burger icon
Griffon Casino
Log In

Privacy Policy

This Privacy Policy explains how griffon-casino processes personal information of players and visitors of https://griffon-ca-play.com. It applies to individuals in Canada (excluding Ontario, which we do not target) who access our website or services. Effective date: October 2025.

Who We Are

OBSERVE

Operator for Canada (outside Ontario): Aspire Global International LTD, licensed by the Malta Gaming Authority (MGA/CRP/148/2007). Brand ownership: ASG Technologies Ltd (and/or Karamba Limited - requires clarification). Great Britain operations are handled by AG Communications Limited (UKGC licensed) but are out of scope for this CA Privacy Policy.

EXPAND

For Canadian users, Aspire Global International LTD acts as the data controller for griffon-ca-play.com. Some processing may be performed by affiliates or vetted processors on our behalf under contractual safeguards.

REFLECT

  • Legal entity (controller for CA): Aspire Global International LTD (MGA licence: MGA/CRP/148/2007)
  • Registered office / company number: not specified in provided data; available on request or via the MGA public register
  • Data Protection Office (DPO): [email protected]
  • Website: https://griffon-ca-play.com
  • Postal contact: If you prefer post, address details will be provided upon email request to verify the correct recipient and ensure safe delivery.

What Personal Data We Collect

OBSERVE

We collect data necessary to run an online casino, comply with KYC/AML, process payments, secure accounts, and improve services.

EXPAND

  • Identity and contact: full name, date of birth, address, email, phone
  • Account data: username, security questions, preferences, communications
  • KYC/AML data: ID documents, proof of address, source-of-funds/wealth details
  • Payment and transaction: deposits, withdrawals, partial card or account identifiers, billing records
  • Technical: IP address, device identifiers, OS/browser, language, timestamps, log files
  • Behavioral/usage: session activity, game play events, betting and wagering history, clicks, navigation paths
  • Marketing: consents, engagement metrics, unsubscribe preferences
  • Cookies/SDKs: session, persistent, and third-party identifiers; similar technologies (pixels, tags)

REFLECT

We collect only what is necessary for specified purposes, obtained directly from you, via device interactions, from payment/KYC providers, and fraud-prevention partners, consistent with Canadian privacy principles.

Legal Basis for Processing

OBSERVE

Canadian law (PIPEDA and applicable provincial laws) relies on consent, reasonableness, and accountability; EU/UK concepts may also apply where relevant.

EXPAND

  • Consent: account creation, marketing subscriptions, cookies (where required)
  • Contractual necessity: create and manage your account, verify age, enable gameplay, process payments, provide support
  • Legitimate interests: prevent fraud/abuse, ensure network and information security, service analytics and improvement
  • Legal obligations: KYC/AML screening, responsible gambling monitoring, regulatory reporting, tax/accounting recordkeeping
  • Vital/public interest: rare cases related to security or law enforcement requests

REFLECT

Where law requires consent, we will seek it and allow withdrawal. For transfers or profiling beyond expectations, we will provide clear notice and options.

Purpose of Processing

OBSERVE

Purposes align with service delivery, security, compliance, and user experience.

EXPAND

  • Operate and maintain your griffon-casino account on griffon-ca-play.com
  • Process deposits, wagers, withdrawals, bonuses, and loyalty programs
  • Perform KYC/AML checks and responsible gambling measures
  • Provide support, handle disputes, and enforce terms
  • Secure our services, detect/prevent fraud and abuse
  • Run analytics, performance monitoring, and product improvement
  • Send service messages; conduct marketing with your consent
  • Meet regulatory, tax, and audit obligations

REFLECT

We do not sell personal information. Marketing is optional and can be withdrawn at any time without affecting your core service access.

Disclosure & Sharing

OBSERVE

We share data strictly on a need-to-know basis under contracts and safeguards.

EXPAND

  • Payment providers and banks: to process deposits/withdrawals and prevent fraud
  • KYC/AML and identity services: to verify identity, age, and risk indicators
  • Game and platform vendors: to deliver content and manage platform performance
  • IT/security providers: hosting, cloud/CDN, analytics, anti-fraud, monitoring
  • Affiliates within our group: shared services under intra-group data processing terms
  • Regulators and authorities: MGA, law enforcement, tax bodies, courts, as legally required
  • Advertising networks: only with your consent and subject to cookie/ID controls
  • Mergers/acquisitions: as part of corporate transactions with continuity safeguards

REFLECT

All processors are bound by confidentiality and data protection agreements. We maintain records of disclosures as part of accountability obligations.

International Transfers

OBSERVE

Processing may occur in Malta, the EEA, the United Kingdom, the United States, and other jurisdictions where our vetted providers operate.

EXPAND

  • Safeguards: Standard Contractual Clauses (SCCs) for EEA/UK transfers; EU-US Data Privacy Framework certifications for eligible US vendors; intra-group agreements with robust technical and organizational measures
  • Canadian law: We remain accountable under PIPEDA and ensure comparable protection through contracts and oversight
  • Quebec Law 25: Conduct transfer assessments (TIA), ensure equivalency of protection, and implement contractual safeguards and incident reporting

REFLECT

We disclose transfer destinations on request and provide copies of key safeguards subject to confidentiality.

Data Retention

OBSERVE

We retain data only as long as needed for stated purposes and legal requirements.

EXPAND

  • Account and identity data: up to 5 years after account closure, unless longer is required for AML/regulatory obligations
  • KYC/AML records: typically 5-7 years after the end of the relationship
  • Transaction and financial records: 7 years to meet accounting/tax audit needs
  • Support and dispute files: duration of the case plus up to 2 years (limitation periods)
  • Technical logs: 12-24 months for security, fraud prevention, and audit
  • Marketing data: until consent is withdrawn or becomes inactive (with periodic suppression reviews)
  • Cookies/IDs: session to 13 months, depending on type and purpose

REFLECT

When retention ends, we securely delete or anonymize the data. You may request deletion where no overriding legal basis exists.

Your Rights

OBSERVE

We respect privacy rights under Canadian law and, where applicable, EU/UK GDPR and Mexico's data protection law.

EXPAND

  • PIPEDA/Provincial rights (Canada): access your data; request corrections; withdraw consent (e.g., marketing); challenge compliance; learn about our practices and cross-border handling
  • Quebec (Law 25): enhanced transparency for transfers, rights regarding de-indexation in certain cases, and consent requirements
  • GDPR (if applicable to you): access, rectification, erasure, restriction, objection (including to profiling/marketing), data portability, and the right to lodge a complaint
  • Mexico (LFPDPPP, if applicable): ARCO rights: Access, Rectification, Cancellation, and Opposition; revoke consent per legal allowances

REFLECT

  1. How to exercise: Email [email protected] from your registered address and specify the right you wish to exercise. We may request identity verification.
  2. Timeframes: We aim to respond within 30 days. Complex requests may take longer; we will inform you of any extension.
  3. Fees: Free of charge unless a request is manifestly unfounded or excessive; in such cases, we may charge a reasonable fee or refuse with reasons.
  4. Limits: We may decline requests where disclosure would reveal third-party information, contravene law, or harm fraud/AML controls. We will explain our rationale.

Regional Compliance Note: Rights vary by jurisdiction; we apply the law that covers you and will clarify the applicable framework in our response.

Cookies & Tracking Technologies

OBSERVE

Cookies and similar tools support core functions, security, analytics, and optional advertising.

EXPAND

  • Session cookies: essential for login, bet placement, and fraud prevention; expire when you close your browser
  • Persistent cookies: remember preferences and improve performance; typical lifespan up to 13 months
  • Third-party cookies/SDKs: analytics, anti-fraud, and advertising (used only with consent where required)
  • Management: use browser settings to block/clear cookies; adjust preferences via our cookie banner or in-account settings

REFLECT

Declining non-essential cookies will not affect core functionality but may reduce personalization. See the cookie banner for a current list of vendors.

Data Security

OBSERVE

Protecting your data is critical to service trust and regulatory compliance.

EXPAND

  • Encryption: TLS 1.2+ in transit; AES-256 or comparable at rest
  • Access controls: least-privilege RBAC, MFA for privileged access, secure key management
  • Operational security: logging, SIEM monitoring, vulnerability management, penetration testing
  • Governance: staff training, background checks for sensitive roles, change control, vendor risk management
  • Standards: alignment with ISO/IEC 27001 and SOC 2 practices where applicable
  • Incident response: defined playbooks, containment/eradication steps, user/regulatory notifications where required by law

REFLECT

No system is 100% secure, but we continually improve our controls and review them through audits and testing.

Complaints & Contacts

OBSERVE

We provide clear internal channels and escalation to regulators.

EXPAND

  1. Contact our DPO: [email protected]
  2. Online: Use the privacy options in your account or email us to request assistance if you cannot access your account
  3. Postal: Postal details provided upon request to ensure secure routing and identification

REFLECT

  • Procedure: Describe your concern and include relevant identifiers. We acknowledge within 7 days and aim to resolve within 30 days.
  • Escalation (Canada): Office of the Privacy Commissioner of Canada (OPC) - https://www.priv.gc.ca, 1-800-282-1376
  • Provincial authorities: BC OIPC - https://www.oipc.bc.ca; AB OIPC - https://www.oipc.ab.ca; Quebec CAI - https://www.cai.gouv.qc.ca
  • EU/UK (if applicable): Contact your local Data Protection Authority - see EDPB list: https://edpb.europa.eu
  • Mexico (if applicable): INAI - https://www.inai.org.mx

Updates

OBSERVE

Policies evolve with law, technology, and business practices.

EXPAND

  • Notice: We will post updates on this page and, for material changes, provide notice via email, account alerts, or site banners at least 30 days in advance
  • Version control: Last updated: October 2025
  • Changelog (examples): clarified international transfer safeguards; expanded Quebec Law 25 disclosures; refined retention schedules
  • Your options: If you object to material changes, you may adjust preferences or close your account before the effective date

REFLECT

Continued use after the effective date indicates acceptance of the updated policy where permitted by law. We archive prior versions upon request.