Privacy Policy

This privacy policy explains how monro-casino, operating exclusively via monro-ca.com, collects, uses, discloses, and protects the personal data of players and website visitors. The policy applies to all users accessing our services within Canada and internationally. Effective date: 6 November 2025.

Who We Are

monro-casino is owned and operated by GALAKTIKA N.V., a company registered under Curacao law (Registration No. 140803) with its legal address at Scharlooweg 39, Willemstad, Curaçao. Our operations in Canada are provided exclusively through monro-ca.com. For data protection matters, our designated contact is the Data Protection Officer (DPO).

• Company Name: GALAKTIKA N.V.
• Legal Address: Scharlooweg 39, Willemstad, Curaçao
• Registration Number: 140803
• Casino Brand: monro-casino (monro-ca.com)
• Data Protection Contact: [email protected] (primary), [email protected] (general)

Please direct all privacy-related inquiries to our DPO at the contact details above.

What Personal Data We Collect

• Personal Identification Data: Full name, date of birth, postal address, email address, phone number, government-issued identification (for KYC/AML compliance).
• Account Data: Username, password (hashed), account preferences, communication records.
• Technical Data: IP address, device identifiers, operating system, browser type, access times, and activity logs.
• Payment Data: Credit/debit card details, e-wallet information, transaction history, withdrawal and deposit records.
• Behavioral Data: Betting history, game activity, clicks, navigation patterns, interaction logs.
• Cookies and Tracking Technologies: Session cookies, persistent cookies, third-party cookies, beacons, and similar technologies (see "Cookies & Tracking Technologies" below).

Legal Basis for Processing

1. User Consent: We process your data based on your explicit consent for marketing, cookies, and non-essential features. Consent can be withdrawn at any time without affecting the lawfulness of prior processing.
2. Contractual Necessity: Processing is essential for fulfilling our obligations to provide gaming services, account management, payment processing, and customer support.
3. Legal Obligations: We are required to process certain data to comply with laws and regulations, including Know Your Customer (KYC), Anti-Money Laundering (AML), tax reporting, and responsible gambling standards.
4. Legitimate Interests: Processing is necessary for securing our platform, preventing fraud and abuse, conducting analytics, and improving service quality, provided such interests are not overridden by your rights and freedoms.

Regional Compliance Note: All legal bases conform to applicable Canadian privacy law and international standards.

Purpose of Processing

• Service Provision: To create and manage user accounts, verify identity, process deposits and withdrawals, and deliver casino games and related services.
• Customer Support: To respond to user inquiries, resolve technical or transactional issues, and provide assistance.
• Regulatory Compliance: To meet KYC/AML requirements, age and identity verification, legal reporting, and responsible gambling mandates.
• Service Improvement and Analytics: To analyze user activity, assess product performance, enhance security, and develop new features.
• Marketing and Communications: To send promotional offers, newsletters, and service updates (subject to user consent).
• Fraud Prevention and Security: To monitor transactions, detect suspicious activity, and safeguard user accounts and platform integrity.

Disclosure & Sharing

• Payment Partners: We share necessary payment and identification information with banks, payment processors, and financial institutions to facilitate deposits, withdrawals, and compliance with financial regulations.
• Service Providers: Data may be disclosed to verified third-party vendors providing IT, analytics, customer support, or marketing services under strict confidentiality agreements.
• Regulatory Authorities: We may provide user data to gaming regulators, law enforcement agencies, and legal authorities as required to comply with applicable laws or license conditions.
• Affiliates and Subsidiaries: Personal data may be shared within GALAKTIKA N.V. group companies and subsidiaries (including Unionstar Limited, Cyprus) for internal administrative purposes.
• Advertising Networks: With explicit user consent, certain data may be shared with advertising partners for targeted marketing.
• Legal or Business Transfers: In the event of a merger, acquisition, or asset transfer, user data may be transferred to the new entity, subject to continued protection consistent with this policy.

All disclosures are made in accordance with applicable privacy laws and with adequate safeguards to protect user data.

International Transfers

• Data Transfer Destinations: User data may be transferred to or processed in countries outside Canada, including Curaçao (headquarters), Cyprus (payment partners), and other jurisdictions where service providers operate.
• Protection Measures: All international transfers are governed by legally binding agreements, such as Standard Contractual Clauses (SCCs), and are subject to robust security measures including encryption and access controls.
• Compliance Standards: We ensure that any recipient of data outside Canada provides an adequate level of data protection as required by Canadian law and international best practices.

Transfers are conducted only as necessary for service provision, regulatory compliance, or with your explicit consent.

Data Retention

• Personal Data (Identity & Account): Retained for up to 5 years after account closure or last activity, to comply with KYC/AML obligations and resolve disputes.
• Payment and Transaction Data: Stored for a minimum of 5 years to meet financial and anti-fraud requirements.
• Behavioral & Technical Data: Retained for up to 2 years for analytics, security, and service improvement, unless required longer by law.
• Marketing Data: Retained until withdrawal of consent or maximum of 2 years of inactivity.
• Deletion Criteria: Data is deleted or anonymized upon user request (where not prohibited by law), expiration of retention period, or fulfillment of processing purposes.

Data subject requests for deletion are honored in accordance with applicable legal and regulatory restrictions.

Your Rights

1. Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of such data.
2. Right to Rectification: You can request correction of inaccurate or incomplete personal data at any time.
3. Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to legal retention obligations.
4. Right to Restrict Processing: You may request restriction of processing under certain circumstances, such as contesting data accuracy.
5. Right to Data Portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
6. Right to Object: You may object to processing based on legitimate interests or direct marketing at any time.
7. Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

• Exercising Rights: Email your request to [email protected] or use any other published contact method. Identity verification may be required.
• Response Timeframe: We will respond to all valid requests within 30 calendar days, free of charge unless requests are manifestly unfounded or excessive.
• Regulatory Alignment: We comply with Canadian privacy law, GDPR, and, where applicable, relevant Mexican data protection regulations for international users.

Cookies & Tracking Technologies

• Session Cookies: Temporary cookies deleted when you close your browser, used to maintain session state and enhance security.
• Persistent Cookies: Remain on your device for a defined period to remember preferences and facilitate site navigation.
• Third-Party Cookies: Set by analytics providers (e.g., Google Analytics), advertising partners, and social media platforms for analytics, marketing, and personalization.

Cookie Management: You can manage or disable cookies via your browser settings or, where available, through our internal cookie management panel. Disabling certain cookies may affect your user experience or limit access to some features.

Data Security

• Encryption: All personal and payment data is encrypted in transit using TLS 1.2+ and at rest using advanced cryptographic standards.
• Access Controls: Strict role-based access for staff, multi-factor authentication, and regular access reviews.
• Security Audits: Regular internal and third-party security assessments, vulnerability scanning, and penetration testing.
• Staff Training: Ongoing staff awareness and security training programs to mitigate risks from human error or insider threats.
• Incident Response: Comprehensive incident response plan for timely detection, reporting, and remediation of data breaches, including notification to affected users and regulators where required.
• Compliance: Security controls align with international standards such as ISO 27001 and SOC 2, where applicable.

Complaints & Contacts

• Email Contact: Send complaints or inquiries to [email protected] (primary) or [email protected] (general).
• Online Feedback: Use feedback forms available on monro-ca.com where applicable.
• Postal Address: Send written correspondence to GALAKTIKA N.V., Scharlooweg 39, Willemstad, Curaçao.

1. Step 1: Submit your complaint or inquiry via email or the online form, providing as much detail as possible.
2. Step 2: You will receive confirmation of receipt within 3 business days.
3. Step 3: Our DPO or relevant department will investigate and respond within 30 calendar days.
4. Step 4: If unsatisfied, you may escalate your complaint to the appropriate supervisory authority:
   • Canada: Office of the Privacy Commissioner of Canada (OPC), https://www.priv.gc.ca/en/, Phone: 1-800-282-1376
   • European Union: Contact your national Data Protection Authority (DPA)
   • Mexico (if applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), https://home.inai.org.mx/

Updates

• Notification Procedures: Users will be informed of any material changes to this privacy policy via email, website banners, and account dashboard notifications.
• Advance Notice: For significant changes, advance notice of at least 30 days will be provided, allowing users to review, object, or close their accounts before new terms take effect.
• Version Control: The current version is always available on monro-ca.com. Last updated: 6 November 2025.
• Changelog: Material changes will be summarized in a changelog section at the end of the policy or via direct communication.
• User Options: If you do not agree with the updated policy, you may object by contacting our DPO or request account closure at any time.