burger icon
Spinsy Review Canada
Log In

Privacy Policy

This Privacy Policy explains how Spinsy (the "Website") collects, uses, discloses, and protects personal information when you visit https://spinsy-bet.ca or interact with our content. It is needed to help you understand what information may be processed, why it is processed, and what choices and rights you have under applicable Canadian privacy laws and generally accepted industry standards. This policy applies to website visitors and users who contact us through available channels. Effective date: 6 November 2026.

Who We Are

OBSERVE: Spinsy is a review/information website published for the spinsy-bet.ca domain. The source data available to us does not provide verified, complete legal-entity identity details (full legal name, registered address, company registration number, tax ID) for the website publisher or a designated Data Protection Officer ("DPO"). The only entities mentioned in the research context are Rabidi N.V. and Adonio N.V., described as part of an offshore operator network associated with the Spinsy brand; however, these entities are not confirmed as the legal publisher/controller for spinsy-bet.ca in the provided materials.

EXPAND: Under Canadian privacy expectations (including PIPEDA and substantially similar provincial private-sector laws), users should be able to identify the organization responsible for personal information and have a direct contact route. Where identity details are unavailable, the policy must (a) state the limitation transparently, (b) describe how users can still submit privacy requests, and (c) commit to updating the policy when verified corporate/contact information becomes available.

REFLECT: Until verified controller details are published on spinsy-bet.ca, we treat Spinsy as the site section/content project name and we provide the following privacy contact route for requests and complaints. If you require the legal name/address of the site publisher, please submit a request and we will provide the currently available corporate details (if any) or confirm that they are not available.

  • Website: https://spinsy-bet.ca (official site targeting Canada; grey-market operator for Canadian players per available notes)
  • Privacy contact (Data Protection Department / DPO mailbox): Not specified in provided source data
  • Phone: Not specified in provided source data
  • Online contact form: Not specified in provided source data
  • Postal address: Not specified in provided source data

Regional compliance note (Canada): If you are located in Canada, you may also have rights and complaint options with the Office of the Privacy Commissioner of Canada ("OPC"). See the "Complaints & Contacts" section for escalation information.

What Personal Data We Collect

OBSERVE: Spinsy is an informational/review website on spinsy-bet.ca. Typical operations involve analytics, security logging, optional newsletter/contact interactions, and affiliate/outbound links. The available source data does not list dedicated emails/forms; therefore, collection may occur primarily via technical means (logs/cookies) and any channels that may be added on-site later.

EXPAND: To meet Canadian transparency requirements and common ad/affiliate ecosystem expectations, we must clearly describe categories of personal information that may be collected automatically (device identifiers, IP, cookie IDs), provided by you (name/email), and derived (usage profiles), and clarify that payment card data is generally not processed by a review site unless a paid feature exists.

REFLECT: We may collect the following categories depending on how you use spinsy-bet.ca:

  • Identity & contact data: full name, username, email address, and phone number only if you voluntarily submit them (for example, via a newsletter signup or message feature if made available on-site).
  • Technical data: IP address, approximate location derived from IP (city/region), device type, operating system, browser type and version, language preferences, referral/exit pages, timestamps, and diagnostic log data.
  • Usage & behavioural data: page views, scroll and click interactions, link interactions (including outbound affiliate links), time spent on pages, and content preferences inferred from browsing behaviour on our site.
  • Cookie and similar technology data: cookie identifiers, SDK/pixel identifiers, and local storage items used for site functionality, analytics, and (where enabled) advertising/measurement.
  • Payment data: Spinsy does not intend to collect payment card numbers. If any paid feature is introduced in the future, payment processing would typically be handled by third-party processors; we would update this policy before such processing begins.
  • Sensitive information: we do not intentionally collect sensitive information (e.g., government IDs, health data). Please do not submit such information to spinsy-bet.ca.

Legal Basis for Processing

OBSERVE: Canada's private-sector privacy framework generally relies on meaningful consent, reasonableness, and limited exceptions (e.g., security, fraud prevention). The section request also includes GDPR-style legal bases; we align conceptually while keeping Canadian legal framing primary for CA visitors.

EXPAND: Because the site may use cookies/advertising technologies and may serve users outside Canada, it is prudent to describe: consent (express/implied), contractual necessity (where a feature is requested), legitimate interests (security/analytics), and legal obligations (record-keeping, responding to lawful requests). We must also disclose that Spinsy is described as grey-market and not regulated by iGaming Ontario; users should understand that clicking outbound links may take them to offshore-regulated environments with different protections.

REFLECT: We rely on the following grounds to process personal information, as applicable and permitted by law:

  • Consent: where you provide information to us, accept non-essential cookies (where offered), subscribe to updates, or otherwise agree to processing. You can withdraw consent for optional processing (e.g., marketing) at any time.
  • Contract / requested service: to provide site features you request (for example, delivering a newsletter you opted into, responding to an inquiry, or applying cookie preferences).
  • Legitimate interests / reasonable purposes: to operate, secure, and improve spinsy-bet.ca, measure content performance, prevent abuse and fraud, and maintain the integrity of our systems - balanced against your privacy rights.
  • Legal obligations: to comply with applicable laws and lawful requests, including maintaining records necessary to demonstrate compliance and to address security incidents.

Purpose of Processing

OBSERVE: The site's functions are informational and may include affiliate tracking, analytics, and security. The requested purposes include marketing mailings, analytics, and fraud prevention.

EXPAND: For Canadian compliance and ad-tech norms, we should separate essential site operations from optional marketing/advertising and clarify that outbound links lead to third parties with their own practices.

REFLECT: We use personal information for the following purposes:

  • Providing and operating the website: deliver pages, ensure technical functionality, remember preferences, and administer basic site features.
  • Quality and service improvement: diagnose errors, improve content relevance (including casino review content for Spinsy on spinsy-bet.ca), and optimize performance and accessibility.
  • Analytics and measurement: understand how visitors use the site, which pages are effective, and how traffic arrives (including affiliate/referral measurement where applicable).
  • Marketing communications (optional): send newsletters or updates only if you opt in and where a signup mechanism exists on spinsy-bet.ca.
  • Security and fraud prevention: protect against bot activity, malicious traffic, abusive behaviour, and unauthorized access attempts.
  • Compliance and dispute handling: respond to privacy requests, maintain audit trails, and handle complaints.

Regional compliance note (Canada / gambling context): Available notes indicate Spinsy is a grey-market operator for Canadian players and is not regulated by iGaming Ontario. Our website does not provide iGaming Ontario consumer protections; when you click outbound links you are subject to the destination site's terms and privacy practices.

Disclosure & Sharing

OBSERVE: The section requires disclosures to payment partners, service providers, regulators, affiliates, and advertising networks (with consent). The available dataset highlights affiliate/brand context and lacks direct contact details.

EXPAND: We must describe categories of recipients and the triggers for sharing, including: hosting/CDNs, analytics providers, security vendors, affiliate networks, and legal/regulatory disclosures. We must clarify that we do not "sell" personal information in the conventional sense, but advertising identifiers may be shared with third parties depending on cookie choices and applicable law.

REFLECT: We may disclose personal information to the following categories of recipients, only as needed for the purposes described above:

  • Service providers (processors): website hosting, content delivery networks (CDNs), analytics providers, performance monitoring, email delivery tools (if used), and security/anti-abuse vendors, under contractual confidentiality and security obligations.
  • Affiliate and referral partners: where you click an outbound link, limited tracking data (e.g., a referral identifier, timestamp, device/cookie identifiers) may be shared to attribute the referral and measure campaign performance.
  • Advertising and measurement partners (where enabled): third-party tags/pixels may receive device identifiers and cookie data for advertising delivery and measurement subject to your consent choices where required.
  • Regulators, law enforcement, and courts: when required by applicable law or lawful process, or to protect rights, safety, and security.
  • Corporate transactions: if the website publisher undergoes a merger, acquisition, or asset sale, information may be transferred subject to appropriate safeguards and notice where required.

International Transfers

OBSERVE: The site targets Canada but may use international service providers; the research context references offshore jurisdictions (Curaçao, Philippines, Cyprus, Marshall Islands) linked to the broader operator network. The section asks for transfer regions and safeguards.

EXPAND: Under Canadian law, cross-border transfers are permitted but require transparency about foreign processing and the risk that foreign authorities may access data. We should describe safeguards (contractual clauses, vendor due diligence) and clarify that "Privacy Shield" is not a reliable universal mechanism; instead use contractual protections and risk assessments.

REFLECT: Your information may be processed in countries other than Canada where we or our service providers operate infrastructure. This may include, for example, the United States and/or other jurisdictions where hosting, analytics, security, and advertising partners maintain servers. In addition, outbound links from spinsy-bet.ca may take you to third-party websites that process data in jurisdictions referenced in our research context for the broader brand ecosystem (including Curaçao and potentially the Philippines, as licensing is described as claimed/in transition for certain network brands), but those third parties control their own processing.

  • Safeguards we apply: contractual data-protection terms (including, where relevant, standard contractual clauses or equivalent vendor addenda), vendor security due diligence, access controls, and data minimization.
  • Transparency for Canadians: foreign processing may be subject to lawful access requests by authorities in those jurisdictions. By using spinsy-bet.ca, you understand your data may be transferred and processed outside Canada.

Data Retention

OBSERVE: The prompt asks for retention periods per category (example: no more than 5 years after account closure). This site is a review website and may not have user accounts; retention must be purpose-based and reasonable.

EXPAND: We should specify retention by data class (logs, analytics, marketing lists, request records) and deletion criteria (request, expiry, purpose completion). For compliance, keep privacy-request logs longer to demonstrate compliance.

REFLECT: We retain personal information only as long as necessary for the purposes described in this policy, then delete or de-identify it unless retention is required by law or for legitimate compliance needs.

  • Server/security logs (IP, user agent, timestamps): typically retained for up to 12 months, unless needed longer to investigate security incidents or abuse.
  • Analytics data: typically retained for up to 26 months (or shorter if configured), often in aggregated or pseudonymous form depending on the tool.
  • Cookie identifiers: retained according to cookie lifetimes (session cookies expire when you close the browser; persistent cookies typically expire within up to 24 months unless you delete them earlier).
  • Marketing subscription data (if you opt in): retained until you unsubscribe, then placed on a suppression list for up to 24 months to respect your opt-out.
  • Privacy requests and complaint records: retained for up to 5 years after closure of the request to demonstrate compliance and handle follow-ups.

Deletion criteria: we delete or de-identify information when (a) it is no longer needed for the stated purposes, (b) you validly request deletion where applicable, (c) you withdraw consent for optional processing and no other lawful basis applies, or (d) retention periods expire.

Your Rights

OBSERVE: The prompt requests "detailed GDPR and Mexican privacy law alignment" and references Mexican regulations, while the target jurisdiction is Canada. We must not mislead: present Canadian rights as primary, and provide an "alignment" explanation as a best-practice overlay for users who may be in other regions, without claiming we are subject to GDPR/Mexico in all cases.

EXPAND: Provide rights list: access, correction, deletion, restriction, objection, portability, withdrawal of consent; include procedures, 30-day response, free-of-charge, identity verification, authorized agent. For Mexico: reference LFPDPPP and ARCO rights; for GDPR: note applicability if EEA users/targeting occurs.

REFLECT: Depending on where you live and how our processing is characterized, you may have the following rights. For visitors in Canada, these rights are grounded primarily in PIPEDA and substantially similar provincial private-sector laws, and reflect widely adopted privacy best practices.

  • Access: request access to personal information we hold about you and receive an explanation of how it is used and disclosed.
  • Correction: request correction of inaccurate or incomplete personal information.
  • Deletion / de-identification: request deletion or de-identification where appropriate (for example, where information is no longer necessary or where consent has been withdrawn), subject to legal and security exceptions.
  • Withdrawal of consent: withdraw consent for optional processing (e.g., marketing emails, non-essential cookies where offered). Withdrawal does not affect prior lawful processing.
  • Objection / opt-out of certain processing: object to certain uses, particularly direct marketing, and manage cookie preferences as described below.
  • Data portability (best-practice alignment): where technically feasible, request a copy of information you provided to us in a commonly used format.
  • Restriction (best-practice alignment): request that we limit processing in certain circumstances (e.g., while a correction request is being assessed).

How to Exercise Your Rights (Procedure)

  1. Submit a request: send your request through the contact channel published on spinsy-bet.ca. Note: the source data provided to us did not include a privacy email, phone number, or contact form; if none is displayed on-site, you may use any "Contact" method available on spinsy-bet.ca and clearly write "Privacy Request".
  2. Verify identity: we may request reasonable information to confirm your identity (to protect you from unauthorized access). We will not request excessive information.
  3. Response timeframe: we aim to respond within 30 days. If an extension is needed due to complexity, we will inform you of the reason and expected timeline.
  4. Fees: requests are generally handled free of charge. If a fee is permitted and necessary (e.g., unusually large requests), we will notify you in advance.
  5. Authorized agent: you may appoint an authorized representative, subject to verification of authority and identity.

GDPR and Mexico (LFPDPPP) Alignment Clarification

  • GDPR alignment (EEA/UK visitors): where GDPR/UK GDPR applies, comparable rights may include access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority. We apply similar operational practices (e.g., 30-day target response) as a best-practice standard.
  • Mexico alignment (LFPDPPP / ARCO): if you are in Mexico, you may have ARCO rights under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Access, Rectification, Cancellation, and Opposition). We aim to handle such requests using the same process described above, subject to verification and lawful exceptions.

Cookies & Tracking Technologies

OBSERVE: The prompt requires cookie types and management options. The site likely uses analytics and may use affiliate/advertising tags.

EXPAND: Provide clear categories: functional, analytics, advertising; session/persistent/third-party; describe consent management and browser controls, and note that disabling may affect functionality.

REFLECT: We use cookies and similar technologies (e.g., pixels, tags, local storage) to operate spinsy-bet.ca, measure performance, and (where enabled) support advertising and affiliate attribution.

Types of Cookies

  • Session cookies: temporary cookies that expire when you close your browser; used for core site operation and basic navigation.
  • Persistent cookies: remain on your device until they expire or you delete them; used to remember preferences and measure returning visits.
  • Third-party cookies/tags: set by external providers (e.g., analytics, advertising, affiliate measurement) to help measure traffic and campaign performance.

Purposes

  • Strictly necessary / functional: enable core functionality, security features, and preference storage.
  • Analytics: help us understand site usage and improve content and performance.
  • Advertising / measurement (where enabled): help limit repetitive ads, measure effectiveness, and attribute referrals, subject to applicable consent requirements.

How to Manage Cookies

  • Browser controls: you can delete cookies and manage cookie settings in your browser (blocking some cookies may affect site functionality).
  • On-site settings: if spinsy-bet.ca provides a cookie banner or preference center, you can update choices there at any time.
  • Opt-out tools (third party): some analytics/advertising providers offer opt-out mechanisms; where relevant, we recommend using official provider opt-outs in addition to browser controls.

Data Security

OBSERVE: The prompt requires specific controls (TLS 1.2+, encryption at rest/in transit, MFA, audits, training, incident response) and mention of ISO 27001/SOC 2 where applicable. The source data does not confirm certifications; we must present them as "where applicable" rather than claiming compliance.

EXPAND: Canadian expectations include safeguards appropriate to sensitivity. Even for a review site, security logging, access controls, vendor management, and incident response are necessary. We should avoid overpromising and clarify residual risk.

REFLECT: We implement administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification.

  • Encryption in transit: we aim to use TLS 1.2+ (or higher) to protect data transmitted between your device and our servers.
  • Encryption at rest (where applicable): sensitive data stored in systems we control is encrypted or protected with industry-standard mechanisms where feasible and appropriate.
  • Access controls: role-based access, least-privilege principles, and logging of administrative access to production systems.
  • Multi-factor authentication (MFA): used where supported for administrative accounts and critical tooling.
  • Secure development and change management: routine patching, dependency updates, and configuration management to reduce vulnerabilities.
  • Vendor risk management: we select reputable service providers and use contractual protections and security reviews appropriate to the service risk.
  • Security audits and monitoring: periodic reviews and monitoring for suspicious activity; third-party assessments may be used depending on scale and provider offerings.
  • Staff training: personnel with access to systems are trained on confidentiality, phishing awareness, and incident reporting.
  • Incident response: documented procedures to triage, contain, investigate, and remediate incidents, and to provide notices where required by law.
  • Standards alignment (where applicable): we may rely on service providers that maintain security programs aligned with recognized frameworks such as ISO/IEC 27001 and/or SOC 2; availability depends on the specific vendor and service used.

Residual risk: no method of transmission or storage is completely secure. You use the internet at your own risk, and we encourage you to use up-to-date devices and browsers.

Complaints & Contacts

OBSERVE: The prompt asks for DPO contact details, forms, postal address, step-by-step complaint procedure, response times, and escalation to Mexican and EU authorities with direct contact info. Our dataset lacks direct contact details; we must clearly state that and still provide external authority contacts (OPC, INAI, EU EDPB list entry point).

EXPAND: Provide an internal process even without explicit email: direct users to any available site contact method and require "Privacy Complaint" subject line; provide timelines and escalation. Include Canadian OPC as primary for CA; include INAI (Mexico) and EU authority directory as requested.

REFLECT: If you have questions, concerns, or complaints about privacy on spinsy-bet.ca (Spinsy), you may contact us and/or escalate to the appropriate authority.

How to File a Complaint With Us

  1. Contact us: use the contact channel published on spinsy-bet.ca. Important: the source data provided for this project did not include a DPO email, phone number, contact form, or postal address. If multiple contact options exist on-site, choose the one intended for general inquiries and write "Privacy Complaint" in the subject/message.
  2. Include details: describe what happened, relevant dates, pages involved, and what outcome you seek (access, correction, deletion, opt-out, or explanation).
  3. Identity verification: we may request limited information to confirm your identity before disclosing or changing personal information.
  4. Response time: we aim to acknowledge complaints within 7 days and provide a substantive response within 30 days, or explain any needed extension.
  5. Resolution: we will investigate, document findings, and take reasonable corrective actions where appropriate.

Escalation (Supervisory/Regulatory Authorities)

  • Canada - Office of the Privacy Commissioner of Canada (OPC):
    Website: https://www.priv.gc.ca/en/
    Complaint information: https://www.priv.gc.ca/en/report-a-concern/
  • Mexico - INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales):
    Website: https://www.inai.org.mx/
    Guidance/complaints: https://www.inai.org.mx/ (use the official "Protección de Datos Personales" resources)
  • EU/EEA - Data Protection Authorities (DPAs):
    Directory (EDPB): https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
    If GDPR applies to your situation, you may contact your local DPA using the directory above.

Note on missing internal contact details: We will update this section once verified DPO/data protection department contact information and a postal address are published for spinsy-bet.ca.

Updates

OBSERVE: The prompt requires notification procedures, version control with "Last updated: " and changelog, 30-day advance notice for significant changes, and user options to object or close accounts. This site may not have accounts; provide options relevant to a review site (stop using site, adjust cookies, unsubscribe).

EXPAND: Material changes include new data categories, new third parties, new ad targeting, or new cross-border processing. Provide notice methods: banner, page notice, email for subscribers. Provide versioning and a short changelog.

REFLECT: We may update this Privacy Policy to reflect changes in technology, legal requirements, or our practices on spinsy-bet.ca.

  • Notification methods: we may notify you via a website banner, a notice on the Privacy Policy page, and/or (if you subscribed) by email.
  • Advance notice for material changes: for significant changes that materially affect your rights or how we use personal information, we will provide at least 30 days' advance notice where reasonably practicable.
  • Your options: you may object by adjusting cookie preferences (where offered), unsubscribing from marketing (if subscribed), requesting deletion where applicable, and/or discontinuing use of spinsy-bet.ca. If we introduce user accounts in the future, you will also be able to close your account using the account tools provided.

Last updated: November 2026

Version Date Material changes
v1.0 November 2026 Initial publication for Spinsy on spinsy-bet.ca; added transparency about missing verified controller/DPO contact details in source data; added international transfer and regulator escalation information.