Privacy Notice for Customers in Ontario
Welcome to BetVictor’s Privacy Notice. We value your privacy and are committed to protecting your personal information in accordance with the Freedom of Information and Protection of Privacy Act (“FIPPA”), Personal Information Protection and Electronic Documents Act (“PIPEDA”), The Ontario Regulation 722/21, made under the Alcohol and Gaming Commission of Ontario Act and other applicable privacy laws and any applicable provincial legislation. Please read this notice carefully before using our website, services, or products.
For Individuals in Ontario, we are running this website and we are providing our services or products as part of the open and regulated internet gaming (igaming) market in Ontario, conducted and managed by iGO and we are collecting, using, and disclosing PI (iGaming Ontario Personal Information) on behalf of, and as agent to, iGO.
By providing your personal information and accepting this Privacy Notice, you explicitly consent to BetVictor and iGO, collecting, using, or disclosing the personal information, unless an exception applies, for the provision of the services, the purposes set in this Notice or as otherwise provided in accordance with the T&Cs.
Who we are
This website is operated by BV (Canada) Limited (trading as “BetVictor”), a company registered in Gibraltar with registration number #124199 , providing services to residents of Ontario, Canada, as part of the open and regulated iGaming market conducted and managed by iGaming Ontario (iGaming Ontario Homepage ).
Which information do we collect?
We may collect, use, store and transfer different kinds of personal data about you. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
| Identity Data | First name, last name, username or similar identifier, title, date of birth, gender, occupation, citizenship and in some cases employer’s name, employer’s address |
| Contact Data | Residential address, email address; and telephone numbers |
| Financial Data | Bank account, alternative payment methods, payment card details, investments and business interests, affordability checks, other assets, other sources of income and salary |
| Marketing and Communications Data | Includes your preferences for receiving marketing from us, our third parties and your communication preference |
| Profile Data | Username, products used by you, your interests, occupation/employment, preferences, feedback, and survey responses |
| Transaction Data | Details about payments to and from you and other details of products you have used on the Website |
| Technical Data | Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website |
| Usage Data | Information about how you use the Website and its products. You can click here to read more information for the Usage Data |
On what basis do you process my personal data?
As a sub-licensee of iGaming Ontario we collect and process your personal data for the purpose of i) fulfilling our Legal and Regulatory Obligations including but not limited to: Know Your Customer, Anti-Money Laundering, and Counter-Terrorist Financing pursuant to the Gaming Control Act 1992, and Regulation 78/12; and, ii) fulfilling our Contractual Obligations to you as a customer of our remote gaming services.
How do you collect my personal data?
We use different methods to collect data from and about you including through:
| Direct interactions | You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
|
| Publicly available sources | We may receive personal data about you from various third parties and public sources as set out below:
|
| Technical Data | We may receive technical data from the following third party providers and sources:
|
How do you use my data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
a) Where we need to perform the contract, we are about to enter into or have entered into with you;
b) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
c) Where we need to comply with a legal or regulatory obligation such as:
- Requests for Information from Law Enforcement, Courts or our Regulators;
- For the Detection and Prevention of Crime
- For the protection of the integrity of Professional Sports
- For compliance with Anti-Money Laundering Regulations
d) Where we have your consent (for example):
- To use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and offers may be relevant for you (we call this “Marketing”). You will receive Marketing communications from us if you have requested information from us or used our services, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have opted-in to receiving that Marketing.
If you wish to Opt-Out of Marketing at any time please see the section below.
We have set out below, in a table format, a description of all the ways we use your personal data:
| Purpose | Type of Data |
| To register you as a new customer and to manage our ongoing relationship with you | (a) Identity; (b) Contact; (c) Profile; (d) Marketing and Communications; (e) Financial and (f) Usage. |
| To process your deposit of funds and store your provided credit/debit card details so that you can use the products on the Website | (a) Identity; (b) Contact; (c) Financial; and (d) Transaction. |
| To enable you to partake in a prize draw, competition or complete a survey | (a) Identity; (b) Contact; (c) Profile; (d) Usage; and (e) Marketing and Communications. |
| To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity; (b) Contact; and (c) Technical. |
| To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity; (b) Contact; (c) Profile; (d) Usage; (e) Marketing and Communications; and (f) Technical. |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical; and (b) Usage. |
| To make suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity, (b) Contact, (c) Technical, (d) Usage, and (e) Profile. |
With whom do you share my data?
We may share your information with internal and external parties, including service providers, professional advisors, and regulatory authorities, as necessary for the provision of our services and to comply with legal obligations. We categorise these as Internal or External Parties:
| Internal Third Parties | Other companies within the BVGroup of companies acting as joint controllers or processors and who are based in the United Kingdom, Hungary, Malta and Gibraltar and provide IT and system administration services, customer marketing and profiling services and undertake leadership reporting. |
| External Third Parties |
|
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your personal data may also be processed by BetVictor staff who work in the following areas: Customer Services, Legal and Compliance, Payments and Fraud Management, Digital Marketing, Safer Gambling, IT Operations, Business Intelligence and Data, Due Diligence and Financial Crime, and Operational and Support Staff.
How do I Opt-Out of receiving Marketing?
You can opt-out of Marketing that you’ve previously consented to through the settings/controls listed in the Account section of the website or app. You will also be provided the opportunity to Opt-Out via a Marketing message received from one of our Marketing channels (SMS, Email, Push etc…) Please note that Opt-Out isn't instantaneous and requires changes to propagate across our communication supply chain before it is effective. For further instructions please see this article [How do I Unsubscribe] in our Help Centre.
Do you transfer my data internationally?
BetVictor and the majority of our external third parties are based outside of Canada. We ensure that any transfer of your personal information outside of Canada is subject to appropriate safeguards in compliance with all applicable legislation.
Where is my data stored?
We store data in the jurisdictions where we hold Remote Gambling Licences.
How do you keep my data secure?
We have implemented appropriate technical and organisational controls to protect your data against unauthorized processing, and against accidental loss, modification or disclosure.
Our site has been developed with your personal privacy and security as our prime concern, employing sophisticated means to protect your data, including the strong SSL (Secure Sockets Layer) encryption to protect data going to and from the site, including personal details and any debit/credit card information provided to us. Encryption is used on all of our pages as can be verified by seeing the padlock symbol in the browser address bar. The padlock symbol indicates that SSL is being used and all information sent to and from the site is encrypted.
Several layers of firewalls are in place, together with DDoS mitigation, intrusion protection and prevention mechanisms, anti-malware, data-loss-prevention, anti-spam filters, together providing strong layers of defence to prevent unauthorized access to our servers.
We also deploy Google reCAPTCHA v3 to fight and prevent spam and abuse. The use of reCAPTCHA v3 is subject to the Google Privacy Policy and Terms of Use. By accessing or using the reCAPTCHA APIs, you agree to the Google APIs Terms of Use, Google Terms of Use and to the Additional Terms.
When creating your account with us, choose a secure password. You should keep this password confidential, and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. You can further protect your account by enabling two-factor authentication (2FA), providing an additional mechanism to prevent unauthorized access.
Our security landscape is constantly evolving to ensure the highest levels of protection are maintained. However, no security system is impenetrable, and these systems could become accessible in the event of a security breach. We have controls in place that are designed to detect potential data breaches, contain and minimize the loss of data. We will provide you notice in the event of an incident that materially impacts your personal information (a “Data Incident”). We will notify you, iGaming Ontario, and any other applicable regulatory authority about the Data Incident, and we will aid iGaming Ontario and any applicable authorities in the management and resolution of the Data Incident.
For how long do you retain my data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law, we must keep basic information about our customers after they cease being customers with respect to their Personal Data for Seven (07) years. In addition, we retain personal data for longer where required for a legal investigation, litigation or as directed by regulatory authorities (ACGO, FINTRAC or the Gibraltar Gambling Commission).
Your Rights
Ontario and Canadian Privacy Legislation grants you several rights, including the right to access, correct, or in some circumstances delete your personal information, as well as the right to withdraw consent to processing where consent is the basis of processing.
| Openness | You have the right to be informed about the collection and use of your personal data. |
| Individual Access | You have the right to access your personal data. This is commonly referred to as Data Subject Access Request. |
| Accuracy | You have the right to have inaccurate personal data rectified or completed if it is incomplete. You have the right to request that any Personal Data that we hold about you is erased once it is no longer required for the purposes for which it was collected. The right to erasure is also known as ‘the right to be forgotten’. |
| Challenging Compliance | You have the right to object to the processing of your personal data in certain circumstances. You have the absolute right to stop your data being used for direct marketing. |
How do you protect children?
This Website must not be used by anyone aged under nineteen (19) years old: Therefore, we do not knowingly collect data relating to children.
Do you use cookies?
As you interact with the Website, we automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this technical data by using cookies, server logs and other similar technologies. Our third parties may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Notice for further details.
Who do I contact about my Personal Data?
BetVictor is registered with the Gibraltar Regulatory Authority with Data Protection Registration Number #DP 011819.
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions concerning this Privacy Notice.
For questions about this Privacy Notice or to exercise your rights please contact the DPO as set out below:
By email: dataprotection@betvictor.com for the attention of the Data Protection Officer.
By post; Data Protection Officer, BV (Canada) Limited, Suite 2:01, World Trade Center, Bayside Road, Gibraltar, GX11 1AA.
We will respond to you within 30 days of the reception of your request.
How may I raise a complaint?
You can raise a dispute with us in accordance with section 21 of our T&Cs. You also have the right to make a complaint at any time to:
You have the right to make a privacy complaint at any time to:
- the Information and Privacy Commissioner of Ontario, whose mission is to protect and promote access to information and privacy rights in Ontario. Click here to find more information;
- the Office of the Privacy Commissioner of Canada (“OPC”), whose mission is to protect and promote privacy rights. Click here to find more information; and
- the Gibraltar Regulatory Authority (GRA), the Gibraltar supervisory authority for data protection issues.
Protection of Player Information
We are committed to protecting the privacy and security of all personal data collected through our services. To safeguard personal data, we employ a combination of administrative, technical, and physical controls designed to prevent unauthorised access, loss, misuse, or disclosure. These measures include access controls and staff training, encryption and secure storage of data, regular security testing, and strict procedures governing the sharing of personal data with third parties. Despite these safeguards, no system is completely immune from risk. In the unlikely event of theft, loss, or unauthorised use or disclosure of personal data, there is a risk that personal details could be accessed or misused. We take proactive steps to reduce the likelihood of such incidents, including continuous monitoring, incident response planning, and regular reviews of our security practices. Should a privacy incident occur, we will act promptly to contain the issue, mitigate potential harm to affected individuals, and comply with all applicable notification and reporting obligations.
Incident Breach Management and Cooperation
BetVictor maintains an established incident and breach management programme designed to identify, assess, and respond promptly to any actual or suspected breach of personal information. In accordance with regulatory requirements, BetVictor will notify iGO as soon as feasible, and no later than 24 hours after becoming aware of any such breach. BetVictor will cooperate fully with iGO and any relevant authorities in investigating the incident, mitigating potential risks, and addressing any resulting impacts to affected individuals or systems. All incidents are managed in accordance with the BetVictor Information Security Management System and Data Breach Response Procedure to ensure consistency, accountability, and timely resolution.
Third-party links
The Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the Privacy Notice of every website you visit.
Changes to the Privacy Notice
We keep our privacy notice, under regular review, and we will update you accordingly through our website.
Last update took place on the 22 October 2025.