burger icon
Bluff Bet Review Canada
Log In

Privacy Policy

This Privacy Policy explains how Bluffbet N.V. ("Bluff Bet", "we", "us", "our") collects, uses, discloses, and protects your personal data when you visit or use the Canadian-facing website bluffbet-play.ca, including pages and content associated with the Bluff Bet project build. It applies to all visitors to bluffbet-play.ca and to players who create or use an account, regardless of whether they participate in real-money play.

By accessing or using bluffbet-play.ca, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the website or our services. This Privacy Policy is effective and applies to processing activities carried out from 1 February 2026 onward, and supersedes any previous versions published on bluffbet-play.ca.

Who We Are

The services available on bluffbet-play.ca (including content associated with Bluff Bet) are operated by:

  • Legal entity: Bluffbet N.V., a private limited liability company (N.V.) incorporated under the laws of Curaçao.
  • Gambling licence: Sub-licence number 8048/JAZ issued under the master licence held by Antillephone N.V., Curaçao.
  • Registered/Legal address: Bluffbet N.V., Curaçao (full registered address and company registration number are available on request and will be added to this Policy once updated by the operator).

For the purposes of applicable data protection laws, Bluffbet N.V. is the "controller" of personal data collected via bluffbet-play.ca for Canadian users, and for other users where we actively offer services.

Contact for Privacy Matters

  • Data Protection Officer / Privacy Contact: Data Protection Officer, Bluffbet N.V.
  • Email: [email protected] (please indicate "Privacy request" in the subject line).
  • Postal contact: "Data Protection Officer, Bluffbet N.V., Curaçao" (full mailing address available on request via email and will be reflected in the next update of this Policy).

You may contact us at any time with questions about this Privacy Policy or to exercise your data protection rights.

What Personal Data We Collect

We collect and process different categories of personal data when you visit bluffbet-play.ca, interact with the Bluff Bet pages, or use our services. The exact data collected depends on your use of the website, your device settings, and the consents you provide.

Identification and Contact Data

  • Full name, date of birth, and gender (where required for age and identity verification).
  • Residential address, country, and province/territory of residence.
  • Email address and phone number(s).
  • Identity verification information (e.g., copies or details of government-issued ID, proof of address) where required for KYC/AML and age verification.

Account and Gambling-Related Data

  • Username, password (stored in encrypted form), security questions and answers.
  • Account status, registration date, verification status, and communication preferences.
  • Betting and gaming history: game sessions, stakes, wins/losses, bonuses used, limits set, and self-exclusion details.
  • Responsible gambling data: deposit limits, loss limits, time-out periods, self-exclusion requests, and related communications.

Payment and Financial Data

  • Payment method details (e.g., limited card data, e-wallet information, bank or crypto transaction identifiers) processed through secure third-party payment providers.
  • Deposit and withdrawal records, account balances, and transaction timestamps.
  • Anti-fraud and AML-related financial information, such as source-of-funds documentation and monitoring flags.

Technical and Usage Data

  • IP address, approximate geolocation (based on IP), device type, operating system, browser type and version, language settings.
  • Log data: access dates and times, pages viewed, clickstream, referring/exit pages, time spent on pages, and error logs.
  • Unique identifiers such as device IDs, browser fingerprints, and session identifiers.

Behavioral and Analytics Data

  • Information about how you interact with our games, promotions, and pages (including Bluff Bet content).
  • Response to marketing communications, opening and click rates, unsubscribe actions.
  • Aggregated analytics and segmentation data used for understanding user behavior and improving services.

Cookies and Similar Technologies

  • Cookies (session and persistent), web beacons, pixels, and similar technologies that store or access information on your device.
  • Identifiers that allow us to recognize your browser, remember your preferences, secure your sessions, and tailor content and advertisements.

Optional and Communication Data

  • Information you choose to provide in surveys, feedback forms, customer support, or complaints.
  • Records of email, chat, and other communications with our support and complaints teams, including communications to [email protected].

Legal Basis for Processing

We process your personal data only when we have a valid legal basis to do so under applicable laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, substantially similar provincial laws, and, where relevant, the EU General Data Protection Regulation (GDPR) and Mexican data protection law. Our main legal bases are:

Consent

  • We rely on your consent when:
    • You accept non-essential cookies or similar tracking technologies (e.g., for analytics or advertising).
    • You opt in to receive marketing emails, SMS, or push notifications.
    • You voluntarily provide optional information (e.g., surveys, feedback, certain profiling activities).
  • You can withdraw your consent at any time (see the "Your Rights" section); this will not affect the lawfulness of processing based on consent before its withdrawal.

Contractual Necessity

  • We process data that is necessary to:
    • Create and manage your account on bluffbet-play.ca.
    • Provide gaming, betting, and transaction services.
    • Process deposits, wagers, and withdrawals.
    • Provide customer support and handle your requests.
  • Without this data, we cannot provide you with certain services or features.

Compliance with Legal Obligations

  • We process personal data to comply with:
    • KYC (Know Your Customer), AML (Anti-Money Laundering), and counter-terrorist financing obligations.
    • Responsible gambling requirements, including age verification and self-exclusion enforcement.
    • Tax, accounting, and reporting obligations to gaming regulators and relevant authorities.
    • Data security and breach notification obligations under PIPEDA and similar laws.

Legitimate Interests

  • We process data where it is necessary for our legitimate interests and where these are not overridden by your rights and freedoms, including:
    • Preventing fraud, abuse, and unauthorized access to accounts.
    • Ensuring network and information security.
    • Improving and optimizing our website, services, and user experience.
    • Measuring the effectiveness of promotions, including Bluff Bet campaigns.
    • Protecting our legal rights and defending against claims.
  • Where required by GDPR or Mexican law, we conduct a balancing test to ensure that our legitimate interests do not override your rights.

Vital Interests and Legal Claims

  • In rare situations, we may process data to protect your vital interests or those of another person (e.g., where there is a serious risk of harm).
  • We may also process data for the establishment, exercise, or defence of legal claims.

Purpose of Processing

We use your personal data strictly for specific and lawful purposes. These include:

Provision and Management of Services

  • Creating, verifying, and managing your player account.
  • Providing access to games, betting products, promotions, and related services.
  • Processing deposits, bets, and withdrawals, and maintaining account balances.
  • Providing customer and technical support.

Compliance, Risk Management, and Responsible Gambling

  • Performing identity, age, and eligibility checks under KYC/AML rules.
  • Monitoring transactions to detect suspicious or fraudulent activities.
  • Implementing responsible gambling tools, including limits and self-exclusion.
  • Complying with accounting, tax, and regulatory reporting obligations.

Improvement, Analytics, and Personalization

  • Analyzing usage patterns and behavior on bluffbet-play.ca to improve our services and optimize the Bluff Bet content.
  • Personalizing your experience, such as tailoring game suggestions or displaying content in your preferred language.
  • Testing and developing new features, products, or promotions.

Marketing and Communications

  • Sending you service-related communications (e.g., account notices, policy changes, security alerts).
  • Providing marketing communications about promotions, bonuses, and offers, where permitted by law and subject to your consent and preferences.
  • Conducting surveys and feedback requests to understand user satisfaction.

Security, Fraud Prevention, and Legal Protection

  • Preventing and detecting fraud, money laundering, and unauthorized access.
  • Maintaining security logs and audit trails.
  • Enforcing our Terms and Conditions and investigating potential violations.
  • Establishing, exercising, or defending against legal claims and cooperating with law enforcement and regulators where legally required.

Disclosure & Sharing

We share your personal data only with trusted third parties where this is necessary for the purposes described in this Policy, where required by law, or where you have provided consent. We do not sell your personal data.

Group Entities and Business Partners

  • Other entities within the Bluffbet N.V. group (if any) involved in providing our services.
  • White-label or technology partners who support the operation of bluffbet-play.ca and related content such as Bluff Bet.

Payment Service Providers and Financial Institutions

  • Banks, card processors, e-wallet providers, cryptocurrency processors, and other payment intermediaries who process your deposits and withdrawals.
  • These providers act as independent controllers or processors, depending on their role, and are bound by contract and applicable law to protect your data.

Service Providers and Processors

  • IT hosting providers, cloud services, and data centers.
  • Customer support, ticketing, and CRM platforms.
  • Analytics providers, anti-fraud tools, and security monitoring services.
  • Marketing, email distribution, and advertising technology partners (for example, to serve or measure ads), where permitted by law and your consent.

Regulators, ADR Bodies, and Public Authorities

  • Gaming regulators and licensing authorities in Curaçao and other relevant jurisdictions, in order to demonstrate compliance with our licence (e.g., Antillephone N.V.).
  • Alternative dispute resolution (ADR) providers and licensing support entities, such as [email protected], where required for complaint handling or regulatory matters.
  • Law enforcement, courts, and government authorities where we are legally obliged to provide information or where disclosure is necessary to protect our legal rights or the rights of others.

Affiliates and Advertising Networks

  • Affiliate partners and advertising networks that help us market bluffbet-play.ca and track the performance of campaigns (for example, related to Bluff Bet), where you have given consent for tracking cookies and similar technologies.
  • These third parties are required by contract to process data only according to our instructions and applicable law and not to use it for their own unrelated purposes.

Business Transfers

  • In the event of a merger, acquisition, reorganization, sale of assets, or insolvency, we may transfer your personal data to the relevant third party as part of the transaction, subject to appropriate confidentiality and data protection safeguards.

International Transfers

Because Bluffbet N.V. is based in Curaçao and uses service providers in various countries, your personal data may be transferred and stored outside your province, territory, or country of residence, including in jurisdictions that may have different data protection standards than those in Canada, the EU/EEA, or Mexico.

Types of International Transfers

  • Transfers from Canada to:
    • Curaçao (our main place of registration and operation).
    • European Economic Area (EEA) and United Kingdom (for hosting, analytics, and support services).
    • United States and other countries (for cloud, analytics, payment processing, and communications services).
  • Transfers from the EU/EEA, UK, or Mexico to Curaçao and other non-EEA countries where our systems or providers are located.

Protection Measures for International Transfers

  • We implement appropriate safeguards required by applicable laws, including:
    • Standard Contractual Clauses (SCCs) approved by the European Commission for EU/EEA data.
    • Equivalent transfer mechanisms under UK law for UK data.
    • Contractual safeguards and technical measures (encryption, access controls) for data originating from Canada and Mexico.
    • Where relevant, reliance on the EU - U.S. Data Privacy Framework or any successor mechanism recognized by the European Commission.
  • We also require our processors and service providers to implement appropriate technical and organizational measures to protect your personal data.

Where local law in your jurisdiction grants you specific protections related to international transfers (for example, under GDPR or Mexican law), we will respect those protections and provide additional information on request.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the type of data and applicable legal requirements.

General Retention Guidelines

  • Account and identification data: Normally retained for the duration of your account and for up to 5 years after account closure, to comply with AML, regulatory, and record-keeping obligations and to address potential legal claims.
  • Transaction and payment data: Retained for the duration of your account and for up to 5 - 7 years after the relevant transaction, in line with financial and tax law requirements.
  • Responsible gambling and exclusion records: Retained for as long as necessary to enforce self-exclusion or limits and for a minimum period required by law and regulators (typically up to 5 years after the end of the exclusion period).
  • Technical logs and security data: Retained for up to 2 years, unless a longer period is required for security investigations or legal obligations.
  • Marketing data: Retained until you withdraw your consent or object to processing, after which we will stop sending marketing communications and keep a minimal record of your preference to ensure we respect your choice.
  • Customer support communications: Retained for up to 3 years after resolution of the relevant issue, unless a longer period is reasonably necessary for legal or regulatory reasons.

Deletion and Anonymization

  • When personal data is no longer required, we will:
    • Securely delete or destroy it; or
    • Irreversibly anonymize it so that it no longer identifies you.
  • We may retain anonymized or aggregated data indefinitely for statistical, research, and business analysis purposes.

If you request deletion of your data, we will comply where possible and lawful, but may need to retain certain information to comply with legal obligations or to protect our legitimate interests (for example, AML, responsible gambling, or disputes).

Your Rights

Depending on your place of residence and the laws that apply to you, you may have certain rights regarding your personal data. These rights arise under Canadian privacy law (including PIPEDA and substantially similar provincial laws), EU/EEA law (GDPR), and Mexican privacy law (including the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations). We will respect the highest applicable standard in handling your request.

Core Rights (Canada, GDPR, Mexico)

  • Right of access: You can request confirmation of whether we hold personal data about you and obtain a copy of that data, together with information about how we use it.
  • Right to rectification/correction: You can ask us to correct inaccurate or incomplete personal data.
  • Right to deletion / cancellation ("right to be forgotten"): You can request that we delete your personal data where there is no longer a legal basis or compelling reason for us to retain it. Under Mexican law, this forms part of your ARCO rights (Cancellation).
  • Right to restriction of processing: You may request that we restrict the processing of your data in certain situations, such as while we verify its accuracy or assess an objection.
  • Right to object: You may object to processing based on our legitimate interests, including profiling, and you may object at any time to the use of your data for direct marketing.
  • Right to data portability (where applicable): Under GDPR and in some other jurisdictions, you may request a structured, commonly used, and machine-readable copy of certain data you have provided to us, and have that data transmitted to another controller where technically feasible.
  • Right to withdraw consent: Where we rely on consent, you may withdraw it at any time (for example, unsubscribing from marketing or turning off non-essential cookies), without affecting the lawfulness of prior processing.

Additional ARCO Rights (Mexico-Specific Alignment)

  • In line with Mexican privacy law, we recognize and support ARCO rights:
    • Access: Obtain information about the personal data we hold about you.
    • Rectification: Request correction of inaccurate or incomplete data.
    • Cancellation: Request deletion of data when it is no longer necessary for the purposes for which it was collected or when processing is unlawful.
    • Opposition: Object to processing for legitimate reasons in accordance with Mexican law.

Canadian-Specific Rights and Guarantees

  • Under PIPEDA and similar laws, you have the right to challenge our compliance and to know:
    • Why we collect, use, and disclose your personal information.
    • Who within our organization is responsible for privacy compliance.
    • How to obtain access to your personal information.
  • We will respond to access and correction requests within 30 days, or provide an explanation if we need an extension, subject to any lawful grounds for refusal.
  • We will not charge fees for normal access requests, correction requests, or complaints, unless permitted by law and only where the request is manifestly unfounded, repetitive, or excessive. If any fee is necessary, we will inform you in advance.

How to Exercise Your Rights

  1. Submit your request: Contact us at [email protected] with your name, account details (if applicable), and a clear description of your request and the right you wish to exercise.
  2. Verification: We may ask for additional information to verify your identity and ensure the security of your account before fulfilling your request.
  3. Response timeframe: We aim to respond within 30 days of receipt of your complete request. If your request is complex or we receive numerous requests, we may extend this period in accordance with applicable law, and we will inform you about any extension and reasons.
  4. Outcome: We will inform you of the actions taken in response to your request or explain why we cannot fully comply (for example, due to legal or regulatory obligations).

Cookies & Tracking Technologies

We use cookies and similar technologies on bluffbet-play.ca to make the website work, to improve performance, and to support analytics and marketing. Some cookies are essential to enable core functions; others are optional and used only with your consent where required by law.

Types of Cookies We Use

  • Session cookies: Temporary cookies that are stored on your device only for the duration of your browsing session and are deleted when you close your browser. They help with basic navigation and security.
  • Persistent cookies: Cookies that remain on your device for a defined period or until you delete them. They remember your preferences and help us recognize you on your next visit.
  • First-party cookies: Cookies set directly by bluffbet-play.ca.
  • Third-party cookies: Cookies set by third-party providers, such as analytics services, advertising networks, and social media platforms.

Purposes of Cookies

  • Strictly necessary / functional: Required for the operation of the website (e.g., login, session management, security, load balancing, remembering privacy choices). These cannot be switched off in our systems.
  • Preferences: Remember your language, region, and other user preferences to enhance your experience.
  • Analytics and performance: Help us understand how visitors interact with bluffbet-play.ca and Bluff Bet content, so we can measure and improve performance, usability, and content.
  • Advertising and marketing: Used to deliver relevant advertisements, measure campaign effectiveness, and limit the number of times you see a particular ad. These may involve profiling based on your use of our site and other sites.

Managing Cookies

  • You can manage or disable cookies through:
    • Your browser settings, where you can block or delete cookies.
    • Website tools or cookie banners (where provided) to accept or decline different categories of cookies.
  • Disabling certain cookies may affect your ability to use some features of bluffbet-play.ca, such as account login and gameplay.
  • For more detailed information about cookies and how to manage them, you may consult your browser's help section or independent resources (e.g., allaboutcookies.org).

Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, alteration, or disclosure.

Technical Safeguards

  • Encryption in transit: Data transmitted between your browser and bluffbet-play.ca is protected using Transport Layer Security (TLS) version 1.2 or higher.
  • Encryption at rest: Sensitive information is stored in encrypted form where appropriate, including passwords which are hashed and salted.
  • Secure infrastructure: We use reputable hosting providers and data centers with robust physical and logical security controls.
  • Access controls: Access to systems and databases is restricted to authorized personnel based on the principle of least privilege, using role-based permissions and, where appropriate, multi-factor authentication (MFA).
  • Logging and monitoring: We maintain security logs and use monitoring tools to detect unusual or suspicious activities.

Organizational Safeguards

  • Policies and procedures: We maintain internal policies covering data protection, information security, acceptable use, and incident response.
  • Employee training: Staff with access to personal data receive training on privacy, security, and their confidentiality obligations.
  • Vendor management: We conduct due diligence on key service providers and include data protection and security obligations in our contracts.
  • Security assessments: We perform periodic technical and organizational reviews and, where appropriate, security testing and audits to identify and address vulnerabilities.

Incident Response and Breach Notification

  • We maintain procedures to detect, investigate, and respond to potential personal data breaches.
  • If a breach of security safeguards poses a real risk of significant harm, we will notify affected individuals and relevant authorities in accordance with applicable law, including PIPEDA and other regional requirements.
  • We strive to align our practices with recognized security standards (such as ISO 27001 and SOC 2) and to continuously improve our security posture.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal data, we encourage you to contact us first so that we can try to resolve the issue directly.

Contacting Bluffbet N.V.

  • Email (primary contact): [email protected]
  • Subject line: Please include "Privacy complaint" or "Data protection request" to allow us to route your query correctly.
  • Information to provide: Your name, country/province, account details (if applicable), and a clear description of your concern or request.

Complaint Handling Procedure

  1. Receipt and acknowledgment: We will acknowledge receipt of your complaint or query as soon as reasonably practicable, typically within 5 business days.
  2. Investigation: Our Data Protection Officer or designated privacy team will investigate your complaint, which may involve requesting additional information from you.
  3. Response: We aim to provide a substantive response within 30 days of receiving your complete complaint. Where it is not possible to respond within this period (for example, due to complexity), we will inform you of the delay and the expected timeframe.
  4. Resolution: We will communicate the outcome and any steps we have taken or will take to address your concerns.

Escalation to Supervisory Authorities

If you are not satisfied with our response, or if you prefer to contact a supervisory authority directly, you may have the right to lodge a complaint with your local data protection authority, including (as applicable):

  • Canada - Office of the Privacy Commissioner of Canada (OPC)
    Website: https://www.priv.gc.ca
    Phone (toll-free in Canada): +1 800 282 1376
  • Provincial privacy commissioners (Canada): For residents of Alberta, British Columbia, and Quebec, you may also contact your provincial commissioner. Contact details are available on the respective provincial government websites.
  • Mexico - National Institute for Transparency, Access to Information and Personal Data Protection (INAI)
    Website: https://www.inai.org.mx
  • EU/EEA - Local Data Protection Authorities
    If GDPR applies to you, you can lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement. Contact details are available via the European Data Protection Board: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Nothing in this Privacy Policy limits your right to approach a competent authority in your jurisdiction.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer on bluffbet-play.ca, including updates related to the Bluff Bet project build. When we make material changes, we will take appropriate steps to inform you.

How We Notify You of Changes

  • Website notice: We will post the updated Privacy Policy on bluffbet-play.ca with a new "Last updated" date.
  • Email notifications: Where you have an account and the changes are material, we may notify you by email using the address associated with your account.
  • On-site banners or dashboard alerts: For significant updates, we may display a prominent notice or banner on the website or in your account area.

Advance Notice and Your Options

  • For changes that significantly affect your rights or the way we use your personal data, we will provide, where practicable, at least 30 days' notice before the changes take effect.
  • If you do not agree with the updated Privacy Policy, you may choose to:
    • Adjust your privacy or cookie settings.
    • Withdraw your consent for certain processing activities (e.g., marketing).
    • Close your account and request deletion of your data, subject to legal retention obligations.

Last updated: February 2026

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data when you use bluffbet-play.ca.