burger icon
FCmoon Casino
Log In

Privacy Policy

Introduction - This Privacy Policy explains how fcmoon-casino on fcmoon777-ca.com collects, uses, discloses, retains, and protects personal information. It applies to players, account holders, and visitors who access or use our website and services in Canada. Effective date: 1 October 2025.

Who We Are

Observe: Identify the operator, jurisdictional context, and contact path. Expand: Provide transparency about licensing and points of contact. Reflect: Enable users to reach a responsible privacy contact promptly.

  • Operator: Bermuda Triangle Ltd. (trading as "fcmoon-casino" for Canada via fcmoon777-ca.com)
  • Gaming license: Anjouan Gaming Board (online gambling - casino and sportsbook). Public license number and registry link have not been disclosed as of October 2025; we will update once verified.
  • Registered/legal address: Not publicly disclosed as of October 2025; publication pending verification. We will update this section once confirmed.
  • Primary privacy contact (Data Protection Office): [email protected]
  • General privacy mailbox: [email protected]
  • Website: https://fcmoon777-ca.com/

Note: If email is unavailable, please contact us via the in-account Support/Live Chat and choose "Privacy/Personal Data" to route your request to the Data Protection Office.

What Personal Data We Collect

Observe: Gambling operations require identity, transactional, and technical data. Expand: Include AML/KYC, cookies, and behavioral telemetry. Reflect: Limit collection to what is necessary for lawful, secure operations.

  • Identity and contact: Full name, date of birth, country/province, address, email, phone, username, account IDs; government-issued ID and proof of address for KYC/age verification.
  • Account and behavioral: Login history, session timestamps, game play and betting history, deposits/withdrawals, preferences, clickstream events, responsible gambling settings and self-exclusion markers.
  • Payment and financial: Payment method type, masked card digits or tokenized instruments, e-wallet identifiers, payment transaction identifiers, billing address, chargeback records. We do not store full card PANs; processing is via PCI-DSS compliant partners.
  • Technical: IP address, device and browser data, OS, language, time zone, referral URLs, performance logs, fraud signals (device fingerprinting, risk scores).
  • Compliance and risk: Sanctions/PEP screening results, adverse media flags, geolocation signals required to meet legal or licensing obligations.
  • Cookies and similar tech: Session and persistent cookies, SDKs, pixels, local storage for authentication, preferences, analytics, advertising (only with consent), and security.

Legal Basis for Processing

Observe: Canadian PIPEDA requires knowledge and consent and appropriate purposes; gambling adds KYC/AML duties. Expand: Align with provincial laws (e.g., Quebec Law 25), CASL for marketing, and recognize GDPR/Mexico alignment where applicable. Reflect: Map purposes to lawful grounds.

  • Consent (PIPEDA; CASL for e-communications): We rely on express or implied consent for account creation, cookies (where required), and marketing. You may withdraw consent at any time.
  • Contractual necessity: To open and operate your account, process payments, provide games, verify eligibility, and deliver support.
  • Appropriate/legitimate purposes: PIPEDA s.5(3) appropriate purposes and, where GDPR applies, our legitimate interests in security, fraud prevention, service improvement, and analytics balanced against your rights.
  • Legal obligations: KYC/AML screening, age verification, sanctions checks, recordkeeping, regulator reporting, tax and accounting compliance, and responding to lawful requests.
  • Vital and public interests (rare): To protect life/safety or comply with binding orders where applicable.

Purpose of Processing

Observe: Core delivery, safety, compliance, and growth. Expand: Separate service from marketing and risk. Reflect: Use data proportionately and minimize where possible.

  • Service delivery: Account registration, verification, deposits/withdrawals, gameplay, and customer support.
  • Compliance: KYC/AML, sanctions screening, responsible gambling tools, dispute handling, recordkeeping, audits.
  • Security and fraud prevention: Authentication, monitoring, bot/abuse detection, chargeback management, risk scoring.
  • Analytics and improvement: Performance measurement, troubleshooting, A/B tests, user experience optimization, bug fixes.
  • Marketing (with consent where required): Promotions, bonuses, newsletters, personalization, and affiliate attribution controls.
  • Corporate operations: Accounting, reporting, and regulatory engagement.

Disclosure & Sharing

Observe: Operations require vetted processors and lawful disclosures. Expand: Define categories, conditions, and protections. Reflect: Share only what is necessary under contracts and law.

  • Payment partners: Banks, card acquirers, e-wallets, and payment gateways (PCI-DSS compliant) to process transactions and manage chargebacks.
  • KYC/AML and risk providers: Identity verification, sanctions/PEP screening, fraud detection, geolocation services.
  • IT and support vendors: Hosting/CDN, security operations, analytics, customer support tools, communications platforms.
  • Affiliates and advertising networks: For attribution and marketing only with your consent and subject to data processing and confidentiality agreements.
  • Regulators and authorities: Anjouan Gaming Board, tax authorities, law enforcement, courts, and other competent bodies when legally required.
  • Corporate transactions: In a merger, acquisition, or reorganization, subject to appropriate safeguards and notice.

We require recipients to implement security and confidentiality measures and to use data only for the documented purposes.

International Transfers

Observe: Cross-border flows may include the EEA/UK, U.S., and Anjouan. Expand: Use contractual and technical safeguards. Reflect: Provide notice and protect data consistently with Canadian requirements.

  • Destinations: Data may be processed in Canada and transferred to countries where our vendors operate, including the United States, member states of the European Economic Area, the United Kingdom, and Anjouan/Comoros.
  • Safeguards: Contractual protections requiring comparable protection to Canadian standards; encryption in transit and at rest; strict access controls; vendor due diligence and ongoing monitoring.
  • EEA/UK transfers (if applicable): EU Standard Contractual Clauses (and UK IDTA/Addendum) plus risk assessments and supplementary measures.
  • Quebec Law 25: We conduct a privacy impact assessment before communicating personal information outside Quebec and implement contractual measures ensuring adequate protection.

Data Retention

Observe: Retention must meet AML/regulatory needs and minimization. Expand: Define durations and deletion triggers. Reflect: Prefer anonymization where feasible.

  • Account and identity data (including KYC): For the life of the account and up to 5 years after closure, or longer if required for AML, disputes, or legal obligations.
  • Transaction and financial records: Up to 7 years to meet accounting, tax, and AML requirements.
  • Gameplay and behavioral logs: 24 months for security, dispute resolution, and service improvement, then aggregated or anonymized.
  • Security logs (access, fraud): 12-24 months depending on risk domain.
  • Marketing data: Until you withdraw consent or your account is closed, after which we suppress further communications.
  • Cookies: Session cookies expire at logout; persistent analytics/advertising cookies typically 13 months unless you delete earlier.

Deletion criteria: End of purpose, expiry of statutory periods, successful objection/erasure request (where applicable), or replacement by anonymized aggregates.

Your Rights

Observe: Core Canadian rights under PIPEDA plus provincial variations. Expand: Align with GDPR and Mexico's LFPDPPP when those laws apply. Reflect: Provide practical procedures and timelines.

  • Canada (PIPEDA): Access your personal information; request corrections; withdraw consent (including marketing); challenge our compliance; receive explanations of our practices. We respond within 30 days, subject to permissible extensions.
  • Quebec (Law 25): Rights include access/correction, data portability (when regulations in force for the relevant data), de-indexation, and information about automated decisions. Cross-border disclosures are subject to a prior assessment and safeguards.
  • GDPR (EU/EEA/UK residents, if you use our services from there): Access, rectification, erasure, restriction, objection (including profiling/marketing), portability, and the right to complain to a supervisory authority.
  • Mexico (LFPDPPP, if applicable): ARCO rights-Access, Rectification, Cancellation, and Opposition-plus withdrawal of consent and limitation of disclosure.

How to exercise your rights

  1. Submit: Email [email protected] or use in-account Support > Privacy/Personal Data. Specify the right you wish to exercise and the scope of data.
  2. Verify: We may request information to confirm your identity and province/country of residence.
  3. Timeline: We aim to respond within 30 days. If an extension is necessary, we will inform you of the reason and new deadline.
  4. Fees: Requests are free of charge unless manifestly unfounded or excessive; in such cases, we may charge a reasonable fee or refuse with reasons.

Marketing opt-out: Use unsubscribe links in emails, adjust in-account preferences, or email [email protected].

Cookies & Tracking Technologies

Observe: Cookies support authentication, personalization, analytics, and advertising. Expand: Provide types and controls. Reflect: Respect consent and user choice.

  • Session cookies: Essential for login and security; expire when you close your browser.
  • Persistent cookies: Remember preferences and help us analyze usage; typical lifespan up to 13 months.
  • Third-party cookies/SDKs: Analytics, performance monitoring, fraud detection, and advertising networks (only with consent where required).

Managing cookies: You can disable or delete cookies via your browser settings. Some features may not function without essential cookies. Where available, use the Cookie Preferences link in the site footer to adjust categories.

Data Security

Observe: Gambling platforms face elevated fraud and attack risks. Expand: Implement layered controls and incident readiness. Reflect: Protect data in transit, at rest, and in use.

  • Encryption: TLS 1.2+ for data in transit; industry-standard encryption (e.g., AES-256) for data at rest for sensitive fields.
  • Access controls: Role-based access, least privilege, MFA for administrators, segregated environments, and comprehensive logging.
  • Secure development: Code reviews, dependency scanning, security testing, and change management.
  • Operational security: WAF, DDoS protection, anti-bot measures, malware scanning, and continuous monitoring.
  • Vendor governance: Due diligence, contractual security obligations, and periodic reassessments.
  • Training & awareness: Mandatory staff training on privacy, security, and AML/KYC.
  • Incident response: Defined procedures for detection, containment, investigation, notification, and remediation. We will notify users and regulators when required by law.

We align our controls with recognized frameworks (e.g., ISO/IEC 27001 and SOC 2) where appropriate; we do not claim formal certification unless expressly stated on fcmoon777-ca.com.

Complaints & Contacts

Observe: Provide clear channels and escalation paths. Expand: Include Canadian and cross-jurisdiction options. Reflect: Encourage resolution with transparent timelines.

Contact us first

  • Data Protection Office (primary): [email protected]
  • General privacy mailbox: [email protected]
  • In-account: Support/Live Chat > select "Privacy/Personal Data."
  • Postal: Pending publication of the operator's verified legal address; we will update this section and accept written requests via email in the interim.
  1. Step 1: Submit your concern with relevant details and evidence.
  2. Step 2: We acknowledge within 5 business days and aim to resolve within 30 days.
  3. Step 3: If complex, we will provide an explanation and revised timeline.

Escalation to supervisory authorities

  • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca/ | Toll-free: 1-800-282-1376
  • Commission d'accès à l'information du Québec (CAI): https://www.cai.gouv.qc.ca/ | Tel: 1-888-528-7741
  • EU/UK (if applicable): Contact your local supervisory authority; a list is available at https://edpb.europa.eu/ and the UK ICO at https://ico.org.uk/
  • Mexico (if applicable): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI): https://home.inai.org.mx/

Updates

Observe: Policies evolve with law and services. Expand: Provide advance notice for material changes. Reflect: Maintain version control and user options.

  • Notifications: We will notify users of material changes via email, in-account alerts, and/or website banners.
  • Advance notice: For significant changes (e.g., new purposes, new categories of recipients), we provide at least 30 days' notice where feasible before the effective date.
  • User choices: You may object to changes where consent is required, update preferences, or close your account before the effective date without penalty for the change itself.
  • Version control: Last updated: October 2025. A changelog of material updates will be maintained on this page.

Regional compliance note: This policy is designed for users in Canada under PIPEDA and applicable provincial laws (e.g., Quebec Law 25). Where you are located in the EEA/UK or Mexico, we align with GDPR or LFPDPPP as relevant; in case of conflict, the law of your residence prevails to the extent it applies.