Privacy Policy

Last Updated: 12 April 2026

This Privacy Policy sets out how Syltherraca ("we", "us", or "our") collects, uses, stores, and shares your personal information when you visit or interact with syltherraca.com (the "Site") or any of its associated services. It applies to all visitors regardless of location, and is designed to satisfy the requirements of the General Data Protection Regulation (GDPR), the UK GDPR, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and all other applicable privacy legislation.

1. Data Controller

The data controller responsible for your personal information collected through this Site is:

Syltherraca
Website: syltherraca.com
Email: privacy@syltherraca.com

If you have any questions about how your data is handled, or wish to exercise any of your privacy rights, please reach out to us at the address above. We aim to acknowledge and respond to all privacy-related requests within 30 calendar days.

2. Information We Collect

We may collect the following categories of personal information:

Information you provide directly: Your name, email address, phone number, or any other details you voluntarily submit through a contact form, enquiry, or registration process.
Device and technical information: IP address, browser type, operating system, device type, screen resolution, and referring URLs, collected automatically when you access the Site.
Usage and interaction data: Pages visited, links clicked, time spent on the Site, scroll depth, and navigation patterns throughout your session.
Geolocation data: Approximate location derived from your IP address, used to assist with compliance with provincial gambling laws and to serve region-appropriate content.
Cookie and tracking data: As described in full within our Cookie Policy.
Information from third-party partners: Limited referral and analytics data shared by affiliate and advertising partners for fraud prevention and campaign measurement purposes.

3. Legal Bases for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies to your use of this Site, we process your personal data on the following legal bases:

Consent (Article 6(1)(a)): We rely on your freely given, specific, informed, and unambiguous consent for placing non-essential cookies (analytics and advertising), sending direct marketing communications, and processing data collected through optional contact forms. You may withdraw consent at any time without affecting the lawfulness of any processing carried out prior to withdrawal.
Legitimate interests (Article 6(1)(f)): We process certain data — including server logs, IP addresses, and basic usage analytics — to maintain the security and performance of the Site, prevent fraud and abuse, and improve our services. We have assessed that these interests are not overridden by your rights and freedoms. You may object to processing carried out on this basis at any time.
Legal obligation (Article 6(1)(c)): We may process your data where required to comply with a legal obligation, such as responding to a lawful request from a regulatory authority or court of competent jurisdiction.
Contractual necessity (Article 6(1)(b)): Where you engage with a service that involves account creation or a transaction, we process the data strictly necessary to fulfil that contractual relationship.

For Canadian residents, we rely on implied or express consent under PIPEDA, with the applicable form of consent determined by the sensitivity of the information and the reasonable expectations of the individual concerned.

4. Contact Form Data

When you submit an enquiry through our contact form or by emailing us directly, we collect your name, email address, and the content of your message.

Legal basis: Consent (GDPR Article 6(1)(a)) and, where applicable, contractual necessity (Article 6(1)(b)).

Purpose: To respond to your enquiry, address feedback, and improve our services on an ongoing basis.

Retention period: Contact form submissions and email correspondence are retained for a maximum of 24 months from the date of receipt, after which they are securely deleted — unless a longer period is required by law or ongoing correspondence makes continued retention necessary.

Sharing: Contact form data is not sold or shared with third parties for their own marketing purposes. It may be accessed by our hosting or email service providers under strict data processing agreements that impose equivalent confidentiality obligations.

5. Purposes of Processing and Data Retention Periods

The table below summarises how long we retain different categories of personal data and the purpose for which each is held:

Data Category	Purpose	Retention Period
Contact form / email enquiries	Responding to enquiries and feedback	24 months from date of receipt
Server logs (IP address, browser)	Security, fraud prevention, performance monitoring	90 days (rolling)
Analytics data (aggregated)	Site performance measurement and improvement	26 months from collection
Advertising / cookie identifiers	Ad delivery, retargeting, campaign measurement	Up to 13 months from last interaction
Geolocation (IP-derived)	Regulatory compliance, region-appropriate content delivery	Session-based; not stored beyond the visit
Click-to-call phone numbers	Call attribution and partner reconciliation	Maximum 3 months from call date

When data is no longer required for its stated purpose and no legal obligation mandates continued retention, we securely delete or anonymise it without undue delay.

6. Advertising Cookies and Third-Party Recipients

We use third-party advertising and analytics technologies on this Site that may involve the collection and processing of your personal data by those third parties for the purposes of delivering targeted advertising, measuring campaign performance, and building audience profiles. These activities take place only where you have provided your explicit consent via our cookie consent banner.

The following third-party recipients may receive your data when you interact with this Site and consent to advertising cookies:

Google LLC (Google Analytics, Google Ads, DoubleClick/Floodlight, Google Tag Manager)
Purpose: Analytics, ad delivery, conversion measurement, retargeting.
Data transferred: IP address (anonymised where technically feasible), device identifiers, browsing behaviour, click data.
Privacy policy: policies.google.com/privacy
Meta Platforms Ireland Ltd. (Facebook Pixel, Custom Audiences, Conversions API)
Purpose: Ad delivery, retargeting, conversion tracking.
Data transferred: Hashed identifiers, pixel events, browsing actions.
Privacy policy: facebook.com/privacy/policy
Microsoft Corporation (Microsoft Advertising, Microsoft Clarity)
Purpose: Ad delivery, anonymised session recording, conversion measurement.
Data transferred: Device identifiers, click data, session data.
Privacy policy: privacy.microsoft.com
Functional Software Inc. (Sentry)
Purpose: Application error monitoring and performance tracking (operational/essential).
Data transferred: Anonymised error logs, device and browser metadata.
Privacy policy: sentry.io/privacy
OneSignal Inc. (web push notifications, where you have opted in)
Purpose: Delivering push notifications to users who have explicitly opted in to receive them.
Data transferred: Browser or device push token, notification interaction data.
Privacy policy: onesignal.com/privacy_policy

You may withdraw consent for advertising cookies at any time via our [Manage Cookie Preferences] control. Doing so will prevent any new advertising data from being collected, though it will not retroactively delete data already processed by third parties before the point of withdrawal.

7. International Data Transfers and Safeguards

Several of the third-party recipients listed above are headquartered in countries outside the European Economic Area (EEA), the United Kingdom, or Canada — most notably the United States. Where your personal data is transferred to a third country, we ensure that appropriate safeguards are in place in accordance with applicable law:

Standard Contractual Clauses (SCCs): For transfers from the EEA or UK to countries not covered by an adequacy decision, we rely on the European Commission's 2021 Standard Contractual Clauses or the UK International Data Transfer Agreement (IDTA), incorporated into our agreements with the relevant third-party processors.
Adequacy decisions: Where the European Commission or UK ICO has issued an adequacy decision in respect of a recipient country, we rely on that decision as the applicable transfer mechanism.
Canada (PIPEDA): We implement contractual and organisational measures to ensure that any personal information transferred outside Canada receives protection equivalent to that required by PIPEDA.
US-based providers: Google LLC, Meta Platforms Inc., Microsoft Corporation, Functional Software Inc. (Sentry), and OneSignal Inc. are all based in the United States. Transfers to these entities are covered by SCCs, their participation in applicable data transfer frameworks, and supplementary technical measures where appropriate.

You may request further details regarding the specific transfer safeguards we rely upon by contacting us at privacy@syltherraca.com.

8. Sharing Your Information

We do not sell your personal information to any third party. We may share it only in the following limited circumstances:

Service providers and data processors: Hosting providers, email services, analytics platforms, and similar vendors who process data strictly on our behalf under written data processing agreements that impose equivalent security and confidentiality obligations.
Advertising and affiliate partners: As described in Section 6 above, where you have consented to advertising cookies being placed on your device.
Legal and regulatory authorities: Where we are required to disclose data pursuant to law, court order, or a lawful regulatory request.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity subject to equivalent privacy protections being maintained.

9. Your Privacy Rights

Depending on your jurisdiction, you may hold the following rights in relation to your personal data:

Right of access (GDPR Art. 15 / PIPEDA): Request a copy of the personal data we hold about you.
Right to rectification (GDPR Art. 16): Request correction of inaccurate or incomplete personal data.
Right to erasure (GDPR Art. 17): Request deletion of your personal data where it is no longer required for its original purpose, or where you withdraw consent and no alternative legal basis applies.
Right to restrict processing (GDPR Art. 18): Request that we limit how we process your data in certain defined circumstances.
Right to data portability (GDPR Art. 20): Receive your personal data in a structured, commonly used, and machine-readable format where processing is based on consent or contract.
Right to object (GDPR Art. 21): Object to processing based on legitimate interests or to processing carried out for direct marketing purposes.
Right to withdraw consent: Withdraw any previously given consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: Submit a complaint with your local supervisory authority. For EEA residents, this is your national Data Protection Authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk. For Canadian residents, this is the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

To exercise any of the rights listed above, please contact us at privacy@syltherraca.com. We will respond within 30 calendar days and may need to verify your identity before actioning your request.

10. Responsible Gambling

Our services are intended exclusively for individuals of legal gambling age in their jurisdiction: 19+ in Ontario, British Columbia, and most other Canadian provinces; and 18+ in Alberta and Quebec. We use geolocation tools to assist with compliance. We provide links to responsible gambling resources including ConnexOntario and GameSense, and we support self-exclusion, deposit limit, and session time limit tools wherever these are made available by licensed operators.

11. Children's Privacy

This Site is not directed at individuals below the legal gambling age applicable in their jurisdiction, and we do not knowingly collect personal information from minors. Should we become aware that personal data has been collected from an underage individual, we will delete it without delay and without further processing.

12. Information Security

We implement SSL/TLS encryption, role-based access controls, and industry-standard technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. While no system can be entirely free from risk, we continuously review and strengthen our security practices to reflect evolving threats and standards.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other relevant factors. The "Last Updated" date at the top of this page indicates the most recent revision. Where changes are material in nature, we will provide more prominent notice. Continued use of the Site following any changes taking effect constitutes acceptance of the revised Policy.

14. Contact and Data Subject Requests

For any privacy-related questions, requests to exercise your rights, or complaints, please contact:

Syltherraca — Privacy Team
Email: privacy@syltherraca.com
Website: syltherraca.com

We aim to acknowledge all incoming requests within 5 business days and to resolve them within 30 calendar days. Where a request is particularly complex or where multiple requests have been received, we may extend this period by a further two months and will notify you of this extension in advance.

Canadian Addendum (PIPEDA)

This addendum supplements the Privacy Policy set out above and applies specifically to residents of Canada.

Applicable Laws

Syltherraca complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, substantially similar provincial legislation including Alberta PIPA, British Columbia PIPA, and Quebec's Law 25 (Act Respecting the Protection of Personal Information in the Private Sector).

Consent Under PIPEDA

We rely on your express or implied consent for the collection, use, and disclosure of personal information, with the appropriate form of consent determined by the sensitivity of the information involved. For sensitive categories of data — such as financial information or geolocation data used for gambling compliance purposes — we seek express consent. You may withdraw consent at any time by contacting us directly, subject to any applicable legal or contractual restrictions.

Breach Notification

In accordance with PIPEDA's mandatory breach reporting obligations, if a breach of security safeguards creates a real risk of significant harm to you, we will notify both you and the Office of the Privacy Commissioner of Canada (OPC) as soon as reasonably feasible following our identification of the breach.

Canadian Contact

Canadian residents may direct all privacy-related enquiries to: privacy@syltherraca.com

Privacy Highlights for Canadian Players

🎲 Age & Eligibility: You must be of legal gambling age in your province — 19+ in most provinces; 18+ in Alberta and Quebec.

📍 Geolocation: We may use your approximate location (derived from your IP address) to confirm that you are accessing our services lawfully within your jurisdiction.

🔐 Your Rights: You may access, correct, or withdraw consent to the processing of your personal data at any time by emailing privacy@syltherraca.com.

🚨 Breach Notification: If a security breach creates a real risk of significant harm to you, we will notify you and the OPC without undue delay.

🤝 Responsible Gambling: We provide links to ConnexOntario, GameSense, and other provincial resources to support responsible play.

🌍 Data Transfers: Your information may be stored outside Canada but is protected by contractual safeguards equivalent to PIPEDA standards in all cases.

📧 Contact: privacy@syltherraca.com