Privacy Policy

This Privacy Policy explains how Woo Casino, operated via the website woo-ca.com, collects, uses, discloses, and protects personal information of players and visitors located in Canada. It applies to all users who access or use woo-ca.com, create an account, participate in gaming activities, or otherwise interact with our services and communications. By using our services, you acknowledge that you have read and understood this Privacy Policy. This Policy is effective as of January 1, 2026, and supersedes any prior versions applicable to Canadian users.

Who We Are

Woo Casino is the Canadian-facing project of Woo Casino, operated exclusively through the website woo-ca.com.

Operator and Corporate Structure

Operating company: Dama N.V., a limited liability company (N.V.) incorporated under the laws of Curaçao.
Registration number (Dama N.V.): 152125.
Legal/head office address (Dama N.V.): Scharlooweg 39, Willemstad, Curaçao.
Payment agent / facilitator: Friolion Limited, a limited company incorporated under the laws of Cyprus.
Registration number (Friolion Limited): HE 419102.
Registered office address (Friolion Limited): Leandrou, 12A, 3086 Limassol, Cyprus.
Gaming licence: 8048/JAZ2020-013, issued under the Antillephone N.V. master licence by the Government of Curaçao (transitioning supervision to the Curaçao Gaming Control Board).

Data Protection Responsibility

Data controller for players using woo-ca.com: Dama N.V.
Data protection / privacy contact: Data Protection Department, Dama N.V.
Postal contact (data protection): Dama N.V., Scharlooweg 39, Willemstad, Curaçao (Attn: Data Protection Department).

Contact Details

Support email: [email protected] (primary contact for player queries, including privacy questions).
General information email: [email protected].
Official website (Canada-facing): https://woo-ca.com.

You may contact our Data Protection Department using the above details for any questions related to this Privacy Policy or the processing of your personal information.

What Personal Data We Collect

We collect only the information necessary to provide our services, fulfill legal obligations (including KYC/AML), ensure game integrity, and protect both you and us from fraud and abuse.

Identification and Contact Data

Account and profile data: full name, date of birth, country and province/territory of residence, physical address, email address, telephone number, preferred language, username, and password (stored in hashed form).
Verification (KYC/AML) data: government-issued identification documents (e.g., passport, driver's licence, national ID), proof of address documents (e.g., utility bill, bank statement), selfies or live video verification where applicable, and any additional data you provide for enhanced due diligence.

Technical and Usage Data

Technical identifiers: IP address, device identifiers, browser type and version, operating system, device model, screen resolution, time zone settings, and language settings.
Log information: access dates and times, pages and resources visited, clicks, referral URLs, session duration, error logs, and general system events.
Security and integrity data: login attempts, password reset requests, authentication logs, device fingerprinting data, and data used by our fraud-prevention and risk-scoring tools.

Gaming and Behavioral Data

Gaming activity: game selections, bet amounts, win/loss history, jackpots, bonus use and wagering progress, time spent on games, and game session information.
Website behavior: navigation patterns, clicks, scrolling behavior, interaction with banners and promotions, and response to on-site messages.
Responsible gambling data: deposit limits, loss and wager limits, time-out or self-exclusion choices, assessment results from responsible gambling tools, and any communications related to problem gambling concerns.

Payment and Financial Data

Transaction information: deposit and withdrawal amounts, currencies, payment methods used, transaction timestamps, and status of payments.
Payment instrument details: partially masked card numbers, cardholder name, expiry date, IBAN or bank account details where required for payouts, electronic wallet identifiers, and payment provider account IDs. Full card numbers and sensitive authentication data are handled by PCI-compliant payment providers where applicable.
Anti-fraud and AML information: data obtained from and shared with payment processors and AML service providers to verify ownership of payment methods, detect suspicious activity, and comply with AML/CTF requirements.

Communications and Marketing Data

Customer support communications: emails, live chat transcripts, internal notes documenting our interactions, and any files or evidence you submit to support your requests.
Marketing preferences: newsletter subscriptions, SMS or push notification preferences, consent for promotional communications, and opt-out records.
Survey and feedback data: responses to surveys, reviews, ratings, and feedback about our services.

Cookies and Similar Technologies

Cookies: small text files stored on your device to recognize your browser and remember your preferences.
Local storage and similar tools: technologies used to store application-specific settings, session tokens, and anti-fraud markers on your device.
Tracking technologies: pixels, tags, and scripts from us or carefully selected partners for analytics and, where permitted and consented to, marketing and personalization.

For more detailed information, see the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

We process personal information only when we have a valid legal basis under applicable data protection laws. Depending on the context, we rely on one or more of the following grounds:

Performance of a Contract

Account creation and management: processing required to register and maintain your account, authenticate you, provide access to games, and manage your balances.
Provision of gaming services: accepting bets, calculating and paying winnings, applying bonuses, processing deposits and withdrawals, and providing customer support.
Enforcement of our Terms: applying the terms and conditions you agree to when using woo-ca.com, including enforcing game rules, bonus terms, and account limits.

Compliance with Legal and Regulatory Obligations

KYC and identity verification: collecting and verifying identification documents and other information to comply with anti-money laundering (AML), counter-terrorist financing (CTF), and "know your customer" (KYC) requirements under applicable laws and our Curaçao licence.
Financial and tax reporting: recording and retaining transaction data for accounting, auditing, regulatory reporting, and cooperation with competent authorities.
Responsible gambling and player protection: implementing mandatory measures to prevent underage gambling, detect excessive gambling patterns, apply self-exclusion and limits, and document such actions.
Sanctions and law enforcement: complying with court orders, subpoenas, regulatory requirements, and lawful requests from law enforcement or regulatory authorities.

Legitimate Interests

Service security and integrity: protecting our systems, players, and partners against fraud, abuse, and security threats; detecting suspicious behavior; and preventing unauthorized access.
Service improvement and analytics: analyzing aggregated and pseudonymized data to understand how our services are used, improve game offerings, optimize user experience, and develop new features.
Business operations: managing our business, including internal administration, risk management, quality control, and corporate governance.
Dispute handling: investigating and resolving disputes with players, financial institutions, and third parties, and defending our legal rights and interests.

Where we rely on legitimate interests, we balance those interests against your privacy rights and implement safeguards (such as pseudonymization, access controls, and data minimization) to mitigate risks.

Consent

Marketing communications: sending you promotional emails, SMS, or notifications about bonuses, tournaments, and offers, where required by law, only after obtaining your explicit consent and allowing you to withdraw it at any time.
Optional cookies and tracking: using non-essential cookies and similar technologies for advertising and advanced analytics, based on your consent through our cookie banner or settings.
Additional verification and surveys: requesting information that is not strictly required for contract performance or legal obligations, where we present it as optional and rely on your agreement.

If you withdraw consent, we will stop processing based on that consent, but this will not affect the lawfulness of processing that took place before withdrawal, and we may continue processing where another legal basis applies.

Purpose of Processing

We use your personal information only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with these purposes.

Provision and Management of Casino Services

Registering and managing user accounts on woo-ca.com.
Verifying your identity and eligibility to participate in online gambling.
Providing access to casino games and related services.
Processing deposits, wagers, withdrawals, and payouts.
Providing customer support and troubleshooting issues.

Service Optimization and Personalization

Analyzing service usage to improve website performance, stability, and usability.
Recommending games, tournaments, and features that may be of interest to you.
Customizing content, language, and interface settings for Canadian players.

Marketing and Promotions

Sending promotional and loyalty communications in accordance with your preferences and applicable law.
Managing bonuses, promotions, tournaments, VIP or loyalty programs.
Measuring the effectiveness of marketing campaigns and partner programs (affiliates).

Analytics, Statistics, and Business Reporting

Generating aggregated statistics on game performance, player behavior, and financial results.
Conducting internal reporting, forecasting, and business planning.
Performing quality assurance and service performance monitoring.

Fraud Prevention, Security, and Legal Compliance

Detecting and preventing fraud, money laundering, chargebacks, and abuse of bonuses.
Monitoring for suspected collusion, use of bots, or other prohibited behavior.
Ensuring technical and organizational security of our systems and data.
Complying with licensing and regulatory obligations arising from our Curaçao licence and other applicable laws.

Disclosure & Sharing

We do not sell your personal information. We disclose personal data only where necessary for the purposes described above, subject to appropriate safeguards and contractual controls.

Group and Service Companies

Group entities and payment facilitator: Dama N.V. and Friolion Limited share information strictly as needed to operate woo-ca.com, process payments, and comply with legal obligations.

Payment Service Providers and Financial Institutions

Banks, card schemes, payment gateways, e-wallet providers, and other payment intermediaries that process your deposits and withdrawals.
These providers process personal and transaction data under their own legal obligations and privacy policies, in addition to our instructions where applicable.

Technical, Security, and Support Providers

Hosting and cloud infrastructure providers.
IT, cybersecurity, anti-fraud, and risk management service providers.
Customer support tools and communications platforms.
Game platform and software providers, where access to limited data is needed to ensure service functionality and security.

Marketing, Analytics, and Affiliate Partners

Marketing agencies, analytics services, and advertising networks, where permitted and, if required, based on your consent.
Affiliate partners who refer players to woo-ca.com, to attribute traffic and calculate affiliate remuneration, in pseudonymized or aggregated form wherever possible.

Regulators, Supervisory and Government Authorities

Curaçao Gaming Control Board and related authorities overseeing our licence.
Law enforcement, courts, and regulators in relevant jurisdictions, where required to comply with applicable law or lawful orders.
Anti-money laundering and counter-terrorist financing authorities and units.

Professional Advisors and Corporate Transactions

Lawyers, auditors, consultants, and accountants, subject to confidentiality obligations.
Potential purchasers, investors, or partners (and their advisors) in the context of a contemplated or actual merger, acquisition, reorganization, or similar corporate transaction, under strict confidentiality and, where required, in anonymized or pseudonymized form.

Other Disclosures

Where you explicitly request or consent to a specific disclosure.
Where necessary to protect our rights, privacy, safety, or property, and/or that of our users or third parties.

International Transfers

As an international online gaming operator, we may transfer and store your personal information outside your province or territory and outside Canada, including to Curaçao, Cyprus, and other countries where our service providers are located.

Transfer Destinations

Curaçao: location of Dama N.V. and our core gaming infrastructure and compliance operations.
Cyprus: location of Friolion Limited and certain payment processing and support functions.
Other countries: jurisdictions where our hosting providers, game providers, analytics and anti-fraud vendors, and other technical partners maintain operations or data centers.

Safeguards for Cross-Border Transfers

We use contractual and technical measures to protect your personal information when it is transferred internationally.
Where applicable, we enter into data protection agreements and standard contractual clauses (or functionally equivalent contractual protections) with our service providers to ensure appropriate safeguards and data protection standards.
We limit access to personal data to what is strictly necessary for the recipient to perform its services, apply data minimization and pseudonymization where feasible, and implement robust access controls.

Implications of Foreign Laws

Data transferred outside Canada may be subject to the laws of the foreign jurisdiction, and may be accessible to courts, law enforcement, and national security authorities in those jurisdictions.
Regardless of location, we require all recipients to protect your personal information in accordance with this Privacy Policy and applicable contractual and legal obligations.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal, regulatory, and accounting requirements, resolve disputes, and enforce our agreements.

General Retention Principles

We apply category-based retention periods aligned with regulatory expectations for licensed gaming operators.
When deciding how long to retain data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process it.

Indicative Retention Periods

Account, identification, and KYC data: typically retained for the duration of your account and for up to 5 - 7 years after account closure, in line with AML/CTF and licensing obligations and applicable limitation periods.
Transaction and financial data: typically retained for at least 5 - 7 years from the date of the relevant transaction, or longer where required for accounting and tax purposes.
Gaming and behavioral data: retained while your account is active and for a period necessary to fulfill regulatory, anti-fraud, and dispute resolution needs, usually up to 5 years after account closure, then anonymized or aggregated where possible.
Marketing and communication data: retained while you are subscribed to marketing communications and for a limited period thereafter to demonstrate compliance with consent and opt-out requirements (typically up to 2 years after your last interaction).
Technical logs and security data: retained for operational security, fraud detection, and troubleshooting purposes, usually from several months up to 5 years, depending on the specific log type and risk profile.

Deletion and Anonymization

When personal data is no longer required for the purposes described above or for any legally permitted retention period, we securely delete it or irreversibly anonymize it.
Where immediate deletion is not technically feasible, we store the data securely and isolate it from further processing until deletion is possible.

Your Rights

Depending on applicable data protection laws and subject to certain limitations, you have the following rights in relation to your personal information. While this Policy is tailored for Canadian users, we broadly align our practices with leading international standards (such as GDPR-style rights frameworks) to enhance transparency and control.

Right of Access

You may request confirmation of whether we hold personal data about you and obtain a copy of such data, together with information about how we process it.

Right to Rectification

You may request correction of inaccurate personal information and completion of incomplete data, taking into account the purposes for which it is processed.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal information where:
- the data is no longer necessary for the purposes for which it was collected or processed;
- you have withdrawn consent (where processing was based on consent) and no other legal basis applies;
- you have successfully objected to processing and no overriding legitimate grounds exist; or
- the data has been unlawfully processed.
We may be unable to delete data where we are legally required to retain it, for example, under AML/CTF, gaming, or financial reporting laws or for the establishment, exercise, or defence of legal claims.

Right to Restrict Processing

You may request that we restrict processing of your personal information where:
- you contest its accuracy (for a period allowing us to verify accuracy);
- the processing is unlawful and you oppose deletion;
- we no longer need the data but you require it for legal claims; or
- you have objected to processing pending verification of our legitimate grounds.

Right to Object

You may object, on grounds relating to your particular situation, to the processing of your personal information based on our legitimate interests, including profiling based on those interests.
We will stop such processing unless we demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or where processing is required for legal claims.
You may always object to direct marketing (and any related profiling) at any time, in which case we will stop sending you marketing communications.

Right to Data Portability

Where technically feasible and where the law grants such a right, you may request that we provide certain personal information that you have provided to us in a structured, commonly used, and machine-readable format, and you may request that we transmit that data directly to another controller where possible.

Right to Withdraw Consent

Where we rely on your consent for processing (for example, for marketing or optional cookies), you may withdraw that consent at any time via your account settings, by using unsubscribe mechanisms in our communications, or by contacting us.
Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal and will not impact processing carried out on other legal bases.

Exercising Your Rights

How to submit a request:
- Contact us at [email protected] or [email protected], clearly stating your request and indicating that it concerns your privacy rights.
Verification:
- To protect your privacy, we may need to verify your identity before acting on your request, which may require additional information or use of existing KYC details.
Response time:
- We aim to respond to all valid requests within 30 days. If a request is particularly complex or we receive multiple requests, we may extend this period in accordance with applicable law, and we will inform you of any delay.
Fees:
- We handle your requests free of charge. However, where permissible by law, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive.

Some of these rights may be limited or unavailable where we are required by law to retain or process certain information, particularly in relation to licensed gaming operations, AML/CTF, or regulatory reporting.

Cookies & Tracking Technologies

Woo Casino uses cookies and similar technologies on woo-ca.com to ensure the proper functioning of the website, enhance user experience, and, where allowed, support analytics and marketing.

Types of Cookies We Use

Strictly necessary (session) cookies: required for the website and games to function, to maintain your session, ensure security, support login and account management, and enable essential features. These are usually session cookies that expire when you close your browser.
Functional (persistent) cookies: used to remember your preferences (such as language, region, or saved settings) and provide an improved, personalized experience. These persist on your device for a defined period or until you delete them.
Analytics cookies: first-party or third-party cookies that collect information about how visitors use woo-ca.com (e.g., pages visited, time spent, errors encountered) to help us understand and improve performance and usability.
Advertising and marketing cookies: where allowed and based on your consent, these cookies may be used to deliver relevant promotional content, measure the effectiveness of marketing campaigns, and avoid showing the same advertisements repeatedly.

Managing Cookies

Browser settings: most web browsers allow you to manage cookies through their settings (e.g., block all cookies, accept only first-party cookies, or delete existing cookies). Disabling certain cookies may affect the functionality of the website and your ability to use some features.
In-site controls: where available, you can adjust your cookie preferences through our on-site cookie banner or cookie settings panel, especially for non-essential cookies (analytics and advertising).
Do Not Track and similar signals: we may not respond to all browser-based "Do Not Track" signals, but we will honor explicit consent preferences expressed via our cookie tools where applicable.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Technical Security Measures

Encryption: data transmitted between your browser and woo-ca.com is protected using TLS 1.2 or higher. Sensitive data is encrypted at rest where appropriate, using industry-standard cryptographic methods.
Access control and authentication: we use role-based access controls to ensure only authorized personnel can access personal data relevant to their role. Multi-factor authentication is implemented for critical administrative access and internal systems where appropriate.
Network and infrastructure security: firewalls, intrusion detection and prevention systems, secure configurations, segmentation, and continuous monitoring help safeguard our infrastructure.
Data minimization and pseudonymization: we collect only the data necessary for specified purposes and, where feasible, use pseudonymization or anonymization to reduce identification risks.

Organizational and Procedural Measures

Policies and training: we maintain internal policies on data protection, information security, and acceptable use. Staff with access to personal information receive regular privacy and security training.
Vendor management: we assess and contractually require our providers to implement appropriate security measures, conduct due diligence, and, where applicable, align with recognized frameworks (e.g., ISO 27001 or SOC 2-type standards) for information security.
Monitoring and audits: our systems and controls are periodically reviewed and tested to identify vulnerabilities and improve resilience.

Incident Response

We maintain incident response procedures to detect, investigate, and mitigate security incidents in a timely manner.
In the event of a data breach affecting your personal information, we will take all appropriate steps required by law, which may include notifying you and/or relevant authorities and providing information about the breach and recommended protective measures.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal information, we encourage you to contact us first so that we can attempt to resolve the issue.

Contacting Woo Casino

Primary contact for privacy and general matters:
- Email: [email protected]
- Email (general info): [email protected]
- Postal address: Dama N.V., Scharlooweg 39, Willemstad, Curaçao (Attn: Data Protection Department)

Complaint Procedure

Submission: send us a detailed description of your concern, including any relevant account information and supporting documentation.
Acknowledgement: we will acknowledge receipt of your complaint as soon as reasonably possible.
Investigation: we will review your complaint, gather any necessary information, and, if needed, ask you for additional details.
Response: we aim to provide a substantive response within 30 days. Where a longer period is required due to complexity, we will inform you of the delay and the expected timeframe.
Escalation: if you are not satisfied with our response, you may escalate the matter internally by indicating this in your reply, and we will arrange for a further review.

Regulatory and External Recourse

Depending on your location and applicable law, you may have the right to lodge a complaint with a competent data protection or privacy authority. You can also seek advice from independent organizations dedicated to responsible gambling, such as the Responsible Gambling Council in Canada (https://responsiblegambling.org) for matters related to gambling behavior and player protection. Contact details for specific data protection authorities vary by jurisdiction; you may consult local government resources to identify the appropriate authority.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, regulatory guidance, or technical and business developments.

How We Will Inform You

Website publication: the latest version of this Privacy Policy will always be available on woo-ca.com, with a "Last updated" date at the top or bottom of the page.
Direct notifications: for material changes that significantly affect your rights or the way we process your personal information, we will provide additional notice, which may include:
- email notifications to your registered email address;
- prominent banners or pop-up notices on woo-ca.com;
- alerts within your account dashboard.

Advance Notice and Your Options

Where required or appropriate, we will provide at least 30 days' advance notice before material changes take effect.
If you do not agree to the updated Privacy Policy, you may choose to stop using our services and request account closure and applicable data deletion, subject to our legal obligations to retain certain information.

Version Control

Last updated: January 1, 2026.
Earlier versions of this Privacy Policy may be retained by us for record-keeping and compliance purposes and are available upon justified request, where necessary.