLECT: Ensure fair, timely handling.

  • Contact us (primary): Data Protection Department - [email protected]
  • How to complain to us:
    1. Email your concern with your account email and relevant details.
    2. We acknowledge within 5 business days and may request verification or clarifications.
    3. We investigate and provide a written response within 30 days. If we need more time (complexity or third‑party input), we will explain and may extend once by up to 30 days where permitted.
    4. If unresolved, we will provide our final position and available options.
  • Escalation in Canada: Office of the Privacy Commissioner of Canada (OPC) - Submit a complaint, Tel: 1‑800‑282‑1376, Address: 30 Victoria Street, Gatineau, QC K1A 1H3.
  • EEA/UK users (if applicable): You may also complain to your local supervisory authority or the ICO (UK). We will cooperate with competent regulators.

Updates

OBSERVE: Policies evolve with services and laws. EXPAND: Notify users and record versions. REFLECT: Provide options to object or close accounts.

  • Notification methods: email, on‑site banners, and/or account dashboard alerts.
  • Advance notice: For material changes (e.g., new purposes, new categories of recipients), we provide at least 30 days' notice before the effective date, unless immediate changes are required by law or for security.
  • User choices: You may object to material changes that rely on consent or close your account before they take effect; we will honor applicable rights.
  • Versioning: Last updated: October 2025.
  • Changelog (material changes):
    • Oct 2025: Clarified retention periods; expanded international transfer safeguards; added incident reporting language aligned with PIPEDA.