burger icon
Nine Casino
Log In

Privacy Policy

This Privacy Policy explains how nine-casino, operating exclusively at nine-casino-ca.com, collects, uses, discloses, and protects your personal information as a player or website visitor. It applies to all users accessing our casino services from Canada. Effective date: 6 November 2025.

Who We Are

OBSERVE: Legal identity, address, registration, contact points required.
EXPAND: DPO/contact for privacy matters, integration of all available company data, jurisdictional details.
REFLECT: Full legal details and direct contact for privacy queries provided.

  • Operator Name: Uno Digital Media B.V. (trading as nine-casino, nine-casino-ca.com)
  • Registered Address: Johan Van Walbeeckplein 24, Willemstad, Curaçao
  • Company Registration Number: 157147
  • Licensing: Curaçao eGaming License 1668/JAZ and B2C-AK2QPM3H-1668JAZ, valid through 2025
  • Contact for Data Protection:

Regional Compliance Note: All data processing is aligned with Canadian privacy requirements and international gambling industry standards.

What Personal Data We Collect

OBSERVE: List all data categories, including direct, technical, behavioral, and tracking data.
EXPAND: Identify implicit technical and behavioral data, cookies, and payment-specific information.
REFLECT: Detailed and transparent data inventory.

  • Personal Identification Data: Full name, date of birth, gender, residential address, email address, telephone number, government-issued identification details.
  • Account Data: Username, password, account activity, account preferences.
  • Technical Data: IP address, browser type/version, device identifiers, operating system, access times, log files.
  • Payment Data: Credit/debit card numbers (tokenized), payment provider details, transaction history, withdrawal and deposit records.
  • Behavioral Data: Betting and gaming history, session data, navigation patterns, clicks, time spent, communication logs.
  • Cookies & Tracking Technologies: Unique identifiers, session cookies, persistent cookies, third-party analytics and advertising cookies.

Note: Some data may be collected automatically or via third-party integrations to ensure service functionality and regulatory compliance.

Legal Basis for Processing

OBSERVE: Identify all legal grounds for processing personal data.
EXPAND: Reference user consent, contractual necessity, legitimate interests, legal obligations (AML/KYC).
REFLECT: Clearly mapped legal bases for each processing activity.

  • User Consent: Obtained for marketing communications, optional cookies, and non-essential data processing. Consent may be withdrawn at any time.
  • Contractual Necessity: Processing for account creation, provision of gaming services, payments, and support is required to fulfill our contractual relationship.
  • Legal Obligations: Compliance with anti-money laundering (AML), know-your-customer (KYC), fraud prevention, tax reporting, and regulatory requirements under Curaçao and CA law.
  • Legitimate Interests: Security, service improvement, analytics, and prevention of misuse, provided such interests do not override your fundamental rights and freedoms.

Purpose of Processing

OBSERVE: Specify all intended data uses.
EXPAND: Identify both operational and secondary purposes (marketing, analytics, fraud prevention).
REFLECT: Transparent statement of all data processing purposes.

  • Service Provision: To register and manage accounts, process payments, and provide casino gaming services on nine-casino-ca.com.
  • Customer Support: To address user queries, resolve issues, and provide technical assistance.
  • Regulatory Compliance: To fulfill AML, KYC, and other legal or licensing obligations.
  • Personalization & Improvement: To tailor services, enhance user experience, and improve site functionality.
  • Marketing & Promotions: To send promotional offers and updates, subject to user consent.
  • Analytics & Research: To analyze user engagement, optimize platform performance, and conduct statistical research.
  • Fraud Prevention & Security: To detect, investigate, and prevent fraudulent or suspicious activity.

Disclosure & Sharing

OBSERVE: Identify all potential data recipients and circumstances.
EXPAND: Include payment partners, affiliates, regulators, advertising networks (upon consent).
REFLECT: Full disclosure of sharing scenarios with legal justifications.

  • Payment Partners: Data is shared with payment service providers and banks for transaction processing and fraud prevention.
  • Service Providers: IT, hosting, analytics, customer support, and marketing vendors who process data on our behalf under strict contractual obligations.
  • Affiliates & Subsidiaries: Including UDM PROCESSING SERVICES LTD (Cyprus) for payment processing functions.
  • Regulators & Legal Authorities: Disclosure to regulatory bodies (e.g., Curaçao eGaming Authority, Canadian legal authorities) as required by law or licensing conditions.
  • Advertising Networks: Data shared with third-party advertising networks strictly with user consent for targeted marketing.
  • Corporate Transactions: In case of mergers, acquisitions, or asset sales, with prior notification and protective measures.

All third parties are required to implement appropriate data protection standards and are contractually bound to confidentiality.

International Transfers

OBSERVE: Specify cross-border data flows and protection mechanisms.
EXPAND: Identify countries involved (Curaçao, Cyprus), contractual safeguards, and compliance with international standards.
REFLECT: Clear disclosure and assurance of adequate protection.

  • Data Destinations: Personal information may be transferred to Curaçao (main office), Cyprus (payment processing via UDM PROCESSING SERVICES LTD), and other jurisdictions where service providers are located.
  • Safeguards: Transfers are protected by Standard Contractual Clauses (SCCs), data processing agreements, and, where applicable, adherence to recognized international frameworks.
  • Security Measures: All international transfers are subject to risk assessments and ongoing monitoring to ensure compliance with Canadian and global privacy standards.

Regional Compliance Note: International transfers are performed in line with CA privacy regulations and industry best practices, ensuring your rights are protected even outside Canada.

Data Retention

OBSERVE: Detail retention timelines and deletion criteria per data type.
EXPAND: Include legal/contractual minimums, user-initiated deletion, end-of-purpose protocols.
REFLECT: Transparent, time-bound retention policies for all data categories.

  • Personal Data: Retained no longer than 5 years after account closure, unless longer retention is required by law (e.g., for AML or regulatory obligations).
  • Transaction Records: Maintained for a minimum of 5 years to meet anti-fraud and legal compliance requirements.
  • Cookies & Technical Data: Stored according to cookie type:
    • Session cookies: Deleted when browser closes
    • Persistent cookies: Up to 2 years
  • Deletion Criteria: Data is deleted or anonymized upon user request (subject to legal exceptions), expiration of statutory retention periods, or when processing purposes have been fulfilled.

All data deletion processes are subject to verification and regulatory audit.

Your Rights

OBSERVE: Enumerate all user rights under GDPR and CA privacy law, including procedural details.
EXPAND: Provide step-by-step processes, timeframes, and free-of-charge guarantees; reference relevant regulations.
REFLECT: Comprehensive, actionable rights statement with procedures adapted for CA context.

  1. Access: You have the right to request a copy of your personal data processed by nine-casino-ca.com.
  2. Correction: You may request correction of inaccurate or incomplete information at any time.
  3. Deletion ("Right to be Forgotten"): You can request deletion of your personal data, subject to legal retention requirements.
  4. Restriction of Processing: You may request a temporary halt to processing in certain cases (e.g., contesting accuracy or processing lawfulness).
  5. Objection: You can object to processing based on legitimate interests or for direct marketing purposes at any time.
  6. Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format, and to transmit it to another provider.
  7. Marketing Withdrawal: You can withdraw your consent for marketing communications at any time via account settings or by contacting support.
  8. Procedure to Exercise Rights:
    • Submit your request via [email protected] or by contacting our DPO.
    • We will respond within 30 days of receiving your request, free of charge (unless requests are manifestly unfounded or excessive).
    • For unresolved issues, you may escalate to the relevant privacy authority in Canada or the EU as applicable.

Regional Compliance Note: All rights are granted in accordance with Canadian privacy law and international standards. Additional recourse is available under GDPR and relevant Mexican data protection regulations, where applicable.

Cookies & Tracking Technologies

OBSERVE: Define cookie types, purposes, management methods.
EXPAND: Include user control options and third-party integrations.
REFLECT: Clear, actionable cookie policy for users.

  • Session Cookies: Essential for website navigation and functionality; expire when browser is closed.
  • Persistent Cookies: Remember user preferences and login details; remain for up to 2 years or until deleted.
  • Third-Party Cookies: Used for analytics (e.g., Google Analytics), advertising (e.g., affiliate networks), and enhancing site performance.
  • Cookie Management:
    • You can manage or disable non-essential cookies via your browser settings at any time.
    • Cookie preferences can also be updated through the internal cookie management panel on nine-casino-ca.com.

Disabling cookies may affect your experience and the functionality of certain features.

Data Security

OBSERVE: Enumerate security technologies, protocols, and standards.
EXPAND: Include encryption, authentication, audits, and staff training.
REFLECT: Demonstrate robust security controls and compliance.

  • Encryption: All data transmissions are secured with TLS 1.2+; data at rest is encrypted using advanced cryptographic standards.
  • Authentication: Multi-factor authentication is enforced for administrative access; strong password policies for users.
  • Access Controls: Role-based access with least-privilege principles; regular access reviews and monitoring.
  • Security Audits: Routine internal and external audits, penetration testing, and vulnerability assessments.
  • Staff Training: Ongoing data protection and security awareness programs for all employees.
  • Incident Response: Documented response procedures for security incidents, including user notification and regulatory reporting within required timeframes.
  • Compliance: Adherence to international information security standards, including ISO 27001 and SOC 2, where applicable.

Complaints & Contacts

OBSERVE: Provide full contact and complaint escalation details.
EXPAND: Describe procedure, expected response, escalation to authorities.
REFLECT: Clear, user-oriented complaint handling system.

  • Contact Channels:
    • Email: [email protected] (primary for privacy complaints and inquiries)
    • Email: [email protected] (general data issues)
    • Postal: Johan Van Walbeeckplein 24, Willemstad, Curaçao (attn: Data Protection Officer)
  • Complaint Procedure:
    1. Submit your complaint via email or post, providing relevant details and supporting documentation if available.
    2. Our DPO will acknowledge receipt within 2 business days and provide a substantive response within 30 days.
    3. If you are dissatisfied with our response, you may escalate your complaint to the appropriate supervisory authority:
      • Office of the Privacy Commissioner of Canada (OPC): priv.gc.ca, Phone: 1-800-282-1376
      • EU residents (where applicable): Contact your national Data Protection Authority

Note: All complaints are handled confidentially and in accordance with applicable privacy regulations.

Updates

OBSERVE: Outline update notification, version control, user options.
EXPAND: Specify notice periods, changelog, objection/closure options.
REFLECT: Transparent, user-centric update process with protective clauses.

  • Notification Procedures:
    • Material changes will be communicated by email, website banners, and account dashboard alerts.
    • Advance notice of at least 30 days will be provided for significant updates.
  • User Options: You may object to changes that materially affect your rights or close your account without penalty before changes take effect.
  • Version Control: This Privacy Policy is effective as of 6 November 2025. Any material changes will be documented in a changelog available on nine-casino-ca.com.

Last updated: 6 November 2025

Please review this Privacy Policy regularly to stay informed about how your data is protected.