Starlight Casino Canada Privacy Policy

This Privacy Policy outlines the data protection practices of Starlight Casino. The policy exists to inform individuals of how their personal information is collected, used, disclosed, and protected in the course of our operations. We process personal data in accordance with applicable privacy legislation in Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial statutes. The document explains our commitment to transparency regarding the management of personal information. It details the lawful bases for processing, the purposes of data handling, and the security measures implemented. This policy also describes individual rights concerning their personal data and the procedures for exercising those rights. It applies to information collected through our physical casino locations, websites, mobile applications, and all related services.

Categories of Personal Information Collected

Starlight Casino collects personal information necessary for providing gaming and hospitality services, fulfilling legal obligations, and operating our business. The collection occurs through various interactions, including account registration, transactions, customer service inquiries, and visits to our premises or digital platforms. We limit collection to what is reasonably required for the identified purposes.

The primary categories of personal data processed include identification and contact details provided during account creation or membership enrollment. This encompasses full name, date of birth, address, email, and telephone number. For verification and regulatory compliance, we collect government-issued identification numbers, such as driver's license or passport details, and may retain copies of such documents.

Financial and transactional information is processed to facilitate wagering, payments, and withdrawals. This includes payment method details, account balances, wagering history, and win/loss statements. Technical data is automatically gathered from website and app usage, including IP address, device identifiers, browser type, and pages visited. We also maintain records of communications, customer service interactions, and preferences. For responsible gambling and security, we may process data related to play activity and incidents on property. Information related to participation in promotions or events, such as the Budweiser Room at Starlight Casino, is also collected.

Purposes and Legal Grounds for Processing Personal Data

Personal information is processed for specific, explicit, and legitimate purposes. The primary purpose is the performance of the contract between Starlight Casino and the player, which includes managing the player account, processing bets and payments, and providing requested services. This constitutes the lawful basis of contractual necessity.

Processing is conducted to comply with legal obligations imposed by gaming regulators, financial authorities, and other government bodies in Canada. This includes identity verification, age confirmation, anti-money laundering reporting, and responsible gambling requirements. Compliance with these obligations is mandatory for our licensure and operation.

We process data under the basis of legitimate interest for purposes such as network and information security, fraud prevention, and the protection of our assets, staff, and guests. This includes monitoring activities on our premises, including at Starlight Casino in New Westminster, and across our digital platforms to ensure safety and integrity. With explicit consent, we may process data for marketing communications about promotions or new offerings, such as the play Starlight Princess casino game. Consent can be withdrawn at any time. Data may also be used for internal business operations like auditing, data analysis, and system maintenance.

Information Security and Retention Standards

Starlight Casino implements technical, physical, and administrative safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Security measures are regularly reviewed and updated to address evolving risks. Our approach to data security is risk-based and aligns with industry standards.

Technical protections include encryption of data in transit and at rest, firewalls, and intrusion detection systems. Access to personal information is restricted to authorized personnel on a need-to-know basis, governed by strict access control policies and authentication protocols. Physical security measures at our facilities, including surveillance and access control systems, also protect data stored on-site.

Personal information is retained only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods are defined by operational needs and legal requirements, such as those mandated by the British Columbia Gaming Control Regulation or the Criminal Code of Canada. For example, certain transaction records must be maintained for a minimum of seven years. Upon expiry of the retention period, data is securely destroyed or anonymized. Archived records are stored in a protected manner with limited access.

Individual Rights and Request Procedures

Individuals have rights regarding their personal information under Canadian privacy law. These rights include the ability to request access to the personal data we hold, to request corrections to inaccurate or incomplete information, and to request the deletion of their data where legally permissible. Individuals may also request restrictions on how their information is processed or object to certain processing activities based on legitimate interests.

To exercise any of these rights, a formal request must be submitted in writing to our Privacy Officer. We require verification of identity before processing any access, correction, or deletion request to protect against unauthorized disclosures. The request should specify the right being exercised and provide sufficient detail to locate the relevant information. We will respond to requests within the timelines stipulated by applicable law.

There are legal and contractual limitations to these rights. We may be unable to delete information if we are legally obligated to retain it, such as for regulatory compliance or dispute resolution. Similarly, restricting data processing may impact our ability to provide gaming services. We will inform the individual of any such limitations. For portability requests, we will provide data in a structured, commonly used format where technically feasible. Concerns about our privacy practices can be directed to our Privacy Officer or to the relevant provincial Privacy Commissioner.