burger icon
Blaze Сasino
Log In

Privacy Policy

This Privacy Policy explains how blaze at blaze-ca.com collects, uses, discloses, transfers, and protects personal information of players and website visitors in Canada. It applies to all interactions with our website, products, and customer support. Effective date: 1 October 2025.

Who We Are

Observe: Identify the accountable organization and contacts. Expand: Include corporate and licensing details. Reflect: Provide clear user-facing contact paths.

  • Operator: Prolific Trade N.V., registration no. 150731, legal address: Groot Kwartierweg 10, Curaçao.
  • Gaming authorization: Master License 365/JAZ (Government of Curaçao) and sub-license GLH-OCCHKTW0709172018.
  • Payment processing partner: Horangi Trading Limited, registration no. HE 411494, address: Chytron 30, 2nd floor, Flat/Office A22, 1075 Nicosia, Cyprus.
  • Website: https://blaze-ca.com
  • Data Protection contact: Data Protection Department, email: [email protected]

What Personal Data We Collect

Observe: Specify categories collected. Expand: Include technical, behavioral, and cookies. Reflect: Map to service delivery and compliance needs.

  • Identity and contact: name, date of birth, nationality, address, email, phone, government IDs for KYC/AML (where required).
  • Account and usage: username, preferences, communication history, support tickets.
  • Technical: IP address, device and browser data, OS, language, time zone, referral URL, session identifiers, log files, crash reports.
  • Payment and verification: card/bank details (tokenized), wallet identifiers, transaction records, chargeback data, proofs of address/funds.
  • Behavioral and gaming: game sessions, betting history, wins/losses, responsible gambling settings, clicks and navigation events.
  • Cookies and similar tech: session and persistent cookies, SDKs, pixels, tags, and local storage for functionality, analytics, and advertising.

Legal Basis for Processing

Observe: Differentiate Canadian and other regimes. Expand: Include consent, contract, legitimate interests, legal duties. Reflect: Clarify how bases apply.

  • Canada (PIPEDA/Provincial PIPA/Quebec Law 25): We rely on your consent (express or implied) for identified purposes that a reasonable person would consider appropriate. Certain uses are required to meet legal, security, and fraud-prevention obligations.
  • Contract necessity (EU/EEA/UK users): To create and administer your account, process payments, provide games, and pay out winnings.
  • Legitimate interests (EU/EEA/UK): To secure our services, prevent fraud/abuse, ensure network and information security, and perform service analytics-balancing these interests with your rights.
  • Legal obligations: KYC/AML screening, record-keeping, sanctions screening, tax and accounting, and responses to lawful requests from regulators or authorities.
  • Consent (all regions): For optional activities such as marketing emails/SMS, certain analytics/advertising cookies, and additional verification where not strictly required by law.

Purpose of Processing

Observe: Link purposes to services. Expand: Include optimization and risk controls. Reflect: State marketing and analytics with choices.

  • Service delivery: account creation, age/identity verification, enabling gameplay, processing deposits/withdrawals, providing support.
  • Safety and integrity: fraud detection, chargeback prevention, AML/KYC checks, security monitoring, enforcing terms.
  • Improvement and analytics: service diagnostics, performance and usage analytics, product development.
  • Marketing and personalization: sending offers and service updates (with your consent where required), tailoring content and recommendations.
  • Compliance: meeting regulatory, taxation, reporting, and dispute-handling requirements.

Disclosure & Sharing

Observe: Identify categories of recipients. Expand: Include payment, hosting, analytics, regulators. Reflect: Limit to need-to-know with safeguards.

  • Payments and banking: processors, acquiring banks, and anti-fraud providers (including Horangi Trading Limited, Cyprus) to process transactions and manage risk.
  • Service providers: hosting/CDN, KYC/AML and sanctions screening, communications, analytics, customer support tooling, and security vendors-bound by confidentiality and data protection terms.
  • Corporate affiliates: entities within Prolific Trade N.V.'s group for centralized operations, compliance, and reporting.
  • Regulators and authorities: competent authorities in Curaçao, and where applicable in Canada and other relevant jurisdictions, pursuant to law or licensing requirements.
  • Advertising and partners: ad networks and affiliate partners only with your consent where required (e.g., cookies, email marketing preferences).
  • Business transfers: in mergers, acquisitions, or asset sales, subject to continuity of protections and notice where required.

International Transfers

Observe: Transfers from Canada and globally. Expand: Name typical destinations. Reflect: Describe safeguards and assessments.

  • Locations: Your data may be processed in Curaçao, Cyprus, Canada, the EU/EEA, the UK, the United States, and Brazil to support global operations.
  • Safeguards: contractual protections and "comparable level of protection" per PIPEDA; Data Processing Agreements; EU Standard Contractual Clauses and UK IDTA (for EEA/UK data); transfer risk assessments; encryption in transit and at rest.
  • Quebec Law 25: prior assessment of privacy risks for disclosures outside Quebec and implementation of appropriate contractual and organizational measures.
  • US recipients: where vendors are EU-U.S. Data Privacy Framework self-certified, we may rely on that status for EEA personal data, alongside SCCs as appropriate.

Data Retention

Observe: Retain only as needed. Expand: Category-based periods. Reflect: Deletion/Anonymization triggers.

  • Account and identity data: retained for your account lifetime and up to 5 years after closure to meet AML, fraud, and audit obligations (or longer if legally required).
  • KYC/AML records: typically 5 years from last transaction or account closure, subject to applicable laws.
  • Transaction and payments: 7 years for accounting/tax compliance and chargeback handling.
  • Gaming and behavioral logs: 2 years for dispute resolution, security, and compliance analytics.
  • Support communications: 2 years after case closure.
  • Technical logs: 12-24 months for security and diagnostics.
  • Cookies: session cookies expire on browser close; persistent cookies typically 3-24 months (see Cookies section).
  • Deletion criteria: expiry of the period above, withdrawal of consent where applicable, successful objection, or fulfillment of processing purpose-unless retention is required by law.

Your Rights

Observe: Consolidate rights across regimes. Expand: Add procedures and timelines. Reflect: Clarify limitations for AML/legal holds.

  • Access and portability: obtain a copy of your data; portability where applicable (GDPR, Quebec Law 25). Mexico: Access under ARCO.
  • Rectification: correct inaccurate or incomplete data (GDPR/ARCO).
  • Deletion/Cancellation: request deletion (GDPR erasure; Mexico ARCO "Cancellation"), subject to legal retention (e.g., AML).
  • Restriction and objection: restrict certain processing or object to processing, including direct marketing; opt out of marketing at any time.
  • Consent withdrawal: withdraw consent without affecting prior lawful processing.

How to exercise: email [email protected] from your registered address with: (a) request type, (b) scope and date range, (c) proof of identity if requested. We respond within 30 days and may extend once by up to 30 days where permitted. Requests are free of charge unless manifestly unfounded or excessive. We will explain any denial or limitation (e.g., legal retention, security, third-party privacy).

Cookies & Tracking Technologies

Observe: Identify cookie types. Expand: Map to purposes. Reflect: Provide control options.

  • Session cookies: essential for login, bet placement, and session continuity; expire on browser close.
  • Persistent cookies: remember preferences, performance settings, and consent; typical lifetime 3-24 months.
  • Third-party cookies/SDKs: analytics, fraud prevention, and advertising (with consent where required).
  • Functional: required to deliver the service; cannot be disabled via our interface.
  • Analytics: measure usage and improve performance; configurable via cookie banner or browser settings.
  • Advertising: personalize offers and measure campaigns; disabled by default where required until you consent.

Manage cookies: use our on-site cookie banner/controls and your browser settings to block, delete, or limit cookies. Disabling functional cookies may impair site functionality.

Data Security

Observe: Address confidentiality, integrity, availability. Expand: Technical, organizational, and vendor controls. Reflect: Incident readiness and training.

  • Encryption: TLS 1.2+ for data in transit; AES-256 or equivalent for data at rest.
  • Access controls: least-privilege, role-based access, MFA for privileged accounts, secure key management.
  • Monitoring and testing: logging, anomaly detection, regular vulnerability scanning and periodic penetration testing.
  • Governance: security policies, vendor risk management, background checks where appropriate, and confidentiality obligations.
  • Training: periodic staff security and privacy training, phishing simulations, and role-specific guidance.
  • Incident response: documented playbooks, containment and remediation procedures, user and regulator notifications where required by law.
  • Standards: controls aligned with ISO/IEC 27001 and SOC 2 principles where applicable; certified vendors may be required to evidence compliance.

Complaints & Contacts

Observe: Provide clear channels. Expand: Outline steps and escalation. Reflect: Include Canadian, Mexican, and EU options where applicable.

  • Primary contact (privacy requests/complaints): Data Protection Department, [email protected]
  • Postal correspondence: Prolific Trade N.V., Groot Kwartierweg 10, Curaçao. For payment matters, Horangi Trading Limited, Chytron 30, 2nd floor, Flat/Office A22, 1075 Nicosia, Cyprus.

Complaint procedure

  1. Submit: email your concern and relevant details to [email protected].
  2. Acknowledge: we confirm receipt within 5 business days.
  3. Investigate: we provide a substantive response within 30 days, or explain any permissible extension.
  4. Escalate (if unresolved):
    • Canada (federal): Office of the Privacy Commissioner of Canada (OPC).
    • Quebec: Commission d'accès à l'information (CAI); BC: Office of the Information and Privacy Commissioner; Alberta: Office of the Information and Privacy Commissioner.
    • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI) for ARCO matters.
    • EU/EEA (if applicable): your local supervisory authority under GDPR.

Updates

Observe: Policies evolve with services and law. Expand: Notify and track changes. Reflect: Provide user choices and timelines.

  • Notification methods: email, in-account alerts, and/or site banners on blaze-ca.com.
  • Advance notice: material changes will be announced at least 30 days before taking effect. Non-material updates may take effect upon posting.
  • User options: you may object to material changes that reduce your rights or close your account and request data deletion (subject to legal retention) before the effective date.
  • Version control: Last updated: October 2025. We maintain a changelog of material updates, including changes to data categories, purposes, sharing, or user rights processes.

If you continue using blaze-ca.com after changes take effect, you acknowledge the updated Privacy Policy.