Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed and protected when you visit or use the online gaming services offered through palaceofchance-ca.com (the "Website"). It applies to players, prospective players, and other visitors located in Canada who access or interact with the Website or communicate with us through any available channels. By creating an account, placing wagers, or otherwise using our services, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and supersedes any earlier version applicable to this Website.

1. Who We Are

OBSERVE: Users must know the identity of the operator, its corporate base and how to contact the entity responsible for data protection.

EXPAND: The brand operates for Canadian players via an offshore structure. We clarify the operating group, its jurisdiction and designate a contact point for privacy matters, even where some corporate details are not fully specified.

REFLECT: This section establishes legal identity, cross-border nature and clear communication channels, which is essential for transparency and regulatory alignment, including Canadian privacy expectations.

1.1 Operator Identity

The online gaming services available through palaceofchance-ca.com (referred to as "Palace Of Chance", "Palace Of Chance", "we", "us", or "our") are operated on behalf of and under the control of:

• Operator company: Virtual Casino Group
• Corporate ID / Registration number: 3-102-525732
• Registered / corporate jurisdiction: Costa Rica
• Corporate base: Costa Rica (full postal address not publicly specified)

For the avoidance of doubt, all references in this Privacy Policy to our "services" or "Website" relate exclusively to palaceofchance-ca.com as made available to users in Canada, even though technical operations may be performed from or through other locations.

1.2 Licensing and Regulatory Context

For transparency purposes, we note that Virtual Casino Group has historically claimed Curaçao eGaming license references including 1668/JAZ and 365/JAZ. As of early 2025 and throughout 2026, the status of these specific license references is described as unverified during Curaçao's transition to the LOK regulatory framework. This Privacy Policy therefore focuses on data protection practices rather than gaming licensing status and does not constitute any representation or warranty regarding licensing or regulatory approvals in Canada.

1.3 Data Protection Contact

We have designated an internal function responsible for privacy and data protection matters (the "Data Protection Contact"). You may contact us using the following details:

• Email (primary for privacy and support): [email protected]
• Email (general information): [email protected]
• Email (payments-related queries): [email protected]
• Press enquiries: [email protected]
• Human resources: [email protected]
• Website: https://palaceofchance-ca.com

At this time, no dedicated telephone number or postal mailing address for privacy requests has been specified. We encourage you to contact us by email for the fastest response.

2. What Personal Data We Collect

OBSERVE: Operation of an online casino for Canadian users requires collection of identity, contact, technical, payment, and behavioral data, as well as cookies and related identifiers.

EXPAND: We must distinguish categories of data, explain their typical content, and specify that some items may be collected directly from users while others are generated or obtained from third parties (e.g., payment processors, analytics services).

REFLECT: This section provides a structured overview of the data lifecycle, enabling users to understand the scope of information processed for account management, security, compliance and personalization.

2.1 Identification and Contact Data

• Account information: username, password (stored using industry-standard hashing), security questions and answers, and other login credentials.
• Personal details: full name, date of birth, country of residence, and (where requested) address details such as city, province/territory and postal code.
• Contact information: email address, telephone number(s), preferred language of communication.
• Verification data (KYC): copies or details of identity documents, proof of address, payment instrument ownership declarations and similar information used for identity verification, age checks and fraud prevention.

2.2 Technical and Usage Data

• Technical identifiers: IP address, device identifiers, browser type and version, operating system, approximate location derived from IP, preferred time zone, and similar technical parameters.
• Log data: access dates and times, pages and features visited, referring URLs, clickstream data, session duration, error logs, and related diagnostic information.
• Security-related data: authentication logs, failed login attempts, device or IP risk scores from anti-fraud providers, and records of security-related events.

2.3 Financial and Transaction Data

• Payment method details: limited card or account data as permitted by PCI-DSS rules and as needed to process deposits and withdrawals, often handled through secure third-party processors located in various jurisdictions such as Cyprus or Malta.
• Transaction history: deposits, withdrawals, bonuses credited or forfeited, chargebacks, reversals, and related financial operations.
• Verification information: data about payment method ownership and supporting documents required to meet anti-fraud and anti-money laundering (AML) controls.

2.4 Gaming and Behavioral Data

• Gameplay information: betting and wagering history, game selections, frequency and duration of sessions, wins and losses, jackpots, bonus usage and redemptions.
• Behavioral patterns: click behavior, navigation paths, responses to in-game offers, and engagement with promotional campaigns (opens, clicks, redemptions).
• Responsible gaming data: self-exclusion status, deposit or loss limits, time-out settings, problem gambling indicators and records of communications relating to responsible gaming.

2.5 Communications and Support Data

• Customer support records: copies of emails, chat logs, complaint files, feedback entries and associated metadata (including time stamps and handling notes).
• Marketing preferences: consents or objections to receive marketing via email or other channels, unsubscribe actions and preference change history.

2.6 Cookies and Similar Technologies

• Cookies: small text files stored on your device to recognize your browser, maintain your session, remember preferences and improve website functionality.
• Web beacons / pixels: small code fragments used to understand how users interact with pages and emails, often in combination with cookies.
• SDKs and local storage: technologies used in mobile or browser environments to store or access information for authentication, analytics and advertising purposes.

Further details on cookies and how to manage them are provided in the "Cookies & Tracking Technologies" section below.

3. Legal Basis for Processing

OBSERVE: Canadian privacy frameworks (including PIPEDA and substantially similar provincial laws) emphasize purposes, consent, and reasonableness, while EU-style concepts (contract, legitimate interests) offer helpful structure.

EXPAND: We link each major processing activity to a clear legal ground: consent, necessity for providing services, legitimate interests (balanced with user expectations), or compliance with legal obligations (including AML/KYC obligations in applicable jurisdictions).

REFLECT: By clarifying these grounds, users understand why their data is required, when consent is needed, and in which cases we may process data without explicit consent but subject to safeguards.

3.1 Consent

• We rely on your explicit or implied consent when:
  • you register an account and provide personal data in order to use the Website;
  • you choose to receive marketing communications, newsletters or promotional offers;
  • you accept non-essential cookies (analytics or advertising) through our cookie settings or by continuing to use the Website after being clearly informed.
• You may withdraw your consent to non-essential processing (especially marketing and certain cookies) at any time, as described in the "Your Rights" and "Cookies & Tracking" sections.

3.2 Contractual Necessity

• We process personal data because it is necessary to enter into or perform a contract with you, including:
  • creating and managing your player account;
  • processing deposits, wagers, game participation and withdrawals;
  • paying out winnings and applying bonuses or loyalty rewards;
  • providing customer support and handling technical issues affecting your account.
• If you choose not to provide data that is necessary for these purposes, we may be unable to open or maintain your account or provide certain features.

3.3 Legitimate Interests

• We may process data where necessary for our legitimate business interests, provided that such interests are balanced against your rights and expectations. These interests include:
  • protecting the integrity and security of our systems, games and users;
  • detecting, preventing and investigating fraud, abuse or cheating;
  • conducting statistical analysis to improve our services and user experience;
  • personalizing content and recommendations within the Website;
  • defending our legal rights, including managing disputes or claims.
• Where appropriate, we apply additional safeguards (such as pseudonymization or aggregation) to limit privacy impact.

3.4 Compliance with Legal Obligations

• We process certain data in order to comply with legal and regulatory obligations that may apply in jurisdictions where we or our partners operate, including:
  • anti-money laundering (AML) and counter-terrorist financing (CTF) rules;
  • age verification and responsible gambling requirements;
  • record-keeping obligations under applicable financial or gaming regulations;
  • responding to lawful requests from courts, regulators or law enforcement authorities.
• Where Canadian or foreign law requires retention or disclosure of specific records, we will limit such processing to what is strictly necessary.

4. Purpose of Processing

OBSERVE: Data is not only collected but used for distinct, identifiable purposes that must be clear to users and proportionate.

EXPAND: We describe the main purposes grouped by functional, security, compliance and marketing categories, showing how each relates to operation of an online casino serving Canadian players.

REFLECT: This facilitates informed consent and aligns with Canadian expectations that organizations only collect, use and disclose personal information for purposes a reasonable person would consider appropriate in the circumstances.

4.1 Service Provision and Account Management

• To create, verify and administer your player account and login credentials.
• To process deposits, wagers, game participation, bonuses and withdrawals.
• To communicate with you about operational matters, including changes to terms, system notifications, and service interruptions.
• To provide multi-channel customer support and resolve technical or account-related issues.

4.2 Security, Fraud Prevention and Compliance

• To perform identity checks, age verification and ownership verification of payment instruments.
• To monitor gameplay and transactions for signs of fraud, abuse, money laundering or suspicious activities.
• To enforce our Terms & Conditions, bonus rules and responsible gaming policies.
• To maintain logs and other records required for legal, regulatory or audit purposes.

4.3 Improvement, Analytics and Personalization

• To analyze aggregated or pseudonymized data about how users interact with our Website and games.
• To test and optimize new features, interfaces and promotions for relevance and effectiveness.
• To personalize content, recommend games and tailor your on-site experience based on your preferences and prior activity.

4.4 Marketing and Promotions

• To send you promotional communications (such as bonuses, tournaments and new game announcements) by email or other channels, subject to your marketing preferences and applicable anti-spam rules.
• To measure the performance of campaigns, including open, click and conversion rates.
• To work with selected affiliates or advertising networks (where permitted) to present offers that may be of interest to you.

4.5 Legal, Risk and Business Management

• To handle disputes, complaints and chargebacks, and to exercise or defend legal claims.
• To support internal audits, risk management and corporate governance activities.
• To enable potential corporate transactions (such as mergers, acquisitions or restructuring) while implementing appropriate confidentiality safeguards.

5. Disclosure & Sharing

OBSERVE: Online casinos rely on third parties (payments, hosting, analytics, affiliates) and may be required to disclose data to authorities.

EXPAND: We categorize recipients, highlight circumstances of disclosure and include appropriate safeguards, noting that some providers may be located in jurisdictions such as Cyprus, Malta or others.

REFLECT: Clear disclosure practices help users understand when their information leaves our direct control and what contractual or organizational measures protect it.

5.1 Group Companies and Service Providers

• Group and operational partners: We may share data with entities within the Virtual Casino Group and with operational partners who assist in running the Website and games, subject to confidentiality obligations.
• Payment processors and banks: To process deposits, withdrawals and chargebacks, and to comply with AML/CTF obligations. These processors may be located in various jurisdictions, including but not limited to Cyprus and Malta.
• Technology and hosting providers: For web hosting, cloud infrastructure, content delivery networks, email delivery, customer support tools and IT security solutions.
• Analytics and anti-fraud providers: To analyze user behavior, detect automated abuse or fraud patterns, and enhance overall system security.

5.2 Affiliates and Advertising Partners

• We may work with marketing affiliates who refer users to the Website and receive performance-based compensation. Limited data (such as registration or conversion status) may be shared with such affiliates in aggregated or pseudonymized form.
• We may, with your consent where required, work with advertising networks or partners that use cookies or similar technologies to deliver or measure advertisements. These partners are only provided with data necessary for their specific function and are not allowed to use such data for unrelated purposes.

5.3 Regulators, Authorities and Legal Proceedings

• We may disclose your information to governmental, regulatory or law enforcement authorities when:
  • we are required to do so by applicable law, subpoena or court order;
  • doing so is necessary to comply with AML/CTF or similar regulations in relevant jurisdictions;
  • we believe in good faith that disclosure is necessary to protect our rights, property or the safety of our users or the public.
• We may also share data with legal advisers, auditors or other professional consultants bound by confidentiality obligations.

5.4 Business Transfers

• In the event of a proposed or actual merger, acquisition, sale of assets, restructuring or insolvency affecting the Virtual Casino Group, user data may be transferred as part of the transaction, subject to:
  • compliance with applicable privacy laws; and
  • implementation of reasonable measures to ensure continuity of protections.

5.5 No Unauthorised Selling of Personal Data

We do not sell your personal information as understood under typical Canadian privacy and consumer protection standards. Any sharing with third parties is limited to the categories and purposes identified in this Privacy Policy or as otherwise disclosed to you at the time of collection.

6. International Transfers

OBSERVE: Palace Of Chance targets users in Canada while being operated offshore from Costa Rica and using processors in other countries.

EXPAND: We acknowledge that data may be stored or processed outside Canada, including in Costa Rica, Curaçao and other jurisdictions such as Cyprus or Malta, and we describe the safeguards we apply.

REFLECT: This transparency allows users to understand cross-border implications and aligns with expectations that organizations using foreign service providers remain accountable for personal information in their custody.

6.1 Locations of Processing

• Costa Rica: Corporate base of Virtual Casino Group and primary location for certain operational functions.
• Curaçao: Historically referenced in relation to gaming licensing; some technical or administrative operations may be routed through or managed from this jurisdiction.
• Other jurisdictions: Data may also be processed or stored by trusted service providers in countries including, but not limited to, Cyprus, Malta, EU member states or the United States, depending on hosting, payment and security arrangements.

6.2 Safeguards for International Transfers

• We remain responsible and accountable for personal information transferred to third parties, regardless of location, and we require them to protect it in a manner consistent with this Privacy Policy and applicable Canadian privacy principles.
• Where appropriate, we implement contractual safeguards such as:
  • data protection clauses imposing confidentiality, security and limited-purpose obligations; and
  • audit or oversight mechanisms to verify compliance.
• We seek to ensure that transfers are limited to jurisdictions or providers that offer a level of protection that is, in practice, comparable to the protections reasonably expected under Canadian privacy law frameworks.

6.3 User Acknowledgment

By using the Website and providing personal information, you understand that your data may be transferred to and processed in countries outside Canada, which may have different data protection laws. In all such cases, we will take reasonable steps to protect your information and will only transfer data as necessary for the purposes described in this Privacy Policy.

7. Data Retention

OBSERVE: Casinos must retain data long enough to comply with legal, financial and security obligations but not indefinitely.

EXPAND: We outline typical retention periods by category and the criteria used to determine when data should be deleted, anonymized or archived.

REFLECT: This provides predictability to users and demonstrates alignment with the principle that personal information should be retained only as long as necessary for identified purposes.

7.1 General Retention Principles

• We retain personal information only for as long as necessary to:
  • fulfil the purposes described in this Privacy Policy;
  • comply with legal, regulatory, accounting or reporting obligations;
  • resolve disputes and enforce our agreements.
• When information is no longer required, we will securely delete, anonymize or aggregate it so that it can no longer be associated with an identifiable individual.

7.2 Typical Retention Periods

• Account and identification data: generally kept for the duration of your account and for up to 5 years after account closure, to comply with AML/CTF, fraud prevention and record-keeping requirements.
• Financial and transaction data: typically retained for 5 - 7 years after the relevant transaction or account closure, in line with standard financial record-keeping obligations.
• Gameplay and behavioral data: maintained for as long as your account is active and for up to 5 years thereafter for security, dispute resolution and statistical analysis, after which it may be anonymized.
• Customer support and complaint records: retained for 3 - 5 years, depending on the nature of the interaction and any applicable limitation periods.
• Marketing data and preferences: kept until you withdraw your consent or opt out, plus a short period (typically up to 12 months) to document and implement your request.

7.3 Deletion and Anonymization Criteria

• Data will be deleted or anonymized when:
  • you request deletion and no overriding legal ground requires continued retention;
  • statutory or regulatory retention periods have expired;
  • the data is no longer necessary for the purposes for which it was collected or processed.
• If immediate deletion is not possible due to technical or legal constraints, we will:
  • restrict processing of the data to storage only; and
  • apply appropriate security measures until deletion can be safely completed.

8. Your Rights

OBSERVE: Users expect clear, actionable rights similar to those found in modern privacy regimes (such as GDPR-like rights) even where such regimes do not apply directly.

EXPAND: We articulate rights of access, correction, deletion, restriction, objection, portability, and withdrawal of consent, and set practical procedures and timelines, including a 30-day response aim and free-of-charge principle for reasonable requests.

REFLECT: While Palace Of Chance is aimed at Canadian users and primarily subject to Canadian privacy laws, we align with high international standards for individual control over personal information. References in this section to GDPR-like concepts are intended to enhance clarity and do not create any additional rights beyond those required by applicable law.

8.1 Access to Your Data

• You may request confirmation of whether we hold personal information about you and, if so, receive:
  • a summary of the categories of information we hold;
  • a copy of specific data elements, where feasible and not subject to overriding rights of others; and
  • information about how we use, disclose and retain your information.

8.2 Correction (Rectification)

• You have the right to request correction of inaccurate or incomplete personal data we hold about you. In many cases, you can update certain fields directly through your account profile.
• We may require documentation to verify changes (for example, for legal name or address changes linked to KYC data).

8.3 Deletion (Erasure) and Account Closure

• You may request that we delete personal information about you, particularly where:
  • the data is no longer needed for the purposes for which it was collected; or
  • you have withdrawn consent for processing that was based on consent.
• We may not be able to delete information that we are required to retain by law (for example, AML or financial record-keeping obligations) or that is necessary to establish, exercise or defend legal claims. In such cases, we will restrict processing to the minimum necessary.

8.4 Restriction of Processing

• In certain circumstances, you may request that we restrict the processing of your information (for example, while we verify its accuracy or assess an objection).
• Where processing is restricted, we will continue to store the data but will not use it further except as permitted by law or with your consent.

8.5 Objection to Processing

• You may object to:
  • processing based on our legitimate interests, if you believe that your fundamental rights and freedoms outweigh those interests; and
  • use of your data for direct marketing, in which case we will promptly stop such use.

8.6 Data Portability

• Where technically feasible and appropriate, you may request a copy of certain personal information you have provided to us in a structured, commonly used and machine-readable format, and ask that it be transmitted to another controller, where this is supported by the systems involved.

8.7 Withdrawal of Consent and Marketing Opt-Out

• Where processing is based on your consent (for example, marketing communications or certain cookies), you may withdraw that consent at any time by:
  • using the "unsubscribe" or "opt-out" links included in marketing emails; or
  • contacting us at [email protected].
• Withdrawal of consent will not affect the lawfulness of processing that took place before the withdrawal, and we may continue to process data where another lawful ground exists.

8.8 Procedure, Timeframes and Cost

• You may exercise any of the above rights by contacting us at [email protected] or [email protected].
• We may take reasonable steps to verify your identity before acting on your request, which may include asking for additional information or documentation.
• We aim to respond to all legitimate requests within 30 days. If your request is particularly complex or we receive multiple requests, we may extend this period, in which case we will inform you of the extension and reasons.
• We will not charge a fee for handling your request unless it is manifestly unfounded, repetitive or excessive, in which case a reasonable fee may be charged, or we may refuse to act on the request.

9. Cookies & Tracking Technologies

OBSERVE: Cookies and related tools are essential for session management, security and analytics in an online gaming environment.

EXPAND: We distinguish cookie types, purposes and user controls, especially given sensitivity around tracking and online advertising.

REFLECT: Clear information supports informed consent and compliance with Canadian privacy guidance on online behavioral advertising and tracking.

9.1 Types of Cookies We Use

• Session cookies: Temporary cookies that exist only while your browser session is active. They help authenticate you, maintain your session and ensure that actions you take are correctly associated with your account.
• Persistent cookies: Cookies that remain on your device for a specified period or until you delete them, used to remember preferences (such as language, region or cookie choices) and to recognize you when you return.
• First-party cookies: Cookies set by palaceofchance-ca.com to support core functionality, security and user experience.
• Third-party cookies: Cookies set by third-party service providers such as analytics tools or advertising partners (where used and permitted) to measure traffic, prevent fraud or deliver more relevant content.

9.2 Purposes of Cookies and Similar Technologies

• Strictly necessary / functional: Required for the Website to function correctly, including logging in, managing sessions, securing payments and enabling basic navigation.
• Performance and analytics: Help us understand how users interact with the Website, which pages or games are most popular, and where technical errors may occur, so we can improve the service.
• Advertising and marketing (where used): Support the delivery and measurement of promotions or offers, both on the Website and, if applicable, on partner sites, subject to your consent where required.

9.3 Managing Cookies

• You can manage or disable cookies through:
  • Browser settings: Most browsers allow you to refuse all or some cookies, delete existing cookies or be notified when a site attempts to set a cookie. Please refer to your browser's help section for instructions.
  • On-site controls (if available): Where provided, you may use our internal cookie or privacy panel to adjust your preferences for non-essential cookies.
• Please note that blocking or deleting certain cookies, especially strictly necessary ones, may affect the functionality of the Website and could prevent you from using some features or services.

10. Data Security

OBSERVE: Handling financial and gaming data for Canadian users requires robust technical, organizational and procedural safeguards.

EXPAND: We describe encryption practices, access controls, monitoring, training and incident response to demonstrate that data is protected against loss, misuse, unauthorized access, disclosure, alteration and destruction.

REFLECT: While no system can be absolutely secure, aligning with international security standards and best practices helps to reduce risk and build trust.

10.1 Technical Measures

• Encryption in transit: We use modern transport-layer security protocols (such as TLS 1.2 or higher) to protect data transmitted between your device and our servers.
• Encryption at rest: Where appropriate, sensitive data is stored using strong encryption or hashing algorithms, and access is restricted to necessary systems and personnel.
• Access controls: Role-based access control, strong authentication mechanisms and, where feasible, multi-factor authentication are used to limit access to personal information to authorized staff with a business need to know.
• Network and system security: Firewalls, intrusion detection or prevention systems, anti-malware tools, and logging/monitoring solutions are used to detect and mitigate potential threats.

10.2 Organizational and Procedural Measures

• Policies and training: Staff with access to personal information receive training on confidentiality, data protection requirements and secure handling procedures.
• Vendor management: Service providers with access to personal data are required to implement appropriate security measures and to process data only on our instructions.
• Data minimization: We seek to collect only the data necessary for identified purposes and limit retention in line with our retention policy.

10.3 Audits, Standards and Incident Response

• We periodically review our security controls and may conduct internal or external assessments to test their effectiveness. Some providers we work with may hold certifications such as ISO 27001 or SOC 2, though such certifications are not claimed as universally applicable to all components of our infrastructure.
• We maintain procedures for identifying, assessing and responding to suspected data breaches or security incidents. Where required by applicable law, we will notify you and relevant authorities without undue delay, taking into account the nature and scope of the incident.

11. Complaints & Contacts

OBSERVE: Users need simple and reliable channels to raise questions or complaints regarding privacy and data protection.

EXPAND: We provide contact information, outline internal complaint handling steps, and identify supervisory authorities in relevant jurisdictions for escalation, consistent with best practices.

REFLECT: A clear hierarchy of complaint mechanisms promotes accountability and aligns with expectations of modern privacy regimes.

11.1 Contacting Us

If you have any questions, concerns or complaints about this Privacy Policy or our handling of personal information, you may contact us at:

• Primary privacy/support email: [email protected]
• General information: [email protected]
• Website: https://palaceofchance-ca.com

Currently, we do not provide a dedicated postal address or telephone number for privacy complaints. If this changes, updated details will be published in this Privacy Policy.

11.2 Internal Complaint Procedure

1. Submission: Send a detailed description of your concern or complaint, including relevant dates, account information and any supporting documents, to [email protected].
2. Acknowledgment: We will acknowledge receipt of your complaint as soon as reasonably practicable, typically within 5 business days.
3. Investigation: Your complaint will be reviewed by appropriate personnel, which may include legal or compliance staff where necessary. We may contact you to obtain additional information.
4. Response: We aim to provide a substantive response within 30 days of receipt of a complete complaint. If we are unable to meet this timeline due to complexity or other legitimate reasons, we will inform you of the delay and give an estimated time for resolution.
5. Outcome: Our response will explain any decision, measures taken or proposed measures to address your concerns, or reasons why we believe no further action is required.

11.3 Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that we are not handling your personal information in a lawful manner, you may have the right to lodge a complaint with a relevant privacy or data protection authority. For users in Canada, this may include:

• Office of the Privacy Commissioner of Canada (OPC)
  Website: https://www.priv.gc.ca
  Complaint information: https://www.priv.gc.ca/en/report-a-concern
• Provincial or territorial privacy commissioners (for example, in Alberta, British Columbia or Quebec, which have substantially similar private-sector privacy laws). Contact details are available via provincial government websites.

Depending on your location and circumstances, you may also have rights to bring issues before other regulators or courts in relevant jurisdictions. We encourage you, however, to contact us first so that we may attempt to resolve your concern directly.

12. Updates

OBSERVE: Privacy practices evolve over time due to legal, technological and business changes.

EXPAND: We define how and when this Privacy Policy may be updated, how users will be notified, and what options they have in response to material changes.

REFLECT: Version control, clear effective dates and notice procedures are key to transparency and ongoing consent.

12.1 Changes to This Privacy Policy

• We may update or modify this Privacy Policy from time to time to reflect:
  • changes in our services, technology or business operations;
  • changes in applicable laws or regulatory guidance; or
  • feedback from users, regulators or other stakeholders.
• Each version will be identified by a "Last updated" date indicated at the end of this document.

12.2 Notification of Material Changes

• Where changes are material and may significantly affect your rights or how your personal information is processed, we will provide additional notice by one or more of the following means:
  • email notification to the address associated with your account;
  • prominent banner or pop-up on the Website;
  • notification in your account dashboard, where applicable.
• Where reasonably practicable, we will provide such notice at least 30 days before material changes take effect, so that you have an opportunity to review them.

12.3 Your Options Following Updates

• If you continue to use the Website after the effective date of an updated Privacy Policy, you will be deemed to have accepted the revised terms, except where explicit consent is required by law.
• If you do not agree with changes that are material to how your personal information is processed, you may:
  • adjust your privacy or marketing preferences where such controls are available; and/or
  • close your account and request deletion or restriction of your personal information, subject to lawful retention requirements.

Last updated: January 2026