burger icon
Drip Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how Drip Casino, operated via the website drip-ca.com, collects, uses, stores, and protects personal information of its players and website visitors. It applies to all users who access or use any products, services, content, or features offered on drip-ca.com from Canada or elsewhere. By registering an account, visiting the website, or otherwise interacting with our services, you acknowledge this Privacy Policy. This Privacy Policy is effective from 1 January 2025 and remains in force until updated, with all core retention and compliance timeframes aligned no later than 2026.

Who We Are

OBSERVE: Identify the responsible legal entities and contacts for data protection.

EXPAND: Connect corporate structure (operator and payment processor) with data protection responsibilities and user contact channels.

REFLECT: Present a clear, legally precise identification of the controller and key contact details.

The online casino service marketed as Drip Casino and accessible through drip-ca.com (the "Website") is operated by:

  • Data Controller / Operator: Galaktika N.V., a public limited company (N.V.) incorporated under the laws of Curaçao.
  • Registration Number: 140803
  • Registered & Legal Address: Scharlooweg 39, Willemstad, Curaçao
  • Gaming Licence: 8048/JAZ2016-050 issued to Galaktika N.V. by Antillephone N.V. under the authority of the Government of Curaçao (active and treated as valid through at least 2026; see verification at https://validator.antillephone.com).

For certain payment methods used by Canadian players, a group company acts as payment processor:

  • Payment Processing Subsidiary: Unionstar Limited
  • Registration Number: HE 356131
  • Registered Address: Agias Fylaxeos & Zinonos Rossidi 2, 1st Floor, 3082 Limassol, Cyprus

For the purposes of privacy and data protection, Galaktika N.V. is the primary data controller. Unionstar Limited acts as a processor and, in limited cases, as an independent controller for payment-related compliance.

Data Protection Contact

  • Data Protection Officer / Data Protection Department: Galaktika N.V. - Data Protection
  • E-mail (primary): [email protected]
  • E-mail (English support / rights requests): [email protected]
  • Complaints / escalation proxy address (regulator liaison): [email protected]
  • Website: https://drip-ca.com

If you wish to exercise any privacy right or ask a question about this Privacy Policy, you should primarily contact us via email at [email protected].

What Personal Data We Collect

OBSERVE: Identify all categories of data collected in connection with account creation, gambling services, payments, and site usage.

EXPAND: Cover explicit data (identity, contact, payments) and implicit/derived data (behavioural, technical, risk profiles) including cookies and comparable technologies.

REFLECT: Provide a structured overview clarifying for users what data may be processed.

Categories of Personal Data

  • Identification and Contact Data
    • Full name, date of birth, gender (where provided).
    • Residential address, country of residence, billing address.
    • E-mail address, phone number(s), preferred language.
    • Government-issued identification data submitted for KYC (e.g., ID card, passport, driver's licence numbers, images, copies) and proof of address (e.g., utility bills, bank statements).
  • Account and Profile Data
    • Username, encrypted password, security questions/answers (where used).
    • Account settings, communication preferences, responsible gambling limits, exclusion status, and verification status.
    • Internal player ID, account creation and closure dates.
  • Technical and Usage Data
    • IP address, approximate geolocation derived from IP, device identifiers, browser type/version, operating system, language settings.
    • Access logs, session identifiers, timestamps of logins and actions, error logs, device fingerprint data used for fraud and AML purposes.
    • Information about how you navigate and interact with the Website (pages visited, time spent, click paths).
  • Payment and Financial Data
    • Chosen payment method(s), partial card details (BIN and last digits where applicable), cardholder name, e-wallet identifiers, bank account or IBAN where applicable.
    • Deposit and withdrawal amounts, currencies, timestamps, transaction identifiers, payment status, chargeback history, and related correspondence.
    • Payment verification documentation you provide (e.g., copies of cards with masked digits, screenshots of e-wallets, bank statements).
  • Gaming and Behavioural Data
    • Betting history, game sessions, stakes, wins/losses, bonuses claimed, wagering progress, jackpot participation.
    • Login frequency, session length, device usage patterns, and interactions with responsible gambling tools.
    • Behavioural risk indicators used for AML, fraud detection, and responsible gambling monitoring (e.g., sudden deposit spikes, risky play patterns).
  • Communication Data
    • Records of communications with customer support via email or other channels.
    • Support tickets, complaints, and internal notes relating to those interactions.
    • Marketing preferences and records of marketing communications sent and your interactions with them (opens, clicks, unsubscribes).
  • Cookies and Similar Technologies
    • Cookies stored on your device, including session, persistent, and third-party cookies.
    • Tracking pixels, tags, scripts, and local storage objects used for functionality, security, analytics, and marketing.

Where permitted by law, we may combine data from different sources (e.g., registration details and gameplay data) to maintain accurate records, comply with legal obligations, and offer a safer gambling environment.

Legal Basis for Processing

OBSERVE: Identify legal grounds under modern data protection frameworks (in particular principles equivalent to GDPR) and their application to an online casino operating for Canadian players from Curaçao and Cyprus.

EXPAND: Connect each data category and processing purpose with at least one lawful ground: consent, contract performance, legal obligation, or legitimate interests.

REFLECT: Explain in clear terms why processing is necessary, while preserving legal robustness and flexibility across jurisdictions.

Our Main Legal Grounds

  • Performance of a Contract

    We process personal data when it is necessary to enter into and perform our agreement with you, including our Terms and Conditions. This includes:

    • Creating and managing your player account on drip-ca.com.
    • Verifying your identity to open and maintain the account.
    • Processing deposits, wagers, game plays, and withdrawals.
    • Providing customer support and resolving operational issues.
    • Administering bonuses, promotions, loyalty programs, and tournaments.
  • Compliance with Legal Obligations

    We are subject to statutory obligations under Curaçao law, applicable anti-money laundering (AML) and counter-terrorist financing (CTF) rules, and other regulatory obligations relevant to online gambling and payment processing. To comply, we must process your data for:

    • Know-Your-Customer (KYC) checks, age verification, and player due diligence.
    • Source of funds/wealth assessments, risk scoring, and ongoing monitoring.
    • Record-keeping of transactions, communications, and KYC documents for legally mandated periods (which may extend through at least 2026).
    • Responding to lawful requests from regulators, financial institutions, and law enforcement authorities.
  • Legitimate Interests

    We process data where it is necessary for our legitimate interests, provided these are not overridden by your rights and freedoms. These interests include:

    • Preventing fraud, abuse of bonuses, money laundering, and other prohibited activities.
    • Ensuring the security and integrity of our Website, systems, and player accounts (e.g., device fingerprinting, IP monitoring).
    • Conducting statistical analysis and business analytics to improve our services and player experience.
    • Protecting our legal rights, defending ourselves in disputes, and enforcing our Terms and Conditions.
    • Delivering non-intrusive service notices and account-related communications.
  • Consent

    In some cases, we process your data based on your explicit consent, which you may withdraw at any time (without affecting prior lawful processing). This applies in particular to:

    • Sending marketing communications by email, SMS, or push notifications where required by law.
    • Using certain cookies or similar tracking technologies for analytics and advertising beyond what is strictly necessary for the Website's operation.
    • Sharing data with certain advertising partners and affiliates for personalised offers, where such sharing is not covered by legitimate interest.
  • Vital Interests and Public Interest (exceptional cases)

    In rare circumstances, we may process or disclose data where necessary to protect your vital interests or those of another person, or where required in the public interest (for example, to support investigations into suspected criminal activity or serious harm).

Purpose of Processing

OBSERVE: Enumerate primary operational, security, legal, and marketing purposes for which data is processed.

EXPAND: Map each purpose to business functions (casino operation, payments, compliance, analytics, responsible gambling) and reflect multi-jurisdictional expectations.

REFLECT: Provide a concise yet complete list to enable users to understand why their information is used.

How We Use Your Data

  • Provision of Casino Services
    • Opening, managing, and closing player accounts on drip-ca.com.
    • Processing deposits, bets, game plays, wins, and withdrawals.
    • Verifying eligibility to play (age, location, self-exclusion status).
    • Providing multi-language customer support via email and other channels.
  • Compliance, Risk Management, and Responsible Gambling
    • Conducting KYC and AML checks, transaction and behaviour monitoring, and sanctions screening.
    • Detecting, investigating, and preventing fraud, abuse of promotions, chargebacks, and other misuse.
    • Monitoring betting patterns and account behaviour for indicators of problem gambling and applying responsible gaming measures where appropriate.
  • Service Improvement and Analytics
    • Analysing aggregated gameplay, transaction, and website usage data to improve our Website layout, performance, and game portfolio.
    • Testing new features and functionalities and measuring their impact on user experience.
    • Producing internal reports and statistics for management and regulatory purposes.
  • Marketing and Personalisation
    • Sending you promotional emails or other messages about bonuses, tournaments, and offers, subject to applicable consent requirements.
    • Customising displayed content, promotions, and recommendations based on your previous activity, where permitted by law.
    • Running affiliate and advertising campaigns to acquire new players and re-engage existing ones.
  • Security and Integrity of the Platform
    • Protecting accounts against unauthorised access by using technical data such as IP address, device information, and failed login patterns.
    • Detecting and mitigating DDoS attacks, bot traffic, and other cyber-threats.
    • Ensuring the overall reliability and availability of the Website and its infrastructure.
  • Legal Claims and Business Administration
    • Handling player complaints and disputes, including interactions with Antillephone N.V. and other authorities.
    • Maintaining records and evidence for legal, tax, audit, and regulatory reporting.
    • Managing corporate operations, including mergers, acquisitions, or restructuring, where your data may be part of transferred business assets.

Disclosure & Sharing

OBSERVE: Identify all categories of recipients who may receive personal data.

EXPAND: Clarify conditions under which data is shared (service provision, law, consent) and protective measures (contracts, minimisation).

REFLECT: Provide users with transparent information about when and why data leaves the controller's direct sphere.

Recipients of Personal Data

  • Group Companies
    • Galaktika N.V. and its subsidiaries, including Unionstar Limited, access personal data as necessary to operate the Website, process payments, provide support, and fulfil legal obligations.
  • Payment Service Providers and Financial Institutions
    • Banks, card schemes, e-wallet providers, and other payment processors involved in deposits and withdrawals.
    • These providers receive only data necessary to process the relevant transaction and satisfy AML/CTF requirements.
  • Technical and Operational Service Providers
    • IT hosting providers, security providers, analytics providers, CRM and email distribution platforms, customer support tools, and identity verification/KYC providers.
    • These entities act as processors under our instructions and are bound by confidentiality and data protection obligations.
  • Regulators, Dispute Bodies, and Authorities
    • Gaming regulators such as Antillephone N.V. and related supervision entities, including through the regulator contact email [email protected] when necessary.
    • Law enforcement, courts, tax authorities, financial intelligence units, and other public bodies when we are legally required or allowed to disclose information.
  • Affiliates and Advertising Partners
    • Marketing affiliates and advertising networks that promote drip-ca.com may receive limited data, typically pseudonymised or aggregated performance and tracking information (such as affiliate IDs, campaign tags, and conversion events).
    • Where legally required or where identifiable data is shared for personalised marketing, we rely on your consent or a robust legitimate interest assessment.
  • Professional Advisers and Business Counterparties
    • Lawyers, auditors, accountants, and consultants who provide professional services to us, under duties of confidentiality.
    • Potential purchasers or investors in the event of a merger, acquisition, or other corporate transaction, subject to appropriate safeguards and, where required, notification.

We do not sell your personal data in the traditional sense. Any sharing for marketing purposes is conducted under contractual safeguards and, where required, subject to your prior consent.

International Transfers

OBSERVE: Recognise that data flows across borders (Canada, Curaçao, Cyprus, EU/EEA and possibly other locations).

EXPAND: Align with global data transfer expectations (e.g., GDPR-style safeguards) even if operating under non-EU licences.

REFLECT: Explain how such transfers remain protected and what mechanisms are used.

Cross-Border Data Transfers

  • Where Your Data Is Processed
    • Your data may be stored and processed in servers and systems located in Curaçao, Cyprus, EU/EEA countries, and other jurisdictions in which our service providers operate.
    • Canadian players access the service remotely; data may be accessed from Canada by you, but core processing occurs in our and our vendors' locations.
  • Safeguards for International Transfers
    • Where we transfer personal data from a jurisdiction with data export rules (for example, the EU/EEA) to a country that is not deemed to provide an equivalent level of protection, we rely on appropriate safeguards such as:
    • Standard Contractual Clauses (SCCs) or their successor instruments approved by relevant regulators, incorporated into our contracts with processors and partners.
    • Technical measures such as strong encryption in transit and at rest, access controls, and data minimisation.
    • Organisational measures including strict internal policies, access limitation, and staff training.
  • Additional Transparency
    • Upon written request, we may provide further information about specific data transfer mechanisms that apply to your data, subject to redactions for security and confidentiality.

Data Retention

OBSERVE: Identify typical retention needs for gambling operations: AML, gaming regulation, disputes, and operational continuity.

EXPAND: Distinguish between categories of data and criteria for deletion or anonymisation, ensuring that timeframes are clear and aligned toward 2026 and beyond where necessary.

REFLECT: Balance regulatory retention obligations with data minimisation principles.

How Long We Keep Your Data

  • General Principle
    • We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including meeting legal, accounting, or reporting obligations and resolving disputes.
  • Account and Identification Data
    • Identification documents, KYC records, and core account information are usually retained for a period of 5 to 7 years after your account is closed or after your last transaction, whichever is later, in line with AML/CTF and gaming-related legal obligations that may extend at least through 2026.
  • Transaction and Payment Data
    • Deposit, withdrawal, and betting transaction records are typically retained for at least 5 years from the date of the relevant transaction, or longer where local laws, card scheme rules, or dispute time limits require.
  • Gaming and Behavioural Data
    • Gameplay logs and behavioural data used for analytics and responsible gambling purposes are kept for as long as your account is active and for a subsequent period which generally does not exceed 5 years after account closure, unless a longer period is necessary to investigate or defend legal claims.
  • Marketing Data
    • Data used solely for marketing (e.g., mailing lists) is retained until you withdraw your consent, object to processing, or your account is deleted, and for a short period thereafter to record your opt-out choice.
  • Technical Logs
    • Server logs, security logs, and device fingerprint data are generally kept for a period ranging from a few months up to 5 years, depending on the nature of the data and its relevance for security, fraud detection, and legal compliance.

When personal data is no longer required for the purposes described above, we will either securely delete it or irreversibly anonymise it so that it can no longer be associated with you. In some circumstances we may retain limited information (e.g., email address or IP hash) in a suppression list to ensure your choices (such as opting out of marketing or self-exclusion) are respected in the future.

Your Rights

OBSERVE: Align user rights with GDPR-style frameworks (access, rectification, erasure, restriction, objection, portability, consent withdrawal) and ensure they are understandable to Canadian users.

EXPAND: Provide procedures, timeframes (30 days), cost-free access, and explain interaction with legal obligations (e.g., AML retention).

REFLECT: Offer a robust rights section suitable for multi-jurisdictional expectations, including where external models such as EU and Latin-American regimes inform best practices.

Data Subject Rights

Subject to applicable law and certain exemptions, you have the following rights in relation to your personal data:

  • Right of Access
    • You may request confirmation as to whether we process your personal data and, if so, obtain a copy of that data along with relevant information about the processing.
  • Right to Rectification
    • You may request correction of inaccurate or incomplete personal data. In many cases you can update certain information yourself in your account settings.
  • Right to Erasure ("Right to be Forgotten")
    • You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal ground for processing.
    • This right is not absolute. We may be required to retain certain data due to legal obligations (e.g., AML/CTF rules, gaming regulations, accounting laws) until at least the relevant retention periods (which may run up to or beyond 2026) have expired.
  • Right to Restrict Processing
    • You may request that we restrict processing of your data, for example while we verify its accuracy or assess an objection you have raised.
  • Right to Object
    • You may object to processing based on our legitimate interests, including profiling. We will stop such processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is required for legal claims.
    • You may object at any time to the processing of your data for direct marketing, including profiling related to such marketing. In that case, we will stop using your data for that purpose.
  • Right to Data Portability
    • Where technically feasible and legally required, you may receive certain personal data in a structured, commonly used, and machine-readable format and have it transmitted to another controller.
  • Right to Withdraw Consent
    • Where processing is based on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal, but it may affect our ability to continue providing some services (for example, marketing communications or certain optional features).

How to Exercise Your Rights

  1. Submit a Request
    • Contact us at [email protected] or [email protected] with a clear description of your request and the right you wish to exercise.
    • You should submit the request from the email address registered to your player account, or otherwise provide sufficient information for us to verify your identity.
  2. Verification
    • We may request additional information to confirm your identity and ensure that personal data is not disclosed to an unauthorised person. This may include requesting you to confirm certain account details or provide identification documents.
  3. Response Time and Cost
    • We aim to respond to all valid requests within 30 days of receipt. If your request is particularly complex or we have received numerous requests, we may extend this period by a further 30 days; in such cases we will inform you of the extension and the reasons for it.
    • Requests are generally handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive, as permitted by applicable law.

In assessing and responding to your requests we take into account prevailing international privacy standards, including principles reflected in the GDPR and comparable data protection frameworks in the Americas. Where local laws impose specific or additional rights, we will take them into consideration as applicable.

Cookies & Tracking Technologies

OBSERVE: Identify different types of cookies and related technologies used on the Website.

EXPAND: Explain their purposes (functional, security, analytics, advertising) and how users can control them.

REFLECT: Provide a transparent, user-friendly description compatible with international privacy expectations.

Types of Cookies We Use

  • Session Cookies
    • Temporary cookies that exist only for the duration of your browsing session and are deleted when you close your browser.
    • Used to maintain your logged-in status, remember selections during a session, and enhance security.
  • Persistent Cookies
    • Cookies that remain on your device after you close your browser for a defined period or until you delete them.
    • Used to remember your preferences (such as language, region, or display settings) and recognise you when you return to the Website.
  • First-Party Cookies
    • Cookies set directly by drip-ca.com to enable core functions of the Website, including authentication, security, and basic analytics.
  • Third-Party Cookies
    • Cookies set by third parties providing services such as web analytics, marketing, and affiliate tracking.
    • These cookies may collect information about your use of our Website and other sites in order to provide interest-based advertising, measure campaign performance, or prevent fraud.

Purposes of Cookies and Similar Technologies

  • Strictly Necessary / Functional
    • Required for the operation of the Website, such as enabling user login, securing transactions, and remembering session states. Disabling these cookies may significantly impair website functionality.
  • Performance and Analytics
    • Help us understand how visitors interact with drip-ca.com, which pages are most popular, and how the site performs technically.
    • We use this information to improve the Website and user experience. Data is typically aggregated and not used to identify you personally.
  • Advertising and Affiliate Tracking
    • Used to deliver relevant marketing messages, limit how often you see an ad, measure the effectiveness of our campaigns, and correctly attribute referrals from affiliates.
    • Where required by law, we request your consent before using these cookies.

Cookie Management

  • You can manage or disable cookies through your browser settings. The process varies by browser; typically you can find cookie settings in the "Options", "Settings", or "Privacy & Security" section.
  • You may also be able to manage certain cookie preferences via in-site tools or banners displayed when you first visit the Website or after significant changes to our cookie practices.
  • If you block or delete some cookies, certain features of the Website may not function as intended, and your overall experience may be affected.

Data Security

OBSERVE: Identify key technical and organisational security measures employed to protect gambling-related personal data.

EXPAND: Reflect recognised best practices (e.g., TLS, encryption, access control, incident response, training) and relevant standards.

REFLECT: Provide assurance without revealing sensitive security details.

Our Security Measures

  • Encryption
    • Data transmitted between your browser and drip-ca.com is protected using TLS 1.2 or higher, helping prevent interception or alteration during transfer.
    • Sensitive data, including passwords and certain financial information, is encrypted at rest using industry-standard cryptographic techniques.
  • Access Controls and Authentication
    • Access to personal data is limited to authorised personnel who require it to perform their duties (e.g., customer support, payments, compliance).
    • Internal systems use strong authentication mechanisms, role-based access controls, and logging of access events.
  • Infrastructure and Application Security
    • We employ firewalls, intrusion detection and prevention systems, anti-malware tools, and other safeguards to protect our infrastructure.
    • We conduct regular technical assessments, security reviews, and, where appropriate, third-party audits or penetration tests of our systems.
  • Organisational Measures and Training
    • Staff are subject to confidentiality obligations and receive training on data protection, AML/CTF, and information security practices relevant to their roles.
    • We maintain internal policies and procedures for handling personal data securely and responding to incidents.
  • Incident Response
    • We maintain procedures to detect, investigate, and respond to personal data breaches or security incidents.
    • Where required by law, we will notify relevant authorities and affected individuals without undue delay, taking into account the nature and severity of the incident.

While we take reasonable steps to protect your personal data, no system can be guaranteed to be completely secure. It is important that you also take steps to protect your account, such as choosing a strong password and keeping your login details confidential.

Complaints & Contacts

OBSERVE: Specify internal and external channels for privacy-related complaints and queries.

EXPAND: Describe the internal complaint handling procedure, expected timelines, and escalation possibilities.

REFLECT: Ensure users understand how to pursue redress, including via supervisory or regulatory authorities where applicable.

Contacting Us

  • For privacy queries and rights requests: [email protected]
  • For general support: [email protected]
  • For complaints and escalation proxy (including regulator liaison): [email protected]
  • Postal contact for the operator: Galaktika N.V., Scharlooweg 39, Willemstad, Curaçao
  • Postal contact for payment subsidiary: Unionstar Limited, Agias Fylaxeos & Zinonos Rossidi 2, 1st Floor, 3082 Limassol, Cyprus

Internal Complaint Procedure

  1. Submission
    • Send a detailed description of your concern (including relevant dates, account ID, and any supporting documentation) to [email protected] or via any complaint function that may be available on drip-ca.com.
  2. Acknowledgement
    • We aim to acknowledge receipt of your complaint within 5 business days.
  3. Investigation and Response
    • Your complaint will be reviewed by the relevant department (e.g., Data Protection, Compliance, Support).
    • We endeavour to provide a substantive response within 30 days. If we cannot respond within this time due to complexity, we will inform you of the delay and provide an updated timeframe.
  4. Escalation
    • If you are not satisfied with our response, you may request a further review or escalation within our organisation.

External Recourse and Regulatory Contacts

If, after contacting us, you believe that we have not adequately addressed your privacy concern, you may be able to raise the matter with relevant supervisory or regulatory bodies, depending on your location and the nature of the issue. These may include:

  • Gaming Regulator / Licence Supervisory Body (Curaçao)
    • Antillephone N.V. (licence 8048/JAZ2016-050 supervising Galaktika N.V.).
    • Regulator email for complaints in relation to the licence: [email protected] (as shown on the Antillephone validator site).
  • Data Protection or Consumer Authorities in Your Jurisdiction
    • Depending on your country or province of residence, you may have the right to lodge a complaint with a data protection authority or consumer protection body. Contact details are usually available on the relevant authority's official website.

We encourage you to contact us first so we can attempt to resolve your issue directly and as efficiently as possible.

Updates

OBSERVE: Acknowledge that policies evolve over time and communicate change-management procedures.

EXPAND: Provide mechanisms for user notification, version control, and advance notice for significant changes.

REFLECT: Ensure transparency and user choice in response to material updates.

Changes to This Privacy Policy

  • We may update or amend this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
  • Each version of the Privacy Policy will be identified by the "Last updated" date indicated below. In the case of material changes that significantly affect your rights or how we use your data, we will take additional steps to inform you.

Notification Procedures

  • Website Notice
    • We will publish the updated Privacy Policy on drip-ca.com and may display a banner or pop-up notice to draw your attention to the changes.
  • Email and Account Notifications
    • For significant changes, we may notify you by email to the address associated with your account and/or via messages in your player account dashboard.
  • Advance Notice for Material Changes
    • Where feasible and required, we will provide at least 30 days' advance notice before material changes take effect, allowing you to review the revised terms.
    • If you do not agree with the updated Privacy Policy, you may choose to stop using the Website and request closure of your account and, where applicable, deletion or restriction of your personal data subject to our legal obligations.

Last updated: November 2025 (with retention and regulatory validity expectations aligned at least through 2026).