burger icon
Miki Casino
Log In

Privacy Policy

miki-casino respects your privacy. This policy explains how personal information is collected, used, disclosed, and protected when you visit or use miki-ca.com. It applies to players and website/app visitors. It is designed to meet Canadian privacy laws and relevant international standards. Effective date: 1 January 2025.

Who We Are

OBSERVE: miki-casino operates the gaming services available at miki-ca.com for players in Canada and other markets.

EXPAND: Based on available corporate information, miki-casino is part of the Novi B.V. group (founded 2023). Curaçao licensing is referenced by third parties but remains unverified. For privacy matters, miki-casino acts as the organization responsible for personal information processed via miki-ca.com.

REFLECT: Data controller: miki-casino (on miki-ca.com), within the Novi B.V. group. Registered address and company numbers will be published once verified in 2025. Contact our Privacy Office through the website at https://miki-ca.com (see footer or account help). A dedicated Data Protection Officer (DPO) contact will be published on this page when finalized. Until then, please use the website contact channel for privacy requests.

What Personal Data We Collect

OBSERVE: We collect information necessary to run accounts, process payments, comply with law, and improve service quality.

EXPAND: Categories include:

  • Identity and contact: name, date of birth, email, country/province, residential address, phone, government ID (for KYC), account identifiers, communication preferences.
  • Account and behavioral: login history, game play and betting history, session duration, wins/losses, responsible gaming settings, clicks, referral/affiliate attribution.
  • Payment and financial: deposit/withdrawal methods, masked card or wallet details, transaction records, chargeback and fraud flags.
  • Technical: IP address, device type/OS/browser, device IDs, language, time zone, cookies, logs, crash reports, security telemetry.
  • Verification/Compliance: sanctions/PEP screening results, address/identity proof, AML/KYC outcomes.
  • Marketing and communications: email/SMS/push opt-ins, campaign interactions, unsubscribe events.
  • Cookies and similar tech: session and persistent cookies, analytics tags, advertising pixels (subject to consent), and local storage.

REFLECT: Some data is required to open and operate your account (contract). Optional data (e.g., marketing preferences) is collected with consent.

Legal Basis for Processing

OBSERVE: Canadian law (PIPEDA and substantially similar provincial laws) requires appropriate purposes and consent; international users may benefit from GDPR-style bases.

EXPAND: We rely on:

  • Consent: for marketing, cookies beyond strictly necessary, and certain optional features. Under Canada's CASL, we obtain express consent for commercial electronic messages and provide easy unsubscribe.
  • Contractual necessity: to create and service your account, process deposits/withdrawals, deliver games, provide support.
  • Legitimate interests/appropriate purposes: fraud prevention, network security, service analytics, and service improvement in ways a reasonable person would consider appropriate in the circumstances (aligned with PIPEDA principles and, for EEA users, GDPR Article 6(1)(f)).
  • Legal obligations: identity verification, AML screening and recordkeeping under applicable laws (e.g., Canada's PCMLTFA), tax and accounting requirements, responding to lawful requests.

REFLECT: Where required, you may withdraw consent at any time without affecting prior lawful processing.

Purpose of Processing

OBSERVE: Data is processed to provide safe, lawful, and reliable services.

  • Service delivery: account setup, gameplay, payments, customer support, responsible gaming features.
  • Compliance: KYC/AML checks, sanctions screening, recordkeeping, dispute handling.
  • Security and integrity: fraud detection, abuse prevention, incident response, access controls.
  • Analytics and improvement: performance monitoring, product development, quality assurance.
  • Marketing (with consent): offers, promotions, and personalized content via email/SMS/push/onsite.

REFLECT: We minimize data used for each purpose and apply safeguards proportionate to risk.

Disclosure & Sharing

OBSERVE: We share data only with parties who need it to provide services or meet legal obligations, under contractual safeguards.

  • Payments: banks, payment processors, anti-fraud networks to process transactions and prevent fraud.
  • KYC/AML and compliance vendors: identity verification, sanctions/PEP screening, document validation.
  • Technology and service providers: hosting, security, analytics, customer support tools, communications platforms.
  • Affiliates and group members: Novi B.V. group for consolidated support, compliance, and internal reporting.
  • Regulators and law enforcement: where required by law or to protect rights, security, or comply with reporting duties.
  • Advertising partners: only with your consent; we avoid sharing payment or KYC details for advertising.
  • Business transfers: in a merger, acquisition, or reorganization, subject to continuity of protections.

REFLECT: Third parties act under data protection agreements, confidentiality, and security requirements. We do not sell personal information.

International Transfers

OBSERVE: Data may be processed in or accessed from Canada, Curaçao, the EEA/UK, the United States, or other locations where our providers operate.

EXPAND: Safeguards include:

  • Adequacy: Transfers from the EEA to Canadian organizations subject to PIPEDA benefit from the EU adequacy decision for commercial organizations.
  • Standard Contractual Clauses (SCCs)/IDTA: Used for EEA/UK transfers to non-adequate countries, with supplemental controls where appropriate.
  • Data Privacy Framework: Where a U.S. vendor self-certifies, we may rely on the EU-US DPF/UK Extension as applicable.
  • Intra-group arrangements: Binding contractual safeguards within the Novi B.V. group.

REFLECT: We assess transfer risks, minimize data sent, and implement technical/organizational measures proportionate to the risk.

Data Retention

OBSERVE: We retain data only as long as needed for the purposes stated or as required by law.

CategoryTypical retentionRationale
Account profile and identity (incl. KYC)5 years after account closureAML/recordkeeping (e.g., PCMLTFA), fraud prevention
Transaction/payment records5-7 yearsAccounting, tax, chargeback defense
Gameplay/betting history3-5 yearsDispute resolution, responsible gaming analytics
Security logs2 yearsIncident investigation, fraud prevention
Marketing preferencesUntil consent withdrawn or 2 years of inactivityCASL compliance and consent tracking
Cookies/analytics dataSession to 24 monthsFunctional operations and analytics

REFLECT: We delete, de-identify, or aggregate data when retention ends or upon valid request, unless law requires longer storage.

Your Rights

OBSERVE: Rights depend on your location and applicable law. We provide robust access and control consistent with Canadian laws and, where applicable, international frameworks.

EXPAND:

  • Canada (PIPEDA; AB/BC PIPA; Québec Law 25): access your information; request corrections; learn about our practices; withdraw consent (e.g., marketing); challenge compliance; in Québec, additional rights like data portability and de-indexation where applicable.
  • EEA/UK (GDPR/UK GDPR, if applicable): access, rectification, erasure, restriction, objection (including to profiling/marketing), portability, and the right to withdraw consent.
  • Mexico (LFPDPPP, if applicable): ARCO rights: Access, Rectification, Cancellation, and Opposition; withdraw consent for secondary purposes.
  1. How to exercise: Submit a request via https://miki-ca.com (privacy/contact link in footer or account). We may require identity verification.
  2. Response time: We aim to respond within 30 days (or the statutory period). Complex requests may take longer; we will inform you of extensions and reasons.
  3. Fees: Requests are free of charge unless manifestly unfounded or excessive; if a fee applies, we will explain and provide a cost estimate.

REFLECT: Some rights may be limited by legal obligations (e.g., AML recordkeeping). We will explain any denial and your escalation options.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies to operate the site, analyze performance, and personalize content.

  • Session cookies: essential for authentication, security, and core functionality; deleted when you close your browser.
  • Persistent cookies: remember preferences and improve performance; typical lifespan 3-24 months.
  • Third-party cookies/pixels: analytics and, with your consent, advertising measurement and personalization.

REFLECT: Manage cookies via your browser settings and the site's cookie controls (where available). Disabling certain cookies may affect functionality. CASL consent rules apply to marketing-related tracking.

Data Security

OBSERVE: We protect data with layered technical and organizational measures.

  • Encryption: TLS 1.2+ in transit; industry-standard encryption (e.g., AES-256) at rest for sensitive data; robust key management.
  • Access controls: least-privilege, role-based access, MFA for administrative access, secure SDLC and code reviews.
  • Monitoring and audits: logging, anomaly detection, vulnerability management, independent assessments/penetration tests.
  • Staff safeguards: background checks where permitted, confidentiality agreements, security and privacy training.
  • Incident response: documented plan with prompt investigation, containment, notification to users and authorities as required by law.

REFLECT: We align our controls with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) where appropriate. No system is perfectly secure; we continuously improve defenses proportionate to risk.

Complaints & Contacts

OBSERVE: We provide multiple channels for questions, rights requests, and complaints.

  • Contact miki-casino: Use the privacy/contact link at https://miki-ca.com. Please specify "Privacy Request" and provide account email and jurisdiction.
  • DPO/Privacy Office: We are finalizing a dedicated DPO contact. Until published here, use the website contact channel addressed to "Privacy/DPO".
  • Postal address: Our verified legal address will be added to this page in 2025; we will provide it upon request via the website channel in the interim.
  1. Procedure: Submit your request/complaint; we acknowledge receipt within 5 business days.
  2. Review: We investigate and respond within 30 days with findings or next steps. If more time is needed, we will inform you and explain why.
  3. Escalation: If unresolved, you may contact a supervisory authority:
    • Canada (OPC): Office of the Privacy Commissioner of Canada - https://www.priv.gc.ca; Toll-free 1-800-282-1376.
    • Provinces: You may also contact your provincial privacy commissioner where applicable.
    • Mexico (if applicable): INAI - https://www.inai.org.mx.
    • EEA/UK (if applicable): Your local data protection authority; see EDPB members: https://edpb.europa.eu/about-edpb/board/members_en.

REFLECT: We aim to resolve issues promptly and transparently and will document outcomes for accountability.

Updates

OBSERVE: We may update this policy to reflect changes in law, services, or practices.

  • Notice: For material changes, we will notify you at least 30 days in advance via email (if available), an in-account alert, and/or a site banner.
  • Version control: We will maintain a change log summarizing material updates.
  • Your options: If you object to changes, you may adjust settings, withdraw relevant consents, or close your account before the effective date.

REFLECT: Last updated: January 2025. Material changes since the prior version: clarified international transfer safeguards; added Law 25 references for Québec; expanded AML retention details; defined complaint escalation pathways.

Regional Compliance Note: This policy is tailored for Canada (PIPEDA and substantially similar provincial laws). Where we provide services to users in other regions, we align our practices with applicable local requirements, including GDPR for EEA/UK users and LFPDPPP (ARCO rights) for Mexico, to the extent those laws apply to our processing.