burger icon
Colosseum Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how Colosseum Casino, operating at colosseum-ca.com for the Canadian market (including the Ontario-specific version), collects, uses, discloses, protects, and retains your personal information. It applies to all players and visitors who access or use our websites, mobile versions, and related online services associated with Colosseum Casino. By using our services, you acknowledge that you have read and understood this Privacy Policy. This version is effective as of 1 January 2026.

Who We Are

OBSERVE: Colosseum Casino is operated for Canadian players by two licensed entities under distinct regulatory frameworks. We must clearly identify each legal operator, address, registration and contact point to ensure transparency and regulatory compliance.

EXPAND: We differentiate between (i) Canadian players outside Ontario, and (ii) players located in Ontario, as they are served by different operator entities and regulators. We also designate a privacy contact person for all data protection questions.

REFLECT: The following entities are responsible for processing your personal information, depending on your location when accessing our services:

Operator for Canada (excluding Ontario)

  • Legal entity: Fresh Horizons Ltd
  • Jurisdiction of incorporation: British Virgin Islands
  • Registration number: 1906422
  • Regulator / gaming licence (Canada, ex-Ontario): Kahnawake Gaming Commission, Licence No. 00881, authorizing online casino operations for most Canadian players (excluding Ontario), active and recorded as valid into 2026.
  • Registered address: Not specified in public records; company registered in the British Virgin Islands.

Operator for Ontario

  • Legal entity: Apollo Entertainment Ltd
  • Jurisdiction of incorporation: Malta
  • Registration number: C45483
  • Registered legal address: Apollo Entertainment Ltd, Sir Temi Zammit Avenue, Ta' Xbiex, Malta
  • Regulators / gaming licences:
    • Alcohol and Gaming Commission of Ontario (AGCO) and iGaming Ontario (iGO): Licence No. OPIG1234567, covering online casino operations for players in Ontario.
    • Malta Gaming Authority: Licence No. MGA/B2C/164/2008 for international online gaming operations.
    • UK Gambling Commission: Account No. 38620 for remote casino operations for the UK market (relevant mainly to cross-border compliance and standards).

Group and Network Context

  • Colosseum Casino is part of the Casino Rewards network for operational purposes. Casino Rewards is not necessarily the direct legal parent but provides shared infrastructure, support and loyalty framework.
  • eCOGRA has issued a "Payout Percentage Report - Colosseum Casino" indicating an overall RTP of 95.84% and confirming RNG fairness (December 2023); such certification informs our security and integrity standards.

Data Protection Contact

  • Data Protection Department / Privacy Contact: Data Protection Officer (DPO), Colosseum Casino
  • Email (primary contact for all privacy matters): [email protected]
  • Postal contact for privacy correspondence (preferred): Data Protection Officer, Apollo Entertainment Ltd, Sir Temi Zammit Avenue, Ta' Xbiex, Malta

You may contact our Data Protection Department at any time for questions about this Privacy Policy, your rights, or our data practices.

What Personal Data We Collect

OBSERVE: To operate an online casino, we must collect identity, contact, technical, financial, and behavioural data, as well as cookies and similar identifiers, to satisfy legal, contractual, and security obligations.

EXPAND: Data categories are grouped to explain clearly what we collect, when, and for which high-level reasons (account creation, payments, fraud prevention, compliance, marketing, analytics).

REFLECT: We collect the following categories of personal information when you visit or use colosseum-ca.com or related services of Colosseum Casino:

Identification and Contact Data

  • Full name, date of birth, and gender (where provided)
  • Residential address and country/province of residence
  • Email address (including the one used for registration and for support interactions)
  • Telephone number and mobile number (if provided)
  • Government-issued identification details provided for KYC (e.g., ID number, passport number, driver's licence number, copies or scans where required by law)
  • Selfie or video verification data when we use biometric or liveness checks (where available and legally permissible)

Account and Usage Data

  • Username, player ID, password (stored using industry-standard hashing), account status and settings
  • Login and logout timestamps, session duration, and authentication logs
  • Game play data: games played, stakes, wins/losses, bonus use, bet history, return-to-player experience, tournament participation
  • Responsible gambling data: deposit limits, loss limits, time-outs, self-exclusion details, RG interactions and notes
  • Customer support communications (email content, live chat transcripts, complaint records)

Technical and Device Data

  • IP address and approximate geolocation derived from it
  • Device identifiers (such as browser fingerprints, operating system type and version, device model, language settings)
  • Log files, error reports, and diagnostic information
  • Information about the website or ad that referred you to colosseum-ca.com

Payment and Financial Data

  • Deposit and withdrawal records, including method, amount, currency, time and status
  • Partial payment instrument details (e.g., masked card number, expiry date) as permitted under PCI-DSS practices
  • Bank account or e-wallet identifiers where needed to process withdrawals
  • Transaction monitoring data for anti-money laundering (AML) and counter-terrorist financing (CTF) purposes

Behavioural and Marketing Data

  • Clickstream data: pages visited, buttons clicked, navigation paths, time spent on each page
  • Promotions viewed or interacted with, bonuses claimed, communications opened or ignored
  • Preferences (language, game favourites, notification choices)
  • Segmentation and profiling data used to tailor offers, subject to your consent where required

Cookies and Similar Technologies

  • Session cookies that maintain your login state and game sessions
  • Persistent cookies that remember preferences, device recognition, and consent choices
  • Analytics cookies (first-party and third-party) to measure traffic and performance
  • Advertising cookies and tracking pixels used for retargeting and campaign effectiveness (only where permitted and, where required, based on your consent)
  • Local storage and similar technologies used by our web and mobile interfaces

Legal Basis for Processing

OBSERVE: For Canadian players, key legal bases include consent, contract, legitimate interests, and compliance with statutory obligations (including KYC/AML, provincial regulations, and Kahnawake/AGCO requirements). EU-style principles (e.g., GDPR) are referenced as best practice and for EU/UK data interfaces.

EXPAND: Each major category of processing is mapped to a legal ground, ensuring that players understand why their data is handled and under which justification, including when refusal is possible.

REFLECT: We rely on the following legal bases, depending on the context of processing:

Performance of a Contract

  • To create, verify, and manage your player account.
  • To process deposits, bets, game participation, bonuses, promotions, and withdrawals.
  • To provide support services, including responding to your inquiries and resolving technical issues.
  • If you do not provide the required information, we may be unable to offer you our services.

Compliance with Legal and Regulatory Obligations

  • To verify your identity and eligibility to gamble (age and jurisdiction checks) under Kahnawake, AGCO/iGO, and other applicable rules.
  • To comply with AML/CTF laws, financial reporting requirements, and fraud monitoring obligations.
  • To meet record-keeping duties required by gaming regulators and other authorities.
  • To enforce self-exclusion, responsible gambling controls, and cooling-off periods mandated by law or licence conditions.

Legitimate Interests

  • To secure our systems, investigate suspected fraud or abuse, and protect the safety and integrity of our games.
  • To perform internal analytics and statistics to improve our services, products, and user experience.
  • To defend and exercise legal claims, manage disputes, and respond to regulators.
  • To personalise certain aspects of the service (e.g., recommended games), where this can be done without intrusive profiling.
  • When relying on legitimate interests, we balance these against your privacy rights and apply safeguards such as pseudonymisation where appropriate.

Consent

  • For sending electronic marketing communications (email, SMS, push notifications) where required by law.
  • For using non-essential cookies and similar technologies used for targeted advertising or advanced analytics.
  • For certain optional verification or research programmes that are not strictly necessary for providing the core gambling service.
  • You may withdraw your consent at any time, as described in the "Your Rights" section, without affecting the lawfulness of processing based on consent before its withdrawal.

Purpose of Processing

OBSERVE: Each data element is processed for defined and limited purposes, notably account operation, legal compliance, security, analytics, and marketing.

EXPAND: We present purposes in a structured way so that players can relate each main activity (e.g., playing games, receiving offers) to the underlying processing.

REFLECT: We process your personal information for the following purposes:

Provision and Operation of Casino Services

  • Creating and maintaining your player account and profile.
  • Verifying identity, age, and location to ensure eligibility to play.
  • Facilitating deposits, bets, gameplay, bonuses, loyalty rewards, and withdrawals.
  • Providing customer support and handling your requests or complaints.

Legal, Regulatory, and Responsible Gambling Obligations

  • Conducting KYC and ongoing due diligence checks.
  • Monitoring transactions for AML/CTF and reporting suspicious activities to competent authorities where required.
  • Implementing self-exclusion and responsible gambling tools, and keeping relevant records.
  • Meeting record-keeping and reporting duties imposed by Kahnawake Gaming Commission, AGCO/iGO, and other regulators.

Service Improvement and Analytics

  • Analysing site usage, performance, and technical logs to improve stability, speed, and usability.
  • Understanding player behaviour in aggregate (e.g., preferred games, peak times) to enhance our offering.
  • Testing new features and products, measuring response and effectiveness.

Marketing, Personalisation, and Promotions

  • Sending you promotional emails or messages about bonuses, tournaments, and offers, subject to your marketing preferences and applicable law.
  • Segmenting players into groups (e.g., frequent players, bonus-seekers) to tailor the relevance of communications.
  • Conducting surveys or feedback campaigns to better understand your expectations.

Fraud Prevention and Security

  • Detecting and preventing fraud, abuse of bonuses, money laundering and other prohibited behaviour.
  • Ensuring the integrity and fairness of games, including co-operation with independent testing labs such as eCOGRA.
  • Protecting our rights, property, staff, and players through monitoring, logging, and security controls.

Disclosure & Sharing

OBSERVE: We must share data with payment providers, IT suppliers, regulators, and affiliated entities, while limiting onward use and ensuring safeguards.

EXPAND: We describe categories of recipients and typical scenarios where data may be disclosed, clarifying that data is not sold for independent third-party use.

REFLECT: We may disclose your personal information to the following categories of recipients, strictly on a need-to-know basis:

Payment and Financial Service Providers

  • Banks, card schemes, e-wallets, prepaid voucher providers, and other payment processors that handle deposits and withdrawals.
  • These providers process your data as independent controllers or processors, subject to their own legal obligations.

Technical and Operational Service Providers

  • IT hosting providers, data centres, cloud infrastructure, and content delivery networks.
  • Customer support platforms, email and SMS delivery services.
  • Analytics and security vendors assisting with fraud detection, identity verification, and risk scoring.
  • Game providers and software vendors forming part of our platform or Casino Rewards network.

Regulators, Authorities, and Dispute Bodies

  • Kahnawake Gaming Commission, AGCO/iGO, Malta Gaming Authority, UK Gambling Commission, and similar regulators.
  • Financial intelligence units, law enforcement, courts, and other governmental bodies where required by law or regulation.
  • Alternative dispute resolution (ADR) bodies and ombuds services handling player complaints.

Affiliates and Marketing Partners

  • Affiliated companies within the Casino Rewards network involved in providing shared loyalty services or support.
  • Affiliate marketers and advertising networks that refer players to us, for attribution and commission purposes.
  • Advertising and retargeting providers, where cookies or similar technologies are used based on your consent and subject to applicable law.

Corporate Transactions

  • In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the relevant successor entity, subject to continued protection consistent with this Policy.

We do not sell your personal information to third parties for their independent marketing purposes. All third parties are bound by appropriate contractual and/or legal obligations to safeguard your data.

International Transfers

OBSERVE: Data may be stored or accessed in several jurisdictions (Canada, Malta, EU/EEA, UK, other countries) because of our multi-licence operations and global service providers.

EXPAND: We must describe how such transfers are legitimised and what safeguards we apply, especially when data moves outside of Canada, the EU/EEA, or the UK.

REFLECT: By using colosseum-ca.com, you acknowledge that your personal information may be transferred to and processed in the following jurisdictions:

Primary Processing Locations

  • Canada: For operations under Kahnawake and Ontario frameworks, certain systems and support resources may be located in Canada.
  • Malta and the European Union/EEA: Apollo Entertainment Ltd operates from Malta; some infrastructure, support and analytics functions are located within the EU/EEA.
  • United Kingdom: Due to the UKGC licence and shared infrastructure, some data may be processed in the UK under UK data protection standards.

Other Countries

  • Some service providers (e.g., cloud hosting, email systems, payment gateways) may process data in other countries, which may not have the same level of data protection as your home jurisdiction.

Safeguards for International Transfers

  • Where your information is transferred from the EU/EEA or UK to a country without an adequacy decision, we implement appropriate safeguards, such as:
    • Standard Contractual Clauses (SCCs) adopted by the European Commission or UK ICO;
    • Contractual and technical measures (encryption in transit and at rest, strict access controls, audit rights);
    • Data minimisation and pseudonymisation wherever feasible.
  • For Canadian privacy frameworks, we take reasonable steps to ensure that foreign service providers offer a level of protection comparable to that required under applicable Canadian data protection principles and gaming regulations.

Data Retention

OBSERVE: Gaming, AML, and regulatory rules require retention for defined minimum periods, while privacy principles require that we not keep data longer than necessary.

EXPAND: We specify typical retention periods per category, with criteria used to extend or shorten such periods, and explain how deletion or anonymisation occurs.

REFLECT: We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, and to comply with legal, regulatory, and reporting obligations:

General Retention Rules

  • Player account and KYC data: Typically retained for up to 5 - 7 years after your account is closed or your last transaction, depending on the strictest applicable legal or regulatory requirement (e.g., AML and gaming laws).
  • Transaction and betting history: Retained for at least 5 years from the date of the relevant activity, and longer where required for financial reporting, dispute resolution, or regulatory audits.
  • Responsible gambling and self-exclusion records: Retained for the duration of any imposed or voluntary self-exclusion period and for an additional period (normally 5 years) to comply with responsible gambling obligations.
  • Customer support and complaint records: Kept for the life of the account and for up to 5 years after closure or final resolution of the complaint, to evidence our handling and defend legal claims.
  • Marketing data: Retained for as long as you remain subscribed to marketing communications and for a short period thereafter (usually up to 2 years) to evidence consent and manage suppression lists.
  • Technical logs and security data: Retained for security, fraud detection, and troubleshooting typically for 1 - 3 years, unless a longer period is necessary due to an active investigation or legal requirement.

Deletion, Anonymisation, and Archiving

  • When data is no longer required, we will securely delete it or irreversibly anonymise it so that it can no longer be associated with you.
  • In some cases, data may be archived with restricted access when needed for legal or regulatory reasons (e.g., ongoing investigations, regulator requests).
  • Your right to erasure may be limited where we are required to retain certain information by law or regulation.

Your Rights

OBSERVE: Players must be able to access, correct, and in some circumstances delete or restrict their data, object to certain uses, and withdraw marketing consent. EU/GDPR-style and Canadian principles are used as benchmarks.

EXPAND: We describe each right, how to exercise it, applicable limitations, procedural steps, and response timeframes, emphasising that requests are generally free of charge.

REFLECT: Depending on your place of residence and applicable law, you may have some or all of the following rights regarding your personal information:

Right of Access

  • You may request confirmation of whether we process your personal data and obtain a copy of such data, along with information about how it is used, sources, categories and recipients.

Right to Rectification

  • You may request correction of inaccurate or incomplete personal information. In many cases you can update basic details directly via your account profile page.

Right to Erasure (Right to be Forgotten)

  • You may request deletion of your personal data where:
    • It is no longer necessary for the purposes for which it was collected; or
    • You have withdrawn consent (where processing relied on consent) and there is no other legal basis; or
    • You have successfully objected to processing; or
    • Erasure is required to comply with a legal obligation.
  • We may not be able to erase data that we are legally obliged to retain (e.g., AML, gaming, accounting, dispute resolution records); in such cases we will restrict use to the required purposes.

Right to Restrict Processing

  • You may request that we restrict the processing of your personal data where:
    • You contest the accuracy of the data (for a period enabling us to verify it);
    • Processing is unlawful and you oppose deletion; or
    • We no longer need the data but you require it for legal claims; or
    • You have objected to processing and we are verifying overriding legitimate grounds.

Right to Object

  • You may object at any time to:
    • Processing based on our legitimate interests, on grounds relating to your particular situation; and
    • Processing for direct marketing purposes (including profiling related to such marketing).
  • Where you object to direct marketing, we will stop such activities without undue delay.

Right to Data Portability

  • Where technically feasible and legally required, you may request that we provide you with your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or transmit it to another controller.

Right to Withdraw Consent

  • Where processing is based on your consent (for example, marketing emails or certain cookies), you may withdraw that consent at any time, without affecting prior lawful processing.
  • You can typically withdraw marketing consent via:
    • Unsubscribe links in emails;
    • Your account settings; or
    • By contacting us at [email protected].

Procedures, Timeframes, and Cost

  • How to submit a request: You may exercise your rights by contacting our Data Protection Department at [email protected] and clearly indicating your identity and the nature of your request.
  • Verification: For security reasons, we may request additional information to verify your identity before processing your request.
  • Response time: We aim to respond to all valid requests within 30 days of receipt. If your request is particularly complex or numerous, we may extend this period by a reasonable further period; in that case, we will inform you of the extension and reasons.
  • Fees: Requests are typically handled free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, in line with applicable law.

Note: References to GDPR-style rights are provided as a standard of transparency and do not necessarily mean that GDPR or Mexican data protection laws apply directly to all players. Where local laws provide different or additional rights, we will comply with those as applicable.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for secure sessions and functionality but also used for analytics and marketing.

EXPAND: We categorise cookies by type and purpose and explain control mechanisms at both browser and account level.

REFLECT: When you visit colosseum-ca.com, we use cookies and similar technologies as described below:

Types of Cookies We Use

  • Strictly Necessary / Functional (Session) Cookies:
    • Maintain your login session and keep you authenticated while you navigate the site.
    • Enable core features such as placing bets, accessing your account, and processing payments.
    • Without these cookies, our site may not function properly.
  • Persistent Preference Cookies:
    • Store your language, display settings, and other preferences.
    • Help us recognise your device when you return, so you do not have to re-enter settings.
  • Analytics and Performance Cookies:
    • Collect aggregated information about how visitors use the site (e.g., most visited pages, error messages).
    • Help us understand and improve the performance and usability of colosseum-ca.com.
    • May be provided by trusted third parties (e.g., web analytics providers).
  • Advertising and Targeting Cookies:
    • Used to deliver more relevant adverts to you on our site or on third-party websites.
    • Allow us and our advertising partners to measure campaign effectiveness and avoid showing the same advert repeatedly.
    • Set only where permitted and, where required by law, based on your consent.

Managing Cookies

  • You can manage or disable cookies through your browser settings, usually located under "Privacy" or "Security". Instructions are available from your browser provider.
  • Blocking strictly necessary cookies may affect the functionality and security of colosseum-ca.com and may prevent you from logging in or playing.
  • Where we offer an internal cookie or privacy preference panel, you can adjust your preferences for non-essential cookies at any time.
  • You can also opt out of some third-party advertising cookies via industry platforms where available (such as Digital Advertising Alliance tools), subject to their availability in your jurisdiction.

Data Security

OBSERVE: Protecting player data is critical for legal compliance and trust. We must implement layered technical and organisational measures.

EXPAND: We describe our main security controls and reference relevant standards (e.g., ISO 27001, SOC 2) as benchmarks, while noting that no system is completely risk-free.

REFLECT: We take appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, including:

Technical Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected by TLS 1.2 or higher.
  • Encryption at rest: Sensitive data is stored using strong encryption algorithms and protected in secure environments.
  • Access controls: Access to personal data is strictly limited to authorised personnel on a need-to-know basis and controlled through authentication and authorisation mechanisms.
  • Multi-factor authentication (MFA): MFA is used for critical administrative systems and may be offered for player accounts where available.
  • Network and system security: Firewalls, intrusion detection/prevention systems, and regular vulnerability scanning and patching.

Organisational Measures

  • Policies and training: Internal data protection and information security policies are in place, and staff receive regular training on privacy, security, and responsible data handling.
  • Vendor due diligence: Third-party service providers are vetted and bound by data protection and confidentiality obligations.
  • Regular audits: We perform periodic internal reviews and work with external auditors and regulators; our operations are aligned with recognised standards such as ISO 27001-style controls and, where relevant, SOC 2-type practices.
  • Incident response: We maintain incident detection, escalation, and response procedures. In the event of a data breach that presents a significant risk to your rights, we will notify you and relevant authorities in accordance with applicable law.

While we apply robust safeguards, no online service can be guaranteed as fully secure. You are responsible for keeping your login credentials confidential and using unique, strong passwords.

Complaints & Contacts

OBSERVE: Players need clear channels for raising privacy concerns, and regulators expect accessible complaint mechanisms.

EXPAND: We provide step-by-step internal complaint procedures and escalation to supervisory authorities where applicable.

REFLECT: If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, you may contact us as follows:

Contacting Us

  • Email (primary channel): [email protected] (please include "Privacy" in the subject line).
  • Postal address (privacy correspondence): Data Protection Officer, Apollo Entertainment Ltd, Sir Temi Zammit Avenue, Ta' Xbiex, Malta.

Internal Complaint Procedure

  1. Submission: Send your complaint or request by email or post, describing the issue and providing relevant details (e.g., account ID, dates, communication references).
  2. Acknowledgment: We will acknowledge receipt of your complaint within 5 business days where feasible.
  3. Investigation: Our Data Protection Department will review your complaint, possibly seeking additional information from you, relevant staff, or service providers.
  4. Response: We will provide a reasoned response and, where appropriate, propose corrective measures within 30 days of receiving a complete complaint. If more time is required due to complexity, we will inform you of the extension and reasons.

Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that your privacy rights have been violated, you may have the right to lodge a complaint with a competent supervisory authority, such as:

  • In Canada (federal): Office of the Privacy Commissioner of Canada (OPC)
  • In Ontario: Information and Privacy Commissioner of Ontario (IPC)
    • Website: https://www.ipc.on.ca
  • In the EU/EEA or UK (where applicable): Your local data protection authority or the authority where Apollo Entertainment Ltd is based (e.g., the Office of the Information and Data Protection Commissioner in Malta, or the UK Information Commissioner's Office in the UK).

You are encouraged to contact us first so that we can attempt to resolve your concerns directly.

Updates

OBSERVE: Privacy laws and our operations evolve; we must update this Policy and inform players appropriately.

EXPAND: We describe how changes are communicated, version control, and players' options in case of material modifications.

REFLECT: We may revise this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, our services, or data processing practices.

Notification of Changes

  • We will post the updated Privacy Policy on colosseum-ca.com with a new "Last updated" date.
  • For material changes that significantly affect your rights or how we use your data, we will provide additional prominent notice, which may include:
    • Email notifications to the address associated with your account;
    • Website banners or pop-up notices;
    • Notifications within your account dashboard.

Advance Notice and Your Options

  • Where required by law or where we make material changes, we will provide at least 30 days' advance notice before the new terms take effect, except where immediate changes are required by law or regulator direction.
  • If you do not agree with the updated Privacy Policy, you may choose to:
    • Stop using our services; and
    • Request account closure and, where applicable, exercise your data protection rights as set out above.
  • Continuing to use colosseum-ca.com after the effective date of a revised Policy will constitute your acknowledgment of the changes, to the extent permitted by law.

Last updated: January 2026