Privacy Policy

This Privacy Policy explains how great-blue-heron-casino, accessible via great-blue-heron-ca.com, collects, uses, discloses, and protects your personal information. It applies to all players, visitors, and users of our website and related casino services. The policy is effective as of November 6, 2025, and is designed to ensure compliance with Canadian (Ontario, CA) privacy legislation and applicable industry standards.

Who We Are

OBSERVE: The operator of great-blue-heron-ca.com is Great Canadian Entertainment, managing great-blue-heron-casino as part of the Ontario Gaming GTA Limited Partnership, under active licensing from the Alcohol and Gaming Commission of Ontario (AGCO). Operational control and compliance oversight are maintained from our principal place of business.

• Legal Name: Ontario Gaming GTA Limited Partnership (operating as great-blue-heron-casino, a subsidiary of Great Canadian Entertainment).
• Registered Address: 21777 Island Road, Port Perry, Ontario, L9L 1B6, Canada.
• Regulatory Registration: Licensed by AGCO for casino gaming operations (active as of 2025).
• Contact for Data Protection: Email: info@great-blue-heron-ca.com. For support, contact support@great-blue-heron-ca.com.
• Data Protection Officer (DPO): Direct all privacy-related inquiries to info@great-blue-heron-ca.com. If a specific DPO is appointed, this contact will be updated accordingly.

What Personal Data We Collect

OBSERVE: great-blue-heron-casino collects personal and technical data necessary for providing regulated gambling services and ensuring compliance with CA law.

• Personal Identification Data: Name, date of birth, address, government-issued identification, email address, and phone number for account creation and identity verification.
• Technical Data: IP address, browser type, device identifiers, operating system, access logs, and connection timestamps to ensure security and operational integrity.
• Payment and Financial Data: Payment card or banking details, transaction history, deposit and withdrawal records to process gaming activities and comply with financial regulations.
• Behavioral and Usage Data: Betting history, game participation, website navigation patterns, clickstream data, and responsible gambling interactions to enhance service quality and support regulatory obligations.
• Cookies and Tracking Technologies: Session cookies, persistent cookies, and third-party analytics or advertising cookies to optimize user experience, analytics, and compliance with advertising standards.

EXPAND: Data may be collected directly from users or through automated means when interacting with our website or affiliated services.

Legal Basis for Processing

OBSERVE: Data processing at great-blue-heron-casino is strictly governed by Canadian and Ontario privacy regulations, including the Personal Information Protection and Electronic Documents Act ("PIPEDA") and AGCO directives.

1. User Consent: Personal information is processed with your explicit consent, obtained during account registration and through acceptance of this policy.
2. Contract Fulfillment: Data is processed as necessary to fulfill our contract with you, including account operation, payment processing, and service delivery.
3. Legitimate Interests: Processing is conducted to safeguard our legitimate interests, such as fraud prevention, service analytics, and internal risk management, provided such interests do not override your privacy rights.
4. Legal and Regulatory Obligations: Collection and retention of data is required to comply with laws and regulations governing gambling operations, including KYC (Know Your Customer), AML (Anti-Money Laundering), and mandatory reporting to regulatory authorities.

REFLECT: All processing activities are periodically reviewed to ensure continued legal compliance and proportionality.

Purpose of Processing

OBSERVE: Data is only used for purposes compatible with regulatory, contractual, and service objectives.

• Service Provision: To enable access to great-blue-heron-casino gaming, manage accounts, process transactions, and facilitate customer support.
• Service Improvement: To monitor, analyze, and enhance website functionality, game offerings, and user experience.
• Marketing and Communication: With your consent, to send promotional offers, newsletters, and updates about new products or features.
• Analytics and Research: To conduct statistical analyses, monitor trends, and improve responsible gambling tools.
• Fraud Prevention and Regulatory Compliance: To detect, investigate, and prevent fraudulent activity, enforce terms and conditions, and fulfill legal reporting requirements.

Disclosure & Sharing

OBSERVE: Personal information may be disclosed to third parties only where necessary and in accordance with CA and industry regulations.

1. Payment Partners: Financial institutions and payment processors receive necessary data to facilitate deposits, withdrawals, and verification.
2. Service Providers: Trusted vendors (IT, security, analytics) process data on our behalf, subject to strict contractual and confidentiality obligations.
3. Regulators & Authorities: Information may be disclosed to the AGCO, law enforcement, and other regulatory bodies as required by law.
4. Affiliates and Advertising Networks: With explicit consent, limited data may be shared for marketing or affiliate campaigns, following applicable privacy laws.

EXPAND: All third-party disclosures are documented and reviewed for compliance, with contractual safeguards in place.

International Transfers

OBSERVE: Some service providers or affiliates may be located outside Canada. Data transfers are managed in accordance with Canadian law and international standards.

• Data Transfer Destinations: Data may be transferred to jurisdictions including, but not limited to, the United States and EU member states, where service providers are based.
• Protection Guarantees: Standard contractual clauses, data processing agreements, and additional technical safeguards are implemented to ensure regulatory compliance and adequate data protection.
• Legal Compliance: All cross-border transfers are conducted in accordance with PIPEDA, AGCO requirements, and global privacy frameworks.

REFLECT: Users are notified of material cross-border transfer risks, and consent is obtained where required.

Data Retention

OBSERVE: Data retention practices at great-blue-heron-casino are structured to uphold regulatory, operational, and user interests with defined retention periods.

• Personal Data: Retained for the duration of your account's activity and no more than five (5) years after account closure or the last transaction, in accordance with CA legal requirements.
• Financial and Transaction Records: Maintained for at least five (5) years to comply with AML and tax obligations.
• Behavioral Data: Retained as long as needed for responsible gambling monitoring, regulatory reporting, or until the purpose is fulfilled.
• Cookies & Tracking Data: Session cookies are deleted at the end of each session; persistent cookies are retained according to their stated purposes and user preferences.

EXPAND: Data will be deleted or anonymized upon expiry of retention periods, user request (where legally permissible), or when processing purposes are no longer applicable.

Your Rights

OBSERVE: Users of great-blue-heron-ca.com enjoy robust privacy rights under Canadian law (PIPEDA) and in alignment with international standards.

1. Right of Access: You may request confirmation of whether your personal data is processed and access to a copy of your data.
2. Right to Rectification: You may request correction of inaccurate or incomplete personal data.
3. Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal information, subject to regulatory retention requirements.
4. Right to Restrict Processing: You may request a temporary or permanent halt to the processing of your data in specific circumstances.
5. Right to Object: You may object to processing based on legitimate interests or direct marketing at any time.
6. Right to Data Portability: You may request an electronic copy of your data in a machine-readable format for transfer to another provider.
7. Right to Withdraw Consent: You may withdraw your marketing consent at any time without affecting the lawfulness of prior processing.
8. Exercise Procedures: Submit requests via info@great-blue-heron-ca.com. We will respond within thirty (30) days, free of charge, unless requests are manifestly unfounded or excessive.

REFLECT: Requests will be processed in accordance with CA law. Where applicable, users may seek recourse through the Office of the Privacy Commissioner of Canada or AGCO for unresolved concerns.

Cookies & Tracking Technologies

OBSERVE: great-blue-heron-ca.com uses cookies and similar technologies to ensure secure and efficient operation.

• Session Cookies: Essential for authentication and session management; deleted after you log out or close your browser.
• Persistent Cookies: Store user preferences or login credentials for future visits; duration defined in cookie notice.
• Third-Party Cookies: Placed by analytics (e.g., Google Analytics) or advertising partners; subject to your consent and browser settings.

Cookie Management: You can manage or disable cookies via browser settings or internal account panels. Blocking some cookies may affect site functionality.

Data Security

OBSERVE: great-blue-heron-casino employs industry-leading security measures to ensure the confidentiality, integrity, and availability of your data.

• Encryption: Data in transit is protected by TLS 1.2 or higher; sensitive data at rest is encrypted using advanced cryptographic standards.
• Access Controls: Strict role-based access, multi-factor authentication, and regular access reviews limit exposure to authorized personnel only.
• Security Audits: Regular internal and third-party security assessments and vulnerability scans.
• Staff Training: Mandatory privacy and data security training for all employees with access to sensitive information.
• Incident Response: Documented procedures for breach detection, response, notification, and remediation.
• Compliance Certifications: Security practices align with ISO 27001 and SOC 2 frameworks where applicable.

REFLECT: Security measures are continuously evaluated and upgraded to address emerging threats and regulatory developments.

Complaints & Contacts

OBSERVE: great-blue-heron-casino is committed to addressing all privacy concerns promptly and transparently.

1. Contact Channels:
   • Email: info@great-blue-heron-ca.com (general), support@great-blue-heron-ca.com (support), press@great-blue-heron-ca.com (press), investors@great-blue-heron-ca.com (investors).
   • Mail: 21777 Island Road, Port Perry, Ontario, L9L 1B6, Canada.
2. Complaint Procedure:
   • Submit your complaint via email or mail, providing detailed information about your concern.
   • We will acknowledge receipt within five (5) business days and aim to resolve all issues within thirty (30) days.
3. Escalation Pathways:
   • If unresolved, you may escalate your complaint to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/en/), the Alcohol and Gaming Commission of Ontario (https://www.agco.ca), or relevant local supervisory authorities.

REFLECT: All complaints are handled confidentially and in accordance with applicable regulatory requirements.

Updates

OBSERVE: This Privacy Policy is reviewed regularly to reflect changes in law, regulation, or business operations.

• Notification Procedures: Users will be informed of material changes by email, website banners, and alerts in the account dashboard at least thirty (30) days before changes take effect.
• Version Control: Last updated: November 6, 2025. A changelog of material amendments will be maintained and accessible on this page.
• User Options: You may object to significant changes or close your account if you do not agree with updated terms before they become effective.

REFLECT: Continued use of great-blue-heron-ca.com after updates constitutes acceptance of the revised Privacy Policy.