burger icon
Fortune Coins Сasino
Log In

Privacy Policy

This Privacy Policy explains how fortune-coins at https://fortune-coins-ca.com collects, uses, discloses, and protects personal information. It applies to players, account holders, and website/app visitors in Canada and, where applicable, other regions from which our services are accessed. Effective date: 1 January 2025. OBSERVE: users need clarity on data practices. EXPAND: policy covers gaming operations and site interactions. REFLECT: transparency enables informed choices and legal compliance.

Who We Are

OBSERVE: Identify the operator and contact points. EXPAND: Note affiliated entities supporting operations. REFLECT: Provide clear communication channels.

  • Operator: Blazesoft Ltd., trading as "fortune-coins" for Canada at fortune-coins-ca.com.
  • Registered/Legal Address: Vaughan, Ontario, Canada (full civic address available upon request for verified legal/privacy inquiries).
  • Affiliates/Subsidiaries involved in operations: Social Gaming LTD (Dartmouth, Nova Scotia, Canada); Social Gaming LLC (Wilmington, Delaware, United States).
  • Registration details: Not specified here; we will provide applicable corporate registration or business numbers upon verified request.
  • Data Protection Office (DPO)/Privacy Office contact: Please reach our Privacy Office via the website contact channels at https://fortune-coins-ca.com. Postal: "Attn: Data Protection Office, Blazesoft Ltd., Vaughan, Ontario, Canada." We currently do not publish a general phone number; written requests are accepted via the website or postal address.

What Personal Data We Collect

OBSERVE: We collect only what we need for gaming and site operation. EXPAND: Categories support security, payments, and service quality. REFLECT: We minimize collection and apply safeguards.

  • Identity and contact data: name, display name, date of birth (where required for eligibility), email address, phone number, country/province, mailing address (if needed for verification or prize fulfillment).
  • Account and usage data: account credentials, account settings, communications with support, preferences, responsible play settings.
  • Technical data: IP address, device identifiers, device type, OS, browser, language, time zone, referral URLs, session timestamps, log files, crash/diagnostic logs.
  • Payment and transactional data: limited billing/payment details processed via payment partners, purchase history of virtual items/coins, refund records. We do not store full card details; processors handle sensitive payment credentials.
  • Behavioral/interaction data: gameplay events, virtual coin balances and redemptions (if applicable), clickstream, feature engagement, marketing interactions, anti-fraud signals.
  • Cookies and similar technologies: cookies, SDKs, pixels, local storage, device identifiers used for functionality, analytics, and-where consented-advertising/retargeting.

Legal Basis for Processing

OBSERVE: Processing must have a lawful basis. EXPAND: Bases vary by jurisdiction (PIPEDA/GDPR and other laws). REFLECT: We apply the strictest applicable standard to your context.

  • Consent (PIPEDA; CASL for marketing; GDPR Art. 6(1)(a) where applicable): e.g., marketing emails/SMS, non-essential cookies/advertising, optional surveys. You may withdraw consent at any time.
  • Contractual necessity (GDPR Art. 6(1)(b) where applicable): to create/manage your account, provide gameplay, process purchases/redemptions, deliver customer support.
  • Legitimate interests (GDPR Art. 6(1)(f) where applicable): to secure our services, prevent fraud/abuse, perform analytics to improve features, enforce terms, ensure network integrity-balanced against your rights and expectations.
  • Legal obligations: compliance with recordkeeping, tax/accounting rules, responding to lawful requests from regulators/law enforcement, know-your-customer/anti-fraud checks where applicable.
  • Canadian privacy principles (PIPEDA/provincial laws): limiting collection to appropriate purposes, identifying purposes, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access and challenge.

Purpose of Processing

OBSERVE: Users need purpose clarity. EXPAND: We map data types to outcomes. REFLECT: Purposes are specific, explicit, and legitimate.

  • Service delivery: account creation, eligibility checks, gameplay, virtual item management, customer support.
  • Service improvement and analytics: usage insights, performance monitoring, A/B testing, feature optimization.
  • Security and fraud prevention: authentication, monitoring suspicious activity, enforcing platform integrity.
  • Payments and operations: purchase processing, refunds, receipts, accounting and reconciliation.
  • Marketing and personalization: newsletters, offers, promotions, in-product messaging-only where permitted by law and your preferences.
  • Legal and compliance: responding to lawful requests, audits, dispute management, recordkeeping.

Disclosure & Sharing

OBSERVE: Disclosures occur to run and protect the service. EXPAND: We use vetted vendors under contract. REFLECT: We never sell personal information.

  • Service providers (processors): hosting/cloud, content delivery, security/anti-fraud, analytics, customer support tools, email/SMS delivery, and payment processors. They act under written agreements and process data only on our instructions.
  • Payments and financial partners: to process purchases/refunds and prevent fraud.
  • Affiliates: Blazesoft Ltd., Social Gaming LTD (NS, Canada), Social Gaming LLC (DE, USA) for intra-group operations under appropriate intra-group data transfer arrangements.
  • Regulators and authorities: if required by law, subpoena, court order, or to protect rights, safety, and integrity.
  • Advertising/marketing partners: only with your consent for advertising cookies/identifiers and subject to your preferences.
  • Business transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to continued protections and notice where required.
  • Aggregated/de-identified data: may be shared for research or insights; it cannot reasonably identify you.

International Transfers

OBSERVE: Cross-border processing occurs. EXPAND: We use safeguards recognized by law. REFLECT: We assess transfer risks and protect data accordingly.

  • Where we transfer: Canada and the United States (including to Social Gaming LLC in Delaware), and other locations of our vetted providers.
  • Safeguards: for transfers from the EEA/UK (if applicable), we use European Commission/UK ICO Standard Contractual Clauses and conduct transfer impact assessments; we apply contractual, technical, and organizational measures (encryption, access controls, minimization).
  • Canada adequacy: Canada's private-sector framework is recognized by the EU for adequacy for commercial organizations; we still implement additional safeguards when needed.
  • Transparency: details on specific transfer mechanisms are available upon request.

Data Retention

OBSERVE: Retention aligns with purpose and law. EXPAND: We set category-based schedules. REFLECT: We securely delete or anonymize when no longer needed.

  • Account/profile data: for your active account and up to 5 years after closure, to address disputes, fraud prevention, and legal obligations.
  • Transactional/payment records: 5-7 years to meet accounting, tax, and anti-fraud requirements.
  • Technical logs and device data: 12-24 months for security, diagnostics, and abuse prevention.
  • Marketing data: until you withdraw consent/unsubscribe or after 24 months of inactivity, whichever occurs first, unless longer retention is required by law.
  • Cookies: session cookies expire at session end; persistent cookies typically last 3-24 months (see cookie settings for specifics).
  • Deletion criteria: fulfillment of purpose, withdrawal of consent with no other legal basis, successful objection, or legal retention expiry. Backups are cyclically purged per secure schedules.

Your Rights

OBSERVE: Individuals have rights over their data. EXPAND: Rights vary by jurisdiction (Canada, GDPR, Mexico). REFLECT: We honor the highest applicable standard to you.

  • Access and portability: request a copy of your personal data and, where required (e.g., GDPR), a portable format.
  • Rectification: correct inaccurate or incomplete data.
  • Deletion/erasure ("cancellation" under Mexico's LFPDPPP): request deletion where permitted; we retain data only as legally required.
  • Restriction/objection: restrict or object to processing based on legitimate interests or for direct marketing; we will honor valid objections.
  • Withdraw consent: at any time for processing based on consent (e.g., marketing, non-essential cookies).
  • Marketing opt-out (CASL): unsubscribe using in-message links or by updating preferences.
  • Automated decisions: where applicable, request human review of decisions that significantly affect you.
  • Mexico (LFPDPPP ARCO rights): Access, Rectification, Cancellation, and Opposition requests are supported; we will provide required notices and outcomes consistent with LFPDPPP.

How to exercise: submit a request via https://fortune-coins-ca.com or by postal mail to "Attn: Data Protection Office, Blazesoft Ltd., Vaughan, Ontario, Canada." We may request verification to protect your account. We aim to respond within 30 days. Requests are free of charge unless repetitive, manifestly unfounded, or excessive; in those cases, we may charge a reasonable fee or decline with justification.

Cookies & Tracking Technologies

OBSERVE: Cookies support functionality and insights. EXPAND: Some are optional and require consent. REFLECT: Provide user controls and transparency.

  • Types:
    • Session cookies: deleted when you close the browser.
    • Persistent cookies: remain for a defined period (e.g., 3-24 months).
    • Third-party cookies/SDKs: set by our providers for analytics, messaging, or-if consented-advertising.
  • Purposes:
    • Functional/strictly necessary: authentication, load balancing, security, preferences.
    • Analytics/performance: usage metrics, diagnostics, A/B testing.
    • Advertising/personalization: audience measurement, retargeting (enabled only with consent where required).
  • Controls: use our cookie banner/settings (where available) and your browser/device controls to block or delete cookies. Disabling some cookies may affect functionality. We honor legally recognized opt-out signals where feasible and required.

Data Security

OBSERVE: Gaming platforms face heightened security risks. EXPAND: We apply layered controls. REFLECT: Security is continuous and risk-based.

  • Encryption: TLS 1.2+ for data in transit; strong encryption for sensitive data at rest.
  • Access controls: least-privilege, role-based access, multi-factor authentication for administrative accounts, credential hashing and rotation.
  • Monitoring and testing: logging, alerting, vulnerability management, periodic penetration testing and security assessments.
  • Vendor risk management: data processing agreements, security reviews, and ongoing oversight of service providers.
  • Governance and training: security and privacy awareness training, documented policies and procedures, background checks where appropriate.
  • Incident response: defined response plans, root-cause analysis, remediation tracking, and breach notifications to users and regulators as required by applicable laws (e.g., PIPEDA, Quebec Law 25).
  • Standards alignment: controls aligned with recognized frameworks (e.g., ISO/IEC 27001, SOC 2) as appropriate to our risk profile. We do not imply certification unless expressly stated.

Complaints & Contacts

OBSERVE: Users require clear redress paths. EXPAND: Provide internal and external escalation. REFLECT: We commit to fair, timely handling.

  1. Contact our DPO/Privacy Office: submit your inquiry or complaint via https://fortune-coins-ca.com or by postal mail to "Attn: Data Protection Office, Blazesoft Ltd., Vaughan, Ontario, Canada." Include your contact details, account ID (if any), and a description of the issue.
  2. Acknowledgment and response: we will acknowledge within 10 business days and aim to resolve within 30 days. Complex matters may require more time; we will inform you of delays and reasons.
  3. Escalation (Canada): if unresolved, you may contact the Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/en/contact-the-opc/
  4. Escalation (Mexico, where applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): https://www.inai.org.mx/
  5. Escalation (EEA/UK, where applicable): contact your local supervisory authority; a list is available via the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

We will cooperate with competent authorities and follow their guidance.

Updates

OBSERVE: Policies evolve with services and laws. EXPAND: Users need timely notice. REFLECT: Versioning ensures transparency.

  • Notice methods: email (where available), in-account notifications, website banners, and/or updates on this page.
  • Advance notice: for material changes (e.g., new categories of data, new purposes, new sharing practices), we provide at least 30 days' advance notice where legally required, so you may review, object where applicable, or close your account.
  • Effective date and versioning: Last updated: October 2025. We maintain change logs of material updates upon request.
  • Your choices: continued use after the effective date indicates acceptance. If you do not agree, you may adjust preferences, withdraw consent for optional processing, or close your account before the change takes effect.

Changelog (material highlights): clarified international transfer safeguards; expanded rights section for GDPR and Mexico (LFPDPPP) alignment; added retention ranges and incident response details.

Regional Compliance Note: This policy is designed for Canada (including PIPEDA and substantially similar provincial laws such as Alberta PIPA, BC PIPA, and Quebec Law 25) and incorporates, where relevant to your location, GDPR concepts and Mexico's LFPDPPP. If a conflict arises between this policy and mandatory local law, the latter prevails to the extent of the conflict.