burger icon
Ruby Fortune Review Canada
Log In

Privacy Policy

This Privacy Policy explains how Ruby Fortune, operating the website rubyfortune-win.com and its Canadian review page Ruby Fortune (the "Website"), collects, uses, discloses, and protects your personal information. It applies to all players and visitors located in Canada who access the Website, whether they browse content, create or manage an account, place bets, or interact with customer support, as well as to visitors from other jurisdictions where our services are lawfully available.

This Policy is designed to comply with applicable Canadian privacy laws (including the Personal Information Protection and Electronic Documents Act - "PIPEDA"), and, where relevant, with the EU General Data Protection Regulation ("GDPR") and the Mexican Federal Law on Protection of Personal Data Held by Private Parties and its Regulations ("Mexican Data Law").

By using the Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Website or our services. Effective date: 1 January 2026.

Who We Are

For players and visitors in Canada using rubyfortune-win.com and its page Ruby Fortune, the entity responsible for your personal information (the "data controller" or "organization") depends on your place of residence within Canada:

  • Rest of Canada (excluding Ontario): The Website is operated for you by Bayton Ltd, a company licensed by the Malta Gaming Authority ("MGA").
    Registered address: Bayton Ltd, 9 Empire Stadium Street, Gzira, GZR 1300, Malta.
    Gaming licence: MGA/B2C/145/2007.
  • Ontario residents: Services are provided under the regulatory oversight of Cadtree Limited, licensed by iGaming Ontario ("iGO"). Cadtree Limited is part of the same corporate group as Bayton Ltd.

Bayton Ltd and Cadtree Limited are subsidiaries of Super Group (SGHC) Limited, which provides group-level governance and compliance oversight. For privacy matters, Bayton Ltd generally acts as the primary data controller, with Cadtree Limited acting as a joint controller for Ontario operations.

Data Protection Contact

  • Data Protection Officer / Privacy Team: Data Protection Officer, Bayton Ltd
  • Email: [email protected]
  • Postal: Data Protection Officer, Bayton Ltd, 9 Empire Stadium Street, Gzira, GZR 1300, Malta

You may also contact us through the contact or support tools available on rubyfortune-win.com where indicated.

What Personal Data We Collect

We collect only the information that is necessary to provide secure, compliant, and responsible online gambling services on rubyfortune-win.com and its page Ruby Fortune.

Identification and Contact Data

  • Basic personal details: full name, date of birth, residential address, nationality, and language preferences.
  • Contact details: email address, telephone number, and communication preferences.
  • Verification information (KYC/AML): copies or details of identity documents, proof of address, and other verification data required by gaming and anti-money-laundering regulations.

Technical and Device Data

  • Device and connection data: IP address, device identifiers, browser type and version, operating system, time zone settings, and basic device configuration.
  • Usage and log data: login timestamps, session duration, pages viewed, clicks, referral URLs, and error logs collected via our servers and security systems.

Financial and Transaction Data

  • Payment data: partial payment card details (tokenized where possible), e-wallet or banking identifiers, transaction references, deposits, withdrawals, chargebacks, and related billing information.
  • Regulatory data: records of source-of-funds checks, enhanced due diligence outcomes, and compliance-related notes required by law.

Behavioral, Profile, and Communication Data

  • Gaming and betting data: game selections, stakes, wins and losses, bonuses used, session patterns, responsible gambling limits, and self-exclusion status.
  • Profile data: account settings, preferences (e.g., language, notification settings), and marketing consent choices.
  • Communications: records of email correspondence, live-chat transcripts, call notes, and complaint or dispute history, including where you interact with ADR bodies such as eCOGRA.

Cookies and Similar Technologies

  • Cookie identifiers: unique cookie IDs, session tokens, authentication cookies, and preference cookies.
  • Tracking technologies: web beacons, pixels, tags, analytics SDKs, and similar technologies implemented by us or approved third parties for security, analytics, and marketing (where permitted).

Where required by law, certain categories of data (for example, marketing or some analytics cookies) are collected only with your consent.

Legal Basis for Processing

We process your personal information only when we have a valid legal basis under applicable law. Depending on your location (Canada, the EU/EEA, Mexico, or elsewhere), the following legal grounds apply:

  • Consent
    We rely on your explicit or implied consent for:
    • sending promotional emails, SMS, or push notifications (where you opt in);
    • using non-essential cookies and similar technologies for analytics or advertising purposes;
    • sharing limited data with advertising networks or affiliates for personalized marketing (where legally permitted).
    You can withdraw your consent at any time, as explained below.
  • Performance of a contract
    We must process your data to:
    • create and manage your player account;
    • verify your eligibility to play and to receive bonuses;
    • process deposits, wagers, and withdrawals;
    • provide customer support, resolve technical issues, and manage your participation in promotions.
  • Legal obligations
    We are required by gaming, anti-money-laundering (AML), counter-terrorist-financing, tax, and record-keeping laws in Canada, Malta, Ontario, and other relevant jurisdictions to:
    • conduct KYC and affordability checks;
    • monitor for suspicious transactions and report them to competent authorities;
    • maintain accurate books and records for legally mandated periods.
  • Legitimate interests
    We process data where necessary for our legitimate business interests, provided these do not override your rights and freedoms, for example:
    • preventing fraud, abuse, and cheating on the Website;
    • ensuring network and information security, including intrusion detection and incident response;
    • improving our products, services, and user experience through aggregated analytics;
    • defending legal claims and managing business risks.
    When we rely on legitimate interests, we carry out a balancing test and implement safeguards such as pseudonymization and access controls.

Purpose of Processing

We use your personal information for clearly defined purposes and do not use it in ways that are incompatible with these purposes without informing you and, where necessary, obtaining your consent.

  • Provision of services and account management
    To register and verify your account, enable you to log in securely, process your deposits and withdrawals, validate your age and location, operate games, apply bonuses, calculate winnings, and maintain accurate account balances.
  • Regulatory compliance and risk management
    To comply with KYC/AML and responsible gambling obligations, including monitoring for suspicious transactions, enforcing self-exclusion and player-imposed limits, preventing fraud and misuse, and meeting our obligations to regulators such as the Malta Gaming Authority, iGaming Ontario, and, where relevant, the Kahnawake Gaming Commission.
  • Service improvement and analytics
    To analyze gameplay patterns, website usage, and technical performance so that we can improve site stability, optimize game offerings, enhance navigation, detect bugs, and perform statistical reporting (typically using aggregated or pseudonymized data).
  • Marketing and personalization
    To send you offers, bonuses, and news about Ruby Fortune tailored to your preferences, and to display relevant content and promotions on rubyfortune-win.com and associated communications, provided this is permitted by law and consistent with your marketing choices.
  • Customer support and dispute resolution
    To respond to queries and complaints, verify your identity when you contact us, manage disputes (including those escalated to eCOGRA, the MGA, or iGaming Ontario), and maintain evidence of interactions for training and quality assurance.
  • Security and fraud prevention
    To detect and prevent account takeover, multi-accounting, bonus abuse, money laundering, and other suspicious behavior using automated tools combined with human review, and to protect the integrity of our systems.

Disclosure & Sharing

We do not sell your personal information. We disclose it only to the extent necessary for the purposes described above, subject to appropriate safeguards and contractual protections.

  • Group companies
    Within the Super Group corporate group (including Bayton Ltd and Cadtree Limited) for centralized compliance, risk management, internal audit, IT support, and reporting, always on a need-to-know basis.
  • Payment service providers and financial institutions
    To banks, card schemes, e-wallets, and payment processors that handle deposits, withdrawals, and fraud checks on our behalf. These providers act as independent controllers or processors, depending on the context.
  • Technical and operational service providers
    To trusted third-party vendors providing:
    • IT hosting, cloud infrastructure, and content delivery;
    • security services (fraud detection, anti-bot systems, AML tools);
    • customer support tools (chat platforms, ticketing systems);
    • analytics and performance monitoring.
    These parties are bound by confidentiality and data-processing agreements.
  • Regulators, ADR bodies, and public authorities
    To regulators and oversight bodies such as the Malta Gaming Authority, iGaming Ontario, the Kahnawake Gaming Commission, and approved alternative dispute resolution providers including eCOGRA, where required to address complaints or to demonstrate compliance.
    We may also disclose information to law-enforcement agencies, courts, and other public authorities when required by law or in order to establish, exercise, or defend legal claims.
  • Marketing and affiliate partners
    With your consent where required, we may share limited pseudonymized identifiers with carefully selected advertising networks, CRM providers, or affiliate partners for campaign measurement and to avoid over-marketing. You can opt out of such sharing where applicable.
  • Business transfers
    If we are involved in a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction, subject to guarantees of continuity of protection.

Whenever we share data with third parties acting as processors, we ensure that they process the data only on our documented instructions and maintain appropriate security standards.

International Transfers

Because Ruby Fortune operates online and is supported by global infrastructure, your personal information may be transferred to and processed in countries other than the one where you reside.

  • Canada and Malta / EU
    Data of Canadian players using rubyfortune-win.com and its page Ruby Fortune is processed primarily in Canada and Malta (EU/EEA). Transfers between Canada and the EU/EEA are supported by applicable adequacy decisions and appropriate contractual safeguards.
  • Other locations
    Certain service providers (for example, cloud hosting, fraud detection, or analytics providers) may be located or may store data in other countries, including outside Canada, the EU/EEA, or Mexico. In such cases, we implement:
    • EU Standard Contractual Clauses (SCCs) or equivalent data-transfer agreements;
    • contractual requirements for robust security and confidentiality;
    • additional safeguards such as encryption and access controls.
  • Mexican Data Law and other local rules
    Where Mexican data-transfer rules or other local laws apply, we ensure that:
    • transfers are disclosed in this Policy and any supplementary notice;
    • your consent is obtained where required;
    • recipients undertake to protect personal data under standards not less protective than those of the originating jurisdiction.

Regardless of where your data is processed, we apply protections that are consistent with this Privacy Policy and with applicable legal requirements.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including satisfying legal, accounting, and regulatory requirements.

  • Account and identification data
    Information used to create and verify your account (identity documents, KYC data, contact details) is typically retained for the duration of your account and for up to 5 years after account closure. Where AML, gaming, or tax laws require longer storage (for example, up to 7 years), we may retain relevant records for those additional periods.
  • Transaction and gaming data
    Records of deposits, withdrawals, wagers, wins, losses, bonuses, and responsible gambling interactions are generally retained for 5 - 7 years from the relevant transaction or closure of your account, to comply with financial and gaming regulations and to handle potential disputes.
  • Marketing and communications data
    Data relating to marketing consents and communications is retained while your consent is valid and for a limited period (typically up to 2 years) after your last interaction or withdrawal of consent, to demonstrate compliance with marketing rules.
  • Technical logs and security data
    Security logs, access records, and technical diagnostics are kept for shorter periods, usually from 6 months to 3 years, unless needed longer for investigations or legal purposes.

When retention periods expire or data is no longer needed, we will securely delete, anonymize, or aggregate the information. If you request deletion, we will also assess whether certain data must be retained to comply with our legal obligations or to defend legal claims; if so, we will restrict its use to those limited purposes.

Your Rights

Depending on your place of residence and the applicable laws (including PIPEDA in Canada, the GDPR for EU/EEA residents, and the Mexican Data Law), you may have the following rights in relation to your personal information:

  • Right of access
    To obtain confirmation of whether we process your data and to receive a copy of the personal information we hold about you, together with information about how we use it.
  • Right to rectification (correction)
    To request correction of inaccurate or incomplete personal data. In most cases, you can update certain details directly through your account settings.
  • Right to deletion / erasure
    To request that we delete personal information where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (and no other legal basis applies), or where processing is unlawful. We may need to retain some data to comply with our legal obligations, such as gaming and AML rules.
  • Right to restriction of processing
    To request that we limit the processing of your data (for example, while we verify its accuracy or assess an objection), without deleting it.
  • Right to object
    To object, on grounds relating to your particular situation, to processing based on our legitimate interests, and to object at any time to processing for direct marketing, including profiling linked to such marketing. We will stop direct marketing upon your objection.
  • Right to data portability
    Where applicable (e.g., under GDPR), to receive your personal data in a structured, commonly used, and machine-readable format and to request that we transmit it to another controller, where technically feasible.
  • Rights under Mexican Data Law (ARCO rights)
    If you are protected by Mexican Data Law, you have the rights of Access, Rectification, Cancellation, and Opposition (ARCO rights) in relation to your personal data, and may withdraw consent where processing is based on consent.
  • Withdrawal of consent
    Where processing is based on your consent (e.g., certain marketing communications or cookies), you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

How to exercise your rights

  1. Submit your request by emailing [email protected] or by using any dedicated privacy tools or forms available on rubyfortune-win.com.
  2. Provide sufficient information to verify your identity (for example, account ID, registered email, and basic verification details). We may request additional information solely to confirm your identity and protect your account.
  3. We will acknowledge your request and respond without undue delay and, in principle, within 30 days. If your request is complex or numerous, we may extend this period in accordance with applicable law, informing you of the extension and reasons.
  4. We will handle requests free of charge, unless they are manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse the request, as permitted by law, explaining our reasons.

Cookies & Tracking Technologies

Cookies and similar technologies help us ensure the secure operation of rubyfortune-win.com and its page Ruby Fortune, and allow us to improve services and personalize your experience.

Types of Cookies We Use

  • Session cookies
    Temporary cookies that exist only while your browser is open. They enable essential functions such as login, navigation between pages, and maintaining your session state.
  • Persistent cookies
    Cookies that remain on your device for a defined period or until you delete them. They remember your preferences (e.g., language, region, marketing choices) and help us understand long-term usage patterns.
  • First-party cookies
    Set directly by rubyfortune-win.com to support core site functionality, security, and preferences.
  • Third-party cookies
    Set by third-party providers (for example, analytics services or advertising networks) to support anonymized statistics, security, or marketing campaigns, where permitted.

Purposes of Cookies

  • Strictly necessary / functional
    Required for the site to function properly, including authentication, account management, load balancing, and security.
  • Analytics and performance
    Help us measure and improve performance (e.g., page load times, error rates, navigation flows), typically using aggregated or pseudonymized data.
  • Advertising and personalization
    Used, where allowed, to personalize promotional content, limit the number of times you see an offer, and measure the effectiveness of campaigns with our partners.

Managing Cookies

  • You can manage or disable cookies through your browser settings. The "Help" section of your browser typically provides instructions on how to block or delete cookies.
  • Where available, we may offer an internal cookie preference tool or banner on rubyfortune-win.com that allows you to accept or reject certain categories of non-essential cookies.
  • Disabling certain cookies may impact site functionality or your ability to log in and use gaming services.

Data Security

We take the protection of your personal information on rubyfortune-win.com and its page Ruby Fortune very seriously and apply technical and organizational measures designed to prevent unauthorized access, loss, misuse, or alteration.

  • Encryption
    Data transmitted between your browser and our servers is protected using industry-standard encryption such as TLS 1.2 or higher. Sensitive data is also encrypted at rest using robust cryptographic standards, with keys managed under strict controls.
  • Access controls and authentication
    Access to personal data is restricted to authorized personnel who require it for their job functions and who are bound by confidentiality obligations. Administrative access is protected by strong authentication and, where appropriate, multi-factor authentication (MFA).
  • Network and infrastructure security
    Our systems are protected by firewalls, intrusion detection/prevention systems, anti-malware solutions, and continuous monitoring designed to detect unusual activity and potential threats.
  • Organizational and procedural safeguards
    We maintain security policies and procedures, including regular security audits, risk assessments, and vendor due diligence. Staff receive training on data protection, privacy, and information security appropriate to their roles.
  • Industry standards
    Our security program is designed to align with recognized international best practices, such as those reflected in ISO/IEC 27001 and SOC 2 frameworks, even where formal certification may not be held for all entities.
  • Incident response
    We operate incident detection, reporting, and response processes. In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

While no system is completely secure, we continuously assess and improve our security posture to reduce risks and protect your information.

Complaints & Contacts

If you have concerns about how your personal information is handled, we encourage you to contact us first so that we can seek to resolve the issue directly.

Contacting Us

  1. Internal contact
    Email our Data Protection Officer / privacy team at [email protected], or write to:
    Data Protection Officer, Bayton Ltd, 9 Empire Stadium Street, Gzira, GZR 1300, Malta.
  2. Information to include
    Please provide your name, contact details, relevant account information (if any), and a clear description of your concern. This helps us investigate efficiently.
  3. Response timeframe
    We will acknowledge your complaint and aim to respond within 30 days, or as otherwise required by applicable law. Complex matters may take longer; if so, we will inform you of the delay and expected timeframe.

Escalation to Privacy Regulators

If you are not satisfied with our response or believe your privacy rights have been infringed, you may have the right to lodge a complaint with a supervisory authority:

  • Canada
    Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca. Depending on your province, a provincial privacy regulator may also have jurisdiction.
  • European Union / EEA
    If you are in the EU/EEA, you can lodge a complaint with your local Data Protection Authority (DPA). Contact details are available via the European Data Protection Board (EDPB) website.
  • Mexico
    National Institute for Transparency, Access to Information and Personal Data Protection (INAI): https://home.inai.org.mx, in relation to rights under the Mexican Data Law.

Other Gambling-Related Complaints

For disputes specifically related to gaming outcomes or gambling services (rather than privacy), you may also seek assistance from the following bodies, where applicable:

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or technical and organizational measures.

  • How we will notify you
    We will post the updated Privacy Policy on rubyfortune-win.com, indicating the "Last updated" date. For material changes (for example, new processing purposes, new categories of data, or significant changes in sharing practices), we will also provide more prominent notice, such as:
    • email notifications (where feasible and permitted);
    • account dashboard alerts; or
    • website banners or pop-ups on rubyfortune-win.com and, where relevant, the Ruby Fortune page.
  • Advance notice
    Where required by law or where we make significant changes that affect your rights, we will provide advance notice of the change, typically at least 30 days before the new version takes effect, so that you can review the updated Policy.
  • Your options
    If you do not agree with the updated Policy, you may close your account and stop using the Website. Continuing to use rubyfortune-win.com after the effective date of an update will constitute your acceptance of the updated terms, to the extent permitted by applicable law.

Last updated: January 2026. Material changes since previous versions include clarifications regarding international transfers, expanded descriptions of user rights (including GDPR and Mexican Data Law alignment), and additional detail about security measures and regulatory complaint channels.