burger icon
Zodiac Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how Zodiac Casino, operated via the website zodiacbet-ca.com (the "Site"), collects, uses, discloses, and protects personal information of players and website visitors in Canada. It applies to all individuals who access or use our Site, register an account, or otherwise interact with our services. By using the Site, you acknowledge that you have read and understood this Privacy Policy. This version is effective as of 1 January 2026 and supersedes all previous versions.

Who We Are

For the purposes of this Privacy Policy, references to "we", "us", and "our" mean the corporate entities operating Zodiac Casino for Canadian players via zodiacbet-ca.com.

Operating Entities

  • Rest of Canada and International (where permitted):
    • Operator: Fresh Horizons Ltd.
    • Regulator: Kahnawake Gaming Commission (KGC), Kahnawake, Canada.
    • Licence number: 00830 (online casino operations for the Canadian market excluding Ontario and other permitted international jurisdictions).
  • Ontario Residents:
    • Operator: Apollo Entertainment Limited (parent company of the Casino Rewards group, which includes Zodiac Casino).
    • Regulators: Alcohol and Gaming Commission of Ontario (AGCO) and iGaming Ontario (iGO).
    • AGCO licence number: OPIG1237372.
  • International credibility / UK reference:
    • Operator: Apollo Entertainment Limited.
    • Regulator: UK Gambling Commission (UKGC).
    • UKGC account number: 38620.

Legal addresses and registered office details for Fresh Horizons Ltd. and Apollo Entertainment Limited may be obtained on request or from the relevant regulator's public register. Where there is any conflict between this Privacy Policy and mandatory requirements of a specific regulator, the regulator's rules prevail.

Data Protection Contact

If you have any questions about this Privacy Policy or our handling of personal information, you may contact the Data Protection Department at the email addresses above, noting "Privacy Request" in the subject line.

What Personal Data We Collect

We collect only the information necessary to operate a lawful, secure, and responsible online casino. The categories of personal data we may collect are:

Identification and Contact Data

  • Account and profile details: full name, username, date of birth, residential address, country and province of residence, language preference.
  • Contact information: email address, telephone number(s), preferred contact channel.
  • KYC/Verification data: copies or details of government-issued identification (e.g., passport, driver's licence), proof of address (e.g., utility bill), proof of deposit method (e.g., screenshot or bank statement showing Interac transfer), and any additional information requested to meet KYC/AML obligations and Source of Wealth/Source of Funds requirements.

Technical and Usage Data

  • Technical identifiers: IP address, device identifiers, operating system, browser type and version, language settings, time zone, and approximate geolocation derived from IP.
  • Usage and log data: login timestamps, session duration, pages viewed, clicks, navigation paths, referring URLs, error logs, and similar diagnostic information.
  • Security and access data: login history, failed login attempts, device fingerprinting and related data used for fraud and VPN/proxy detection.

Gaming and Behavioral Data

  • Account activity: game selections, time spent on games, tournaments participation, promotions entered, bonus use, and player status/tier within the Casino Rewards network where applicable.
  • Betting and transaction history: deposits, wagers, wins, losses, bonuses, cashouts, reversals during the withdrawal pending period, and account balances.
  • Responsible gambling information: self-exclusion records, deposit limits, loss limits, time limits, reality-check preferences, interactions relating to responsible gambling and risk assessments.

Payment and Financial Data

  • Payment method information: partially masked card details, e-wallet identifiers, bank account/Interac details (to the extent necessary to process payments), transaction identifiers, and payment verification data.
  • Financial risk and AML data: information collected to meet anti-money-laundering (AML) and counter-terrorist-financing (CTF) obligations, including transaction monitoring data, enhanced due diligence records, and documentation evidencing Source of Wealth or Source of Funds where required.

Marketing and Communications Data

  • Marketing preferences: records of whether you have consented to receive marketing communications by email, SMS, push notifications, or other channels.
  • Interaction data: records of email opens, clicks, unsubscribe requests, and responses to surveys or promotions.

Cookies and Similar Technologies

  • Cookies: small text files stored on your device that may contain an anonymous unique identifier, session information, preferences, or other information helpful to operate and improve the Site.
  • Other trackers: web beacons, pixels, tags, SDKs, and local storage technologies used for analytics, security, and (where permitted) advertising.

Further details on cookies and tracking technologies are provided in the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

Our processing of personal data for players and visitors from Canada is based on a combination of contractual necessity, legal obligations, legitimate interests, and, where required, consent. Depending on the circumstances, one or more of the following legal bases may apply:

Performance of a Contract

  • To create, verify, and manage your Zodiac Casino account on zodiacbet-ca.com.
  • To provide our online casino services, including:
    • processing deposits, wagers, bonuses, and withdrawals;
    • operating games, tournaments, promotions, and loyalty rewards;
    • providing customer support and resolving operational issues.

Compliance with Legal and Regulatory Obligations

  • To comply with gambling, AML/CTF, anti-fraud, and financial reporting obligations imposed by:
    • Kahnawake Gaming Commission for Rest-of-Canada players;
    • AGCO and iGaming Ontario for Ontario players;
    • any other lawful authority having jurisdiction.
  • To conduct KYC checks and ongoing monitoring, including document verification, transaction screening, sanctions screening, and recordkeeping in line with applicable law and regulatory guidance (including enhancements introduced following the 2022 UKGC regulatory settlement involving Apollo Entertainment Limited).
  • To respond to lawful requests, audits, and investigations by regulators, law enforcement, tax authorities, or courts.

Legitimate Interests

  • To ensure the security and integrity of our systems and services, including:
    • detecting and preventing fraud, money-laundering, bonus abuse, and misuse of VPNs or proxy servers contrary to our Terms and Conditions;
    • monitoring for unusual or high-risk activity to protect players and the business.
  • To improve and optimize our Site and services through analytics, service performance monitoring, and product development.
  • To enforce our terms, protect our rights, and defend against legal claims.

Consent

  • To send you electronic marketing communications (email, SMS, push notifications) where consent is required under applicable law.
  • To use non-essential cookies or similar technologies for analytics or advertising where required by law.
  • You may withdraw your consent at any time as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawal of consent does not affect the lawfulness of processing carried out before such withdrawal.

Purpose of Processing

We process personal data for the following purposes, each aligned with the legal bases described above:

Provision and Management of Casino Services

  • To register and authenticate user accounts and verify player eligibility (age and jurisdiction).
  • To operate games, process deposits and withdrawals, manage balances, and administer bonuses, promotions, and loyalty rewards.
  • To provide multilingual customer support through email and other channels, including handling complaints and account queries.

Regulatory Compliance and Risk Management

  • To fulfill KYC/AML/CTF requirements, including:
    • identity verification, address verification, and proof of payment methods;
    • ongoing transaction monitoring, enhanced due diligence, and Source of Wealth/Source of Funds checks, particularly around thresholds such as cumulative withdrawals (e.g., CAD 2,000) and first withdrawal events;
    • recordkeeping for the retention periods mandated by law and regulators.
  • To enforce our strict prohibition on the use of VPNs and proxy servers to mask location, as set out in our Terms and Conditions, including detection, investigation, and potential confiscation of winnings where violations are confirmed.

Service Improvement and Analytics

  • To analyze player behavior and site usage (e.g., games played, session length, clicks, device information) to improve game offering, user interface, and site performance.
  • To conduct statistical analysis, testing, and research aimed at enhancing our services, while using aggregated or pseudonymized data where feasible.

Marketing and Personalization

  • To send promotional communications, offers, and newsletters related to Zodiac Casino and associated brands, where permitted by law and, where required, subject to your consent.
  • To tailor content and offers based on your profile, preferences, and activity (for example, highlighting games similar to those you have played or bonuses suited to your play pattern), subject to applicable marketing and profiling rules.

Fraud Prevention and Security

  • To prevent unauthorized access to accounts, detect suspicious transactions, and mitigate operational and financial risks.
  • To conduct security monitoring, including detection of account takeover attempts, abuse of the withdrawal pending period, collusive behavior, bots, and other prohibited conduct.

Legal, Regulatory, and Business Purposes

  • To respond to legal claims, comply with court orders, and cooperate with regulators and law enforcement.
  • To manage business continuity, corporate governance, compliance audits, and due diligence exercises.

Disclosure & Sharing

We do not sell your personal data. We may share personal data with carefully selected third parties only to the extent necessary and subject to appropriate safeguards:

Group Companies and Operators

  • Fresh Horizons Ltd., Apollo Entertainment Limited, and other entities within the broader corporate group (including the Casino Rewards network) involved in:
    • provision, support, and operation of the casino platform;
    • risk management, compliance, responsible gambling, and internal audit;
    • centralized customer service and loyalty program administration.

Payment and Financial Service Providers

  • Banks, card schemes, Interac providers, e-wallets, payment gateways, and other financial intermediaries involved in deposits, withdrawals, chargeback handling, and anti-fraud checks.

Technical and Operational Service Providers

  • IT infrastructure and hosting providers, content delivery networks, security and anti-fraud vendors, identity verification services, analytics providers, customer support platforms, and email/SMS delivery services.
  • These providers process personal data strictly on our instructions and are bound by contractual confidentiality and data protection obligations.

Regulators, Authorities, and Dispute Bodies

  • Regulators overseeing our licences, including:
  • Independent certification bodies such as eCOGRA (e.g., Safe and Fair certification, RTP testing) where access to transactional or gameplay data is necessary to perform audits or certification work.
  • Law enforcement agencies, courts, tax authorities, and other public authorities when required by law or reasonably necessary to protect our rights or the rights of others.

Affiliates and Advertising Partners

  • Affiliate partners and marketing networks who refer players to zodiacbet-ca.com, for:
    • tracking referrals, commissions, and campaign performance using pseudonymous identifiers;
    • providing aggregated statistics about sign-ups and conversions.
  • Advertising and analytics partners, where applicable and subject to your consent where required, for the operation of cookies and similar technologies (see "Cookies & Tracking Technologies").

Business Transfers

  • In connection with any actual or contemplated merger, acquisition, sale of assets, financing, restructuring, or insolvency event, personal data may be disclosed to advisers, counterparties, or successors subject to appropriate confidentiality safeguards and, where required, regulatory approvals.

International Transfers

Personal data may be transferred to, and processed in, countries or territories outside your province or outside Canada, including:

  • Member states of the European Economic Area (EEA) and the United Kingdom (e.g., where Apollo Entertainment Limited and some service providers operate under UKGC oversight).
  • Other countries where our trusted service providers, hosting facilities, or group companies are located.

Where personal data is transferred outside Canada (and, where relevant, outside the EEA/UK), we implement safeguards designed to ensure an adequate level of protection, such as:

  • contractual protections, including standard contractual clauses or equivalent data transfer agreements incorporating recognized data protection principles;
  • technical measures such as encryption in transit and at rest, access controls, and data minimization;
  • organizational controls, including limited access on a need-to-know basis and robust vendor due diligence.

Where required by applicable data protection frameworks, we will only transfer personal data internationally in compliance with those frameworks and will make information about the relevant transfer mechanisms available on request.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to meet legal, regulatory, and accounting requirements, and to resolve disputes. Retention periods may vary depending on the category of data and applicable regulatory jurisdiction.

General Retention Principles

  • Account and identification data: Typically retained for the duration of the customer relationship and for a period of up to five (5) years after account closure, or longer where required by AML/CTF or gambling regulations or in connection with ongoing disputes or investigations.
  • Transaction and financial records: Retained for at least five (5) years from the date of the relevant transaction, or longer where mandated by law, tax rules, or regulator guidance.
  • Responsible gambling data: Self-exclusion and limit records may be retained for the period of exclusion and a further period as necessary to ensure compliance with responsible gambling obligations and prevent circumvention.
  • Technical logs and security data: Retained for a period proportionate to security and fraud-prevention needs, typically between six (6) months and three (3) years, depending on the nature of the logs and regulatory expectations.
  • Marketing data: Retained for as long as you remain opted-in to receive marketing communications. If you withdraw consent or opt out, we will retain a minimal record of your preference to ensure that you are not contacted again for marketing purposes.

Deletion and Anonymization

  • Once data is no longer required for the purposes set out in this Policy or by applicable law, we will:
    • securely delete or destroy the data; or
    • irreversibly anonymize it so it can no longer be associated with you.
  • Where immediate deletion is not possible due to technical or legal reasons, we will securely store your data and isolate it from any further active processing until deletion is feasible.

Your Rights

Subject to applicable law and any regulatory restrictions applicable to gambling and AML/CTF obligations, you have a range of rights in relation to your personal data. Although Canadian privacy laws (including provincial statutes such as PIPEDA and substantially similar provincial laws) differ from the GDPR and Mexican data protection regulations, we aim to align our approach with recognized international standards.

Access and Portability

  • You may request confirmation of whether we process your personal data and, if so, obtain a copy of such data along with information about how it is used.
  • Where technically feasible and subject to legal constraints, you may request that we provide certain data to you in a structured, commonly used, and machine-readable format, or that we transmit it to another controller specified by you.

Correction (Rectification)

  • You may request that inaccurate or incomplete personal data about you be corrected or updated.
  • Some information can be updated directly via your account settings; for other information (e.g., name, date of birth), we may require supporting documentation due to regulatory requirements.

Deletion (Erasure)

  • You may request deletion of your personal data in certain circumstances, for example where:
    • the data is no longer necessary for the purposes for which it was collected; or
    • you withdraw consent where consent was the sole legal basis for processing.
  • We may not be able to delete data where retention is required by gambling, AML/CTF, tax, or other legal obligations, or where it is necessary for the establishment, exercise, or defence of legal claims.

Restriction and Objection

  • You may request that we restrict processing of your data in specific situations (for example, while we investigate a contested accuracy or processing basis).
  • You may object to processing based on our legitimate interests, including profiling based on those interests. We will consider your objection and will cease such processing unless:
    • we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms; or
    • the processing is required for legal claims.

Marketing Preferences and Withdrawal of Consent

  • You may withdraw your consent to marketing communications at any time by:
    • using the unsubscribe link in marketing emails;
    • changing your preferences in your account settings (where available); or
    • contacting us at [email protected] or [email protected].
  • Even if you opt out of marketing, we may still send you important service and transactional messages (for example, about account security, changes to terms, or regulatory messages).

Procedures, Timeframes, and Charges

  • How to submit a request: Please contact our Data Protection Department at [email protected] or [email protected], clearly stating:
    • your full name and account username;
    • the nature of your request (e.g., access, correction, deletion);
    • any specific data or processing activities you are referring to.
  • Verification: To protect your privacy, we may ask you to provide additional information necessary to verify your identity before actioning your request.
  • Response time: We aim to respond to all valid requests within thirty (30) days of receipt. If we require additional time due to complexity or volume, we will inform you of the extension and the reasons.
  • Fees: We will handle your request free of charge, unless it is manifestly unfounded or excessive (for example, repeated requests). In such cases, we may charge a reasonable fee or refuse to act on the request, in which event we will explain our reasons.

Cookies & Tracking Technologies

We use cookies and similar technologies on zodiacbet-ca.com to ensure the Site functions correctly, to enhance user experience, and, where permitted, to support analytics and marketing.

Types of Cookies

  • Strictly Necessary (Session) Cookies: These cookies are essential for the operation of the Site and the online casino platform. They enable functions such as logging in, maintaining a secure session, processing transactions, and complying with security requirements. They are typically deleted when you close your browser.
  • Persistent Functional Cookies: These cookies allow the Site to remember your choices and preferences over time (e.g., language selection, region, login preferences) to provide a more personalized experience.
  • Analytics and Performance Cookies: These cookies collect aggregated information about how visitors use the Site, such as which pages are visited most frequently, error messages, and performance metrics. We use this information to improve our services and user experience. Where required by law, these cookies are used only with your consent.
  • Advertising and Affiliate Cookies: These cookies may be used (where permitted) to measure the effectiveness of our advertising campaigns, track affiliate referrals, and, in some cases, tailor promotional content. They may be set by us or by our trusted marketing partners and affiliates. Use of non-essential advertising cookies is subject to your consent where required.

Managing Cookies

  • You can manage or disable cookies through your browser settings. Most browsers allow you to:
    • view which cookies are stored on your device and delete them;
    • block third-party cookies;
    • block cookies from particular websites; or
    • block all cookies.
  • Disabling strictly necessary cookies may prevent you from using essential features of the Site, including logging in and playing games.
  • Where we offer an internal privacy or cookie management panel on the Site, you may also adjust certain cookie preferences directly within your account or via an on-site banner or settings tool.

Data Security

We implement and maintain administrative, technical, and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. While no system can be guaranteed as completely secure, we continuously work to reduce risks to a level appropriate to the nature of the data and the threats.

Technical and Organizational Measures

  • Encryption: Data transmitted between your browser and our servers is protected using Transport Layer Security (TLS 1.2 or higher). Where practicable, we also implement encryption or pseudonymization of data at rest.
  • Access Controls: Access to personal data is restricted to authorized personnel and service providers who need it for legitimate business or regulatory purposes, subject to role-based access controls and authentication measures, including multi-factor authentication where appropriate.
  • Network and System Security: We use firewalls, intrusion detection and prevention systems, anti-malware tools, and regular patch management to protect our infrastructure.
  • Security Audits and Certifications: Our platform and systems are regularly tested and audited, including by independent bodies such as eCOGRA for game fairness and RTP verification. Where reasonable and relevant, we align our controls with internationally recognized information security frameworks (such as ISO 27001 and SOC-type standards) and applicable regulatory expectations.
  • Staff Training and Confidentiality: Employees with access to personal data receive training on data protection, security, responsible gambling, and AML/CTF obligations. They are bound by confidentiality duties and subject to disciplinary measures for violations.
  • Incident Response: We maintain incident response procedures for identifying, containing, investigating, and remediating suspected or actual security incidents. Where required by law, we will notify affected individuals and/or regulators of certain data breaches without undue delay.

Players are responsible for maintaining the confidentiality of their login credentials and for using secure devices and networks. We strongly recommend that you do not share your password with anyone and that you notify us immediately if you suspect unauthorized access to your account.

Complaints & Contacts

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can attempt to resolve the issue.

Contacting Us

Internal Complaint Procedure

  1. Step 1 - Submit your complaint: Send a detailed description of your concern, including your account details and any supporting information, to [email protected] or [email protected].
  2. Step 2 - Acknowledgment: We will acknowledge receipt of your complaint within five (5) business days where feasible.
  3. Step 3 - Investigation: Your complaint will be reviewed by the relevant team (for example, Customer Support, Compliance, or Data Protection) and, where appropriate, escalated internally.
  4. Step 4 - Response: We aim to provide a substantive response within thirty (30) days of receiving a complete complaint. If we require more time due to complexity, we will inform you of the delay and the expected timeframe.

Escalation to Regulators and Authorities

If you are not satisfied with our response or believe that your privacy rights have been violated, you may have the right to lodge a complaint with an external authority. Depending on your location and the applicable regulatory framework, this may include:

  • Gambling Regulators for Player Complaints:
  • Canadian Privacy Regulators: Depending on your province, you may raise concerns with:
    • the Office of the Privacy Commissioner of Canada (OPC); and/or
    • your applicable provincial privacy commissioner, where a substantially similar provincial law applies.

Contact details for privacy commissioners are publicly available on their official websites. We encourage you to contact us first so we can address your concerns as quickly as possible.

Updates

We may revise this Privacy Policy from time to time to reflect changes in our services, legal or regulatory requirements, industry practices, or technological developments.

Notification of Changes

  • Minor changes: For non-material updates (for example, clarifications, formatting, or updates to contact information), we will post the revised Policy on zodiacbet-ca.com with an updated "Last updated" date.
  • Material changes: For significant changes that affect your rights or the way we process your personal data, we will:
    • provide notice at least thirty (30) days in advance, where feasible, by means such as:
      • email notification to the address associated with your account;
      • notifications within your account dashboard; and/or
      • prominent banners or notices on the Site.
    • explain the nature of the changes and, where appropriate, your available options.

Version Control and Changelog

  • The current version of this Privacy Policy is identified by the "Last updated" date below.
  • Where changes are material, we will summarize them (for example, new purposes of processing, new categories of recipients, or updated retention practices) in an accessible changelog or notice linked from the Policy.

Your Options Following Updates

  • If you continue to use the Site after the effective date of an updated Privacy Policy, your continued use will be deemed acceptance of the updated Policy, to the extent permitted by law.
  • If you do not agree with a material change, you may:
    • adjust your privacy and marketing preferences;
    • request closure of your account; and
    • exercise any other applicable rights described in this Policy.

Last updated: January 2026