burger icon
Champion Сasino
Log In

Privacy Policy

Effective as of 01 November 2025. This Privacy Policy explains how champion-casino, operating the website https://champion777-ca.com, collects, uses, discloses, and protects personal information of players and website visitors in Canada. It applies to all users who access the site, create an account, or otherwise interact with our services.

Who We Are

Observe: Users need to know who controls their data, how to contact us, and how our brand relates to regional operations.

Expand: The Canada-facing site's corporate details are being finalized; the Ukrainian site has a separate licensed operator. Clear contacts for privacy are essential under Canadian law.

Reflect: Until final corporate details for Canada are published, we provide definitive points of contact and clarify brand relationships without conflating jurisdictions.

Controller/Operator: For the purposes of this Privacy Policy, "we", "our", or "champion-casino" refers to the operator of the Canada-facing website located at https://champion777-ca.com (the "Website"). Operator identification (full legal name, registered address, registration number for the CA-facing site) is undergoing formal confirmation and will be posted here and in your account settings upon completion.

Jurisdictional clarification: The website https://championcasino.ua is operated in Ukraine by LLC "Limon" under KRAIL Decision No. 603 (27 Sep 2021). That license applies only to championcasino.ua and does not govern the CA-facing Website.

Privacy contacts (Canada-facing site):

  • Data Protection Office (DPO): [email protected]
  • General privacy inquiries: [email protected]
  • Mailing address: We will publish our Canadian mailing address once confirmed. Until then, please contact us by email to request a postal channel for your jurisdiction; we will provide a suitable mailing address without delay.

What Personal Data We Collect

Observe: Gaming operations require identity, payment, technical, and behavioral data to deliver services and meet KYC/AML duties.

Expand: We also collect device/cookie identifiers for security, analytics, and consent management in line with Canadian privacy norms.

Reflect: We list categories clearly for transparency and informed consent.

  • Identity and contact data: full name, date of birth, address, email, phone, government-issued IDs (for KYC), proof of address, account identifiers, communication preferences.
  • Account and behavioral data: gameplay and betting history, session timestamps, responsible-gambling settings, deposits/withdrawals, interactions (clickstream, page views), support communications and recordings (where applicable).
  • Payment and verification data: masked card details, payment tokens, e-wallet IDs, bank information (as needed), transaction confirmations, sanctions and PEP screening results.
  • Technical data: IP address, device identifiers, OS/browser, language, time zone, performance logs, fraud/abuse signals, security telemetry.
  • Cookies and similar technologies: session and persistent cookies, SDKs, pixels, local storage, advertising IDs (mobile). Used for essential functions, security, analytics, personalization, and-where consented-marketing.
  • Sensitive data (limited): We do not collect health or biometric data for marketing. We process government ID images and similar data solely for KYC/AML and age verification.

Legal Basis for Processing

Observe: Canada relies on meaningful consent and reasonable purposes; other regimes (e.g., GDPR) may apply to some users.

Expand: We harmonize Canadian PIPEDA principles with GDPR-style bases where territorially applicable.

Reflect: We specify the grounds used for each processing context.

  • Consent (PIPEDA; CASL for electronic messages): Creating an account, enabling non-essential cookies, and receiving marketing require consent. You can withdraw consent at any time (see Your Rights).
  • Provision of services (contractual necessity under GDPR where applicable; reasonable purposes under PIPEDA): Operating accounts, processing stakes and payouts, customer support, identity verification, and responsible gambling tools.
  • Legitimate interests (GDPR, where applicable) / appropriate purposes (PIPEDA): Fraud prevention, network and information security, product analytics, service improvement. We apply safeguards to minimize privacy impact.
  • Legal obligations: KYC/AML screening, age verification, recordkeeping, tax/reporting, responding to lawful requests by authorities (e.g., PCMLTFA requirements in Canada).

Purpose of Processing

Observe: Users need clarity on how their data supports services and compliance.

Expand: We distinguish core operations, safety, analytics, and marketing.

Reflect: We provide purpose-based transparency to support informed choices.

  • Service delivery: Account creation, verification, deposits/withdrawals, gameplay, prizes and payouts, customer support.
  • Compliance and risk: KYC/AML checks, sanctions/PEP screening, age verification, fraud monitoring, responsible-gambling safeguards.
  • Security and integrity: Incident detection, prevention of abuse, access controls, audit logs, service continuity.
  • Analytics and improvement: Performance measurement, feature testing, usability and reliability enhancements.
  • Marketing (with consent): Promotions, offers, newsletters, personalized recommendations; opt-out anytime.
  • Legal defense and rights: Managing claims, disputes, and regulatory inquiries.

Disclosure & Sharing

Observe: Disclosures must be limited, purposeful, and safeguarded.

Expand: Gaming requires payments, KYC, hosting, analytics, and, when required, regulatory reporting.

Reflect: We disclose only what is necessary, under contract, with security controls.

  • Payment partners and banks: To process deposits/withdrawals, verify transactions, and prevent fraud.
  • KYC/AML and risk vendors: Identity, sanctions/PEP, geolocation, device fingerprinting, and fraud prevention providers.
  • Hosting and IT service providers: Cloud infrastructure, security, content delivery, maintenance.
  • Analytics and measurement: Aggregated or pseudonymized data for service improvement; identifiable data only where necessary and subject to contract.
  • Affiliates and marketing networks (with consent): For advertising and attribution; you can withdraw consent at any time.
  • Regulators and law enforcement: Where required by law or to protect rights, users, or the platform.
  • Corporate transactions: In mergers, acquisitions, or restructuring, subject to confidentiality and continued protection of personal information.

International Transfers

Observe: Data may be processed outside your province or Canada.

Expand: Transfers can involve providers in the EEA/UK, United States, Ukraine, Romania, and Curaçao, among others.

Reflect: We implement contractual and organizational safeguards consistent with Canadian guidance.

  • Safeguards: Standard Contractual Clauses (EU 2021 SCCs) with Transfer Impact Assessments for EEA-related flows; data processing agreements with Canadian-equivalent protections for non-EEA flows; technical safeguards (encryption, access controls).
  • Quebec (Law 25): We conduct a privacy impact assessment and ensure "equivalent protection" before communicating personal information outside Quebec.
  • Vendor frameworks: Where applicable, some U.S. vendors may participate in the EU-U.S. Data Privacy Framework; we nonetheless rely on appropriate contractual protections.
  • Notice: Foreign laws may permit access by courts, law enforcement, or national security authorities. We limit disclosures to what is legally required.

Data Retention

Observe: Retention must be limited to necessary periods and legal requirements.

Expand: Gaming and AML rules require longer retention for verification and transaction data.

Reflect: We apply category-based schedules and secure deletion/anonymization.

  • Account and identity (KYC) data: Retained for the life of the account and typically up to 5 years after closure or longer if required by PCMLTFA or applicable law.
  • Transaction and betting records: Retained for at least 5 years from the transaction date to meet audit and AML obligations.
  • Customer support communications: 2-3 years after resolution, unless needed for dispute handling or legal defense.
  • Marketing data: Until consent is withdrawn or after 24 months of inactivity, whichever occurs first.
  • Technical logs and security telemetry: 12-24 months, unless extended for security investigations.
  • Deletion/anonymization: Upon expiry of retention periods, successful objection, or withdrawal of consent (where no overriding legal basis applies), we securely delete or irreversibly anonymize data.

Your Rights

Observe: Canadian users have access and correction rights, among others; some users may benefit from GDPR or Mexican ARCO rights depending on their location and the processing context.

Expand: We accommodate overlapping frameworks: PIPEDA (Canada), provincial laws (Quebec Law 25, Alberta PIPA, BC PIPA), GDPR (EEA/UK), and Mexico's LFPDPPP (ARCO).

Reflect: We provide a single, practical process with statutory timelines and no charge for standard requests.

  • Access and portability: Obtain a copy of your personal information and information about its use and disclosure. Where GDPR or Quebec portability applies, receive it in a commonly used, machine-readable format.
  • Correction/rectification: Request correction of inaccurate or incomplete data.
  • Deletion/cancellation: Request deletion where no legal obligation or overriding purpose requires retention (ARCO "Cancellation" in Mexico; GDPR "Erasure").
  • Restriction/objection: Restrict or object to certain processing (e.g., analytics or profiling) where permitted; object to direct marketing at any time.
  • Consent withdrawal: Withdraw consent for non-essential processing (e.g., marketing, non-essential cookies). This does not affect prior lawful processing.
  • Automated decisions: Request human review of decisions that produce legal or similarly significant effects (where applicable under law).

How to exercise your rights

  1. Submit: Email [email protected] from your registered email with subject "Privacy Request," specifying the right(s) you wish to exercise. We may ask for additional information to verify identity.
  2. Timeline and fees: We respond within 30 days (PIPEDA), extendable where permitted. No fees unless requests are manifestly unfounded or excessive (we will explain any fees in advance). For Mexico's LFPDPPP ARCO rights, we respond within 20 days and implement within 15 additional days where applicable.
  3. Outcome: We will provide access, corrections, confirmations of deletion/restriction, or reasons if we cannot fulfill a request (e.g., due to legal retention obligations).

Cookies & Tracking Technologies

Observe: Users must understand cookie types, purposes, and controls.

Expand: We separate essential from non-essential cookies and provide opt-out tools.

Reflect: Clear choices satisfy Canadian consent standards and user expectations.

  • Types:
    • Session cookies: expire when you close your browser.
    • Persistent cookies: remain until expiry or deletion.
    • Third-party cookies/SDKs: analytics, advertising, fraud prevention.
  • Purposes:
    • Essential/functional: sign-in, account security, load balancing, preferences.
    • Analytics: usage trends, performance, service improvement.
    • Advertising (with consent): personalization, frequency capping, attribution.
  • Controls: Use the in-site Cookie Preferences panel (link in footer) to accept/reject non-essential cookies; adjust browser settings; for mobile advertising IDs, reset/limit ad tracking in device settings; opt-out of interest-based ads via applicable industry programs.
  • Do Not Track: We honor browser signals where technically feasible and legally required; otherwise, use the in-site controls.

Data Security

Observe: Gaming platforms must mitigate financial and identity risks.

Expand: We combine encryption, access controls, training, and testing; we avoid overstating certifications.

Reflect: Controls are risk-based and aligned with recognized standards.

  • Encryption: TLS 1.2+ in transit; strong encryption for sensitive data at rest; key management with role separation.
  • Access controls: Multi-factor authentication, least privilege, network segmentation, administrative session monitoring.
  • Secure development: SDLC with code review, dependency scanning, and regular penetration testing.
  • Monitoring and audits: Log aggregation, anomaly detection, periodic security assessments.
  • Staff training: Onboarding and annual security/privacy training; role-based training for sensitive functions.
  • Incident response: 24/7 monitoring, containment and notification procedures; users and regulators are notified as required by law (e.g., PIPEDA data breach reporting).
  • Standards: Controls align with ISO/IEC 27001 and SOC 2 principles where applicable; we do not claim formal certification unless explicitly stated on the Website.

Complaints & Contacts

Observe: Users need accessible channels and escalation paths.

Expand: Canadian federal and provincial authorities, as well as EU/Mexico authorities where applicable, should be referenced.

Reflect: We provide a stepwise process with timelines and authority details.

Contact us first

  • DPO (primary contact): [email protected]
  • Privacy inquiries: [email protected]
  • Postal: Our Canadian mailing address will be published upon confirmation. Until then, email us to obtain a mailing address suitable for your jurisdiction; we will provide it promptly.

Complaint procedure

  1. Submit: Email the DPO with a description of your concern and any supporting documents.
  2. Acknowledgment: We acknowledge receipt within 5 business days.
  3. Investigation: We investigate and aim to resolve within 30 days. Complex matters may require an extension; we will inform you of the reasons and new timeline.
  4. Outcome: We provide a written response with corrective actions where appropriate.

Escalation to authorities

  • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en • 1-800-282-1376 • 30 Victoria Street, Gatineau, QC K1A 1H3
  • Quebec (Commission d'accès à l'information): https://www.cai.gouv.qc.ca
  • British Columbia (OIPC): https://www.oipc.bc.ca
  • Alberta (OIPC): https://www.oipc.ab.ca
  • European Union (where GDPR applies): Contact your local data protection authority: https://edpb.europa.eu/about-edpb/board/members
  • Mexico (INAI, LFPDPPP): https://www.inai.org.mx • Tel. 800 835 4324 (within MX)

Updates

Observe: Users require transparent change control and notice.

Expand: Material changes should provide advance notice and user options.

Reflect: We maintain versioning and multi-channel notifications.

  • Last updated: November 2025
  • Version control: The current version of this Privacy Policy is displayed on this page and in your account settings.
  • Notice of changes: For material changes, we will notify you at least 30 days in advance via email (where available), in-account alerts, and a banner on the Website.
  • User options: If you do not agree with updates, you may adjust your privacy settings, withdraw marketing consent, or close your account before changes take effect. Continued use after the effective date constitutes acceptance of the updated policy.
  • Changelog (material highlights):
    • Added Canada-specific disclosures (PIPEDA, PCMLTFA, Quebec Law 25 transfer assessments).
    • Clarified brand/operator jurisdictional boundaries (UA vs CA-facing site).
    • Expanded international transfer safeguards and rights procedures (including ARCO/GDPR where applicable).
    • Introduced in-site Cookie Preferences panel and refined marketing consent controls.

Regional Compliance Note: This policy is tailored for Canadian users of https://champion777-ca.com. Where users are located in other jurisdictions (e.g., EEA, Mexico), we apply the additional rights and bases described above to the extent those laws apply to our processing in that context. Nothing in this policy limits your non-waivable rights under applicable law.