Privacy Policy

A privacy policy is essential to inform users of river-cree-resort-casino-ca.com about how their personal data is collected, used, and protected in compliance with applicable Canadian laws and industry standards. This policy applies to all individuals who interact with river-cree-resort-casino-ca.com, including players and website visitors. Effective date: November 6, 2025.

Who We Are

OBSERVE: River Cree Resort and Casino is operated by River Cree Enterprises Limited Partnership, a subsidiary of Enoch Cree Nation, registered as a Limited Partnership and founded in October 2006. EXPAND: The registered legal address is 300 East Lapotac Blvd, Enoch, Alberta, T7X 3Y3, Canada. Operations are licensed by the Alberta Gaming, Liquor and Cannabis (AGLC), with current land-based casino operations valid through December 31, 2025. REFLECT: For privacy and data protection matters, please use the following contact information:

• Legal Name: River Cree Enterprises Limited Partnership (operating river-cree-resort-casino-ca.com)
• Legal Address: 300 East Lapotac Blvd, Enoch, Alberta, T7X 3Y3, Canada
• Data Protection Contact: Data Protection Officer (DPO)
  • Email: info@river-cree-resort-casino-ca.com
  • Phone: +1 780-484-2121
  • Online Form: https://rivercreeresort.com/contact-us
• Supervisory Authority: Alberta Gaming, Liquor and Cannabis (AGLC) - https://aglc.ca

What Personal Data We Collect

OBSERVE: river-cree-resort-casino-ca.com collects personal, technical, payment, behavioral, and cookie data. EXPAND: Data is gathered for legal, contractual, and operational reasons, and to enhance user experience. REFLECT: Categories include:

• Personal Data: Full name, date of birth, postal address, email address, phone number, government-issued identification.
• Technical Data: IP address, device identifiers, browser type, operating system, access logs, usage timestamps.
• Payment Data: Bank account details, credit/debit card numbers (masked), payment transaction history, withdrawal and deposit records.
• Behavioral Data: Betting and gaming history, website navigation activity, clickstream data, session duration, preferences.
• Cookies & Tracking Technologies: Session cookies, persistent cookies, third-party analytics and advertising cookies, device fingerprinting, web beacons, pixel tags.

Regional Compliance Note: Data collection aligns with the Personal Information Protection Act (PIPA) of Alberta and federally with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Legal Basis for Processing

OBSERVE: Data processing by river-cree-resort-casino-ca.com requires clearly defined legal grounds under Canadian law. EXPAND: These include consent, contractual necessity, legitimate interests, and statutory obligations, particularly for gaming and anti-money laundering (AML) requirements. REFLECT:

1. User Consent: Data is processed based on explicit consent provided during registration, for marketing communications, and for the use of cookies and similar technologies.
2. Contract Fulfillment: Processing is necessary to establish, manage, and terminate user accounts, fulfill gaming and payment obligations, and provide requested services.
3. Legitimate Interests: Data is processed for fraud detection and prevention, network and information security, service optimization, and internal analytics, balanced against user rights.
4. Legal and Regulatory Compliance: Processing is mandatory for compliance with KYC (Know Your Customer), AML (Anti-Money Laundering), responsible gambling, and reporting obligations under Alberta and Canadian law.

Protective Clause: No personal data is processed beyond these legal bases unless required or permitted by law.

Purpose of Processing

OBSERVE: river-cree-resort-casino-ca.com processes data for operational, legal, and marketing functions. EXPAND: Data processing serves user experience, regulatory requirements, and business needs. REFLECT: Data is used to:

• Provide Casino Services: Account creation, verification, gaming operations, payment processing, and customer support.
• Improve Services: Monitoring, analyzing, and optimizing website and casino functionalities.
• Marketing Communications: Sending promotions, offers, and newsletters (with opt-in consent).
• Analytics: Internal analysis, reporting, and statistics to enhance service quality and security.
• Fraud Prevention: Detecting, investigating, and preventing fraudulent or unauthorized activities.
• Legal and Regulatory Compliance: Meeting obligations under AGLC and Canadian law.

Disclosure & Sharing

OBSERVE: river-cree-resort-casino-ca.com shares data only as required for service provision and legal compliance. EXPAND: Data may be disclosed to third parties under strict controls. REFLECT:

1. Payment Partners: Financial institutions and payment processors receive necessary data to facilitate deposits, withdrawals, and payout transactions.
2. Service Providers: IT, security, analytics, and customer service vendors may access data under contractual confidentiality and data protection obligations.
3. Regulators and Law Enforcement: Data may be disclosed to AGLC, law enforcement, and other authorities when required by law or regulation.
4. Affiliates and Business Partners: Data may be shared with affiliates or business partners only with user consent and for specified purposes, such as joint promotions.
5. Advertising Networks: Where explicit user consent is provided, data may be shared with advertising partners for targeted marketing.

Protective Clause: All third parties are contractually obligated to maintain appropriate security and confidentiality of personal information.

International Transfers

OBSERVE: river-cree-resort-casino-ca.com primarily stores data in Canada but may transfer data internationally. EXPAND: Transfers occur for IT hosting, analytics, or service provider access. REFLECT:

• Destinations: Data may be transferred to countries with adequate data protection laws, or where contractual safeguards are in place (e.g., United States, European Union).
• Protection Mechanisms: Standard Contractual Clauses (SCCs), data processing agreements, and technical safeguards (encryption, access controls) are used to ensure data remains protected.
• User Rights: Users are informed of international transfers and may request further details on safeguards by contacting the Data Protection Officer.

Regional Compliance Note: All international transfers comply with PIPEDA, PIPA (Alberta), and where applicable, GDPR adequacy requirements.

Data Retention

OBSERVE: Data is retained only as long as necessary. EXPAND: Retention periods are defined by legal, contractual, and operational needs. REFLECT:

• Personal Data: Retained for the duration of the user relationship and up to 5 years after account closure, in line with AML and regulatory obligations.
• Payment Data: Maintained for 7 years due to financial and tax reporting requirements.
• Technical and Behavioral Data: Retained for up to 2 years for analytics, security, and fraud prevention.
• Cookies and Tracking Data: Stored as per cookie type, usually 12-24 months; users may clear cookies at any time.

Deletion Criteria: Data is deleted upon expiration of retention periods, user request (subject to legal exceptions), or when processing purposes conclude.

Your Rights

OBSERVE: Users of river-cree-resort-casino-ca.com have extensive privacy rights under Canadian and, where applicable, international law. EXPAND: Rights include access, correction, erasure, restriction, objection, portability, and withdrawal of marketing consent. REFLECT:

1. Access: Request confirmation of whether personal data is processed and obtain a copy of such data.
2. Correction: Request correction of inaccurate or incomplete personal data.
3. Erasure: Request deletion of personal data when no longer necessary or where consent is withdrawn, subject to legal exceptions.
4. Restriction: Request restriction of processing in cases of contesting data accuracy or objection to processing.
5. Objection: Object to processing based on legitimate interests or direct marketing at any time.
6. Data Portability: Receive personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller upon request.
7. Withdrawal of Consent: Withdraw consent to marketing or other optional processing at any time without affecting the lawfulness of processing prior to withdrawal.
8. Procedure:
   • Submit a request via email to info@river-cree-resort-casino-ca.com, phone +1 780-484-2121, or online form.
   • Requests are processed free of charge within 30 days, with possible extension for complex cases (with notification).
   • If unsatisfied, escalate the complaint to the Alberta Information and Privacy Commissioner or, where applicable, federal or international supervisory authorities.

Regional Compliance Note: This section aligns with PIPEDA, Alberta PIPA, and incorporates GDPR principles for international users. (No Mexican privacy law applies for CA jurisdiction.)

Cookies & Tracking Technologies

OBSERVE: river-cree-resort-casino-ca.com uses various cookies and tracking technologies. EXPAND: These technologies serve essential, analytical, and advertising purposes. REFLECT:

• Session Cookies: Enable secure login and essential website functions; deleted when the browser is closed.
• Persistent Cookies: Store preferences and login information for future visits; remain on the device for a defined period.
• Third-Party Cookies: Used for analytics (e.g., Google Analytics) and advertising networks; subject to user consent.
• Management: Users can manage or disable cookies via browser settings or internal consent management panels on the website.

Protective Clause: Disabling cookies may affect certain website functionalities.

Data Security

OBSERVE: river-cree-resort-casino-ca.com implements robust security measures to safeguard personal data. EXPAND: Measures address technical, organizational, and procedural risks. REFLECT:

• Encryption: All data transmissions are protected by TLS 1.2+ encryption; data is encrypted both in transit and at rest.
• Access Controls: Strict access protocols, including multi-factor authentication and least-privilege principles, limit data access to authorized staff only.
• Security Audits: Regular internal and external security audits are conducted to assess and improve systems.
• Staff Training: Ongoing data protection and cybersecurity training for all employees with data access.
• Incident Response: Documented procedures for detection, reporting, and mitigation of data breaches, including notification to users and regulators as required by law.
• Compliance Standards: Adherence to ISO/IEC 27001 and SOC 2 security frameworks where applicable.

Regional Compliance Note: Security measures comply with Canadian regulatory standards and best practices for gambling operators.

Complaints & Contacts

OBSERVE: Users have the right to raise concerns or complaints regarding data processing. EXPAND: Multiple contact channels and escalation options are available. REFLECT:

• Initial Contact: Submit complaints or inquiries to the DPO via:
  • Email: info@river-cree-resort-casino-ca.com
  • Phone: +1 780-484-2121
  • Online Form: https://rivercreeresort.com/contact-us
  • Postal Address: 300 East Lapotac Blvd, Enoch, Alberta, T7X 3Y3, Canada
• Procedure:
  1. Submit your complaint or inquiry through any of the above channels.
  2. Acknowledge receipt within 5 business days.
  3. Full response provided within 30 days, with explanation and proposed resolution.
  4. If unresolved, users may escalate the matter to the Office of the Information and Privacy Commissioner of Alberta (https://www.oipc.ab.ca), or the federal Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca).
• Escalation: Direct supervisory authority contacts:
  • Alberta OIPC: generalinfo@oipc.ab.ca, Phone: +1 780-422-6860
  • Privacy Commissioner of Canada: info@priv.gc.ca, Phone: +1 800-282-1376

Updates

OBSERVE: Users must be informed of material changes to the privacy policy. EXPAND: Notification procedures, version control, and user options are established. REFLECT:

• Notification: Users will be notified of updates via email, website banners, and account dashboard alerts.
• Version Control: This privacy policy is versioned; last updated: November 6, 2025.
• Changelog: Material changes are summarized in a changelog at the top of the policy.
• Advance Notice: At least 30 days' notice will be provided for significant changes. Users may object or close their accounts if they disagree with material amendments.

Regional Compliance Note: Update procedures comply with PIPEDA and Alberta PIPA requirements for transparency and user notification.