burger icon
Boylesports Casino
Log In

Privacy Policy

This Privacy Policy explains how boylesports-casino at boylesports-ca.com collects, uses, discloses, and protects personal information. It applies to players and site visitors in Canada who access our website and related services. Effective date: 1 October 2025.

Who We Are

OBSERVE: Identify the operator, registration, addresses, and contacts. EXPAND: Clarify controller role for Canadian users and available contact channels. REFLECT: Provide accountable contact point (DPO/privacy team) with multi-channel access.

  • Operator and Controller: BoyleSports (Gibraltar) Ltd, registered in Gibraltar, company no. 112469. For Canadian users of boylesports-ca.com, BoyleSports (Gibraltar) Ltd acts as the data controller.
  • Head Office / Principal Place of Business: Dundalk, Co. Louth, Ireland.
  • Operational Hub: Gibraltar.
  • Licensing context: BoyleSports is licensed in Great Britain (Account No. 39469, BoyleSports Enterprise) and Gibraltar (RGL 083, RGL 084, BoyleSports (Gibraltar) Ltd). Boylesports-ca.com is not licensed by the Alcohol and Gaming Commission of Ontario (AGCO) and is not directed to Ontario residents.
  • Contact (DPO/Privacy Team): [email protected] | +353 42 604 1800 (International). Postal: BoyleSports Privacy Team, Dundalk, Co. Louth, Ireland.
  • Web: https://boylesports-ca.com (official). Live Chat: 24/7 (via site, where available).

What Personal Data We Collect

OBSERVE: Specify categories gathered via account use, payments, and website. EXPAND: Include KYC/AML, responsible gambling, and telemetry. REFLECT: Indicate optional/mandatory nature and sources.

  • Identity and contact: Full name, date of birth, residential address, email, phone; verification documents (e.g., government ID, proof of address) where lawful.
  • Account and usage: Username, preferences, communication history, support tickets, self-exclusion/limits, session duration, feature interactions, clickstream.
  • Technical data: IP address, device identifiers, OS/browser, language, cookies, pixel tags, geolocation approximated from IP, security logs.
  • Payment and transactional: Deposits/withdrawals, partial card/BIN tokens, wallet identifiers, transaction identifiers, billing address, fraud indicators.
  • Gaming/behavioral: Wagers, wins/losses, betting history, bonuses used, risk and anti-fraud signals.
  • Marketing and consent: Newsletter/offer preferences, consent records, unsubscribe logs.
  • Sources: You, your devices, our systems, and lawful third parties (payment providers, KYC/AML vendors, analytics partners).

Legal Basis for Processing

OBSERVE: Align Canadian and international bases. EXPAND: Incorporate KYC/AML, fraud, and service provision. REFLECT: Clarify consent management and regional nuances.

  • Consent (PIPEDA / provincial PIPA laws; GDPR Art. 6(1)(a) where applicable): For marketing, cookies beyond strictly necessary, and certain optional profiling. You can withdraw at any time.
  • Provision of services / contract (GDPR Art. 6(1)(b) where applicable): Creating and administering your account, enabling gameplay, processing payments, customer support.
  • Legitimate interests (GDPR Art. 6(1)(f), where applicable): Security, fraud prevention, service analytics, and improvement-balanced against your rights.
  • Legal obligations (e.g., KYC/AML, accounting, regulatory inquiries): To meet identification, verification, recordkeeping, reporting, and audit requirements.
  • Vital/public interest (rare): To protect you or others from serious harm or to cooperate with lawful requests.

Purpose of Processing

OBSERVE: Link data to operational purposes. EXPAND: Include compliance, analytics, and risk management. REFLECT: Distinguish service vs. marketing purposes.

  • Service delivery: Account setup, access management, gameplay provisioning, payments, customer support.
  • Compliance: Identity verification, age checks, AML/CTF screening, sanctions/PEP screening where lawful, tax/accounting.
  • Security and fraud: Intrusion detection, transaction monitoring, chargeback prevention, bot/misuse detection.
  • Analytics and improvement: Performance metrics, A/B testing, usability analysis to improve stability and features.
  • Marketing and personalization: With consent, send offers, tailor promotions, manage preferences, and measure campaign performance.
  • Responsible gambling: Self-exclusion tools, limit management, behavioral markers for harm monitoring consistent with law.
  • Corporate operations: Governance, audits, dispute resolution, and potential business restructuring.

Disclosure & Sharing

OBSERVE: Identify recipient categories. EXPAND: Add conditions and safeguards. REFLECT: State what we do not do.

  • Payment and banking partners: Card processors, wallets, banks to process deposits/withdrawals and prevent fraud.
  • Verification and compliance vendors: Identity, address, AML/CTF screening providers; sanctions/PEP screening where lawful.
  • Technology service providers: Hosting (cloud), security monitoring, analytics, CRM, email/SMS delivery, customer support platforms.
  • Affiliates within the BoyleSports group: For consolidated reporting, compliance, and support under intra-group agreements.
  • Regulators and authorities: Courts, law enforcement, tax and gaming regulators when legally required or to protect rights.
  • Professional advisors: Auditors, lawyers, insurers under confidentiality obligations.
  • Advertising networks and social platforms: With your consent and subject to cookie/identifier settings.
  • Corporate transactions: In mergers, acquisitions, or reorganizations under confidentiality and notice.
  • No selling of personal information: We do not sell your personal information.

International Transfers

OBSERVE: Transfers may occur to Ireland, Gibraltar, the UK, EEA, the U.S., and other locations of providers. EXPAND: Describe protections and assessments. REFLECT: Address Canadian and other regional rules.

  • Locations: Your data may be processed in Canada and transferred to Ireland, Gibraltar, the United Kingdom, European Economic Area, the United States, and other countries where our vetted providers operate.
  • Safeguards: Contractual protections (data processing agreements with confidentiality and security obligations), encryption in transit/at rest, access controls, minimization, and vendor due diligence.
  • Quebec Law 25: For Quebec residents, we conduct transfer impact assessments and use contractual clauses ensuring data receives protection equivalent to that required by Quebec law.
  • GDPR where applicable: For EU/EEA data, we use Standard Contractual Clauses (and UK IDTA for UK data) plus supplementary technical and organizational measures.
  • Notice: Cross-border processing means foreign authorities may lawfully access data in their jurisdictions.

Data Retention

OBSERVE: Define durations by category. EXPAND: Include AML/CTF and accounting needs. REFLECT: State deletion/anonymization rules.

  • Account, identity, and KYC records: Retained for up to 5 years after account closure or last transaction, to meet compliance and audit requirements.
  • Transactional/payment data: Retained for 7 years for accounting, chargeback defense, and fraud prevention.
  • Gaming and behavioral logs: Retained for 5 years after account closure, or longer if legally required or in active dispute.
  • Support communications: Retained for 3 years from last interaction.
  • Marketing preferences and consents: Retained for 24 months from last interaction or until consent is withdrawn.
  • Technical logs (security/telemetry): Retained for 12-24 months depending on security needs.
  • Deletion/anonymization: When retention expires, we securely delete or irreversibly anonymize data unless preservation is required by law or for the establishment, exercise, or defense of legal claims.

Your Rights

OBSERVE: Summarize Canadian, EU, and Mexican frameworks. EXPAND: Define procedures, timelines, and verification. REFLECT: Ensure free-of-charge and non-discrimination commitments.

  • Canada (PIPEDA/Provincial PIPA): Access your personal information; request corrections; withdraw consent subject to legal/contractual limits; ask about our use/disclosure practices; complain to the Office of the Privacy Commissioner of Canada (OPC) or provincial commissioners.
  • EU/UK (GDPR, where applicable): Rights of access, rectification, erasure, restriction, objection (including to profiling/marketing), data portability, and to lodge a complaint with a supervisory authority. Where we rely on consent, you can withdraw it at any time.
  • Mexico (LFPDPPP): ARCO rights-Acceso, Rectificación, Cancelación (deletion), Oposición-plus withdrawal of consent and limitation of use/disclosure.
  • How to exercise: Email [email protected] or use Live Chat. We may request information to verify your identity. You may authorize an agent with appropriate documentation.
  • Response times and fees: We aim to respond within 30 days (extendable where permitted for complexity/volume). Requests are free of charge unless manifestly excessive or unfounded; we will explain any permitted fee before proceeding.
  • Marketing controls: You can opt out via email unsubscribe links, account settings (where available), or by contacting us.

Cookies & Tracking Technologies

OBSERVE: Identify cookie types and purposes. EXPAND: Provide control options. REFLECT: Note impact of disabling.

  • Types:
    • Session cookies (expire on browser close)
    • Persistent cookies (survive for a set period)
    • Third-party cookies (analytics/ads/service partners)
  • Purposes:
    • Strictly necessary/functional: Login, security, load balancing, preferences.
    • Analytics: Site performance, feature usage, error diagnostics.
    • Advertising/personalization: With consent, deliver and measure promotions.
  • Controls: Manage in your browser settings, our on-site cookie banner/preferences (where available), or opt out of marketing emails. Blocking cookies may affect site functionality.

Data Security

OBSERVE: Outline administrative, technical, and physical safeguards. EXPAND: Include encryption, MFA, audits, training, and incident response. REFLECT: Provide assurance without overstating certifications.

  • Technical measures: TLS 1.2+ for data in transit; encryption at rest for sensitive data; hardened cloud environments; firewalls; anti-DDoS; endpoint protection; MFA and strong authentication; role-based access controls and least privilege.
  • Organizational measures: Staff background checks where lawful; security and privacy training; need-to-know access; vendor risk assessments; change management and secure SDLC.
  • Monitoring and testing: Vulnerability scanning, penetration testing, and logging with alerting; periodic risk assessments.
  • Standards: We align with recognized frameworks and assess key vendors against standards such as ISO/IEC 27001 and SOC 2 where applicable.
  • Incident response: Formal breach response procedures with prompt investigation and notification to individuals and regulators as required by law (e.g., PIPEDA breach reporting, Quebec Law 25 notifications).
  • Limitations: No method is 100% secure; we continually improve controls to mitigate evolving threats.

Complaints & Contacts

OBSERVE: Provide clear contact paths and escalation. EXPAND: Include timelines and supervisory authorities. REFLECT: Emphasize accessibility and accountability.

Contact us

  • Email (DPO/Privacy Team): [email protected]
  • Phone: +353 42 604 1800 (International)
  • Live Chat: 24/7 via boylesports-ca.com
  • Postal: BoyleSports Privacy Team, Dundalk, Co. Louth, Ireland

Complaint procedure

  1. Submit your concern via email, Live Chat, phone, or post. Include your name, account/email, and a description of the issue.
  2. We will acknowledge receipt and may request verification or clarifications.
  3. We aim to respond within 30 days. Complex cases may require a permitted extension; we will notify you with reasons.
  4. If unresolved, you may escalate to an appropriate supervisory authority.

Supervisory authorities

  • Canada (Primary): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca/
  • Provinces: Alberta OIPC - https://oipc.ab.ca/; BC OIPC - https://www.oipc.bc.ca/; Quebec CAI - https://www.cai.gouv.qc.ca/
  • EU/UK (where applicable): Contact your local authority via EDPB - https://edpb.europa.eu/about-edpb/board/members_en or the UK ICO - https://ico.org.uk/
  • Mexico (where applicable): INAI - https://www.inai.org.mx/

Updates

OBSERVE: Define how and when we update this Policy. EXPAND: Provide change control and notice periods. REFLECT: Offer user options.

  • Notifications: We will inform you of material changes via email (where feasible), website banners, and/or account dashboard alerts.
  • Advance notice: For significant changes (e.g., new purposes, new categories of recipients), we will provide at least 30 days' advance notice before the changes take effect, unless law requires earlier implementation.
  • Versioning: We maintain a changelog summarizing material revisions.
  • Your options: If you disagree with changes, you may adjust privacy settings, withdraw consents, or close your account before the effective date.
  • Last updated: October 2025

Changelog (material changes): October 2025 - initial Canada-focused publication; clarified international transfers, Law 25 safeguards, and rights alignment (PIPEDA, GDPR where applicable, Mexico ARCO).