burger icon
WPT Global Сasino
Log In

Privacy Policy

Purpose and scope. This Privacy Policy explains how wpt-global at https://wpt-global-ca.com collects, uses, discloses, safeguards, and retains personal information for players and website visitors in Canada (excluding Ontario). It applies to our poker and casino-related services, web, and mobile experiences and any communications you have with us.

Regulatory context. We observe Canadian privacy laws, including PIPEDA (and substantially similar provincial laws where applicable), gambling-industry AML/KYC rules, and recognized international standards. Where you are located in the EEA/UK or Mexico, additional rights under GDPR or LFPDPPP may apply as set out below.

Effective date: 1 January 2025

Who We Are

OBSERVE: Identify the accountable organization and contact channels to ensure transparency and compliance with PIPEDA's accountability principle.

EXPAND: Clarify operating entities supporting payments and technology; provide a dedicated privacy point of contact and service channels for Canada (excluding Ontario).

REFLECT: Present clear legal identity and roles to enable exercising privacy rights and understanding cross-border operations.

  • Operator (accountable organization): Seventip N.V., a public limited company (N.V.) registered in Curaçao, licensed by the Curaçao Gaming Authority (License No. OGL/2025/522/0354; issued 16 Sep 2025) to operate online real-money gaming.
  • Registered office (legal address): Curaçao (full registered address available upon verified request for security reasons).
  • Payment agent: Kashxa Limited, Cyprus.
  • Technology provider: A5 Labs.
  • Brand owner: Element Partners, LLC (WPT brand). Services on this site are provided exclusively via https://wpt-global-ca.com for Canada (excluding Ontario).
  • Data Protection contact (Canada): Data Protection Office, email: privacy@wpt-global-ca.com
  • Websites: https://wpt-global-ca.com (Canada primary access; excluding Ontario) and https://wptglobal.com (global official site).

What Personal Data We Collect

OBSERVE: We only collect information necessary to deliver services, meet legal obligations (KYC/AML), and improve security and performance.

EXPAND: Categories span identity, contact, technical, behavioral, payments, communications, and cookies/SDKs.

REFLECT: Minimization and proportionality guide all collection; sensitive data is handled with enhanced safeguards.

  • Identity and contact: Full name, date of birth, address, email, phone, nationality, government ID details for verification (where required by KYC/AML).
  • Account and gameplay: Username, preferences, responsible gambling settings, tables/tournaments joined, betting/wagering history, game outcomes, bonuses, balances, transaction logs.
  • Payments: Deposits/withdrawals, card or alternative payment instrument metadata (tokenized where possible), billing address, payment partner identifiers, anti-fraud signals.
  • Technical and device: IP address, device IDs, OS/browser, language, time zone, network and performance logs, diagnostic crash logs.
  • Behavioral/usage: Clickstream, pages/screens viewed, session duration, referral/affiliate info, marketing attribution.
  • Communications: Support tickets, chat transcripts, email interaction metadata (opens/clicks), complaint history.
  • Cookies/trackers: Session and persistent cookies, SDKs, pixels, and similar technologies for functionality, analytics, fraud prevention, and (with consent) advertising.

Legal Basis for Processing

OBSERVE: Canadian law (PIPEDA) requires knowledge and consent, accountability, purpose limitation, and safeguards. We also serve users in multiple jurisdictions.

EXPAND: We articulate our grounds across PIPEDA and, where relevant, GDPR frameworks and AML/KYC obligations.

REFLECT: Processing is limited to identified purposes, and we use the least intrusive means consistent with compliance and service delivery.

  • Consent (PIPEDA/GDPR Art. 6(1)(a)): Creating an account, receiving marketing, using optional features, cookies beyond strictly necessary. You may withdraw consent at any time (see Your Rights).
  • Contractual necessity (GDPR Art. 6(1)(b)): Operating accounts, enabling gameplay, processing deposits/payouts, providing customer support.
  • Legitimate interests (GDPR Art. 6(1)(f)): Fraud prevention, service integrity, analytics to improve performance and security, network and information security. We balance these interests against your rights.
  • Legal obligations (GDPR Art. 6(1)(c) and PIPEDA principles): KYC/AML checks, transaction monitoring, record retention, regulatory reporting, sanctions screening, chargeback and tax reporting where applicable.
  • Vital interests and public interest (where applicable): Security incidents or unlawful activity threatening users, staff, or systems.

Regional compliance note: For Canadian users (excluding Ontario), PIPEDA applies. Where GDPR or other laws (e.g., Quebec Law 25, if applicable) govern, we apply those bases and safeguards as required.

Purpose of Processing

OBSERVE: Define specific, explicit purposes to ensure transparency.

EXPAND: Map each category to a purpose and constrain reuse.

REFLECT: Limit processing to what is necessary; apply privacy by design.

  • Service delivery: Account creation and management, gameplay, tournaments, cashier operations, identity verification, customer support.
  • Compliance: KYC/AML screening, transaction monitoring, sanctions checks, regulatory reporting, dispute handling.
  • Security and fraud prevention: Log analysis, device/IP reputation, abuse detection, incident response, enforcing terms.
  • Analytics and improvement: Performance metrics, feature usage, A/B testing, service quality optimization using aggregated or de-identified data where possible.
  • Marketing and promotions (with consent where required): Email/SMS/push, bonuses, affiliate attributions, personalization controls.
  • Responsible gambling: Limits, self-exclusion, affordability signals, and support referrals as appropriate.

Disclosure & Sharing

OBSERVE: Disclosures occur only as necessary for the purposes above or as required by law.

EXPAND: Identify categories of recipients and applicable safeguards/contractual controls.

REFLECT: Maintain accountability via vendor due diligence, DPAs, and data minimization.

  • Payments and banking partners: Card processors, alternative payment providers, fraud/chargeback services for deposits and withdrawals.
  • KYC/AML and risk providers: Identity verification, sanctions screening, transaction monitoring, anti-fraud vendors.
  • Technology and support vendors: Hosting/CDNs, security operations, analytics, customer support tools, communications platforms.
  • Affiliates and marketing networks: Only with your consent where required; subject to contractual controls and opt-out options.
  • Corporate group/partners: Kashxa Limited (payment agent), A5 Labs (technology), and other engaged processors bound by confidentiality and data protection agreements.
  • Regulators and authorities: Curaçao Gaming Authority and other competent authorities, courts, law enforcement, and AML bodies where legally required.
  • Business transfers: In mergers, acquisitions, or reorganization, subject to ongoing protections and notice.

International Transfers

OBSERVE: Data may be processed in Curaçao, Cyprus, the EEA, the United States, and other locations where our providers operate.

EXPAND: Cross-border transfers require contractual and organizational safeguards, transparency, and risk assessments (e.g., Quebec Law 25 transfer assessments).

REFLECT: We ensure a comparable level of protection through layered measures.

  • From Canada: We use contractual protections, vendor due diligence, technical safeguards (encryption, access controls), and transfer assessments to ensure comparable protection under PIPEDA and applicable provincial laws.
  • EEA/UK data (if applicable): Standard Contractual Clauses (EU) and UK IDTA/Addendum, plus supplementary measures aligned with EDPB guidance.
  • Country locations: Curaçao (operator), Cyprus (payments), EEA/US (cloud, analytics, security vendors). Exact sub-processor list is available on request.

Data Retention

OBSERVE: Retain only as long as necessary for stated purposes and legal requirements.

EXPAND: AML/financial records often require retention for at least five years.

REFLECT: Apply deletion, de-identification, or aggregation at the end of purpose.

  • Account profile and KYC records: Retained for the life of the account and 5 years after closure or last transaction, whichever is later, to meet AML and audit obligations.
  • Transaction and payment records: 5-7 years from the transaction date, depending on legal/accounting requirements.
  • Gameplay and logs: Active account duration plus 5 years for dispute resolution, fraud prevention, and regulatory inquiries.
  • Marketing data: Until consent is withdrawn or after 24 months of inactivity, whichever occurs first (or earlier where law requires).
  • Cookies/analytics: Session to 24 months, depending on cookie type and your preferences.

Deletion criteria: End of purpose, expiry of retention period, successful objection/erasure request (where applicable), or legal requirement. Backups are purged on rolling cycles.

Your Rights

OBSERVE: Rights vary by jurisdiction; we honor applicable rights and provide clear processes.

EXPAND: Outline PIPEDA principles, GDPR rights for EEA/UK users, and Mexico's LFPDPPP ARCO rights.

REFLECT: Provide accessible procedures, timelines, and no-cost guarantees.

  • Canada (PIPEDA and substantially similar provincial laws): Access to your personal information; request corrections; challenge accuracy; withdraw consent (subject to legal/contractual limits); learn about our policies and practices; file a complaint. We respond within 30 days, extendable once with reasons. Generally free of charge; reasonable fees may apply for copies where permitted, communicated in advance.
  • Quebec (Law 25) where applicable: Transparency on cross-border transfers and assessments; right to data portability when in force and technically feasible; rights to de-indexation in certain cases.
  • EEA/UK (GDPR, if applicable): Access, rectification, erasure, restriction, objection (including to legitimate interests and direct marketing), portability, and withdrawal of consent without affecting prior lawful processing.
  • Mexico (LFPDPPP, if applicable): ARCO rights-Acceso, Rectificación, Cancelación y Oposición-plus withdrawal of consent and limitation of use/disclosure.
  1. How to exercise: Email privacy@wpt-global-ca.com with your request and the email/username used on your account. We may ask for additional verification to protect your data.
  2. Timelines: We aim to respond within 30 days. Complex requests may require an additional reasonable period; we will notify you with reasons.
  3. Marketing opt-out: Use the unsubscribe link in messages or adjust preferences in your account. You will still receive essential service messages.

Cookies & Tracking Technologies

OBSERVE: Cookies enable core functionality, security, analytics, and optional advertising.

EXPAND: Provide types, purposes, and user controls.

REFLECT: Offer meaningful choices without degrading essential service quality.

  • Session cookies: Essential for login, gameplay continuity, and security; expire when you close your browser.
  • Persistent cookies: Remember preferences, device trust, and fraud prevention; typically last 3-24 months.
  • Third-party cookies/SDKs: Analytics, performance monitoring, and (with consent) advertising/attribution.

Controls: Manage cookies in your browser settings, use in-product privacy controls where available, or adjust consent preferences in our cookie banner. Blocking essential cookies may impact site functionality.

Data Security

OBSERVE: Protecting personal and financial data is critical to trust and regulatory compliance.

EXPAND: Apply defense-in-depth across people, process, and technology, aligned with recognized standards.

REFLECT: Continuously improve through audits, testing, and incident readiness.

  • Encryption: TLS 1.2+ for data in transit; strong encryption at rest for sensitive data; secure key management.
  • Access controls: Role-based access, least privilege, MFA for staff and administrators, segregation of duties, just-in-time access.
  • Secure development: Code reviews, dependency management, static/dynamic testing, vulnerability scanning, and periodic penetration tests.
  • Operational security: 24/7 monitoring, anomaly detection, hardened infrastructure, network segmentation, secure backups.
  • Vendor management: Risk assessments, contractual security and privacy obligations, ongoing oversight.
  • Training: Regular staff privacy and security training, phishing simulations, and clear policies.
  • Incident response: Documented playbooks, rapid containment, forensics, user and regulator notifications where required. In Canada, we report breaches of security safeguards that pose a real risk of significant harm to the Office of the Privacy Commissioner of Canada (OPC) and notify affected individuals as soon as feasible.

We align our controls with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) without asserting formal certification unless explicitly stated.

Complaints & Contacts

OBSERVE: Provide accessible channels and escalation routes.

EXPAND: Outline internal resolution steps and supervisory authorities.

REFLECT: Promote timely, transparent outcomes.

  • Contact our Data Protection Office: privacy@wpt-global-ca.com (preferred for an auditable trail). Postal correspondence: Seventip N.V., Data Protection Office, Curaçao (full address provided upon verified request). For general Canadian access: https://wpt-global-ca.com
  • Internal complaint handling:
    1. Submit your concern with details and any supporting evidence.
    2. We acknowledge within 5 business days and investigate.
    3. We aim to provide a reasoned response or resolution within 30 days. Complex matters may take longer; we will notify you with reasons and a new timeline.
  • Escalation in Canada:
    • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/
    • Alberta OIPC: https://oipc.ab.ca/ | BC OIPC: https://www.oipc.bc.ca/ | Quebec CAI: https://www.cai.gouv.qc.ca/
  • EEA/UK users (if applicable): You may lodge a complaint with your local Data Protection Authority. List: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • Mexico (if applicable): INAI - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales: https://home.inai.org.mx/

Note: For security, we process privacy rights requests in writing (email or verified web channel). Phone support is not used for identity-dependent privacy requests.

Updates

OBSERVE: Privacy policies evolve as services and laws change.

EXPAND: Provide transparent versioning, notice, and user options.

REFLECT: Balance operational needs with user expectations and legal duties.

  • Notifications: We will notify you of material changes via email, account dashboard alerts, and/or website banners.
  • Advance notice: For significant changes (e.g., new purposes, new categories of recipients), we provide at least 30 days' notice where legally required. Continued use after the effective date signifies acceptance; you may object, adjust settings, or close your account before changes take effect.
  • Version control: We maintain an archive of prior versions upon request and summarize material changes in a changelog.

Last updated: January 2025

Regional Compliance Note (Canada): Services on https://wpt-global-ca.com are available to residents of Canada excluding Ontario. We adhere to PIPEDA and applicable provincial requirements. Where other regional laws (e.g., GDPR, LFPDPPP) apply based on your location, we extend the corresponding rights and safeguards as described above.