burger icon
Holland Casino
Log In

Privacy Policy

Observe: Users need clear notice about how their data is collected, used, shared, and protected. Expand: This policy applies to players, account holders, and visitors of holland-casinoz.com in Canada and other regions mentioned below. Reflect: By using our services, you acknowledge this Privacy Policy, effective 1 November 2025.

Who We Are

Observe: Identify the data controller for transparency. Expand: holland-casino at holland-casinoz.com is operated by Holland Casino N.V., acting as the data controller for activities on this site in relation to Canadian users and other described regions. Reflect: Corporate and regulatory details are provided for accountability.

  • Legal entity: Holland Casino N.V. (public limited company), Company Reg. No. 68662289
  • Registered address: Neptunusstraat 71, 2132 JP Hoofddorp, Netherlands
  • Gaming licence: Netherlands Gambling Authority (Kansspelautoriteit - KSA) Licence No. 1610/01 247085 (online games of chance)
  • Role: Data Controller for holland-casinoz.com
  • Data Protection Officer (DPO): [email protected]
  • Postal contact for privacy matters: DPO, Holland Casino N.V., Neptunusstraat 71, 2132 JP Hoofddorp, Netherlands

What Personal Data We Collect

Observe: We collect only what is necessary to provide regulated gaming services and operate our website. Expand: Categories cover identification, operations, compliance, payments, security, and marketing, including cookie-based signals. Reflect: Each category supports a defined purpose and legal basis.

  • Identity and contact: Full name, date of birth, address, email, phone, account IDs, verification documents (e.g., government ID, self-photos where required).
  • Regulatory/KYC-AML data: Sanctions/Pep screening results, source-of-funds information, risk ratings, verification logs.
  • Payment and transactional: Deposits, withdrawals, partial card identifiers, bank and e-wallet details, invoices, tax or reporting references.
  • Technical and usage: IP address, device identifiers, OS/browser, session data, authentication logs, crash/error logs.
  • Behavioral: Game and betting history, wager amounts, sessions, clicks, navigation paths, preferences.
  • Responsible gaming: Self-exclusion status, affordability checks, limits, interaction notes.
  • Cookies and similar tech: Session, persistent, and third-party cookies; pixels; SDK signals; analytics identifiers.
  • Communications: Chat, email, support tickets, call notes where applicable, marketing preferences.

Legal Basis for Processing

Observe: Laws require a lawful basis for each processing activity. Expand: We align with Canada's PIPEDA, and, where applicable, GDPR and Mexican LFPDPPP. Reflect: We match purposes to appropriate grounds and document them.

  • Consent: For non-essential cookies, direct marketing (CASL-compliant in Canada), and optional features. Under GDPR Art. 6(1)(a) and Mexican LFPDPPP consent rules.
  • Contractual necessity: To create and administer accounts, verify identity, process payments, deliver games, and pay winnings (GDPR Art. 6(1)(b)).
  • Legitimate interests: Fraud prevention, network and information security, service analytics and improvement, and enforcing terms-balanced against your rights (GDPR Art. 6(1)(f)).
  • Legal obligations: KYC/AML, sanctions screening, responsible gaming, dispute handling, accounting, tax, and regulatory reporting, including Canada's PCMLTFA/FINTRAC requirements and EU/NL obligations (GDPR Art. 6(1)(c)).
  • Vital/public interest (limited): To protect users or the public from significant harm where required by law.

Purpose of Processing

Observe: Clarify why data is needed. Expand: Our purposes span service delivery, compliance, safety, and communications. Reflect: Each purpose links to a lawful basis and retention horizon.

  • Provide and operate services: Registration, verification, account management, gameplay, payments, withdrawals, and support.
  • Regulatory compliance: KYC/AML, sanctions checks, responsible gaming controls, audits, and regulatory reporting.
  • Security and integrity: Fraud detection, risk scoring, incident response, access controls, and anti-cheating measures.
  • Analytics and improvement: Performance metrics, feature testing, troubleshooting, and quality assurance.
  • Marketing and personalization: With consent, send offers and tailor content; maintain opt-out preferences and suppression lists.
  • Legal and dispute handling: Enforce terms, manage chargebacks, defend legal claims, and resolve complaints.

Disclosure & Sharing

Observe: Gaming operations require vetted partners and regulatory disclosures. Expand: We minimize sharing and use contracts to protect data. Reflect: We disclose only as necessary and with safeguards.

  • Payment and banking partners: Card processors, banks, e-wallets, and payout providers to process transactions.
  • KYC/AML and fraud vendors: Identity verification, sanctions/PEP screening, device fingerprinting, fraud prevention.
  • Technology and hosting: Cloud infrastructure, CDNs, security monitoring, analytics, and customer support tools.
  • Regulators and authorities: Gambling regulators (e.g., KSA), financial intelligence units (e.g., FINTRAC in Canada), tax authorities, and law enforcement when legally required.
  • Affiliates and marketing partners: Only with your consent where needed; we use contracts and limit identifiers.
  • Corporate transactions: In mergers, acquisitions, or restructuring, subject to confidentiality and continuity of protections.
  • Legal necessity: To comply with subpoenas, court orders, or to protect rights, users, or public safety.

International Transfers

Observe: Cross-border data flows support global operations. Expand: Data may be processed in the Netherlands/EU, Canada, the United States, and other locations of our vendors. Reflect: We implement recognized safeguards and maintain accountability.

  • EEA/UK safeguards: EU Standard Contractual Clauses (and UK IDTA/Addendum where applicable), transfer impact assessments, encryption, and access minimization.
  • Canada: We remain accountable under PIPEDA for foreign processors and ensure comparable protection via contracts and technical measures; Canada enjoys EU adequacy for commercial organizations under PIPEDA (limited scope).
  • United States: For eligible vendors, participation in the EU-US Data Privacy Framework and SCCs as needed.
  • Mexico and other regions: Contractual safeguards consistent with LFPDPPP and applicable local laws.
  • General: Role-based access, encryption in transit and at rest, and vendor due diligence are required.

Data Retention

Observe: Retain data only as long as necessary for stated purposes and legal duties. Expand: Periods vary by category and law. Reflect: When no longer needed, we securely delete or anonymize.

  • Account and identity data: For the life of the account and up to 5 years after closure to meet legal/regulatory obligations (e.g., KYC/AML, limitation periods).
  • KYC/AML records: Typically 5 years from the date of the last transaction or account closure, per applicable laws (e.g., PCMLTFA/FINTRAC, EU/NL).
  • Transaction and financial records: 7 years where accounting/tax laws require; otherwise 5 years.
  • Technical logs and security data: 12-24 months, extended if needed for investigations or legal holds.
  • Responsible gaming records: For the applicable exclusion or limit period and legal minimums thereafter (up to 5 years).
  • Marketing data: Until you withdraw consent or 24 months of inactivity; suppression lists maintained indefinitely to honour opt-outs.
  • Deletion criteria: Purpose completed, retention limit reached, or your valid request-subject to legal holds.

Your Rights

Observe: Users have rights that differ by jurisdiction. Expand: We implement processes to honour Canadian, EU, and Mexican rights as applicable. Reflect: Requests are verified, tracked, and answered within 30 days, free of charge unless manifestly unfounded or excessive.

  • Canada (PIPEDA): Access your personal information; request corrections; withdraw consent (for non-necessary processing); learn about our practices; challenge compliance; file a complaint. We provide records of third-party transfers upon request where feasible.
  • EU/EEA (GDPR): Access, rectification, erasure, restriction, objection (including to profiling/legitimate interests), data portability, and the right to lodge a complaint with an EU supervisory authority. Where consent is the basis, you may withdraw at any time without affecting prior processing.
  • Mexico (LFPDPPP - ARCO): Rights of Access, Rectification, Cancellation, and Opposition; revoke consent; limit processing for marketing. We provide mechanisms to exercise these rights consistent with LFPDPPP.
  • How to exercise: Email [email protected] with: your name, account ID, region, right you wish to exercise, and identity evidence. We respond within 30 days. If we need more time due to complexity, we will inform you and explain why.
  • Limits: Some rights may be restricted by legal obligations (e.g., KYC/AML, security, or litigation holds). We will justify any denial and provide escalation options.

Cookies & Tracking Technologies

Observe: Cookies help run the site and improve experiences. Expand: We categorize by type and purpose and offer controls. Reflect: You can manage preferences at any time.

  • Session cookies: Essential for logins, security, and transactions; expire when you close your browser.
  • Persistent cookies: Remember preferences, maintain sessions, and support performance; stored for defined periods.
  • Third-party cookies/SDKs: Analytics, fraud prevention, and, with consent, advertising and attribution.
  • Purposes: Functional (strictly necessary), performance/analytics, security/fraud, and advertising/personalization (consent-based).
  • Controls: Use our cookie settings panel and your browser/device settings to block/clear cookies; disabling essential cookies may affect functionality. Opt-out tools may be browser-specific.

Data Security

Observe: Gambling platforms face elevated security risks. Expand: We implement layered technical and organizational measures proportionate to risk. Reflect: We continuously test, monitor, and improve controls.

  • Encryption: TLS 1.2+ for data in transit; industry-standard encryption (e.g., AES-256) for data at rest where appropriate.
  • Access controls: Role-based access, least privilege, MFA, secrets management, and session management with timeout and re-authentication.
  • Monitoring and testing: Vulnerability scanning, penetration testing, security logging, and anomaly detection.
  • Secure development: SDLC with code reviews, dependency scanning, and change management.
  • Vendor management: Due diligence, contractual security and privacy requirements; we favour vendors with ISO 27001 and/or SOC 2 reports where applicable.
  • Training and awareness: Mandatory staff training, background checks for sensitive roles, and confidentiality obligations.
  • Incident response: Documented procedures, prompt containment and notification as required by law (e.g., PIPEDA breach notification to OPC and affected individuals where risk of significant harm is present).

Complaints & Contacts

Observe: Users need clear paths to raise concerns. Expand: We provide internal channels and supervisory escalation options. Reflect: We aim to resolve issues quickly and transparently.

  • Contact our DPO: [email protected]
  • Postal address: DPO, Holland Casino N.V., Neptunusstraat 71, 2132 JP Hoofddorp, Netherlands
  • Procedure:
    1. Email us with details of your concern, your account ID, region, and any supporting evidence.
    2. We will acknowledge within 5 business days and aim to respond substantively within 30 days.
    3. If more time is needed, we will explain why and provide a new timeline. You may escalate at any time.
  • Escalation (Canada): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/; 30 Victoria Street, Gatineau, QC K1A 1H3; Toll-free: 1-800-282-1376.
  • Escalation (EU/EEA): Your local EU data protection authority (see European Data Protection Board list) if GDPR applies to you.
  • Escalation (Mexico): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) - https://home.inai.org.mx/ if LFPDPPP applies to you.

Updates

Observe: Privacy practices can evolve with law and technology. Expand: We version changes and notify you about material updates. Reflect: You can object to changes or close your account.

  • Last updated: November 2025
  • Notifications: We will notify material changes at least 30 days in advance via email (where available), on-site banners, and account dashboard alerts.
  • Changelog (material changes):
    • Added Canada-specific references (PIPEDA, PCMLTFA/FINTRAC breach notifications).
    • Clarified international transfer safeguards (EU SCCs, EU-US Data Privacy Framework).
    • Expanded user rights section to include GDPR and Mexican ARCO rights.
  • Your options: Review changes; adjust settings or withdraw consent; object where applicable; or close your account before the effective date of material changes.

Regional Compliance Note: This policy is adapted for Canadian users of holland-casinoz.com under PIPEDA and CASL, with additional accommodations for GDPR (EU/EEA) and LFPDPPP (Mexico) where those laws apply based on your location and our services. Where laws conflict, we apply the stricter standard to protect your rights, while meeting mandatory gaming and AML obligations.