burger icon
Mummys Gold Review Canada
Log In

Privacy Policy

This Privacy Policy explains how personal information is collected, used, disclosed and protected when you use the website mummysgold-win.com, including the dedicated Mummys Gold page, as a visitor or registered player in Canada or other supported regions. It applies to all users who access our services online, including prospective customers, active account holders and former customers.

This document is intended to meet the requirements of applicable Canadian privacy laws (including the Personal Information Protection and Electronic Documents Act and substantially similar provincial laws), as well as to align with international standards such as the EU General Data Protection Regulation (GDPR) and the Mexican Federal Law on Protection of Personal Data Held by Private Parties where they apply to you.

By using mummysgold-win.com (including the Mummys Gold page), you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, you should not use the website or should stop using it immediately.

Effective date: 1 February 2026

Who We Are

The online casino services and related content available on mummysgold-win.com, including the Mummys Gold page, are operated by:

  • Legal entity (data controller/operator): Bayton Ltd.
  • Legal form: Private limited company (Ltd).
  • Registered/Legal address: 9 Empire Stadium Street, Gzira, GZR 1300, Malta.
  • Licensing: Bayton Ltd is licensed and regulated by the Malta Gaming Authority under licence number MGA/B2C/145/2007 for its international offering, and is an approved iGaming operator in Ontario under the oversight of the Alcohol and Gaming Commission of Ontario (AGCO) and iGaming Ontario (iGO).

For Canadian players outside Ontario, access to the Mummys Gold brand is provided via the globally licensed MGA site. Ontario residents must use the locally regulated Ontario instance of the service, as directed by iGaming Ontario. Use of any other version of the site (including via VPN) may result in account closure in accordance with our Terms and regulatory obligations.

Data Protection Responsibility: Bayton Ltd acts as the data controller for personal information processed through mummysgold-win.com, including the Mummys Gold page, for the purposes described in this Privacy Policy.

How to Contact Us About Privacy

  • Postal address for privacy matters:
    Data Protection Officer (DPO)
    Bayton Ltd
    9 Empire Stadium Street
    Gzira, GZR 1300
    Malta
  • Online contact: You can contact our data protection team by using the customer support and/or contact options made available within your account or on the "Contact Us" or equivalent page of mummysgold-win.com, clearly indicating that your query is for the attention of the Data Protection Officer.

What Personal Data We Collect

We collect only the personal information that is necessary to provide our services, comply with our legal obligations, and improve the experience of users of mummysgold-win.com and the Mummys Gold page. The categories of data we may collect include:

Identification and Contact Data

  • Personal details: Full name, date of birth, gender (where required by law or voluntarily provided), nationality, and place of residence.
  • Contact information: Email address, telephone number, postal address, preferred language.
  • Verification data (KYC/AML): Copies of identification documents (e.g., passport, driver's licence, national ID), proof of address (e.g., utility bill, bank statement), and any additional information requested under Canadian, Maltese or other applicable Know Your Customer (KYC) and Anti-Money Laundering (AML) rules.

Account and Usage Data

  • Account details: Username, player ID, hashed passwords or other authentication credentials, security questions, responsible gambling settings, communications preferences.
  • Gameplay and behavioural data: Betting and wagering history, game selections, session times, win/loss records, bonus usage, clicks and navigation paths on the site, device interactions, and features used (including the Mummys Gold page).
  • Customer support data: Records of communications with our support teams (including chat logs, emails and call notes), complaints, and resolutions.

Technical and Log Data

  • Device information: IP address, device identifiers, operating system, browser type and version, language settings, time zone, and basic device configuration.
  • Log data: Timestamps of logins and logouts, access attempts, pages viewed, referral URLs, session identifiers, and other diagnostic information used for security and performance monitoring.

Payment and Financial Data

  • Payment details: Payment method type (e.g., credit/debit card, e-wallet, bank transfer), limited card or account identifiers (as permitted and required), transaction amounts, currency, and timestamps. Card data is handled in accordance with applicable payment industry standards and is typically processed through secure payment providers.
  • Financial history: Deposit and withdrawal records, bonus credits, chargeback information, and records created for AML/CTF monitoring and regulatory reporting.

Cookies and Similar Technologies

  • Cookie identifiers: Unique identifiers stored in cookies or similar technologies that allow us to recognize your browser or device.
  • Tracking data: Information derived from pixels, tags, SDKs and similar tools used for analytics, security, personalisation and (where allowed) marketing.

Special Categories and Sensitive Data

  • We generally do not seek to collect special categories of data (such as health information) through mummysgold-win.com. However, information related to responsible gambling tools, self-exclusion, or affordability may, in some cases, indirectly reveal sensitive information. We treat such data with increased protection and only process it when necessary to meet our legal and regulatory obligations or to protect you and other players.

Legal Basis for Processing

Because our player base is international and includes Canadian residents (including Ontario), EU/EEA residents and, in some cases, residents of Mexico and other jurisdictions, we rely on various legal bases to process your personal information, depending on the applicable law.

Performance of a Contract

  • To create and manage your player account.
  • To process deposits, bets, game participation, and payouts.
  • To provide customer support and handle your requests.
  • To personalise your experience and operate features, including those available on the Mummys Gold page.

Without this processing, we cannot provide the services you request.

Compliance with Legal and Regulatory Obligations

  • To comply with Canadian, Maltese and other applicable gambling regulations (including AGCO/iGO requirements in Ontario and Malta Gaming Authority rules).
  • To perform KYC and AML/CTF checks, ongoing monitoring, and reporting to financial intelligence and regulatory authorities.
  • To meet tax, accounting, record-keeping and audit requirements.
  • To respond to lawful requests from law enforcement, regulators, courts or other public authorities.

Legitimate Interests

  • To secure our platforms, prevent fraud, and detect misuse, including account takeovers, bonus abuse, and prohibited access (e.g., from jurisdictions where participation is not allowed).
  • To maintain and improve the performance and usability of mummysgold-win.com and the Mummys Gold page.
  • To perform statistical analysis, aggregation, and reporting for business planning and risk management.
  • To protect our rights, property and interests, and those of our players and third parties.

Where required by applicable law, we balance our legitimate interests against your fundamental rights and freedoms and implement safeguards to protect your privacy.

Consent

  • For certain cookies and tracking technologies that are not strictly necessary for the operation of the website.
  • For direct marketing communications (such as promotional emails, SMS or push notifications) where consent is required by law.
  • For any processing of personal data that cannot be justified under another legal basis described above.

You may withdraw your consent at any time, as described in the "Your Rights" and "Cookies & Tracking Technologies" sections. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Purpose of Processing

We use your personal information only for specified, explicit and legitimate purposes. These include:

Provision and Management of Casino Services

  • Creating, verifying and managing your account.
  • Enabling gameplay, bets, and participation in promotions and loyalty programmes.
  • Processing deposits and withdrawals, including fraud checks and transaction monitoring.
  • Providing customer support, including technical assistance and complaint handling.

Improvement of Services and User Experience

  • Monitoring performance and usage of mummysgold-win.com and the Mummys Gold page to understand how users interact with our services.
  • Carrying out analytics and statistical analysis to improve design, functionality, and content.
  • Testing new features, products, and services with anonymised or pseudonymised data where feasible.

Marketing and Personalisation

  • Sending you promotional communications about games, bonuses and offers, where permitted by law and your preferences.
  • Customising content and promotions displayed on the site or within emails, based on your preferences and behaviour.
  • Measuring the effectiveness of marketing campaigns and promotions.

Security, Fraud Prevention and Regulatory Compliance

  • Ensuring the security and integrity of our systems and services.
  • Detecting and preventing fraud, money laundering, terrorist financing, bonus abuse and other unlawful activities.
  • Meeting obligations under gambling, AML/CTF and other applicable laws in Canada, Malta and other relevant jurisdictions.
  • Enforcing our Terms and Conditions and other applicable rules.

Disclosure & Sharing

We do not sell your personal information. However, we may share it with carefully selected third parties for the purposes described in this Privacy Policy and subject to appropriate safeguards.

Group Companies and Corporate Structure

  • We may share your information with affiliated or related entities involved in operating or supporting the Mummys Gold brand and mummysgold-win.com, to the extent necessary for the management of our services, internal reporting, compliance and risk management.

Service Providers and Technical Partners

  • IT and hosting providers: Companies that host our systems or provide cloud services, data storage, security and technical support.
  • Payment processors and banks: Providers that process deposits, withdrawals, and other financial transactions on our behalf or jointly with us.
  • Verification and AML/KYC partners: Identity verification, fraud detection, and risk scoring providers.
  • Analytics and performance tools: Providers that help us understand how users interact with our services and the Mummys Gold page.
  • Marketing and communications providers: Tools used to send emails, SMS or push notifications and to manage consent and subscription status.

Regulators, Authorities and Dispute Resolution Bodies

  • Gambling regulators and authorities such as the Malta Gaming Authority and AGCO/iGO.
  • Financial intelligence units and other public authorities responsible for AML/CTF and fraud prevention.
  • Courts, law enforcement agencies, and government authorities where disclosure is required by law or necessary to establish, exercise or defend legal claims.
  • Alternative dispute resolution bodies or independent testing agencies (e.g., eCOGRA) as part of audits, certification or dispute processes.

Affiliates and Advertising Networks

  • With your consent and where permitted by law, we may share limited pseudonymised information with marketing partners, affiliates and advertising networks to deliver or measure targeted advertising and promotional campaigns.

Corporate Transactions

  • In connection with a merger, acquisition, sale of assets, restructuring, insolvency or similar corporate transaction, your personal information may be transferred to another entity, subject to confidentiality and data protection requirements and continued protection consistent with this Privacy Policy.

Protection Measures for Disclosures

  • We ensure that third parties who process personal data on our behalf are bound by contractual obligations that require them to protect your data and process it only in accordance with our instructions and applicable law.

International Transfers

Because Bayton Ltd is based in Malta and uses international service providers, your personal information may be transferred to and processed in countries other than your country of residence, including within the European Economic Area (EEA), the United Kingdom, Canada, and other jurisdictions where our service providers are located (for example, the United States).

Legal Mechanisms and Safeguards

  • EEA/UK to third countries: When we transfer data from the EEA or UK to countries that do not have an adequacy decision from the European Commission or UK authorities, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional technical and organisational measures.
  • Canada: Personal information of Canadian residents may be stored or accessed outside Canada, including in the EU/EEA and Malta, and may be subject to the laws of those jurisdictions. We rely on contractual safeguards and strict access controls to protect such data.
  • Mexico and other regions: If we process personal data of individuals located in Mexico or other countries with specific cross-border transfer rules, we will apply the mechanisms and consents required under the applicable local law.

By using our services, you understand that your information may be transferred internationally, as described above, and we will always take steps to ensure a level of protection that is essentially equivalent to that in your home jurisdiction where required by law.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, accounting and reporting obligations. Retention periods may vary depending on the type of data and jurisdiction.

Typical Retention Periods

  • Account and identification data: Generally retained for the duration of your account and, after closure, for a period typically not exceeding five (5) years, unless a longer retention period is required or permitted by law (for example, in connection with AML/CTF obligations or ongoing disputes).
  • Transaction and financial data: Retained for at least the minimum period required under applicable financial and AML/CTF laws (often five (5) years or more from the date of the transaction or account closure) to comply with record-keeping and reporting requirements.
  • Technical and log data: Retained for a shorter period, usually from several months up to two (2) years, depending on security and operational needs.
  • Marketing data: Retained until you withdraw your consent or object to processing, after which we may retain limited information to ensure we respect your choice.

Deletion and Anonymisation

  • When personal information is no longer required for the purposes for which it was collected, and we are not legally obliged to keep it, we will delete or irreversibly anonymise it.
  • We may retain anonymised or aggregated data indefinitely for statistical, research or reporting purposes, provided it cannot be used to identify you.

Your Rights

Depending on your place of residence and the laws that apply to you, you may have a number of rights in relation to your personal information. We aim to respect and facilitate these rights in line with Canadian privacy laws, the GDPR (for EU/EEA residents), and Mexican data protection rules (for individuals located in Mexico).

Core Rights (Access, Rectification, Deletion)

  • Right of access: You can request confirmation as to whether we process your personal data and obtain a copy of the data and related information.
  • Right to rectification: You can request correction of inaccurate or incomplete personal information.
  • Right to deletion ("erasure"): You can request that we delete your personal information, for example where it is no longer necessary for the purposes for which it was collected, you have withdrawn consent, or you believe it is being processed unlawfully. We may need to retain some information to comply with legal obligations (e.g., AML/CTF record-keeping).

Restriction, Objection and Portability

  • Right to restriction of processing: You may request that we restrict the processing of your data in certain circumstances (e.g., while we verify accuracy or where you object to our legitimate interests).
  • Right to object: Where we rely on legitimate interests or public interest, you may object to processing on grounds relating to your particular situation. You always have the absolute right to object to direct marketing (including profiling for marketing purposes).
  • Right to data portability (GDPR-aligned where applicable): In certain cases, you may request to receive your personal data in a structured, commonly used and machine-readable format, and to have it transmitted to another organisation where technically feasible.

Consent Management and Marketing Preferences

  • Right to withdraw consent: Where processing is based on your consent (e.g., non-essential cookies, promotional offers via email or SMS), you may withdraw that consent at any time using the tools within your account, unsubscribe links in communications, or by contacting us.
  • Withdrawal of consent does not affect processing that has already taken place but will apply going forward.

Mexico (ARCO Rights) and GDPR Alignment

  • If you are located in Mexico, you have ARCO rights under the Federal Law on Protection of Personal Data Held by Private Parties (access, rectification, cancellation and opposition). We will handle requests from Mexican residents in accordance with that law and any applicable guidelines issued by the Mexican data protection authority (INAI).
  • If you are in the EU/EEA or the UK, we will process your requests in accordance with the GDPR or equivalent local legislation, including providing clear information about legal bases and international transfers.

How to Exercise Your Rights

  1. Submit a request: Contact us using the methods described in the "Complaints & Contacts" section, clearly indicating your identity, the right you wish to exercise, and any relevant details (e.g., specific data or processing activity).
  2. Verification: For your protection, we may need to verify your identity (for example, by asking you to log in to your account or provide certain information) before acting on your request.
  3. Response timeframe: We aim to respond to all valid requests within 30 days of receipt. If your request is complex or we receive a large number of requests, we may extend this period, in which case we will inform you of the extension and reasons.
  4. Fees: We will not charge a fee to process your request, unless it is manifestly unfounded or excessive. If a fee is applicable in such cases, we will explain why and provide a cost estimate before proceeding.

Cookies & Tracking Technologies

We use cookies and similar technologies on mummysgold-win.com, including the Mummys Gold page, to ensure the website functions correctly, improve performance, enhance your experience, and, where permitted, provide personalised content and marketing.

Types of Cookies

  • Strictly necessary (session) cookies: Essential for the operation of the website and to enable core functions such as account login, navigation, and secure transaction processing. These are typically session cookies that expire when you close your browser.
  • Functional (persistent) cookies: Used to remember your preferences (such as language, region, or display settings) and improve convenience. These remain on your device for a defined period or until you delete them.
  • Analytics and performance cookies: Help us understand how visitors use our site, which pages (including the Mummys Gold page) are popular, and how users move around the site, so that we can improve content and navigation.
  • Advertising and targeting cookies: Used, where permitted by law and subject to your consent, to deliver relevant advertising, measure campaign performance, and limit the number of times you see a particular ad.
  • Third-party cookies: Some cookies are set by third-party service providers (for example, analytics or advertising partners) who provide services to us or display content on our site.

Managing Cookies

  • You can manage your cookie preferences through the settings or consent tools made available on mummysgold-win.com, where applicable.
  • Most browsers also allow you to refuse or delete cookies by adjusting your browser settings. Please note that blocking certain cookies (especially strictly necessary ones) may affect the functionality of the site and prevent you from using some services.
  • For more detailed information about cookies and how to manage them, you can refer to your browser's help section or independent resources about cookie management.

Data Security

We take the security of your personal information very seriously and implement a combination of technical and organisational measures designed to protect it against unauthorised access, loss, misuse, alteration or disclosure.

Technical Measures

  • Encryption in transit: Data transmitted between your browser and our servers is protected using TLS 1.2 or higher, helping to safeguard your information from interception.
  • Encryption at rest: Where appropriate, personal data and sensitive system information are stored in encrypted form using industry-standard algorithms.
  • Access controls: Access to systems containing personal data is restricted based on role and business need, and protected by strong authentication mechanisms.
  • Network and infrastructure security: Firewalls, intrusion detection and prevention systems, and other security technologies are used to protect our network and infrastructure.

Organisational Measures

  • Policies and training: Staff with access to personal information are subject to confidentiality obligations and receive regular training on data protection, information security and responsible handling of player data.
  • Vendor due diligence: We assess the security practices of third-party service providers and require them to implement appropriate security controls when handling your data.
  • Security audits and monitoring: We perform regular monitoring, testing and assessments of our systems and controls, and may rely on external audits and certifications (such as those associated with recognised industry standards like ISO 27001 or SOC 2 where applicable).

Incident Response

  • We maintain incident response procedures to promptly investigate and address suspected or actual data breaches.
  • Where required by law, we will notify you and relevant supervisory authorities of a breach that is likely to result in a high risk to your rights and freedoms, describing the nature of the breach, potential consequences, and measures taken or proposed to mitigate its effects.

Complaints & Contacts

If you have questions, concerns or complaints about how we process your personal information, or if you wish to exercise any of your rights, you should contact us first so that we can attempt to resolve the issue directly.

How to Contact Us

  • Postal address:
    Data Protection Officer (DPO)
    Bayton Ltd
    9 Empire Stadium Street
    Gzira, GZR 1300
    Malta
  • Online contact: Please use the customer support channels (such as secure messaging, live chat, or contact forms) available within your account or on the "Contact Us" section of mummysgold-win.com. Clearly indicate that your request is privacy-related and addressed to the Data Protection Officer.

Complaint Procedure

  1. Initial contact: Submit your concern or request using one of the channels listed above, providing as much detail as possible.
  2. Acknowledgement: We will acknowledge receipt of your complaint or request within a reasonable time, typically within a few working days.
  3. Investigation: We will review your issue, gather relevant information and may contact you for clarification or additional details.
  4. Response: We aim to provide a substantive response within 30 days from receipt of your request or complaint. If we require more time due to complexity or volume, we will notify you of the extension and the reasons.
  5. Further steps: If you are not satisfied with our response, you may have the right to escalate the matter to a relevant supervisory authority, as outlined below.

Escalation to Supervisory Authorities

  • Canada: You may contact the Office of the Privacy Commissioner of Canada (OPC) or, where applicable, the relevant provincial privacy commissioner (for example, in Alberta, British Columbia or Quebec). Contact details are available on their official websites.
  • European Union/EEA and UK: If GDPR or equivalent local law applies to you, you may lodge a complaint with your local data protection authority in the EU/EEA or the UK. A list of supervisory authorities can be found via the European Data Protection Board (EDPB) and national regulator websites.
  • Mexico: If you are located in Mexico, you may file a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI) in accordance with the procedures established under Mexican data protection law.

We encourage you to contact us first so that we can attempt to address your concerns before you approach a supervisory authority.

Updates

We may update this Privacy Policy from time to time, for example to reflect changes in our services, legal or regulatory developments, or improvements to our privacy practices. The most current version will always be available on mummysgold-win.com, including for users of the Mummys Gold page.

Notification of Changes

  • Minor changes: For non-material changes (such as clarifications or editorial updates), we will post the updated Privacy Policy on the site with a revised "Last updated" date.
  • Material changes: For significant changes that affect how we process your personal information or your rights, we will provide additional notice by appropriate means, which may include email notifications, prominent banners on the website, or alerts within your account dashboard.
  • Advance notice: Where feasible and required by law, we will give you at least 30 days' advance notice before material changes take effect, so that you can review them.

Your Options Regarding Changes

  • If you continue to use mummysgold-win.com after the effective date of an updated Privacy Policy, your use will be considered acceptance of the updated terms, to the extent permitted by law.
  • If you do not agree with the updated Privacy Policy, you may choose to stop using the site and request account closure and, where applicable, deletion or restriction of your personal data in line with the "Your Rights" section and legal obligations.

Last updated: February 2026