burger icon
Evospin Сasino
Log In

Privacy Policy

This Privacy Policy explains how evo-spin at https://evospin777-canada.com collects, uses, discloses, and safeguards personal information of players and website visitors in Canada. It applies to account holders, prospective users, and visitors interacting with our services and communications. Effective date: 01 November 2025.

Who We Are

OBSERVE

Controller/operator: N1 Interactive Ltd., 206, Wisely House, Old Bakery Street, Valletta VLT1451, Malta. Registration No.: C 81457. Gaming licence: MGA/B2C/394/2017 (Malta Gaming Authority), active as of October 2025. Service context: evo-spin at https://evospin777-canada.com for Canadian users.

EXPAND

  • For Canadian privacy compliance, N1 Interactive Ltd. is the organization responsible for personal information under PIPEDA and applicable provincial laws.
  • Some sources reference Curaçao licensing for other entities; Canadian-facing services on evospin777-canada.com are operated by N1 Interactive Ltd. This statement concerns data protection only.

REFLECT

  • Data Protection Office: N1 Interactive Ltd., "DPO - Privacy Request," 206, Wisely House, Old Bakery Street, Valletta VLT1451, Malta.
  • Preferred contact method: Secure account message (Help/Support) or postal mail to the DPO address above. If you cannot access your account, write to the postal address.
  • Phone for privacy: Not offered; we respond in writing for verification and auditability.

What Personal Data We Collect

OBSERVE

  • Identity/contact: name, date of birth, address, email, phone, ID/KYC documents.
  • Account/usage: username, preferences, session data, support communications.
  • Technical: IP address, device/browser data, language, referrer, logs, approximate geolocation.
  • Payments: deposits/withdrawals, partial card or account identifiers, payment method, billing details (processed via payment partners).
  • Behavioral: game selections, betting history, clicks, interaction events, risk/fraud signals.
  • Cookies/SDKs: session/persistent/third‑party cookies, pixels, tags, and similar technologies.

EXPAND

  • Information from verification and screening providers (KYC/AML, sanctions, PEP checks).
  • Inferences for service personalization and fraud risk scoring.

REFLECT

We collect data from you, your device, and service providers strictly for stated purposes, applying minimization and proportionality.

Legal Basis for Processing

OBSERVE

  • Consent: marketing communications, certain cookies/analytics, and optional features (CASL-compliant).
  • Contractual necessity: account setup, identity verification, deposits/withdrawals, gameplay, support.
  • Legitimate interests: service security, fraud prevention, analytics to improve performance, enforcing terms (balanced against your rights).
  • Legal obligations: KYC/AML screening, reporting to competent authorities, accounting/recordkeeping, dispute handling.

EXPAND

  • For Canadian users, consent under PIPEDA (and substantially similar provincial laws) is primary; certain processing is reasonably required to provide the service.
  • If GDPR applies (e.g., Malta establishment), the bases above are relied upon; for Mexico references, lawful processing aligns with LFPDPPP when relevant.

REFLECT

We document each processing activity with its legal basis and limit use to compatible purposes.

Purpose of Processing

OBSERVE

  • Provide and operate casino services, including account management and payments.
  • Verify identity, conduct KYC/AML checks, and comply with regulatory duties.
  • Maintain platform security, detect/prevent fraud and abuse.
  • Perform analytics to improve features, stability, and user experience.
  • Send transactional notices and, with consent, marketing communications.
  • Handle support queries, disputes, chargebacks, and regulatory inspections.

EXPAND

  • Personalization (content and offers) subject to your preferences and applicable consent rules.

REFLECT

We do not use personal information for unrelated purposes without notice and, where required, fresh consent.

Disclosure & Sharing

OBSERVE

  • Payment partners: card processors, banks, alternative payment providers for deposits/withdrawals.
  • Verification/AML/fraud providers: identity verification, sanctions/PEP screening, device fingerprinting.
  • IT and operations: hosting, security, cloud communications, customer support tools.
  • Analytics/marketing: analytics and advertising networks (only with required cookie/marketing consent; no sale of personal information).
  • Group and affiliates: intra-group sharing under intercompany agreements for support and compliance.
  • Regulators and authorities: Malta Gaming Authority, financial intelligence units, tax/customs, law enforcement, courts.
  • Business transfers: merger, acquisition, or restructuring, subject to safeguards and notice where required.

EXPAND

  • All service providers are bound by data processing agreements and confidentiality, acting on our instructions.

REFLECT

We do not sell personal information. We share only as necessary, proportionately, and with safeguards.

International Transfers

OBSERVE

  • Primary processing occurs in the EU/EEA (Malta). Support and infrastructure may involve the EU/EEA, the UK, Canada, and the United States.

EXPAND

  • For transfers from the EEA/UK to third countries, we rely on EU Standard Contractual Clauses and, where applicable, the EU‑US Data Privacy Framework (for certified recipients) or the UK IDTA/Addendum.
  • For Canadian users, we notify you that data may be processed outside Canada; comparable protections and contractual safeguards are applied.

REFLECT

We implement transfer impact assessments, encryption, and access controls to maintain an adequate level of protection across borders.

Data Retention

OBSERVE

  • Account data: for the life of the account; upon closure, typically 5 years for regulatory and AML compliance (and up to 10 years where accounting/tax law requires).
  • KYC/AML records: 5 years from the end of the relationship (extendable if required by law).
  • Payment/transaction records: 7-10 years for accounting, anti‑fraud, and legal defense.
  • Support communications and logs: 3-5 years, depending on case type and legal needs.
  • Behavioral/analytics data: 24-36 months, then aggregate or anonymize.
  • Cookies and telemetry: session to 24 months, per cookie category.

EXPAND

  • We delete or anonymize data when the purpose ends, retention expires, or you validly request deletion (subject to statutory exemptions).

REFLECT

Retention schedules are documented; legal holds may suspend deletion to preserve evidence.

Your Rights

OBSERVE

  • Access and portability: obtain a copy of your personal information and, where feasible, receive it in a portable format.
  • Correction (rectification): request updates to inaccurate or incomplete data.
  • Deletion (erasure/cancellation): request deletion where permitted; statutory retention (e.g., AML) may limit immediate deletion.
  • Restriction/objection: limit or object to processing, including profiling for direct marketing; opt out of marketing at any time.
  • Consent withdrawal: withdraw marketing or cookie consent without affecting prior lawful processing.
  • Challenge compliance: contest our privacy practices and obtain information about our policies (PIPEDA).
  • ARCO (Mexico reference): Access, Rectification, Cancellation, Opposition aligned with Mexico's LFPDPPP, where relevant.

EXPAND

  1. How to exercise: Submit a request via your account's secure message center or by postal mail to the DPO (see "Who We Are"). Include your name, account ID/email, request type, and proof of identity.
  2. Verification: We may request additional information to verify your identity and protect your account.
  3. Timeline: We respond within 30 days of receipt and verification. If more time is needed due to complexity, we will notify you and explain the extension. Where a shorter statutory period applies, we will meet it.
  4. Cost: Requests are free of charge unless manifestly excessive or repetitive, in which case a reasonable fee may apply as permitted by law.

REFLECT

We apply GDPR‑level controls in the EU establishment, align with PIPEDA and substantially similar provincial laws in Canada, and acknowledge ARCO principles for cross‑reference to Mexico's LFPDPPP where relevant.

Cookies & Tracking Technologies

OBSERVE

  • Session cookies: essential for authentication and security; expire when you close the browser.
  • Persistent cookies: preferences, performance, and analytics; retained from days to months.
  • Third‑party cookies/pixels: analytics and, with consent, advertising/retargeting.

EXPAND

  • Purposes: functional (site operation), analytics (service improvement), advertising (consented marketing), fraud prevention (security).
  • Controls: manage via your browser settings and the site's Cookie Preferences panel (link in footer). Opting out of non‑essential cookies does not affect essential site functions.

REFLECT

We honor your CASL/GDPR‑style consent choices and record consent signals for audit.

Data Security

OBSERVE

  • TLS 1.2+ for data in transit; industry‑standard encryption (e.g., AES‑256) for data at rest where appropriate.
  • Access controls with role‑based access, least privilege, MFA for privileged accounts, network segmentation.
  • Continuous monitoring, logging, and anomaly detection; regular vulnerability scans and periodic penetration tests.
  • Secure development practices, change control, and code reviews; supplier risk management and DPAs.
  • Employee training, background checks (as permitted), confidentiality commitments.
  • Backups, resilience, and disaster recovery testing.

EXPAND

  • We align our program with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where applicable. We do not claim certification unless explicitly stated.
  • Breach response: assess, contain, mitigate, and notify affected individuals and regulators where required. Under Canada's PIPEDA, we notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals of breaches posing a real risk of significant harm "as soon as feasible," and maintain breach records for at least 24 months.

REFLECT

Security controls are risk‑based and reviewed regularly to address evolving threats and regulatory expectations.

Complaints & Contacts

OBSERVE

  • Primary contact (controller): Data Protection Office, N1 Interactive Ltd., 206, Wisely House, Old Bakery Street, Valletta VLT1451, Malta.
  • Channel: Secure account message center (preferred) or postal mail to the DPO address. Phone support is not provided for privacy requests.

EXPAND

  1. Step 1 - Submit: Send your inquiry/complaint with details and any supporting evidence.
  2. Step 2 - Acknowledgment: We acknowledge within 5 business days.
  3. Step 3 - Investigation/Response: Substantive response within 30 days. If we require more time, we will explain why and provide a new date.
  4. Step 4 - Escalation: If unresolved, you may contact a supervisory authority:
    • Canada (federal): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/ - Toll‑free 1‑800‑282‑1376.
    • British Columbia: OIPC BC - https://www.oipc.bc.ca/
    • Alberta: OIPC Alberta - https://oipc.ab.ca/
    • Quebec: Commission d'accès à l'information (CAI) - https://www.cai.gouv.qc.ca/
    • EU (Malta establishment): IDPC Malta - https://idpc.org.mt/
    • Mexico (reference): INAI - https://home.inai.org.mx/

REFLECT

We aim to resolve issues promptly and transparently, documenting each step for accountability.

Updates

OBSERVE

We may update this Privacy Policy to reflect legal, technical, or business changes.

EXPAND

  • Notice methods: email notices (where appropriate), onsite banners, and account dashboard alerts.
  • Advance notice: for material changes (e.g., new processing purposes, new categories of recipients), we provide at least 30 days' notice before the effective date.
  • Your options: you may object to changes that materially affect your rights or close your account before changes take effect, subject to settlement of balances and legal obligations.

REFLECT

  • Version control: Last updated: October 2025.
  • Changelog (material changes):
    • Added Canadian breach notification specifics (PIPEDA).
    • Clarified international transfer safeguards (SCC, DPF, UK IDTA).
    • Expanded retention schedule and user rights procedures.