burger icon
Boho Casino Review Canada
Log In

Privacy Policy

This Privacy Policy explains how Boho Casino, operating the Boho Casino service at boho-ca.com ("we", "us", "our"), collects, uses, discloses, and protects your personal information. It applies to all players and website visitors who access or use boho-ca.com, its subdomains, and related services (together, the "Services"), whether you only browse the site or register and play.

This Policy is intended to meet the requirements of applicable Canadian privacy laws (including the Personal Information Protection and Electronic Documents Act - "PIPEDA" - and substantially similar provincial laws), and, where relevant, aligns with the EU General Data Protection Regulation ("GDPR") and Mexican data protection law.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Services. This Privacy Policy is effective from 1 January 2026.

Who We Are

The Boho Casino service at boho-ca.com, referred to in this Policy as "Boho Casino", is operated by:

  • Data controller / operator: Hollycorn N.V., a private limited liability company registered under the laws of Curaçao.
  • Registered address: Hollycorn N.V., Scharlooweg 39, Willemstad, Curaçao.
  • Registration number: 144359 (Curaçao Commercial Register).
  • Gaming licence: Online gambling activities operated under sublicense(s) issued by Antillephone N.V., Licence No. 8048/JAZ2019-015 (also referenced as 8048/JAZ), authorised by the Government of Curaçao.

Certain payment processing and related services for boho-ca.com may be provided by our subsidiary:

  • Payment processing entity: Libergos Ltd., a limited company registered in Cyprus.
  • Registration number: ΗΕ 371971 (Cyprus).

Please note that Boho Casino / boho-ca.com is not licensed by any Canadian gambling authority (including iGaming Ontario) and operates under its Curaçao licence. This does not affect your privacy rights, which are governed by the privacy regulators listed in this Policy rather than by gambling regulators.

Data Protection Contact (DPO / privacy team)
For any privacy-related questions, requests, or complaints, you can contact our data protection contact point:

  • Email: [email protected]
  • Postal address (for privacy matters): Data Protection Officer, Hollycorn N.V., Scharlooweg 39, Willemstad, Curaçao (please mark the envelope "Privacy / DPO").

What Personal Data We Collect

We collect and process different categories of personal data depending on how you use boho-ca.com and whether you register, deposit, play, or contact us.

Identification and contact data

  • Full name, date of birth, gender.
  • Residential address, country of residence, postal code.
  • Email address, phone number, preferred language.
  • Identity verification data (copies or details of ID documents, proof of address, any KYC/AML documentation you provide).

Account and behavioural data

  • Username, account ID, passwords (stored in hashed form), security questions, account status.
  • Game and betting history, wins and losses, bonuses used, tournaments and promotions participated in.
  • Interaction history with our site and support (chat logs, emails, complaints, requests).
  • Responsible gambling settings and related data (deposit limits, self-exclusion details, time-outs).

Technical and usage data

  • IP address, approximate location derived from IP (country, city-level where permitted).
  • Device information (device type, operating system, browser type and version, screen resolution, unique device identifiers where applicable).
  • Log data (access dates and times, pages viewed, clicks, referral URLs, session duration, error logs).
  • Information collected through cookies, pixels, tags, SDKs, and similar technologies (see "Cookies & Tracking Technologies").

Payment and financial data

  • Chosen payment method, partial payment card details (such as masked card number and expiry date), e-wallet or payment account identifiers.
  • Deposit and withdrawal amounts, currency, transaction dates, payment provider used.
  • Anti-fraud and AML-related information derived from your transactions and external checks.

Marketing and communication data

  • Your choices regarding newsletters, SMS and push notifications, and other marketing communications.
  • Information about whether you opened, read, or interacted with our messages.

Data from third parties

  • Verification and risk data from KYC/AML providers and payment partners (for example, confirmation of identity or address, politically exposed person (PEP) and sanctions checks).
  • Data from affiliates who referred you to boho-ca.com (such as affiliate ID and campaign details).

Legal Basis for Processing

We process your personal data only when we have a lawful basis to do so under applicable laws. Depending on your location (for example, Canada, the EU/EEA, or Mexico) and the specific processing activity, we rely on one or more of the following grounds:

Consent

  • When you explicitly agree to particular processing, such as:
    • Receiving marketing emails, SMS, or push notifications.
    • Non-essential cookies and similar technologies for analytics or advertising.
  • You can withdraw your consent at any time (see "Your Rights").

Performance of a contract

  • To create, manage, and operate your Boho Casino account and provide the Services that you request (e.g., placing bets, processing deposits and withdrawals, crediting bonuses, customer support).
  • Without this processing, we cannot provide you with a functional online casino service.

Compliance with legal obligations

  • To comply with anti-money laundering ("AML"), counter-terrorist financing, fraud prevention, and "know your customer" ("KYC") obligations applicable in Curaçao and other relevant jurisdictions.
  • To meet requirements under tax, accounting, and record-keeping laws.
  • To respond to lawful requests from courts, regulators, and law enforcement.

Legitimate interests / reasonable purposes

  • Under GDPR (for EU/EEA users) and under PIPEDA and similar Canadian laws (for Canadian users), we process personal data for our legitimate interests or "reasonable purposes," including:
    • Maintaining and improving the security, availability, and performance of boho-ca.com.
    • Preventing abuse, fraud, chargebacks, and bonus misuse.
    • Developing and improving our products, games, and user experience.
    • Conducting analytics and statistics to understand how our Services are used.
  • Where required, we balance these interests against your rights and freedoms and apply additional safeguards.

Mexican data protection law

For users located in Mexico, we process personal data in line with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its regulations, based on consent, contractual necessity, legal obligations, and legitimate purposes consistent with that framework.

Purpose of Processing

We use your personal data for the following purposes:

Provision and operation of the Services

  • Creating and managing player accounts on boho-ca.com.
  • Processing deposits, bets, game play, winnings, and withdrawals.
  • Providing customer support and resolving technical and account-related issues.
  • Administering bonuses, promotions, and loyalty programs.

Security, KYC/AML, and regulatory compliance

  • Verifying your identity and eligibility to use our Services.
  • Carrying out AML, fraud, and risk checks, as required by law or our licence conditions.
  • Monitoring transactions and gameplay for suspicious activity or policy violations.
  • Complying with record-keeping, tax, audit, and reporting obligations.

Service improvement and analytics

  • Monitoring and analysing use of boho-ca.com (e.g., traffic, performance, game popularity).
  • Developing and improving site functionality, user interfaces, and game offerings.
  • Testing and implementing new features and services.

Marketing and personalisation

  • Sending you marketing communications (email, SMS, push notifications) about our Services, promotions, and events, where permitted by law (e.g., CASL in Canada) and in line with your preferences.
  • Customising offers, bonuses, recommendations, and content based on your profile and previous interactions.
  • Measuring the effectiveness of marketing campaigns and affiliate channels.

Dispute resolution and enforcement

  • Managing and documenting complaints, chargebacks, disputes, and regulatory enquiries.
  • Enforcing our Terms and Conditions, including investigating potential violations.
  • Defending or establishing legal claims.

Disclosure & Sharing

We do not sell your personal information as a standalone product. However, we do share personal data with selected third parties where necessary for the purposes described above and subject to appropriate safeguards:

Group companies and service providers

  • Group entities: Libergos Ltd. (Cyprus) and other current or future affiliated entities that support payment processing, risk management, and internal administration.
  • Payment providers: Banks, card schemes, e-wallets, and other payment intermediaries that process deposits, withdrawals, and refunds.
  • KYC/AML and fraud-prevention providers: Third-party identity verification, sanctions screening, and risk scoring services.
  • IT and infrastructure providers: Hosting companies, content delivery networks, security providers, email and SMS platforms, customer support tools, and analytics services.

Marketing, analytics, and affiliates

  • Analytics and advertising partners: Providers who help us understand usage patterns or display our advertisements on third-party sites or apps. Where required by law, such processing is based on your consent for cookies or similar technologies.
  • Affiliate partners: Companies and websites that refer players to boho-ca.com. We may share limited information such as your account ID or aggregated performance data to calculate commissions and prevent fraud; affiliates are responsible for their own privacy practices.

Authorities and other third parties

  • Regulators and law enforcement: Government authorities, courts, law enforcement agencies, and regulators (including those in Curaçao and other relevant jurisdictions) when required by law, licence conditions, or to protect our rights or the rights of others.
  • Professional advisers: Lawyers, auditors, accountants, and consultants subject to confidentiality obligations.
  • Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of the transaction, subject to the same or equivalent privacy protections.

Whenever we share your information with service providers, they are required to use it only on our instructions and to implement appropriate security measures.

International Transfers

Because Hollycorn N.V. and Libergos Ltd. operate internationally, your personal data may be transferred to and processed in countries outside your place of residence. This includes:

  • Curaçao - where Hollycorn N.V. is registered and where core operational systems may be located.
  • Cyprus - where Libergos Ltd. provides payment processing and related services.
  • Other countries - including EU/EEA member states, the United States, and other jurisdictions where our hosting providers, analytics providers, or other service partners are located.

If you are located in Canada, your personal data may be transferred outside Canada. As a result, foreign governments, courts, law enforcement, or regulatory agencies may be able to obtain access to your information under the laws of those foreign jurisdictions. We take contractual and technical measures to provide a comparable level of protection to that required under Canadian privacy laws.

For users in the EU/EEA or Mexico, where your data is transferred outside your country and that destination is not recognised as providing an "adequate" level of data protection, we use appropriate safeguards, such as:

  • Standard contractual clauses approved by the European Commission or equivalent model clauses.
  • Other appropriate safeguards recognised under applicable law (for example, where applicable, participation in recognised data transfer frameworks, such as the EU - US Data Privacy Framework or its successors).
  • Technical and organisational measures (encryption, access controls, data minimisation) designed to limit the risks associated with such transfers.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with our legal obligations (including AML and record-keeping requirements), to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the category of data and applicable laws.

Typical retention periods

  • Account and identification data (e.g., name, contact details, KYC documents):
    • For the duration of your active account and generally up to 5 years after account closure or your last transaction, unless a longer period is required by law or necessary for legal claims.
  • Transaction and gaming history:
    • For as long as your account is active and normally at least 5 years after the relevant transaction to comply with AML and tax obligations.
  • Customer support and complaint records:
    • For the duration of the issue and typically up to 5 years after resolution, depending on legal limitation periods.
  • Marketing and communications data:
    • Until you withdraw consent or object to marketing, and in any case no longer than necessary (for example, up to 3 years after your last interaction with us).
  • Technical logs and security data:
    • Typically retained for 1 - 2 years, unless a longer period is required for investigation of security incidents or legal compliance.

When we no longer need personal data, we will either securely delete or anonymise it. Where anonymisation is used, we may retain non-identifiable information for statistical, analytical, or business purposes.

Your Rights

Your rights depend on your country of residence and the laws that apply to our processing of your personal data. We aim to provide a level of protection consistent with Canadian privacy laws and, where applicable, GDPR and Mexican data protection law (LFPDPPP).

Core rights (Canada, EU/EEA, Mexico)

  • Right of access: You can request confirmation of whether we hold personal data about you and obtain a copy, along with information about how we use it.
  • Right to rectification (correction): You can request that inaccurate or incomplete personal data be corrected or updated.
  • Right to deletion / cancellation ("right to be forgotten" / ARCO): You can request that we delete certain personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where applicable), or when processing is unlawful. We may retain data where we still have legal obligations (e.g., AML, tax laws).
  • Right to restriction of processing: In some situations, you can request that we temporarily restrict processing, for example while we verify contested data.
  • Right to object: Where we process data based on legitimate interests or for direct marketing, you can object at any time. If you object to direct marketing, we will stop sending marketing communications.
  • Right to data portability (EU/EEA, where applicable in other regions): You may request to receive personal data you have provided to us in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: Where processing is based on your consent (e.g., marketing, certain cookies), you can withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

ARCO rights in Mexico

If you are located in Mexico, you have specific ARCO rights under LFPDPPP: Access, Rectification, Cancellation, and Opposition. These rights correspond to and are implemented through the mechanisms described above, and you may exercise them by contacting us as outlined below.

How to exercise your rights

  1. Submit a request: Contact us at [email protected] from the email address associated with your account, or use any dedicated privacy tools available in your boho-ca.com account (if provided).
  2. Provide details: Clearly state which right you wish to exercise and, where relevant, specify the data or processing in question.
  3. Verification: We may ask you to provide additional information to verify your identity and ensure that we do not disclose data to an unauthorised person.
  4. Response time: We will respond to your request within 30 days of receipt. In complex cases or where permitted by law, this period may be extended; if so, we will inform you of the extension and the reasons.
  5. Fees: We generally handle requests free of charge. Where allowed by law, we may charge a reasonable fee or refuse a request that is manifestly unfounded, repetitive, or excessive.

Even if you request deletion or restriction, we may retain certain data as required by law (for example, AML, financial record-keeping) or to protect our legitimate interests, such as establishing or defending legal claims.

Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve boho-ca.com, personalise your experience, and measure performance and marketing effectiveness. A "cookie" is a small text file stored on your device when you visit a website.

Types of cookies we use

  • Strictly necessary cookies (session and persistent): Essential for the operation of the site and to enable core functions, such as logging in, maintaining your session, and processing payments. These cookies cannot be switched off in our systems and usually do not require consent.
  • Functional cookies: Remember your choices and preferences (language, region, saved details) to provide a more personalised experience.
  • Analytics / performance cookies: Help us understand how visitors use boho-ca.com (for example, which pages are visited most often, error messages, loading times) so we can improve the site. They may be set by us or by third-party analytics providers.
  • Advertising / targeting cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns, on our site and third-party platforms. These cookies are often set by advertising networks or partners.

Other tracking technologies

  • Web beacons, pixels, and tags embedded in pages or emails to track engagement and campaign performance.
  • Software development kits (SDKs) in mobile environments (if applicable).
  • Device identifiers and similar technologies to help recognise your device or browser over time.

Managing cookies

  • On your first visit and periodically thereafter, we may present a cookie banner or preference centre allowing you to accept or reject non-essential cookies (such as analytics or advertising cookies), in line with applicable laws in Canada, the EU/EEA, Mexico, and other jurisdictions.
  • You can usually configure your browser to block or delete cookies. The methods vary by browser; consult your browser's help section for instructions.
  • If you block strictly necessary cookies, some parts of boho-ca.com may not function properly (for example, you may not be able to log in or complete transactions).
  • Some third parties provide opt-out tools for their own cookies or advertising identifiers. These may be accessed through their websites or via industry platforms.

Data Security

We take the security of your personal data seriously and use technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration, or destruction.

Technical measures

  • Encryption in transit: Data transmitted between your browser and boho-ca.com is protected using Transport Layer Security (TLS) 1.2 or higher, where supported.
  • Encryption at rest: Sensitive information is stored using encryption or equivalent safeguards, depending on its nature and risk level.
  • Access controls: Access to production systems and databases is restricted to authorised personnel on a need-to-know basis and protected by strong authentication measures, including multi-factor authentication for administrative accounts where feasible.
  • Segregation and logging: Logical segregation of environments and detailed logging of key administrative actions, access attempts, and security events.

Organisational measures

  • Internal policies and procedures governing data protection, information security, and acceptable use.
  • Staff training and awareness programs on privacy, security, and responsible handling of personal data.
  • Vendor due diligence and contractual data protection obligations for service providers who process data on our behalf.

Monitoring and incident response

  • Regular monitoring for suspicious activities, attempted intrusions, and abuse.
  • Periodic security assessments and audits conducted internally and, where appropriate, with external specialists.
  • Incident response procedures designed to identify, contain, and remediate security events and to notify affected individuals and relevant authorities where required by law.

While we implement measures in line with industry standards and aim to align with recognised security frameworks (such as ISO/IEC 27001 and SOC 2 principles), no system can be guaranteed to be 100% secure. You are also responsible for keeping your login credentials confidential and for using appropriate security measures on your own devices.

Complaints & Contacts

If you have questions, concerns, or complaints about how we handle your personal data, or if you wish to exercise your privacy rights, you can contact us using the details below.

Primary contact (boho-ca.com)

  • Email (preferred): [email protected]
  • Postal address: Data Protection Officer, Hollycorn N.V., Scharlooweg 39, Willemstad, Curaçao (mark the envelope "Privacy / DPO").

Internal complaint procedure

  1. Submit your complaint: Send us a detailed description of your concern, including relevant dates, account identifiers, and copies of any supporting documents.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably possible.
  3. Investigation: We will investigate your complaint and may contact you to request additional information or clarification.
  4. Response time: We aim to respond with our findings and proposed resolution within 30 days. If we cannot do so within this period, we will inform you of the reason and indicate the new estimated timeframe.

Escalation to supervisory authorities

If you are not satisfied with our response, or you believe that your privacy rights have been violated, you may have the right to lodge a complaint with a competent data protection authority:

  • Canada (federal - PIPEDA):
    Office of the Privacy Commissioner of Canada (OPC)
    Website: https://www.priv.gc.ca/en/
    Complaint information: File a privacy complaint
  • Canadian provinces with their own private-sector privacy laws: If you reside in a province with its own privacy authority (for example, Alberta, British Columbia, or Quebec), you may also contact your provincial privacy commissioner. Contact details are available on the respective official websites.
  • Mexico:
    Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)
    Website: https://www.inai.org.mx/
  • European Union / EEA:
    You can lodge a complaint with the data protection authority in the EU/EEA member state of your habitual residence, place of work, or alleged infringement. A list of supervisory authorities is available from the European Data Protection Board (EDPB):
    https://edpb.europa.eu/about-edpb/about-edpb/members_en

Please note that Boho Casino / boho-ca.com is not licensed by Canadian gambling regulators, so gambling-related regulatory complaints (e.g., to iGaming Ontario) may not be available. Privacy complaints should be directed to the privacy authorities listed above.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we provide.

How we will inform you

  • Website notice: We will post the updated Privacy Policy on boho-ca.com with a revised "Last updated" date.
  • Direct notice for material changes: For significant changes (for example, new purposes of processing, changes in data sharing practices, or new categories of personal data), we will use additional notification methods, such as:
    • Email to the address associated with your account.
    • In-account notifications or dashboard alerts.
    • Prominent banners or pop-ups on the website.

Advance notice and your options

  • Where required by law or where the changes significantly affect your rights, we will provide you with advance notice of the updated Policy, generally at least 30 days before the changes take effect.
  • If you do not agree with the revised Policy, you may choose to stop using the Services and, if you are a registered player, request account closure in accordance with our Terms and Conditions.
  • Continued use of boho-ca.com after the effective date of the updated Policy will constitute your acknowledgement of the changes, to the extent permitted by law.

Last updated: February 2026