burger icon
Sunrise Casino Canada
Log In

Privacy Policy

This Privacy Policy explains how Sunrise Casino, operated through the website sunrise-ca.com ("Sunrise Casino", "we", "us", "our"), collects, uses, discloses, and protects personal information of players and visitors located in Canada who access our website and related services. It applies to all users, including registered players, prospective players, and other visitors who interact with our website, customer support, or marketing communications. By using our services, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and replaces all previous versions.

Who We Are

OBSERVE: Users need to know who controls their data, where that entity is located, and how to contact it. We also need to identify a contact point for privacy matters.

EXPAND: Based on available information, Sunrise Casino forms part of the Virtual Casino Group (VCG) network and operates offshore for Canadian players via sunrise-ca.com, with corporate registration in Costa Rica and a claimed Curacao eGaming license. We must transparently explain that corporate and dispute jurisdiction is outside Canada, while still committing to robust privacy practices aligned with Canadian expectations.

REFLECT: We therefore provide clear operator identification, registration data, and a dedicated privacy contact channel.

Data Controller / Operator

For the purposes of this Privacy Policy, the entity responsible for the processing of your personal information in connection with Sunrise Casino and the website sunrise-ca.com is:

  • Corporate Group: Virtual Casino Group (VCG) network
  • Corporate Registration: Costa Rica Corporate ID: 3-102-824430
  • Operator Jurisdiction for Disputes: Costa Rica (as further described in our Terms and Conditions)
  • Gaming License Claim: Curacao eGaming Master License No. 1668/JAZ (sub-license claimed; public verification not reliably available and therefore treated as offshore/unregulated for practical privacy-law purposes)

Because certain address details are not publicly confirmed, we treat the above corporate identifier and jurisdiction as the primary contact anchor, while also offering electronic channels in line with international privacy best practices.

Privacy and Data Protection Contact

We have designated a privacy contact responsible for overseeing questions in relation to this Privacy Policy and our data handling:

  • Title: Data Protection Officer (DPO) / Privacy Department
  • Email (primary privacy contact): [email protected]
  • Email (alternative contact): [email protected]
  • Website: https://sunrise-ca.com

When contacting us about privacy, please indicate that your request concerns "Privacy / Personal Data" and include sufficient information to identify your account (e.g., username, registered email, and country as Canada).

What Personal Data We Collect

OBSERVE: Online gambling services must collect identification, financial, technical, and behavioral data to operate accounts, process payments, and meet anti-fraud and compliance duties.

EXPAND: For Canadian-targeted players, even though we operate offshore, we align with principles similar to Canadian federal privacy law (PIPEDA and substantially similar provincial laws) by limiting collection to what is necessary and clearly explaining categories and uses.

REFLECT: We group the data into logical categories so you can understand what we collect and why.

Identification and Contact Data

  • Account information: Full name, date of birth, username, password, security questions and answers.
  • Contact details: Email address, telephone number (where provided), country of residence (Canada) and province, preferred language.
  • Verification data (KYC): Copies or details of identification documents (e.g., passport, national ID, driving licence), proof of address (e.g., utility bill, bank statement), and other information we may request to verify your age, identity, and address.

Financial and Transaction Data

  • Payment details: Limited payment card data (card type, masked card number, expiry date), Interac or other Canadian payment method details, e-wallet identifiers, and associated billing information, as processed via our payment providers.
  • Transaction history: Deposits, withdrawals, chargebacks, bonuses claimed, loyalty points, and account balances.

Technical and Usage Data

  • Device and connection data: IP address, device identifiers, browser type and version, operating system, time zone setting, and approximate location derived from IP.
  • Log data: Login dates and times, session duration, pages viewed, clicks, referring/exit pages, and error logs.

Behavioral and Gaming Data

  • Gameplay information: Betting and wagering history, game selections, frequency and duration of play, wins and losses, bonus usage, and in-game decisions where relevant for responsible gambling analytics.
  • Interaction data: Communications with customer support (e.g., emails, chat logs), responses to surveys or promotions, preferences regarding limits or self-exclusion.

Cookies and Similar Technologies

  • Cookies: Small text files placed on your device that store preferences and enable core functionality (see "Cookies & Tracking Technologies" below).
  • Similar technologies: Web beacons, pixels, JavaScript tags, and device fingerprinting tools used for security, analytics, and marketing (where permitted).

Special Categories of Data

  • We do not intentionally collect sensitive categories of data (such as health data or religious beliefs). However, information about gambling behaviours and self-exclusion can indicate vulnerabilities and is therefore handled with heightened care and access controls.

Legal Basis for Processing

OBSERVE: Although Sunrise Casino operates offshore, we must clearly identify the legal grounds used to process personal data, reflecting international standards similar to the EU GDPR and Canadian consent and reasonableness principles.

EXPAND: Our main legal bases are: consent, performance of a contract, compliance with legal or regulatory obligations (including anti-fraud and AML expectations), and legitimate interests balanced against user privacy rights.

REFLECT: We articulate each basis with typical gambling-sector scenarios to provide practical clarity.

Consent

  • Account creation and marketing: When you register an account or sign up to receive promotional materials, you provide consent to the collection and use of your personal data for those purposes. You may withdraw marketing consent at any time (see "Your Rights").
  • Cookies and analytics: For non-essential cookies and certain analytics or advertising tools, we rely on your consent where required by applicable law. You can manage cookie preferences as described below.

Performance of a Contract

  • Service delivery: We process your data to create and manage your account, verify your identity and age, enable deposits and withdrawals, perform payments, provide games, apply bonuses, and deliver customer support.
  • Account security: We use authentication and security logs to maintain the technical and transactional integrity of your account.

Compliance with Legal and Regulatory Obligations

  • KYC/AML expectations: In line with widely recognised anti-money laundering (AML), counter-terrorist financing, and fraud-prevention standards, we may request and store identification and transaction data for extended periods.
  • Record-keeping and reporting: We may retain and, where required, disclose data to authorities or regulators in relevant jurisdictions (e.g., Costa Rica, Curacao, or other competent authorities) in connection with suspected unlawful activity or compliance checks.

Legitimate Interests

  • Improving our services: We analyse aggregated and pseudonymised data to improve website performance, game offerings, and user experience for Canadian players.
  • Fraud prevention and network security: We monitor accounts and transactions to prevent fraud, misuse, and security breaches, balancing these interests against your privacy expectations.
  • Direct marketing to existing customers: We may send offers regarding similar products and services to existing players, subject to your right to object or opt out at any time.

Regional compliance note: For Canadian users, we endeavour to align these bases with Canadian privacy law concepts of meaningful consent and reasonable purposes, ensuring that our collection, use, and disclosure of personal information is limited to what a reasonable person would consider appropriate in the circumstances.

Purpose of Processing

OBSERVE: Users require a clear explanation of why data is processed to assess appropriateness and consent.

EXPAND: For Sunrise Casino, purposes span from providing core gambling services to risk management, marketing, and compliance with offshore regulatory frameworks, while respecting Canadian expectations for transparency.

REFLECT: We organise purposes by functional area and link them to practical examples.

Service Provision and Account Management

  • To register you as a player, manage your account, and provide access to games and related features.
  • To process deposits, withdrawals, and other financial transactions in CAD and other supported currencies.
  • To provide customer support, respond to inquiries, and resolve technical or account-related issues.

Verification, Security, and Compliance

  • To verify age and identity, confirm your eligibility to use our services, and prevent underage gambling.
  • To meet applicable standards relating to AML, fraud prevention, and detection of suspicious activity.
  • To enforce our Terms and Conditions, protect our rights, and manage disputes.

Personalisation and Service Improvement

  • To analyse gaming and usage behaviour to enhance our website, optimize game offerings, and improve usability for Canadian players.
  • To tailor content, bonuses, and recommendations based on your preferences, gameplay history, and responsible gambling indicators.

Marketing, Promotions, and Analytics

  • To send promotional communications, offers, newsletters, and loyalty program updates, subject to your preferences and applicable law.
  • To conduct analytics and performance measurement, including monitoring campaign effectiveness and user engagement on sunrise-ca.com.
  • To segment users for targeted offers, where permitted, while allowing you to opt out at any time.

Risk Management and Fraud Prevention

  • To detect and prevent fraud, abuse, bonus misuse, collusion, money laundering, and other unlawful or harmful activities.
  • To maintain the integrity and security of our gaming platform and financial systems.

Disclosure & Sharing

OBSERVE: Players need to know with whom their data may be shared, for which purposes, and under what safeguards.

EXPAND: Operating offshore for Canadian customers requires particular clarity around payment partners, technical service providers, affiliates, and regulatory or law enforcement requests, including potential international transfers.

REFLECT: We specify categories of recipients and the conditions under which data is disclosed.

Payment and Financial Partners

  • Payment processors and banks: We share necessary payment-related data with banks, card schemes, Interac providers, e-wallets, and other financial institutions to process deposits, withdrawals, and chargebacks.
  • Fraud and risk management providers: We may use specialised services to assess transaction risk, verify identity, and detect fraud.

Technical and Operational Service Providers

  • IT and hosting providers: Companies that host our servers, maintain our IT infrastructure, and provide security services.
  • Customer support tools: Platforms that manage tickets, live chat, or email routing for customer service.
  • Analytics providers: Third parties that provide web analytics and performance measurement, subject to appropriate safeguards and, where required, your consent.

Affiliates and Marketing Partners

  • Affiliate networks: Partners who promote Sunrise Casino via sunrise-ca.com and other channels may receive limited, pseudonymised information for tracking conversions and commissions.
  • Advertising networks: Where allowed and with your consent if required, we may work with ad networks and remarketing partners using cookies and similar technologies to present tailored offers.

Regulators, Authorities, and Legal Recipients

  • Regulatory bodies and law enforcement: We may share data with competent authorities in Costa Rica, Curacao, or other jurisdictions if we are required to do so by law, court order, or when necessary to investigate suspected unlawful activity.
  • Professional advisers: Lawyers, auditors, and consultants who require access to such data for advisory, legal defence, or audit purposes, subject to confidentiality obligations.

Corporate Transactions

  • In the event of a merger, acquisition, asset sale, or reorganisation involving Sunrise Casino or the Virtual Casino Group network, your data may be transferred to the relevant successor entity, subject to appropriate safeguards and continued protection consistent with this Privacy Policy.

General Principles on Sharing

  • We do not sell your personal information as a stand-alone commercial product.
  • We only disclose what is reasonably necessary for the recipient to perform their services or duties.
  • We take steps to ensure that recipients protect your information to standards comparable to those described here.

International Transfers

OBSERVE: Our operations and many of our partners are located outside Canada, requiring cross-border data transfers.

EXPAND: While not formally subject to GDPR as a controller established in the EU, we align with widely recognised safeguards for international transfers, especially when data may be stored or processed in jurisdictions with different privacy regimes.

REFLECT: We explain likely transfer destinations and the measures we adopt to mitigate risks.

Locations of Processing

  • Your personal data may be stored and processed on servers located in Costa Rica, Curacao, the European Union/European Economic Area (EU/EEA), the United States, or other countries where our group companies, hosting providers, or service providers operate.
  • Because we target players in Canada from an offshore environment, your data will typically leave Canada for processing in one or more of these jurisdictions.

Transfer Safeguards

  • Contractual protections: Where appropriate, we use contractual clauses modelled on internationally recognised standards (such as EU Standard Contractual Clauses) to require service providers to protect your data.
  • Technical and organisational measures: Encryption, access controls, and strict internal permissions limit the risk of unauthorised access, regardless of location.
  • Vendor due diligence: We assess the security posture and privacy practices of our key providers before engaging them.

By using our services, you understand that your personal information may be transferred to and processed in countries outside Canada, where privacy laws may differ, but where we will take reasonable steps to ensure a level of protection consistent with this Privacy Policy.

Data Retention

OBSERVE: Gambling operators must keep some records for extended periods for AML, dispute handling, and tax or auditing purposes, but should not retain data longer than necessary.

EXPAND: For Canadian players, retention practices should respect data minimisation and reasonableness principles while reflecting offshore regulatory expectations.

REFLECT: We describe typical retention periods by category and explain deletion or anonymisation criteria.

General Retention Principles

  • We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including for the purposes of satisfying legal, accounting, or reporting requirements and resolving disputes.
  • When we no longer need personal data, we will either securely delete or anonymise it so that it can no longer be associated with you.

Indicative Retention Periods

  • Account and identification data: Typically retained for the duration of your account and for up to five (5) years after closure, to address disputes, comply with AML expectations, and respond to regulatory or legal inquiries.
  • Financial and transaction data: Transaction records, including deposits, withdrawals, bonuses, and balance history, are usually kept for at least five (5) to seven (7) years from the date of the relevant transaction, depending on legal and audit requirements.
  • Technical logs and security data: Security logs and system records are generally retained for one (1) to three (3) years, unless a longer period is required for investigation or legal purposes.
  • Marketing data: Information used solely for marketing will be retained until you withdraw your consent or object to such processing, or until it becomes outdated based on our internal criteria (for example, if the email repeatedly bounces or the account is inactive for a prolonged period).

Deletion and Anonymisation Criteria

  • Upon expiry of the applicable retention period, we will securely delete or irreversibly anonymise the data, unless we are legally required or permitted to keep it longer.
  • Where feasible, we minimise information retained after account closure, especially for marketing and profiling purposes.

Your Rights

OBSERVE: Various jurisdictions, including the EU under GDPR and other advanced privacy regimes, provide individuals with robust data rights. Canadian expectations also favour transparency, access, and correction, and the user instructions require alignment with GDPR-style rights and a reference to Mexican law for completeness.

EXPAND: Even though Sunrise Casino operates offshore and is not formally established in the EU or Mexico, we voluntarily recognise a set of rights modelled on GDPR Articles 12 - 23 and comparable principles in other modern privacy frameworks (such as Mexico's Federal Law on Protection of Personal Data Held by Private Parties - "LFPDPPP"), to provide a high standard of protection to our users.

REFLECT: We outline each right, how to exercise it, applicable limitations, response times, and cost-free access conditions.

Overview of Your Rights

  • Right of access: To obtain confirmation whether we process your personal data and to receive a copy, along with information about how we use it.
  • Right to rectification: To request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): To request deletion of your personal data in specific circumstances (for example, when it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal ground for processing).
  • Right to restriction of processing: To request that we limit our processing of your data under certain conditions (e.g., while a dispute about accuracy or lawfulness is being resolved).
  • Right to object: To object to processing based on our legitimate interests, including profiling, and to object at any time to direct marketing.
  • Right to data portability: To receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible and applicable.
  • Right to withdraw consent: Where processing is based on consent (e.g., marketing or certain cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.

Note on Mexican Law Reference: Although Sunrise Casino does not specifically target residents of Mexico, we recognise principles similar to those found in Mexico's LFPDPPP, including rights of access, rectification, cancellation, and opposition (often referred to as "ARCO" rights). Our processes for Canadian players are designed to be broadly compatible with those standards as well, by allowing comparable requests regarding your personal data.

How to Exercise Your Rights

  • Contact channels: You may exercise your rights by contacting our DPO/Privacy Department at [email protected] or [email protected], clearly marking your email with "Privacy Request - Canada".
  • Information to provide: Include your full name, registered username, the email associated with your account, your country (Canada), and a clear description of the right you wish to exercise.
  • Verification: We may request additional information or documentation to verify your identity and ensure that we do not disclose data to an unauthorised person.

Timeframes and Cost

  • Response time: We aim to respond to all valid requests within 30 days of receipt, in line with GDPR-like standards. If your request is particularly complex or we receive numerous simultaneous requests, we may extend this period by a further 30 days, but we will inform you of any extension and the reasons for it.
  • Fees: We will not charge you any fee for exercising your rights, unless your request is manifestly unfounded or excessive (for example, repetitive requests without justification). In such cases, we may charge a reasonable fee or refuse to act on the request.

Limitations

  • Some rights are not absolute and may be subject to restrictions under applicable law or legitimate interests. For example, we may retain certain records despite an erasure request where we must comply with legal obligations (e.g., AML record-keeping, dispute resolution, fraud prevention) or where we need the data to establish, exercise, or defend legal claims.
  • If we cannot fully comply with your request, we will provide an explanation of the reasons, subject to any legal or regulatory constraints.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar tools are essential for the functionality and performance of sunrise-ca.com and for marketing and analytics.

EXPAND: For Canadian players, we explain the categories, purposes, and control options, aligning with best practices on transparency and consent for non-essential cookies.

REFLECT: We classify cookies and describe how you can manage them.

Types of Cookies We Use

  • Strictly necessary (session) cookies: These cookies are essential for operating the website and enabling basic features such as logging in, maintaining session state, and ensuring transactional security. They are usually session cookies that expire when you close your browser.
  • Functional cookies: These may be session or persistent cookies that remember your choices and preferences (for example, language selection, saved login preferences where enabled, and display settings) to enhance your experience.
  • Analytics and performance cookies: These cookies (often third-party) collect information about how visitors use our site, such as which pages are visited most often and error messages encountered. We use this data to improve functionality and user experience.
  • Advertising and targeting cookies: These cookies, often set by us and our advertising partners, track your browsing and gaming behaviour on sunrise-ca.com and, in some cases, across other websites, to deliver targeted advertising and measure campaign effectiveness, subject to your consent where required.

Other Tracking Technologies

  • We may use web beacons, pixels, and JavaScript tags in emails or on our site to understand how you interact with our communications and pages, such as whether you have opened a promotional email or clicked on a particular link.

Managing Cookies

  • Browser settings: Most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. Refer to your browser's help section for instructions.
  • On-site controls: Where available, our website may present a cookie banner or preference centre allowing you to manage non-essential cookies (such as analytics and advertising cookies).
  • Impact of disabling cookies: If you disable certain cookies, particularly strictly necessary or functional cookies, parts of the website may not function properly, and you may not be able to use all features.

Data Security

OBSERVE: Online gambling involves financial transactions and sensitive behavioural data, making robust security measures essential.

EXPAND: We must implement technical and organisational measures, including modern encryption, access controls, staff training, and incident response, and communicate them clearly without revealing sensitive internal details.

REFLECT: We describe our multi-layered approach and references to internationally recognised standards.

Technical Measures

  • Encryption in transit: Data transmitted between your browser and sunrise-ca.com is protected using Transport Layer Security (TLS) version 1.2 or higher, helping to prevent interception or tampering.
  • Encryption at rest: Where technically feasible, we encrypt sensitive data (such as authentication credentials and certain financial-related information) when stored.
  • Access controls: Systems and databases are protected by layered authentication and authorisation mechanisms, ensuring that only authorised personnel with a legitimate business need can access personal information.
  • Multi-factor authentication (MFA): We utilise MFA and similar controls for privileged administrative access to critical systems.

Organisational Measures

  • Security policies: We maintain internal policies and procedures covering data protection, information security, acceptable use, and incident management.
  • Staff training: Employees and contractors with access to personal data receive training on confidentiality, data protection obligations, and secure handling of information.
  • Vendor management: We select third-party service providers that can demonstrate appropriate security measures and, where relevant, align with recognised standards such as ISO 27001 or SOC 2.

Monitoring, Testing, and Incident Response

  • Regular assessments: We perform ongoing monitoring and periodic security reviews or audits of our infrastructure and applications to identify and mitigate vulnerabilities.
  • Incident response: We maintain procedures for detecting, managing, and responding to suspected personal data breaches, including containment, investigation, and mitigation measures.
  • Notification: Where required by applicable law, we will notify you and/or relevant authorities of a personal data breach that is likely to result in a significant risk of harm to you.

No system can be guaranteed to be completely secure, but we are committed to continually improving our security posture in line with industry best practices.

Complaints & Contacts

OBSERVE: Users need clear mechanisms to raise privacy concerns, seek clarification, or lodge complaints, as well as escalation routes to supervisory authorities.

EXPAND: While our primary corporate jurisdiction is Costa Rica and we operate offshore, we acknowledge that Canadian players may wish to contact both us and, in some cases, privacy regulators in their home jurisdiction or in other relevant regions. The instruction also calls for reference to Mexican and EU authorities as comparators.

REFLECT: We provide a layered complaints process, including internal handling and external escalation options.

Contacting Us with Questions or Complaints

Complaint Procedure

  1. Step 1 - Submit your complaint: Send us a detailed description of your concern via email, including your account details, relevant dates, and copies of any supporting documentation.
  2. Step 2 - Acknowledgement: We will acknowledge receipt of your complaint within five (5) business days, providing you with a reference number where applicable.
  3. Step 3 - Investigation: Our Privacy Department will investigate your complaint, which may involve consulting technical, customer support, or compliance teams.
  4. Step 4 - Response: We will aim to provide a substantive response within 30 days of receiving your complaint. If we require more time due to complexity, we will inform you of the delay and expected resolution timeframe.
  5. Step 5 - Further steps: If you are not satisfied with our response, you may request that your complaint be escalated internally or consider contacting a relevant supervisory authority, as described below.

Escalation to Supervisory Authorities

Depending on your location and the circumstances of your complaint, you may have the right to lodge a complaint with a data protection or privacy authority. Examples include:

  • Canada: Office of the Privacy Commissioner of Canada (OPC), or applicable provincial privacy commissioners (for example, in Alberta, British Columbia, or Quebec). You can find contact details and complaint procedures on their official websites.
  • Mexico (reference jurisdiction): The National Institute for Transparency, Access to Information and Personal Data Protection (INAI) oversees compliance with Mexico's Federal Law on Protection of Personal Data Held by Private Parties. Information is available at https://home.inai.org.mx/.
  • European Union (reference jurisdiction): If you are in the EU or EEA, you may contact the data protection authority in your country of residence. Contact details are listed on the European Data Protection Board's website at https://edpb.europa.eu/.

Please note that which authority is competent to handle a complaint will depend on your location, the nature of the processing, and the applicable laws. We encourage you to contact us first to allow us an opportunity to address your concerns directly.

Updates

OBSERVE: Privacy policies must evolve over time as services, technologies, and laws change.

EXPAND: For Canadian players using Sunrise Casino via sunrise-ca.com, we commit to transparent and timely notification of significant changes, including advance notice for material alterations and clear versioning.

REFLECT: We set out how and when changes will be communicated and what options you have.

Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal requirements, or privacy practices.
  • Each version will be identified by a "Last updated" date at the bottom of the document.

Notification of Material Changes

  • Advance notice: Where we make material changes that significantly affect how we process your personal data (for example, expanding types of data collected or introducing new categories of recipients), we will provide you with prior notice of such changes, generally at least 30 days before they take effect, unless immediate implementation is required by law or security needs.
  • Notification channels: We may notify you through one or more of the following:
    • Email sent to the address associated with your account;
    • Prominent banners or notices on the sunrise-ca.com website;
    • Alerts or messages within your player account dashboard, where available.

Your Options Following Updates

  • If you continue to use our services after the effective date of the updated Privacy Policy, you will be deemed to have accepted the changes, subject to applicable law.
  • If you do not agree with the changes, you may object where such objection is available under applicable law and/or request closure of your account and deletion or restriction of your data, subject to our retention obligations.

Last updated: January 2026