Privacy Policy

This Privacy Policy explains how Quatro Casino, operated via the official website https://quatrobet-ca.com, collects, uses, discloses, and protects personal information of players and website visitors in Canada. It applies to all users who access, register, or otherwise use the services and content offered on quatrobet-ca.com, including visitors who do not open an account. By using our site or services, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective and applies to processing carried out from 1 January 2024 and remains in force until updated, with key obligations and data handling practices aligned with Canadian and applicable international standards through at least 31 December 2026.

Who We Are

OBSERVE: The Quatro Casino brand is offered to Canadian users under a multi-operator structure with distinct licensing for Ontario and the rest of Canada. This requires clarity on who is responsible for data processing and how users can contact us.

EXPAND: To ensure transparency and accountability, we identify each relevant operating entity and provide a central contact channel for privacy matters, even where full corporate address details are not publicly specified in the source data.

REFLECT: We therefore designate a single primary contact point for data protection issues while acknowledging the separate licensed operators behind Quatro Casino.

Operating Entities

• Quatro Casino / Quatro Casino service: Provided via quatrobet-ca.com to Canadian residents.
• Operator for Ontario residents: Apollo Entertainment Ltd, based in Malta, operating under:
  • Alcohol and Gaming Commission of Ontario (AGCO) licence number OPIG1238914, with an operating agreement with iGaming Ontario (iGO).
  • Malta Gaming Authority licence number MGA/B2C/164/2008.
  • UK Gambling Commission licence number 38620 (where relevant for cross-regulatory oversight).
• Operator for Canada outside Ontario and rest-of-world users accessing this site: Fresh Horizons Ltd, based in the British Virgin Islands, operating under:
  • Kahnawake Gaming Commission licence number 00892, jurisdiction Kahnawake, Canada.

In this Privacy Policy, "we", "us" or "our" refers collectively to Apollo Entertainment Ltd and Fresh Horizons Ltd, acting as data controllers for their respective regulated markets in relation to Quatro Casino and the quatrobet-ca.com website.

Data Protection Contact

• Data Protection Contact / Privacy Team: Quatro Casino Data Protection Department
• E-mail (primary for privacy and support): [email protected]
• E-mail (general enquiries): [email protected]

These email addresses serve as the main contact channels for all privacy-related requests and questions across Canada. Where required by law (for example, in Ontario or under EU/UK rules), Apollo Entertainment Ltd may also appoint a formal Data Protection Officer; any such DPO can be reached initially via the above email addresses, and your request will be routed appropriately.

What Personal Data We Collect

OBSERVE: To operate an online casino, we must collect identity, technical, transactional, and behavioural data, as well as data related to regulatory and responsible gambling controls.

EXPAND: Canadian gambling and anti-money laundering regulations (including KYC/AML obligations under Kahnawake and AGCO/iGO frameworks) require verified identity information, payment details, and records of game activity. Modern security standards also require logging and analytics data.

REFLECT: We classify the personal information we collect into the categories below to clarify what is gathered and for which broad purposes.

Identity and Contact Data

• Registration and profile information: full name, date of birth, gender (if provided), residential address, country and province of residence (including confirmation of Ontario or non-Ontario status), nationality (where needed for regulatory reasons).
• Contact details: email address, telephone number (mobile and/or landline), language preferences.
• Verification data (KYC): copies or data extracted from government-issued identification documents (e.g., passport, driver's licence, ID card), proof of address (e.g., utility bill, bank statement), and any additional documentation reasonably required to verify your identity, age, and location.

Account and Usage Data

• Account details: username, encrypted password, security questions/answers (where used), account status, account history, responsible gambling settings (deposit limits, loss limits, time-outs, self-exclusion), communication preferences.
• Gaming activity: game selections, session times, stakes, wins and losses, bonuses claimed, wagering progress, tournament entries, achievement levels, loyalty or reward status within the Casino Rewards network.
• Customer support records: communications with our support team (including email records, chat logs, and call notes), complaint history, resolutions, and feedback.

Technical and Device Data

• Technical identifiers: IP address, approximate location derived from IP (e.g., city, province, country), device identifiers, browser type and version, operating system, language settings, and time zone.
• Usage logs: dates and times of access, pages viewed, clicks, navigation paths, referral URLs (how you reached our site), download events, error logs, and performance diagnostics.
• Security and integrity data: device fingerprints, login attempts, authentication logs, and information captured through fraud and risk monitoring tools.

Payment and Financial Data

• Transaction details: deposits, withdrawals, bonus credits and redemptions, currency, amounts, timestamps, payment method type (e.g., credit card, debit card, e-wallet, bank transfer, prepaid voucher).
• Payment instrument data: limited card or account details (such as masked card numbers or tokenized identifiers) as provided by you and/or our payment service providers, subject to PCI-DSS and equivalent security requirements; we do not store full raw card details on our systems where prohibited or unnecessary.
• AML and financial monitoring data: records and notes arising from source-of-funds/source-of-wealth checks, transaction monitoring, and internal risk assessments as required by applicable anti-money laundering and counter-terrorist financing rules.

Behavioural, Profiling, and Marketing Data

• Behavioural data: gameplay patterns, betting frequency, session duration, responsiveness to offers, interaction with specific games or content categories.
• Marketing and communication data: subscription to newsletters or promotional emails, opt-in/opt-out logs, interaction with marketing messages (opens, clicks), participation in surveys, competitions, or promotional campaigns.
• Segmentation and profiling data: internal segments and risk categories (e.g., responsible gambling risk indicators, fraud risk levels, player value or loyalty tiers), created using the other data we collect and in line with regulatory expectations for monitoring and harm minimisation.

Cookies and Similar Technologies

• Cookies: small text files stored in your browser when you visit quatrobet-ca.com, which may include unique identifiers, language settings, and session information.
• Similar technologies: web beacons, pixel tags, SDKs and local storage used for analytics, security, and marketing purposes.

More detail is provided in the Cookies & Tracking Technologies section below.

Legal Basis for Processing

OBSERVE: As a multi-jurisdictional operator (Kahnawake, AGCO/iGO, MGA, UKGC), we must comply with Canadian privacy principles (including PIPEDA and substantially similar provincial laws), relevant EU/UK-style data protection standards in our cross-border operations, and gambling-specific regulations.

EXPAND: While Canadian law commonly refers to "lawful purposes" and "meaningful consent", our operations also align with the concepts of contract necessity, legal obligation, and legitimate interests, helping ensure consistent protections across markets.

REFLECT: We therefore explain our processing in terms of the following legal grounds and business justifications.

Consent

• Scope: We rely on your explicit or implied consent where required by law, particularly for:
  • Sending marketing communications (email, SMS, push notifications) not strictly necessary for service provision.
  • Placing and accessing certain non-essential cookies and similar technologies (e.g., advertising cookies, some analytics cookies where mandated).
  • Processing optional profile fields and survey responses you choose to provide.
• Your control: You may withdraw consent at any time (see "Your Rights" section) without affecting the lawfulness of processing carried out before withdrawal.

Performance of a Contract

• Scope: We process personal data because it is necessary to:
  • Register and maintain your quatrobet-ca.com account.
  • Enable deposits, gameplay, participation in promotions, and withdrawals.
  • Provide customer support and handle queries or complaints about our services.
  • Administer loyalty and reward programs associated with Quatro Casino.
• Clarification: Without this data, we cannot provide you with real-money gaming services or honour our contractual obligations to you.

Compliance with Legal and Regulatory Obligations

• Scope: We must collect, verify, store and in some cases disclose data to:
  • Fulfil Know Your Customer (KYC) and age-verification requirements.
  • Comply with anti-money laundering and counter-terrorist financing regulations in Kahnawake, Ontario, and other applicable jurisdictions.
  • Meet reporting and record-keeping obligations imposed by the Kahnawake Gaming Commission, AGCO/iGO, Malta Gaming Authority, UK Gambling Commission, tax authorities, and other governmental or law-enforcement bodies.
  • Respond to lawful requests, court orders, or regulatory audits and investigations.
• Implication: In these circumstances, we may be legally required to retain and disclose certain information, even if you request deletion.

Legitimate Interests / Legitimate Business Purposes

• Scope: We process data as reasonably necessary to:
  • Protect the security and integrity of our systems, games, and users (including fraud prevention, account security, and network monitoring).
  • Analyse and improve our products, services, website performance, and user experience (for example, via aggregated analytics).
  • Enforce our Terms and Conditions, prevent misuse of bonuses, and manage operational risk.
  • Conduct responsible gambling monitoring, including identification of risky behaviours and proactive interventions in line with regulatory frameworks.
• Balancing test: Where we rely on legitimate interests, we assess and balance our interests against your privacy rights and implement safeguards (such as pseudonymisation, minimisation, access controls, and opt-out options where appropriate).

Purpose of Processing

OBSERVE: Each category of data is collected for specific purposes tied to service delivery, compliance, safety, and business operations.

EXPAND: Some purposes are directly mandated by gambling regulation; others enable us to offer a reliable, fair, and responsible gaming experience.

REFLECT: The main purposes for which we use your personal information are as follows.

Provision and Management of Casino Services

• Creating, verifying, and managing your quatrobet-ca.com account.
• Processing deposits, withdrawals, and other financial transactions.
• Operating games, calculating results, crediting wins and debiting losses.
• Administering bonuses, promotions, competitions, and other offers.

Customer Support and Communication

• Responding to your questions, support requests, and complaints via email or other channels.
• Sending important service messages such as changes to our Terms and Conditions, Privacy Policy, game rules, or system notices (these are not marketing and are generally mandatory).

Regulatory Compliance and Responsible Gambling

• Conducting identity, age, and address verification checks.
• Monitoring transactions and gameplay for AML/CTF purposes and reporting suspicious activity where legally required.
• Implementing and enforcing responsible gambling tools, such as deposit limits, time-outs, and self-exclusions.
• Maintaining records for audits, regulatory inspections, and evidential purposes.

Security, Fraud Prevention, and Risk Management

• Detecting and preventing fraud, collusion, bonus abuse, money laundering, or other illicit or harmful activity.
• Protecting your account through security monitoring, log analysis, and authentication controls.
• Enforcing our Terms and Conditions, including investigating suspected breaches.

Analytics, Service Improvement, and Personalisation

• Analysing aggregated and pseudonymised usage patterns to improve game selection, features, and performance.
• Understanding how players interact with our services to diagnose technical issues and optimise user experience.
• Personalising content, game recommendations, and on-site messages (subject to your preferences and applicable legal requirements).

Marketing and Promotions

• Providing information about promotions, new games, loyalty rewards, and other offers, where you have not opted out or where permitted by law.
• Measuring the effectiveness of our marketing campaigns and adjusting them accordingly.

Disclosure & Sharing

OBSERVE: Running Quatro Casino and quatrobet-ca.com requires cooperation with regulated partners, technology providers, and authorities.

EXPAND: To maintain transparency and meet legal expectations, we identify the categories of recipients and the circumstances in which data may be shared.

REFLECT: We do not sell your personal information. We share it only as described below and subject to appropriate safeguards.

Group Companies and Operators

• Operators: Apollo Entertainment Ltd and Fresh Horizons Ltd may share information between themselves where necessary to:
  • Administer accounts and services across their respective regulated territories.
  • Ensure consistency of responsible gambling and risk management frameworks.
  • Comply with joint regulatory obligations or audits.

Payment Service Providers and Financial Institutions

• We share necessary payment and identity data with:
  • Banks, card schemes, and payment processors to execute deposits and withdrawals.
  • Payment service providers responsible for verifying payment instruments, processing refunds, or handling chargebacks.
• These parties may process your data as independent controllers (e.g., your bank) or as our processors, depending on the relationship.

Technical and Operational Service Providers

• We use third-party suppliers for:
  • IT hosting, cloud infrastructure, and data storage.
  • Game software, RNG technology, and platform services (subject to certification such as eCOGRA).
  • Customer support tools, email and messaging platforms, and CRM systems.
  • Analytics, security monitoring, and anti-fraud solutions.
• These providers act under written agreements that restrict their use of personal data to our documented instructions and require appropriate security measures.

Regulators, Supervisory Authorities, and Law Enforcement

• We may disclose your personal information to:
  • Kahnawake Gaming Commission.
  • Alcohol and Gaming Commission of Ontario and iGaming Ontario.
  • Malta Gaming Authority and UK Gambling Commission (where relevant to oversight of Apollo Entertainment Ltd).
  • Tax authorities, financial intelligence units, police, courts, or other governmental bodies where required by law.
• Such disclosures may include transaction records, account details, verification documentation, and investigation records, as mandated by law or licence conditions.

Affiliates and Advertising Partners

• Where you arrive at quatrobet-ca.com via an affiliate or marketing partner, certain limited data (e.g., referral identifier, registration and conversion metrics) may be shared with that partner for attribution and commission calculation.
• We may use advertising networks or technology providers to deliver or measure marketing campaigns, subject to your consent and applicable law. In such cases, identifiers (cookies, advertising IDs) and limited behavioural data may be shared or matched.

Corporate Transactions and Legal Proceedings

• In the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data may be transferred to prospective or actual purchasers and their advisers, subject to confidentiality obligations and applicable law.
• We may also share information with legal advisers and other professional consultants in connection with legal claims, disputes, audits, or risk management.

International Transfers

OBSERVE: Our operations span Canada (including Kahnawake and Ontario), Malta, the United Kingdom, and other jurisdictions, using global infrastructure and providers.

EXPAND: This means that personal information collected from Canadian users may be transferred to or accessed from countries outside Canada, including the European Union/EEA and the United Kingdom.

REFLECT: We implement safeguards consistent with Canadian privacy expectations and, where applicable, international standards such as the EU GDPR/UK GDPR.

Destinations of Data Transfers

• Within Canada: Data is processed and stored on systems operated under or in support of our Canadian licences, including Kahnawake and Ontario-related infrastructure.
• European Union/EEA and Malta: Data may be processed by Apollo Entertainment Ltd in Malta and by service providers located in EU/EEA countries, under MGA oversight.
• United Kingdom: Data may be processed by Apollo Entertainment Ltd and UK-based service providers under UKGC oversight.
• Other countries: Certain cloud, support, or analytics providers may process data in other jurisdictions, subject to contractual safeguards.

Protection Measures for International Transfers

• We rely on a combination of:
  • Contractual safeguards: Standard contractual clauses or equivalent data transfer agreements where required by law.
  • Data minimisation and pseudonymisation: Transferring only what is necessary and, where possible, using pseudonymised or aggregated data for analytics and testing.
  • Security controls: Encryption in transit and at rest, access control, and robust vendor due diligence.
• Regardless of location, our processors must comply with strict confidentiality and security obligations consistent with this Privacy Policy and applicable legal requirements.

Data Retention

OBSERVE: Gambling and AML regulations impose minimum retention periods, while privacy principles require that data not be kept longer than necessary.

EXPAND: Different categories of data are retained for varying durations to meet regulatory, contractual, and operational requirements, typically extending up to or beyond 2026 given our current licensing horizon.

REFLECT: We apply defined retention schedules and deletion criteria, summarised below.

General Retention Principles

• We keep personal information only for as long as reasonably necessary to:
  • Provide and administer your account and services.
  • Meet legal, regulatory, tax, and accounting obligations.
  • Resolve disputes and enforce our rights.
• After expiry of applicable retention periods, data is securely deleted, anonymised, or aggregated so that it is no longer identifiable.

Indicative Retention Periods

• Account and identification data: Typically retained for the period of your active account and, following account closure, for a period of 5 to 7 years (depending on jurisdiction) to comply with gambling, AML, and financial recordkeeping requirements. This may extend through at least 31 December 2026 for accounts active in 2026.
• Transaction and gaming records: Normally retained for at least 5 years after the relevant transaction or account closure, as required by AML and regulatory rules.
• Customer support and complaint records: Retained for up to 7 years after resolution, to evidence how we handled your request and to manage legal or regulatory claims.
• Marketing preferences and opt-out records: Retained as long as you remain a player and for a reasonable period thereafter (typically up to 3 years) to ensure we respect your choices and can demonstrate compliance.
• Technical logs and security data: Retention varies from a few months to several years depending on the log type and security relevance; high-level security logs may be kept for up to 7 years where needed to investigate fraud or comply with regulatory requests.

Deletion and Anonymisation Criteria

• When retention periods expire and no legal obligation or overriding legitimate interest requires continued storage, we will:
  • Securely delete or irreversibly anonymise identifiable data.
  • Retain only aggregated or anonymised information for analytics and reporting.
• Where you request deletion, we will assess whether any information must still be retained for legal, regulatory, or dispute-resolution purposes and will delete or anonymise all other data in accordance with these rules.

Your Rights

OBSERVE: Canadian privacy laws (including PIPEDA and substantially similar provincial regimes) and international standards inspired by GDPR provide individuals with rights over their personal information.

EXPAND: While this site targets Canadian users, our operators (Apollo Entertainment Ltd and Fresh Horizons Ltd) align with robust rights frameworks across jurisdictions, including EU/UK GDPR-style rights, to offer a high and consistent level of protection.

REFLECT: The rights set out below are subject to applicable legal limitations, including gambling, AML, and recordkeeping obligations.

Right of Access

• You may request confirmation of whether we hold personal information about you and obtain a copy of such information, along with explanations of:
  • What categories of data we hold.
  • The purposes for which we use it.
  • The categories of third parties with whom it is shared.

Right to Rectification (Correction)

• You have the right to ask us to correct inaccurate or incomplete personal information, such as outdated contact details or incorrect profile information.
• In some cases, we may need supporting documentation (e.g., updated proof of address) to verify requested corrections.

Right to Erasure (Deletion)

• You may request that we delete your personal information where:
  • It is no longer necessary for the purposes for which it was collected.
  • You withdraw consent (where processing was based on consent) and there is no other legal basis to continue processing.
  • You successfully object to processing based on legitimate interests and no overriding grounds exist.
• However, we may be unable to delete certain data if we are legally required to retain it for regulatory, AML, tax, or dispute-resolution purposes. In such cases, we will retain only what is strictly necessary and restrict its use.

Right to Restrict Processing

• You may ask us to restrict the processing of your data where:
  • You contest its accuracy (for the period we need to verify it).
  • Processing is unlawful and you prefer restriction over deletion.
  • We no longer need the data but you require it for legal claims.
  • You have objected to processing and we are considering whether our grounds override yours.

Right to Object

• You have the right to object at any time to:
  • Processing of your personal information for direct marketing; we will then stop using your data for this purpose.
  • Processing based on our legitimate interests, where your specific situation justifies such objection and we do not have compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Data Portability

• To the extent applicable under Canadian or comparable international standards, you may request a copy of certain personal information you provided to us in a structured, commonly used, and machine-readable format, and ask that we transfer it directly to another service provider where technically feasible and lawful.

Right to Withdraw Consent

• Where we rely on your consent (for example, for marketing communications or certain cookies), you may withdraw that consent at any time via account settings, unsubscribe links, or by contacting us. Withdrawal does not affect previous lawful processing but may limit some features or services.

Procedures, Timeframes, and Cost

• How to exercise your rights:
  • Contact us at [email protected] or [email protected], specifying:
    • Your full name, account username (if any), and jurisdiction (e.g., Ontario, other Canadian province).
    • The right(s) you wish to exercise and the data or processing concerned.
• Verification: For your protection, we may ask for additional information to verify your identity before acting on your request.
• Response time: We aim to respond to valid requests within 30 days of receipt. Complex or numerous requests may require an extension, in which case we will inform you of the delay and reason.
• Cost: We will handle your request free of charge, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar technologies are essential for providing secure, high-performing gaming services and for measuring and improving our site.

EXPAND: Some cookies are strictly necessary for technical operation and security; others support analytics and marketing and may require your consent.

REFLECT: The main categories of cookies used on quatrobet-ca.com are described below.

Types of Cookies

• Strictly Necessary (Functional) Cookies:
  • Required to operate the website and enable basic functions such as page navigation, secure login, and account management.
  • Without these cookies, the site cannot function properly. They are generally set in response to your actions, such as logging in or selecting privacy preferences.
• Preference Cookies:
  • Remember your choices, such as language settings, region, and display options.
  • Improve your experience by avoiding the need to re-enter preferences on every visit.
• Analytics and Performance Cookies:
  • Collect aggregated information on how visitors use our site, such as which pages are most visited, error messages, and overall performance metrics.
  • Help us improve site functionality, speed, and user experience.
• Advertising and Marketing Cookies:
  • Used to deliver more relevant advertisements to you, measure the effectiveness of marketing campaigns, and limit the number of times you see a particular ad.
  • May be set by us or by our advertising partners (third-party cookies) and may track your browsing activity across websites, in accordance with applicable law and your consent choices.

Session vs. Persistent Cookies

• Session cookies: Temporary cookies that exist only while your browser is open and are deleted when you close it. They support short-term operations such as maintaining a logged-in session.
• Persistent cookies: Remain on your device for a defined period or until you delete them. They support features such as remembering preferences and authentication tokens.

Managing Cookies

• Browser controls: Most browsers allow you to:
  • View, delete, or block cookies.
  • Set preferences for certain websites.
• On-site settings: Where available, we may provide a cookie banner or preferences panel enabling you to accept or reject non-essential cookies.
• Impact of disabling cookies: Disabling or blocking certain cookies may affect the functionality and performance of the site, and may prevent you from logging in or using specific features.

Data Security

OBSERVE: Operating a regulated online casino handling financial and identity data requires robust technical and organisational security controls.

EXPAND: Our operators, Apollo Entertainment Ltd and Fresh Horizons Ltd, must meet stringent standards set by gambling regulators and independent auditors such as eCOGRA, with practices aligned to internationally recognised information security frameworks.

REFLECT: We implement multi-layered security measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

Technical Security Measures

• Encryption in transit: Communications between your browser and our servers are protected using TLS (Transport Layer Security) version 1.2 or higher, helping ensure confidentiality and integrity during transmission.
• Encryption at rest: Sensitive data, including certain personal and transactional information, is encrypted when stored on our systems or databases, using industry-standard cryptographic algorithms.
• Access controls and authentication: Access to production systems and personal data is restricted on a need-to-know basis, protected by strong authentication mechanisms and role-based permissions. Where appropriate, multi-factor authentication is used for administrative access.
• Network and application security: Firewalls, intrusion detection/prevention systems, anti-malware tools, and secure coding practices are used to protect against common attack vectors and vulnerabilities.

Organisational and Operational Measures

• Security policies and training: Staff are subject to confidentiality obligations and receive regular training on data protection, information security, responsible gambling, and fraud prevention.
• Vendor and third-party management: We perform due diligence and enter into contracts with vendors requiring appropriate security and privacy controls, with periodic reviews and audits where relevant.
• Certification and audits: Our gaming systems, including random number generators and payout percentages, are independently tested and certified by eCOGRA and similar bodies. Security controls are designed to align with recognised standards (such as ISO 27001 or SOC 2 principles) where applicable.
• Incident response: We maintain incident detection and response procedures to identify, assess, and remediate security events. Where a data breach creates a real risk of significant harm or is otherwise legally notifiable, we will notify affected individuals and/or regulators in line with applicable law.

Complaints & Contacts

OBSERVE: Users must have clear channels to raise privacy questions or complaints and to escalate concerns to relevant authorities.

EXPAND: Our dispute resolution framework already involves internal review, eCOGRA (for certain markets), and regulatory escalation, which we complement with privacy-specific complaint handling.

REFLECT: We provide transparent, step-by-step procedures and contact points below.

Contacting Us About Privacy

• Primary privacy contact: Quatro Casino Data Protection Department
• Email (privacy and support): [email protected]
• Email (general enquiries): [email protected]

Internal Complaint Procedure

1. Submission: Send your privacy-related complaint or question to one of the email addresses above. Please include:
   • Your full name and account username (if applicable).
   • Details of your concern and any relevant dates or correspondence.
2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable.
3. Investigation: We will review your complaint, consult relevant teams (e.g., security, compliance, customer support), and gather necessary information.
4. Response timeframe: We aim to provide a substantive response within 30 days. If we cannot respond within that period, we will inform you of the delay and expected timeframe.
5. Further steps: If you are not satisfied with our response, you may seek independent advice or escalate to an appropriate regulator or oversight body, as applicable in your jurisdiction.

Escalation to Supervisory or Regulatory Authorities

• Canadian privacy regulators: Depending on your province and applicable law, you may bring your concerns to:
  • The Office of the Privacy Commissioner of Canada (OPC), for matters under federal PIPEDA.
  • A relevant provincial privacy commissioner where provincial regimes apply (e.g., Alberta, British Columbia, Quebec).
• Gambling regulators: For issues that overlap privacy and gambling regulation (e.g., use of data in responsible gambling or AML monitoring), you may contact:
  • Kahnawake Gaming Commission, for accounts under Fresh Horizons Ltd's Kahnawake licence.
  • Alcohol and Gaming Commission of Ontario (AGCO) and iGaming Ontario, for accounts under Apollo Entertainment Ltd's Ontario licence.
  • Malta Gaming Authority or UK Gambling Commission, where relevant to Apollo Entertainment Ltd's operations subject to their oversight.

Updates

OBSERVE: Legal, regulatory, and operational environments can change, requiring us to update this Privacy Policy periodically.

EXPAND: Changes may be driven by new Canadian privacy guidance, updates to Kahnawake or AGCO/iGO rules, technological developments, or alterations to our services.

REFLECT: We maintain version control, provide notice of material changes, and offer options if you do not agree with updates.

Notification of Changes

• We may update this Privacy Policy from time to time. The "Last updated" date at the end of this document indicates the version currently in effect.
• For material changes that significantly affect how we process your personal information or your rights, we will:
  • Provide prominent notice on the quatrobet-ca.com website (e.g., banner or pop-up).
  • Where appropriate, send you an email notification and/or account dashboard alert.
• For significant changes, we will, where practicable, give you at least 30 days' advance notice before the new terms take effect.

Your Options on Updates

• If you continue to use our services after the effective date of an updated Privacy Policy, you will be deemed to have accepted the changes, to the extent permitted by law.
• If you do not agree with a material change, you may:
  • Adjust your privacy or marketing preferences; and/or
  • Close your account and stop using our services. We will then apply our retention and deletion rules as described above.

Last updated: January 2026