burger icon
Rizk Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how Rizk Casino, operated via rizk-ca.com, collects, uses, discloses, protects, and retains personal information of players and website visitors in Canada. It applies to all users who access or use rizk-ca.com and any related Canadian-facing services provided under the Rizk Casino brand, whether you are a registered player or a visitor who does not open an account. This Privacy Policy is effective as of 01 January 2026 and supersedes any previous versions applicable to Canadian users. By accessing or using rizk-ca.com, you acknowledge that you have read and understood this Privacy Policy and that your personal information will be processed in accordance with it and with applicable privacy laws in Canada and, where relevant, the European Union.

Who We Are

OBSERVE: Rizk Casino's operations for Canada are carried out by a clearly identified licensed operator with cross-border activities. Users need a single point of reference and contact for privacy matters.

EXPAND: We must specify the operating entity, its registered address and licensing context, and identify a privacy contact channel fulfilling GDPR-style DPO expectations and Canadian PIPEDA accountability principles.

REFLECT: The following details define the data "controller" (or equivalent "organization" under Canadian law) and how users can reach us for privacy issues.

Operator / Controller:

  • Legal entity name: Zecure Gaming Limited
  • Brand: Rizk Casino (Rizk Casino as offered on https://rizk-ca.com)
  • Registered / corporate office address: Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta
  • Licensing context (gaming):
    • Malta Gaming Authority (MGA) licence no. MGA/CRP/108/2004-05 - covering, among others, players in the Rest of Canada (outside Ontario).
    • Alcohol and Gaming Commission of Ontario (AGCO) / iGaming Ontario licence no. OPIG1231641 - covering players physically located in Ontario.

Data protection contact

  • Data Protection Officer / Privacy contact: Data Protection Officer, Zecure Gaming Limited
  • Email (primary privacy and support channel): [email protected]
  • Email (general information): [email protected]
  • Website: https://rizk-ca.com
  • Postal contact for privacy matters: Data Protection Officer, Zecure Gaming Limited, Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta

Where Ontario-specific requirements apply, our operations are also subject to the oversight of iGaming Ontario and AGCO, in addition to our MGA obligations and relevant data protection laws.

What Personal Data We Collect

OBSERVE: Online gambling operations require a wide spectrum of personal, technical, and behavioural data to meet legal, contractual, and security needs.

EXPAND: We must distinguish between identification, technical, financial, and behavioural categories and include cookies and similar technologies, as these are particularly important for transparency under both PIPEDA and EU GDPR standards.

REFLECT: The categories below explain, in an accessible way, what information Rizk Casino processes when you use rizk-ca.com.

Identification and contact data

  • Full name, date of birth, gender (where required for verification).
  • Residential address, province, postal code, and country.
  • Email address and telephone number(s).
  • Copy details from identity and verification documents (e.g., passport, national ID card, driver's licence, proof of address, payment statements) where required for KYC/AML and age verification.

Account and transactional data

  • Username, account ID, password hashes and security questions/answers (stored using secure hashing and encryption techniques).
  • Account settings and preferences (language, communication preferences, responsible gambling limits, self-exclusion settings).
  • Deposit and withdrawal history, balances, bonuses, winnings and losses, loyalty or rewards status.

Payment and financial data

  • Limited payment card data (e.g., masked card numbers, card type, expiry date) processed via PCI-compliant payment processors.
  • Bank account or Interac details for payouts, where applicable.
  • Payment transaction identifiers, timestamps and status information from our payment partners.

Technical and usage data

  • IP address, approximate location derived from IP (e.g., city, province, country).
  • Device information (device type, operating system, browser type and version, language settings, screen resolution).
  • Log data such as login times, session duration, pages viewed, referring URLs, clickstream data, and navigation patterns.
  • Information about connection quality, network identifiers, and error logs to diagnose technical issues.

Behavioural and gaming data

  • Game selections, stakes, wins and losses, bet history and game round outcomes.
  • Time and duration of gaming sessions, frequency and pattern of play, responsible gambling indicators (e.g., session limits, cooling-off periods, self-exclusion events).
  • Interactions with promotions, bonuses and loyalty programs, including opt-in and redemption behaviour.

Communications and support data

  • Content of emails, live chats or other communications with customer support at [email protected] or via rizk-ca.com.
  • Records of complaints, disputes, and customer service interactions, including outcomes and resolutions.

Cookies and similar technologies

  • Cookies, web beacons, tracking pixels, and similar technologies to remember preferences, keep you logged in, perform analytics, and deliver relevant marketing (where permitted).
  • Identifiers associated with cookies or similar technologies (e.g., session IDs, analytics IDs, advertising IDs where enabled).

Where required by law, we will ask for your explicit consent before setting certain cookies or similar tracking technologies on your device.

Legal Basis for Processing

OBSERVE: As an MGA-licensed operator and a provider of services to Canadian residents, Rizk Casino must align with both EU-style lawful bases (e.g., GDPR) and Canadian concepts of consent, purpose limitation and reasonableness under PIPEDA.

EXPAND: We identify the main legal grounds: consent, performance of a contract, legitimate interests, and compliance with legal obligations, while clarifying how they interact in the Canadian context.

REFLECT: The following legal bases explain why we may process your personal information and how we ensure such processing is lawful and proportionate.

  • Performance of a contract
    • We process your data to create and manage your player account, verify your eligibility to play, process deposits and withdrawals, settle bets, credit winnings, and provide customer support.
    • Without this information, we cannot provide you with the services you request on rizk-ca.com.
  • Compliance with legal and regulatory obligations
    • We are required under gaming regulations (including MGA rules, AGCO/iGaming Ontario standards) and applicable anti-money laundering (AML) and counter-terrorist financing (CTF) laws to carry out identity checks, age verification, affordability and source-of-funds checks, ongoing transaction monitoring, and record keeping.
    • We may also be legally obliged to share certain information with gaming regulators, law enforcement, tax authorities, and financial intelligence units.
  • Legitimate interests
    • We process certain personal data to:
      • Prevent, detect, and investigate fraud, account misuse, bonus abuse, and suspicious transactions.
      • Secure our systems and services, including monitoring for cyberattacks or unauthorized access.
      • Perform analytics to improve our website performance, game offering, and user experience in a way that respects your privacy.
      • Enforce our Terms and Conditions and protect our rights, property, and safety, as well as those of our players and third parties.
    • When relying on legitimate interests, we assess and balance our interests against your privacy rights and expectations and implement safeguards such as pseudonymization and data minimization where appropriate.
  • Consent
    • We rely on your explicit consent for:
      • Sending certain types of marketing communications (e.g., promotional emails, SMS, push notifications) where not otherwise permitted by law.
      • Setting or reading non-essential cookies and similar tracking technologies for advertising or advanced analytics.
    • You may withdraw your consent at any time (see "Your Rights" below), and we will stop the processing for which consent was the legal basis, while continuing to process any data we need for other lawful purposes.

For Canadian users, we also ensure that the collection, use and disclosure of personal information is reasonable and appropriate in the circumstances, and that your consent is meaningful, in line with PIPEDA and applicable provincial privacy laws.

Purpose of Processing

OBSERVE: Users must understand why their data is collected and how it is used in practice.

EXPAND: We align purposes with the nature of the online gambling service, compliance duties, and optional marketing or analytics activities.

REFLECT: Each purpose below is linked to one or more of the legal bases described above and is limited to what is necessary for that purpose.

  • Providing and operating casino services
    • Creating and managing your account on rizk-ca.com, enabling you to log in securely, place bets, participate in games, and use site features.
    • Processing deposits and withdrawals, crediting winnings, managing bonuses, and maintaining transaction histories.
    • Providing multilingual customer support via email and other channels.
  • Regulatory, KYC and AML compliance
    • Verifying your identity, age, location and eligibility to use our services.
    • Monitoring transactions and gaming behaviour to detect suspicious or potentially unlawful activity.
    • Keeping records to satisfy legal and regulatory requirements (e.g., MGA, AGCO/iGaming Ontario, AML/CTF laws).
  • Service improvement and analytics
    • Analyzing aggregated and pseudonymized data about how users interact with rizk-ca.com to improve usability, performance, and stability.
    • Developing new features, games, and tools (including responsible gambling tools) based on usage trends and feedback.
  • Marketing and personalization
    • Sending you offers, promotions, and newsletters about Rizk Casino and related services where permitted by law or where you have opted in.
    • Personalizing certain content, such as featured games and promotions, based on your preferences and previous activity, where allowed.
  • Fraud prevention and security
    • Identifying and preventing fraud, bonus abuse, money laundering, account takeovers and other security threats.
    • Ensuring the integrity of our games and systems, including through security monitoring, audits and incident response.
  • Dispute resolution and enforcement
    • Investigating and resolving complaints or disputes with players, regulators or partners.
    • Enforcing our Terms and Conditions and protecting our legal rights.

Disclosure & Sharing

OBSERVE: Personal information may be shared with third parties under specific conditions and safeguards.

EXPAND: We must identify categories of recipients (processors and independent controllers) and clarify circumstances under which disclosures happen.

REFLECT: The disclosures below are limited to what is necessary, with appropriate contractual and security measures in place.

  • Group companies and affiliates
    • Other entities within the Betsson Group, including Betsson AB, may receive personal information where needed for group-level compliance, risk management, internal audit, financial reporting, or consolidated customer support.
  • Payment service providers and financial institutions
    • Banks, card schemes, payment processors (e.g., Interac providers) receive information required to process deposits, withdrawals and refunds, perform fraud screening, and satisfy financial regulations.
  • Technology and service providers
    • Trusted third parties that provide hosting, data storage, IT support, analytics, security, communications, customer relationship management, or game content.
    • These providers process data only on our instructions and are bound by confidentiality and data protection obligations.
  • Regulators and authorities
    • Gaming regulators such as the Malta Gaming Authority (MGA), AGCO, and iGaming Ontario.
    • Law enforcement agencies, courts, tax authorities, financial intelligence units, and other governmental bodies when required by law or to protect our legitimate interests in legal proceedings.
  • Advertising and marketing partners
    • Subject to your consent and applicable laws, we may share limited data (e.g., hashed identifiers or cookie IDs) with advertising networks and marketing partners for campaign measurement, analytics, and to avoid showing you irrelevant or excessive ads.
    • We do not sell your personal information as that term is commonly understood, and any such sharing is governed by strict contractual controls.
  • Professional advisors
    • Lawyers, auditors, accountants, and consultants may access personal information where reasonably necessary for the provision of their services and subject to confidentiality obligations.
  • Business transfers
    • In the event of a merger, acquisition, reorganization, or sale of all or part of our business, personal information may be transferred to the relevant third parties, subject to legal requirements and appropriate safeguards.

We do not publicly disclose your personal information. When sharing with third parties acting as our processors, we ensure they only process data according to our instructions and in compliance with this Privacy Policy and applicable laws.

International Transfers

OBSERVE: Data is processed by Zecure Gaming Limited in Malta and by service providers in multiple jurisdictions, while users may reside in Canada.

EXPAND: We must address cross-border transfers between the EU/EEA, Canada, and other countries, and describe safeguards such as standard contractual clauses and equivalent mechanisms.

REFLECT: The safeguards below ensure an adequate level of protection for your personal information wherever it is processed.

  • Transfers within the EU/EEA and to Canada
    • Data processed in Malta (EU) for Canadian players benefits from EU data protection standards (including GDPR).
    • Canada is generally recognized by the EU as providing an adequate level of protection for commercial organizations subject to PIPEDA. Transfers of personal information between Malta and Canada therefore benefit from this adequacy framework, where applicable.
  • Transfers to other countries
    • Some of our service providers or group entities may be located outside the EU/EEA and Canada, in countries that may have different data protection laws.
    • In such cases, we implement appropriate safeguards, which may include:
      • Standard contractual clauses (SCCs) or equivalent EU-approved transfer mechanisms.
      • Contractual obligations requiring recipients to protect personal data to standards comparable to those in the EU and Canada.
      • Technical measures such as encryption and access controls.
  • Access on a need-to-know basis
    • Access to your personal information is limited to those employees, agents, contractors, and service providers who have a business need to know it and who are subject to confidentiality obligations.

By using rizk-ca.com, you understand that your personal information may be transferred to and processed in countries outside your province or country of residence, subject to the safeguards described above and in accordance with applicable laws.

Data Retention

OBSERVE: Retention periods must balance regulatory obligations (e.g., gaming and AML requirements) with data minimization principles.

EXPAND: We specify typical periods and criteria, recognizing that exact durations may vary by law and type of data.

REFLECT: The following outlines how long we keep different categories of data and when we delete or anonymize them.

  • Account and identification data
    • We typically retain core account data (name, contact details, KYC information, account history) for the duration of your active account and, after closure, for a period generally not exceeding 5 to 7 years, depending on the applicable legal requirements (e.g., AML, gaming regulations in Malta and Ontario).
  • Transactional and gaming data
    • Betting history, transaction records, and related logs are usually retained for at least 5 years after the end of the business relationship or the relevant transaction, to comply with regulatory and accounting obligations and for dispute resolution.
  • Marketing and communications data
    • We keep records of your marketing consents and preferences for as long as you remain subscribed and for a reasonable period (generally up to 2 years) after you opt out, to demonstrate compliance.
    • Customer support communications and complaint records are typically retained for up to 5 years after resolution, unless a longer period is required by law or needed in case of ongoing disputes.
  • Technical logs and security data
    • Security logs, access logs, and similar technical records are kept for periods aligned with security and compliance needs, generally ranging from 6 months to 5 years, depending on the system and legal requirements.
  • Cookies and similar technologies
    • Cookie durations vary by type. Session cookies are deleted when you close your browser; persistent cookies may last from a few days to several years, as specified in our cookie settings and your browser.

When personal data is no longer needed for the purposes for which it was collected and we are not required by law to retain it, we will either securely delete it or irreversibly anonymize it. If you request deletion, we will also consider whether we can fulfil your request consistently with our legal obligations (see "Your Rights").

Your Rights

OBSERVE: Canadian players may benefit from PIPEDA and provincial privacy laws, while EU-style rights (GDPR) influence our practices due to our location and licensing in Malta.

EXPAND: We harmonize rights of access, correction, deletion, restriction, objection, portability, and withdrawal of consent, explaining procedures, timeframes, and cost-free access.

REFLECT: The rights below are applied in line with applicable Canadian law and, where relevant, EU data protection rules. References to Mexican law are not applicable to this Canadian-facing site; instead, we align primarily with PIPEDA and GDPR principles.

Summary of your rights

  • Right of access - You can request confirmation of whether we hold personal information about you and obtain a copy of such information, together with information on how we use it.
  • Right to rectification (correction) - You can ask us to correct or update inaccurate or incomplete personal information.
  • Right to erasure ("right to be forgotten") - You may ask us to delete your personal information where:
    • It is no longer necessary for the purposes for which it was collected; or
    • You have withdrawn consent and there is no other legal ground for processing; or
    • You have validly objected to the processing; or
    • We have processed it unlawfully.
    This right is subject to legal retention obligations, especially in gaming and AML contexts.
  • Right to restriction of processing - You may ask us to restrict the processing of your personal information while we verify its accuracy, assess an objection, or where processing is unlawful but you oppose deletion.
  • Right to object - You can object at any time to:
    • Processing of your personal information for direct marketing, in which case we will stop such processing; and
    • Certain processing based on our legitimate interests, where your particular situation justifies it.
  • Right to data portability - Where technically feasible and where the processing is based on your consent or on a contract and carried out by automated means, you may request that we provide your personal information in a structured, commonly used and machine-readable format, or transmit it to another organization.
  • Right to withdraw consent - Where we rely on your consent (e.g., for marketing), you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.

How to exercise your rights

  1. Submit your request
    • Contact us at [email protected] or [email protected], clearly indicating that your message is a "Privacy / Data Subject Request".
    • You may also write to: Data Protection Officer, Zecure Gaming Limited, Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta.
  2. Verification
    • For your security, we may need to verify your identity before fulfilling your request (e.g., by asking you to log into your account or provide additional information).
  3. Response time and cost
    • We aim to respond to all valid requests within 30 days of receipt. If your request is complex or we receive numerous requests, we may extend this period by an additional 30 days, in which case we will inform you.
    • We will generally handle your request free of charge. Where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request, as permitted by law.
  4. Limitations
    • Some rights may be restricted under applicable laws, for example, where disclosure would adversely impact the rights of others, compromise security, or interfere with regulatory obligations or ongoing investigations.

Nothing in this Privacy Policy limits your rights under PIPEDA or applicable provincial privacy law in Canada, or under EU data protection law where it applies.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar tools are a central component of online casino platforms.

EXPAND: We classify cookies by type and function and describe how users can manage them.

REFLECT: The overview below helps you understand and control how rizk-ca.com uses these technologies.

Types of cookies we use

  • Session cookies
    • Temporary cookies that are stored on your device only while your browser is open.
    • They are essential for basic site functions such as keeping you logged in and maintaining your session across pages.
  • Persistent cookies
    • Cookies that remain on your device for a predefined period or until you delete them.
    • They help us remember your preferences (e.g., language, region, login details where permitted) and improve your experience on repeat visits.
  • First-party cookies
    • Cookies set directly by rizk-ca.com, typically for essential and functional purposes.
  • Third-party cookies
    • Cookies set by third-party providers, such as analytics or advertising partners, to provide services to us (e.g., traffic analysis, performance measurement) or to deliver targeted advertising where permitted.

Purposes of cookies

  • Strictly necessary / functional
    • Required for the operation of rizk-ca.com and to enable you to move around and use features like account login, bet placement, and secure payment processing.
  • Performance and analytics
    • Help us understand how visitors interact with rizk-ca.com (e.g., which pages are most visited, error messages) so we can improve site performance and user experience.
  • Advertising and personalization
    • Used to deliver ads that are more relevant to you, measure the effectiveness of campaigns, and limit how often you see a particular ad, where such use is allowed by law and, where required, by your consent.

Managing cookies

  • Browser settings
    • You can configure your browser to refuse all or some cookies, or to alert you when cookies are being sent. Refer to your browser's "Help" section for detailed instructions.
    • If you block or delete strictly necessary cookies, some parts of rizk-ca.com may not function properly.
  • Internal tools
    • Where available, we may offer in-site cookie or privacy settings that allow you to manage certain types of cookies and similar technologies separately (e.g., to opt out of analytics or advertising cookies).

Data Security

OBSERVE: Online gambling platforms handle sensitive financial and identity data, requiring robust security controls.

EXPAND: We set out our multi-layered security measures following industry best practice and relevant standards, including ISO 27001-style controls where applicable.

REFLECT: While no system is completely immune to risk, the measures below significantly reduce the likelihood and impact of unauthorized access, loss or misuse.

  • Encryption
    • Data in transit between your device and rizk-ca.com is protected using TLS (Transport Layer Security) version 1.2 or higher.
    • Sensitive data at rest (such as payment details and passwords) is stored using strong encryption, hashing, and tokenization techniques.
  • Access control and authentication
    • Access to personal information is strictly limited to authorized personnel on a need-to-know basis.
    • Administrative access requires strong authentication (including multi-factor authentication where applicable).
  • Security monitoring and audits
    • We employ intrusion detection and prevention systems, log monitoring, and other security tools to identify and investigate suspicious activities.
    • Regular internal and external security audits, vulnerability assessments and penetration tests are carried out in line with regulatory expectations and industry standards.
  • Organizational measures
    • Staff receive regular training on data protection, confidentiality, and information security responsibilities.
    • We maintain documented policies and procedures for data handling, access control, incident response, and business continuity.
  • Incident response
    • We have an incident response plan to quickly identify, contain, and remediate security incidents.
    • Where required by law, we will notify affected individuals and relevant regulators of data breaches without undue delay.

Our security framework is designed to be consistent with international good practices such as ISO 27001 and SOC 2 - type controls, as well as with the requirements of the MGA, AGCO, and iGaming Ontario.

Complaints & Contacts

OBSERVE: Users need clear channels to contact us about privacy concerns and escalate unresolved issues to supervisory authorities.

EXPAND: We outline step-by-step procedures and reference relevant regulators, especially Canadian privacy authorities and, where appropriate, EU authorities.

REFLECT: The process below ensures transparency, accountability, and access to redress.

How to contact us

  • Email (primary): [email protected]
  • Email (general): [email protected]
  • Postal address: Data Protection Officer, Zecure Gaming Limited, Betsson Experience Centre, Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta
  • Website: https://rizk-ca.com

Internal complaint procedure

  1. Submit your complaint
    • Send a detailed description of your concern or complaint (including relevant dates, account details, and any supporting documentation) to [email protected], specifying that it is a "Privacy Complaint".
  2. Acknowledgment
    • We will acknowledge receipt of your complaint within 5 business days, where possible.
  3. Investigation
    • Your complaint will be reviewed by our Data Protection Officer or an appropriate member of our compliance team.
    • We may contact you for additional information if necessary to understand or resolve your concern.
  4. Response
    • We aim to provide a substantive response within 30 days of receiving your complaint. If we cannot meet this timeline due to complexity, we will inform you and provide an updated timeframe.

Escalation to supervisory authorities

If you are not satisfied with our response or believe that we are not handling your personal information in accordance with applicable laws, you may have the right to lodge a complaint with a relevant supervisory authority. Depending on your location and circumstances, this may include:

  • In Canada (federal):
  • In your province or territory (where applicable):
    • For example, provincial privacy commissioners in Alberta, British Columbia, or Quebec (contact details available on the OPC website).
  • In the European Union / Malta:
    • Office of the Information and Data Protection Commissioner (IDPC), Malta
    • Website: https://idpc.org.mt

This is in addition to any dispute processes that may apply in relation to gaming activities via the Malta Gaming Authority or AGCO/iGaming Ontario, which may be accessed through relevant websites such as https://mga.org.mt/support/online-gaming-support and https://igamingontario.ca. These bodies primarily deal with gaming-related issues but may be relevant if your complaint is related to both gaming and data use.

Updates

OBSERVE: Privacy laws, regulatory guidance, and our own operations may evolve over time.

EXPAND: We must explain how users will be informed of updates and how version control and notice periods are managed.

REFLECT: The process below ensures you remain informed of material changes and retain control over your continued use of rizk-ca.com.

  • Policy changes
    • We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
  • Notification methods
    • For non-material changes, the updated Privacy Policy will be posted on https://rizk-ca.com with an updated "Last updated" date.
    • For material changes that significantly affect your rights or how we process your personal information, we will provide additional notice, which may include:
      • Email notifications to the address associated with your account;
      • Prominent banners or pop-up notices on rizk-ca.com;
      • Account dashboard alerts requiring acknowledgment.
  • Advance notice and your options
    • Where feasible and required by law, we will provide at least 30 days' advance notice of material changes before they take effect.
    • If you do not agree with the updated Privacy Policy, you may choose to close your account and stop using rizk-ca.com. Continued use of the service after the effective date of the changes will constitute your acceptance of the updated policy.

Last updated: January 2026