Last updated: 10 May 2026
This Privacy Policy explains how Elements Gaming Canada Ltd. ("Elements Casino", "we", "us", "our") collects, uses, stores, shares, and safeguards your personal information when you register for an account, deposit funds, place bets, or otherwise use our website, mobile site, and apps. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws across Canada, including Quebec's Act respecting the protection of personal information in the private sector (Law 25 / Loi 25), Alberta's Personal Information Protection Act (PIPA AB), and British Columbia's Personal Information Protection Act (PIPA BC).
This Policy applies to personal information we process about Canada-resident players who interact with Elements Casino through our website, mobile applications, and customer support channels. By creating an account or using our services, you accept the practices described here. This Policy should be read alongside our Terms and Conditions and Cookies Policy, which together set out the rules for using the platform and the way we use cookies and similar technologies.
The legal entity responsible for your personal information is Elements Gaming Canada Ltd., with registered office at 100 King Street West, Suite 5700, Toronto, Ontario M5X 1C7, Canada. We are licensed by the Alcohol and Gaming Commission of Ontario (AGCO), operating pursuant to an agreement with iGaming Ontario (iGO) under licence reference iGO-OP-0421. Our Data Protection Officer (DPO) can be reached at [email protected] for any privacy-related questions, requests, or complaints.
We collect only the personal information needed to register your account, comply with our regulatory obligations, run the platform, and improve the service. The categories below describe what we typically hold; the exact data points depend on how you use Elements.
Information that confirms who you are, used for KYC and ongoing fraud prevention:
We do not collect your Social Insurance Number (SIN) unless we are required to by law — for example, where specific tax-reporting rules apply to a withdrawal.
Email address, mobile or landline phone number, postal address, and your preferred language for service communications.
Records that let us move money in and out of your account safely:
Information that describes how you use the platform: bets and stakes, game preferences, session length, in-play statistics, and the responsible-gaming tools you have enabled. We use this data to deliver the games, settle bets, and look for early signs of gambling-related harm.
Data captured automatically by our systems: IP address, device identifier, browser, operating system, screen size, and approximate (province-level) geolocation. We use this to keep accounts secure, comply with regional licensing rules, and troubleshoot the platform. See our Cookies Policy for the technologies involved.
Your opt-in or opt-out status for marketing communications, the channels you have agreed to (email, SMS, push), and whether you have engaged with previous campaigns.
Personal information reaches us through three main routes:
Under Canadian privacy law we rely on consent as the default basis for processing personal information, with limited exceptions where the law allows us to process without consent. The table below maps the main activities to the basis that applies.
| Activity | Legal basis |
|---|---|
| Account creation, login, gameplay, deposits and withdrawals | Performance of the contract you enter into when you accept our Terms |
| Identity verification (KYC) and anti-money-laundering checks | Compliance with legal obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and licensing rules |
| Fraud prevention, dispute resolution, and platform integrity | Legitimate interest in operating a safe service |
| Marketing communications | Express or implied consent under the Canadian Anti-Spam Legislation (CASL) |
| Regulatory reporting (e.g. to the Financial Transactions and Reports Analysis Centre of Canada — FINTRAC) | Compliance with legal obligations |
| Service improvement and analytics | Legitimate interest, with privacy-protective configuration where possible |
Quebec residents have additional rights under Law 25, including the right to be informed before automated decisions are made and a stricter requirement of express consent for certain types of processing.
We use personal information for the following purposes, grouped by purpose category:
Your personal information is hosted primarily in Canada (primary: Toronto, Ontario; secondary: Montreal, Quebec). Some of our service providers operate in other jurisdictions, which means that personal information may be processed outside Canada. Where that happens, we put appropriate safeguards in place, including written contractual terms requiring providers to maintain protection comparable to PIPEDA, encryption in transit and at rest, and assessments of the receiving country's privacy regime.
We keep personal information for as long as we need it for the purposes described in this Policy and to satisfy our legal duties. After that, we delete or anonymise it. The table below summarises the standard periods; specific records may be kept longer where law requires it or shorter where the data is no longer needed.
| Data type | Retention period | Reason |
|---|---|---|
| Account, KYC, and AML records | At least 5 years after account closure | PCMLTFA record-keeping requirement |
| Transaction and gameplay records | At least 5 years after the transaction | Regulatory audit and dispute resolution |
| Customer support correspondence | 2 years from closure of the ticket | Quality assurance and dispute defence |
| Marketing preference data | Until consent is withdrawn, plus a short suppression period | Honouring opt-out under CASL |
| Web analytics (aggregated, pseudonymised) | Up to 26 months | Platform improvement |
| Self-exclusion records | Duration of exclusion plus 5 years | Enforcing self-exclusion and audit |
| Server and security logs | 12 months | Security incident investigation |
Protecting personal information requires a layered approach. Our security programme is built around recognised standards and is reviewed regularly by independent assessors.
No system is completely free of risk. We implement reasonable safeguards proportionate to the sensitivity of the data, and we will notify affected individuals and the relevant authorities of any breach that creates a real risk of significant harm, in line with PIPEDA and provincial breach-notification rules.
PIPEDA is built on ten fair information principles. Each one shapes how we handle your data, and several translate directly into rights you can exercise.
If you live in Quebec, you have additional rights under the Act respecting the protection of personal information in the private sector:
Quebec residents may complain to the Commission d'accès à l'information du Québec (CAI) at cai.gouv.qc.ca.
Residents of British Columbia and Alberta benefit from the provincial Personal Information Protection Acts (PIPA BC and PIPA AB). The rights under provincial PIPA largely mirror PIPEDA, including the right to access and correct personal information. Provincial commissioners can be reached through their official websites.
To make a privacy request, email our DPO at [email protected]. Please include enough detail for us to identify you and understand what you are asking for. We respond to most requests within 30 days, in line with PIPEDA practice.
Elements Casino is not intended for anyone under the legal gambling age in their province (19 in most provinces and territories; 18 in Alberta, Manitoba, and Quebec). We do not knowingly collect personal information from minors. If we discover that a minor has registered, we close the account, return stakes, forfeit any winnings, and delete personal information except to the extent that the law requires us to retain it.
We may update this Policy to reflect changes in our practices, in technology, or in the law. The version date at the top of the page shows when it was last revised. Where a change is material, we will let you know by email or through an in-account banner before it takes effect.
If you have a privacy question or want to make a complaint, email our DPO at [email protected] or write to us at 100 King Street West, Suite 5700, Toronto, Ontario M5X 1C7, Canada. We take complaints seriously and aim to resolve them quickly. If you are not satisfied with our response, you can escalate to:
You can also reach our broader support teams through our Contacts page.
Retention varies by data type — see the table in section 9. AML and KYC records are kept for at least five years after account closure under PCMLTFA. Customer support records are kept for two years; marketing preference data is retained until you withdraw consent, plus a short suppression period.
Yes. Email [email protected] from the address registered to your account, with proof of identity. We respond to most access requests within 30 days. In rare cases — usually large or complex requests — we may charge a reasonable cost-recovery fee, and we will tell you the fee in advance.
No. Elements Casino does not sell personal information. We share it only with the categories of recipient listed in section 7, and only for the purposes set out there.
Personal information is hosted primarily on servers in Canada (primary: Toronto, Ontario; secondary: Montreal, Quebec), with encrypted backups. Some service providers operate outside Canada; in those cases we use contractual safeguards and encryption to protect the data in transit and at rest.
Email [email protected] requesting account deletion. We close the account and delete personal information unless we are legally required to retain certain records (for example, the five-year AML retention under PCMLTFA). We will explain what is kept and why.
Quebec residents have additional rights under Law 25, including data portability, the right to be forgotten in qualifying circumstances, the right to information about automated decision-making, and stricter express-consent rules for sensitive processing.