burger icon
Casimba Review Canada
Log In

Privacy Policy

This Privacy Policy explains how the Casimba content hosted on casimba-ca.com ("we", "us", "our") collects, uses, discloses, and protects personal information of visitors and users in Canada. It applies to individuals who browse our review content, subscribe to newsletters, or otherwise interact with casimba-ca.com. It does not govern your use of the real-money gaming services provided on casimba.com or casimba.ca, which are covered by their own privacy policies. This Privacy Policy is effective from 1 January 2026 and supersedes earlier versions for Casimba on casimba-ca.com.

Who We Are

The Casimba page on casimba-ca.com is operated by:

  • Operator (legal entity): White Hat Gaming Limited
  • Legal form: Private limited company registered in Malta
  • Registered office / legal address: 85 St John Street, Valletta, VLT1165, Malta
  • Company registration number: C73232 (Malta Business Registry)

White Hat Gaming Limited operates the Casimba brand in Canada under:

  • Malta Gaming Authority (MGA) licence: MGA/B2C/370/2017 - covering international operations, including Rest-of-Canada access via casimba.com.
  • Ontario licence: OPIG1231668 - issued by iGaming Ontario (iGO) and the Alcohol and Gaming Commission of Ontario (AGCO) for Ontario operations via casimba.ca.

For privacy-related questions concerning Casimba on casimba-ca.com, you may contact our Data Protection Officer (DPO):

  • Data Protection Officer: Data Protection Officer, White Hat Gaming Limited
  • Postal address: Data Protection Officer, White Hat Gaming Limited, 85 St John Street, Valletta, VLT1165, Malta
  • Email: [email protected]

We may also provide a secure online contact form on casimba-ca.com; where available, you can use it to submit privacy inquiries. At this time we do not operate a dedicated telephone line for privacy matters; please contact us by email or post.

What Personal Data We Collect

We collect only the information that is reasonably necessary to operate Casimba on casimba-ca.com, to provide requested services, and to meet our legal and regulatory obligations.

Personal identification and contact data

  • Basic details: First and last name, email address, and (where provided) telephone number.
  • Account information: Username, password (stored using secure hashing), preferences, and communication settings if you create an account or subscribe to newsletters on casimba-ca.com.
  • Communications: Content of emails, messages sent through forms, and our responses.

Technical and usage data

  • Technical identifiers: IP address, device identifiers, operating system, browser type and version, language settings, approximate location derived from IP (e.g., province, country).
  • Log data: Date and time of visits, pages viewed (including specific review pages such as Casimba), referral URLs, click paths, and interaction with site features.
  • Security logs: Login attempts, session identifiers, and technical events used for fraud prevention and system security.

Payment and transactional data

  • Casimba on casimba-ca.com does not process deposits, withdrawals, or wagers for gambling; these occur on casimba.com or casimba.ca under their own privacy policies.
  • We may, however, process limited payment-related information that you voluntarily provide in communications (for example, partial transaction IDs or screenshots) when you request assistance or report issues relating to Casimba's services.

Behavioural and analytics data

  • Behavioural data: Clicks on links (including outbound links to casimba.com and casimba.ca), time spent on pages, scroll depth, and interaction with banners or comparison tables.
  • Analytics: Aggregated and pseudonymized data from analytics tools (e.g., page popularity, device mix, conversion statistics), used to improve our content and site performance.

Cookies and similar technologies

  • Cookies: Small text files stored on your device to recognize your browser, remember preferences, and help secure your session.
  • Similar technologies: Web beacons, pixels, tags, local storage, and JavaScript SDKs used by us or carefully selected third parties (e.g., analytics or affiliate tracking partners).
  • Affiliate and tracking identifiers: Non-identifying codes appended to links to Casimba's official sites, allowing us and our partners to understand how visitors arrive at those sites from Casimba.

Legal Basis for Processing

We process personal information in compliance with applicable Canadian privacy laws, primarily the Personal Information Protection and Electronic Documents Act (PIPEDA), and, where relevant, with principles reflected in the EU General Data Protection Regulation (GDPR) and Mexican privacy legislation. Depending on the context, our processing is based on one or more of the following grounds:

Consent

  • We obtain your consent where required by law, for example:
    • When you subscribe to marketing emails or newsletters.
    • When non-essential cookies and similar technologies are deployed (e.g., for advertising or detailed analytics), where local requirements mandate consent.
    • When you voluntarily submit information in contact forms or emails beyond what is strictly necessary.
  • You may withdraw your consent at any time (see "Your Rights").

Contractual necessity and service provision

  • We process data as is reasonably necessary to:
    • Provide and manage your access to Casimba on casimba-ca.com.
    • Administer user accounts, preferences, and subscriptions.
    • Respond to your inquiries and support requests.
  • Where EU or Mexican law applies, this corresponds to processing for the performance of a contract or to take steps at your request before entering into a contract.

Legitimate interests / reasonable purposes

  • We rely on legitimate interests (under GDPR) and reasonable purposes (under PIPEDA) for:
    • Maintaining the security and integrity of our systems.
    • Preventing fraud, abuse, and misuse of casimba-ca.com.
    • Conducting analytics to understand and improve site performance and user experience.
    • Measuring the effectiveness of our affiliate relationships and marketing campaigns.
  • Where we rely on these grounds, we balance our interests against your privacy expectations and implement appropriate safeguards.

Compliance with legal and regulatory obligations

  • We may process and retain personal data as necessary to:
    • Comply with record-keeping, audit, and reporting obligations under applicable laws and gaming regulations (including those of the MGA, iGO, AGCO, and, where relevant, the UK Gambling Commission).
    • Cooperate with law enforcement, courts, and governmental or regulatory authorities in Canada and abroad.
    • Enforce our legal rights, including the investigation of potential breaches of terms or unlawful activity affecting casimba-ca.com.

Purpose of Processing

We use personal data for clearly defined purposes and do not use it in ways that are incompatible with those purposes, unless required or permitted by law or with your consent.

Providing and operating our services

  • To make Casimba and other review content on casimba-ca.com available to you.
  • To manage user accounts, authentication, preferences, and language settings.
  • To respond to your communications, including support, feedback, and complaint handling.

Improving and optimizing our services

  • To monitor usage patterns, page performance, and navigation paths.
  • To run analytics and A/B tests that help us enhance content relevance, site structure, and usability.
  • To compile aggregated statistics used internally and, in non-identifiable form, for reporting to partners.

Marketing and communications

  • To send you newsletters and promotional communications about Casimba offers relevant to Canada, where you have opted in or where otherwise permitted by law.
  • To personalize messages and content based on your interactions with Casimba.
  • To manage your marketing preferences and honour opt-out requests.

Fraud prevention and security

  • To protect casimba-ca.com, our users, and our partners from fraud, abuse, and security incidents.
  • To detect and prevent automated misuse (e.g., bots, scraping) and suspicious activity.
  • To maintain logs necessary for security investigations and incident response.

Legal, regulatory, and compliance purposes

  • To comply with applicable laws, regulatory requirements, and lawful requests from competent authorities.
  • To enforce our terms, protect our rights, and pursue or defend legal claims.
  • To demonstrate compliance to regulators, including the MGA, iGaming Ontario/AGCO, and, where relevant, other authorities.

Disclosure & Sharing

We do not sell your personal information. We share data only when necessary for the purposes described above, under appropriate safeguards, and in line with Canadian law and comparable international standards.

Service providers and business partners

  • Technical service providers: Hosting, content delivery networks (including Cloudflare), security monitoring, and email delivery services that process data on our behalf.
  • Analytics providers: Providers that help us understand how users engage with Casimba (e.g., anonymized or pseudonymized analytics tools).
  • Affiliate and marketing partners: Carefully selected partners that track referrals between casimba-ca.com and official Casimba sites via non-identifying tracking identifiers and cookies.

Group entities and related operations

  • Other entities in the White Hat Gaming group, to the extent necessary for:
    • Centralized security, compliance, and risk management.
    • Consistent handling of player-related inquiries that you direct to us regarding the Casimba brand.

Regulators and authorities

  • Gaming regulators such as the Malta Gaming Authority (MGA), iGaming Ontario (iGO), AGCO, and, where relevant, the UK Gambling Commission, in connection with compliance, audits, or investigations.
  • Data protection authorities, law enforcement, courts, or other government bodies when we are legally required or permitted to do so, or when disclosure is necessary to protect our rights, your safety, or the safety of others.

Other disclosures

  • Business transactions: In connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business. We will take steps to ensure that any successor entity honours this Privacy Policy or a substantially similar one.
  • With your consent: Where you explicitly ask us to share information or where you consent to sharing in a specific context.

International Transfers

Your personal information may be transferred to and stored in countries outside of your province or outside Canada, including Malta, other European Economic Area (EEA) countries, the United Kingdom, and the United States (for example where our cloud or CDN providers host data). These countries may have different data protection laws than your home jurisdiction.

How we protect international transfers

  • Contractual safeguards: Where required, we use data protection agreements and, for transfers from the EEA or UK, Standard Contractual Clauses (SCCs) or equivalent instruments approved by relevant authorities.
  • Comparable level of protection: In line with PIPEDA and applicable provincial laws, we ensure that service providers outside Canada offer a level of protection comparable to that required in Canada through contractual obligations, technical measures, and due diligence.
  • Organizational and technical measures: Access controls, encryption, and audit requirements apply regardless of where data is processed.

By using Casimba on casimba-ca.com, you understand that your information may be processed in these jurisdictions, and may be accessible to foreign courts, law enforcement, and national security authorities in those countries, subject to their laws.

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, tax, audit, regulatory, or dispute-resolution purposes).

General retention periods

  • Account and profile data: For the life of your casimba-ca.com account and typically for up to 5 years after account closure, unless a longer period is required for legal or regulatory reasons.
  • Contact and communications data: For as long as needed to handle your request and for up to 3 years thereafter to document our communications and manage potential disputes.
  • Marketing data: Until you withdraw your consent or unsubscribe, plus a short period (up to 6 months) to securely document and implement your opt-out.
  • Technical and log data: Typically for 12 - 24 months, unless we need to retain specific logs longer in connection with security investigations, regulatory inquiries, or legal claims.

Deletion and anonymization

  • When data is no longer required, we will:
    • Securely delete or irreversibly anonymize it, so that it can no longer be associated with an identifiable individual; or
    • Retain it only in aggregated, non-identifiable form for statistical and analytical purposes.
  • We may be unable to fully erase information that appears in system backups immediately; in such cases, the data will be isolated, secured, and deleted in accordance with our backup rotation schedules.

Your Rights

We respect your privacy rights under Canadian law and, where applicable, under the GDPR and Mexican privacy regulations. While the exact scope of rights may differ by jurisdiction, we aim to handle requests consistently and transparently.

Core rights (Canada, GDPR, and Mexican alignment)

  • Right of access: You can request confirmation of whether we hold personal information about you and receive a copy of such information, subject to limited exceptions under PIPEDA and other laws.
  • Right to rectification/correction: You can request that we correct or update inaccurate or incomplete personal information we hold about you.
  • Right to deletion / cancellation: You can request that we delete (or, under Mexican law, cancel) personal information where it is no longer necessary, where you have withdrawn consent, or where deletion is required by law. Certain data may be retained where permitted or required for legal, regulatory, or security reasons.
  • Right to restriction: In certain circumstances, you may request that we restrict processing of your personal information (for example, while a dispute about accuracy is being resolved).
  • Right to object: Where we rely on legitimate interests or reasonably necessary purposes, you may object to processing. We will honour your objection unless we have compelling legitimate grounds or legal obligations to continue.
  • Right to data portability: Where applicable (primarily under GDPR), you may request to receive certain personal information in a structured, commonly used, machine-readable format, and to have it transmitted to another controller, where technically feasible.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. This will not affect the lawfulness of processing that took place before withdrawal.

Mexican ARCO rights and GDPR reference

  • If you are protected by Mexican privacy law (such as the Federal Law on Protection of Personal Data Held by Private Parties), you may exercise your ARCO rights (Access, Rectification, Cancellation, Opposition) with us in the same manner as described above.
  • If the GDPR applies to you (for example, you are in the EEA/UK and interact with our services), the rights described above should be interpreted in line with Articles 12 - 23 GDPR and local implementing laws.

How to exercise your rights

  1. Submit a request: Contact our DPO at [email protected] with:
    • Your full name and contact details;
    • A clear description of the right you wish to exercise and the data concerned;
    • Any information that may help us locate your records (e.g., username, email used, relevant dates).
  2. Identity verification: For your security, we may request additional information to verify your identity before acting on your request.
  3. Response timeframe: We aim to respond within 30 days of receiving a complete request. Where permitted by law, this may be extended by a further 30 days for complex or numerous requests; if so, we will inform you of the extension and reasons.
  4. Fees: Requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive, in line with applicable law.

Cookies & Tracking Technologies

We use cookies and similar technologies to operate Casimba on casimba-ca.com, improve performance, and support analytics and marketing consistent with this Privacy Policy.

Types of cookies we use

  • Strictly necessary cookies (session or short-term persistent): Required for the site to function, such as enabling navigation, security, and basic settings. These cannot be switched off using our cookie tools but may be blocked in your browser (which may cause parts of the site to malfunction).
  • Functional cookies: Help remember your preferences (e.g., language or region) and improve your experience.
  • Analytics cookies (first- and third-party): Collect information about how visitors use our site (for example, which pages are visited most often) in order to improve performance and content.
  • Advertising and affiliate cookies (third-party): Used to measure the effectiveness of links from Casimba to official Casimba sites and, where applicable, to tailor offers shown on our pages or partner platforms. These cookies may be set by our advertising or affiliate partners.

Managing cookies

  • You can manage cookies in several ways:
    • Via browser settings (e.g., blocking or deleting cookies, limiting third-party cookies, or enabling "Do Not Track" where supported).
    • Via any cookie management tools or banners we provide on casimba-ca.com, which may allow you to accept or reject categories of cookies, except those strictly necessary.
  • Disabling certain cookies may impact your ability to use some features or may affect the display and performance of the site.

Data Security

We implement a comprehensive information security program designed to protect personal information processed in connection with Casimba on casimba-ca.com against unauthorized access, use, disclosure, alteration, or destruction.

Technical and organizational measures

  • Encryption: Data transmitted between your browser and our servers is protected using industry-standard Transport Layer Security (TLS) protocol (TLS 1.2 or higher; typically TLS 1.3) with strong ciphers. Sensitive data at rest is stored using encryption or other appropriate protection mechanisms.
  • Access controls: Access to personal data is restricted to authorized personnel who need it for legitimate business purposes and are bound by confidentiality obligations.
  • Network and infrastructure security: Use of reputable hosting providers and CDNs (including Cloudflare), firewalls, intrusion detection/prevention tools, and secure configuration baselines.
  • Authentication and logging: Implementation of secure authentication practices (including multi-factor authentication where appropriate) and logging of administrative access and critical security events.

Governance, training, and certification

  • Policies and training: Internal policies govern how staff handle personal information. Employees with access to personal data receive training on privacy, security, and regulatory obligations relevant to our operations.
  • Security audits and testing: Periodic assessments, vulnerability management, and reviews to test and improve our security controls.
  • Standards and certifications: White Hat Gaming Limited maintains an information security management system aligned with ISO 27001. Where applicable, we align our controls with leading international standards (including SOC 2 principles) even if we do not claim formal certification unless explicitly stated on our websites.

Incident response

  • We maintain incident response procedures to:
    • Detect, assess, and contain suspected or actual security incidents.
    • Mitigate potential harm to individuals and systems.
    • Notify affected individuals and relevant authorities where required by applicable law and gaming regulations.
  • While we take robust measures to protect your data, no system is completely secure. You are encouraged to use strong passwords, keep login details confidential, and promptly alert us to any suspected misuse of your information.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal information in connection with Casimba on casimba-ca.com, you have several options.

Contacting us first

  1. Initial contact: Email our DPO at [email protected] or write to:
    Data Protection Officer, White Hat Gaming Limited, 85 St John Street, Valletta, VLT1165, Malta.
  2. Information to include: Your full name, contact details, a description of your concern, and any relevant supporting information (e.g., dates, URLs, screenshots).
  3. Acknowledgment and response: We aim to acknowledge receipt of your complaint within 10 business days and provide a substantive response within 30 days, or inform you if additional time is required due to complexity.
  4. Escalation internally: If you are unsatisfied with the initial response, you may request that your complaint be escalated to senior management and our compliance team for further review.

Escalation to supervisory authorities

If you remain dissatisfied after contacting us, or if you prefer not to contact us first, you may have the right to lodge a complaint with a relevant data protection authority.

  • Canada - Office of the Privacy Commissioner of Canada (OPC)
    • Website: https://www.priv.gc.ca
    • Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3, Canada
  • Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI) (for individuals protected by Mexican privacy laws)
    • Website: https://www.inai.org.mx
  • European Union / European Economic Area: If GDPR applies to you, you may complain to your local supervisory authority or to the authority in Malta:

Your right to complain to a regulator is without prejudice to any other administrative or judicial remedy you may have.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or the way Casimba on casimba-ca.com operates.

How we will inform you

  • On-site notifications: We will post the updated Privacy Policy on casimba-ca.com with a revised "Last updated" date.
  • Prominent notices: For material changes, we may display banners, pop-up notices, or similar alerts on the site.
  • Email or account notifications: Where we have your email address and the changes are significant or legally required to be notified, we may also inform you by email or via in-account notifications (where applicable).

Advance notice and your choices

  • For material changes that significantly affect how we process your personal information, we will, where reasonably practicable, provide at least 30 days' advance notice before the changes take effect.
  • Where required by law (for example, if we change our purposes for processing or our reliance on consent), we will seek your renewed consent.
  • If you do not agree with the updated Privacy Policy, you may choose to discontinue using Casimba on casimba-ca.com and, if applicable, request deletion or closure of any account you hold with us.

Version and last update: This Privacy Policy for Casimba on casimba-ca.com was last updated in January 2026. Earlier versions may be available upon request to our DPO.