river rock casino logo
Login
Sign Up

Privacy Policy

1. General provisions

River Rock Casino Resort is committed to protecting and maintaining the confidentiality of personal data of all visitors and clients of our complex. This policy defines the main principles and rules for processing personal data that we receive in the course of providing services.
Document Scope of regulation
Canadian Constitution Basic rights and freedoms
PIPEDA Personal data protection
PIPA BC Regional regulation
BC Gaming Law Industry requirements
These regulations establish the basic requirements for personal data processing in British Columbia and Canada as a whole. We strictly follow all legal requirements and implement additional data protection measures.

2. Basic concepts

  • To ensure uniform understanding, we use standard definitions when working with client personal data.
  • Personal data means information about an individual that can identify them. This includes names, contact details, identification numbers, and personal identifiers provided by clients.
  • Data processing includes collection, storage, use, modification, transmission, and deletion of data. This applies to automated and manual operations in our systems.
  • River Rock Casino Resort, as Operator, handles and protects personal data according to established standards and security measures.
  • Data Subject is any individual client whose data we process, including current and potential clients using our services.
  • These terms are used in our documents and processes. Understanding these concepts ensures correct handling of personal data and clear communication.
  • Processing operations include data collection, storage, usage, third-party transfers, and confidentiality protection. Each operation follows specific protocols and security requirements.
  • We document all data processing activities and maintain records according to regulatory requirements. This ensures compliance with data protection standards and client obligations.

3. Basic rights and obligations of the operator

As a personal data operator, we handle data security and confidentiality according to regulatory requirements.

We process request responses within 30 days as per PIPEDA requirements, issue breach notifications within 72 hours following PIPA BC, and complete data updates within 7 days according to internal policy.

Security measures include:

  • Multi-level protection systems
  • Regular security audits
  • Staff training programs
  • Technical infrastructure monitoring

We document all data processing activities and maintain access control. Protection protocols are updated based on current requirements. System testing and backups follow established schedules.

4. Basic rights and obligations of personal data subjects

When interacting with our complex, clients receive a certain set of rights and obligations regarding their personal data. We ensure the implementation of these rights in full.
Subject right Implementation period Application form
Data access 5 working days Written
Data correction 3 working days Any
Data deletion 10 working days Written
Each personal data subject request is processed in accordance with legal requirements and internal security procedures. We guarantee confidentiality when processing such requests. Main subject obligations include:
  • Providing accurate data
  • Timely information updates
  • Compliance with security rules
  • Proper use of services

5. Personal data processing principles

  • Personal data processing follows principles of legality, fairness and transparency. Each data operation is documented and verified.
  • Legal expertise reviews occur monthly, security measures are checked daily, and data relevance is updated weekly. Legal team reviews processing activities while technical specialists monitor systems.
  • Daily operations follow standard procedures. Each process has defined steps and verification points.
  • We collect only required data, set specific storage periods, and maintain data accuracy. Regular audits verify compliance with these requirements.
  • Processing activities are recorded in monitoring systems to track operations. This allows verification of access and data changes.
  • Assessments determine process efficiency and compliance. Procedures are updated based on audit results and new regulations.

6. Personal Data Processing Conditions

Personal data processing is conducted based on legal grounds and tailored to each data category. Data collection is limited to the minimum necessary for specific purposes, with predefined storage periods aligned with regulatory requirements.

Key processing conditions include:

  • Legal grounds: Identification data stored for 5 years (BCLC requirements), financial data for 7 years (tax law), and contact information for 3 years (contractual obligations).
  • Subject consent: Data processing occurs only with explicit consent or legal necessity.
  • Purpose limitation: Processing aligns strictly with stated purposes, avoiding unauthorized usage.
  • Confidentiality assurance: Measures are in place to prevent unauthorized disclosure of personal data.
  • Access control: Data access is restricted to authorized personnel only, ensuring compliance with security protocols.

7. Procedure for Collection, Storage, and Transfer of Data

The handling of personal data is strictly regulated and divided into defined stages. At each stage, specific security measures are applied to ensure the integrity and confidentiality of the data.

During the collection stage, encryption methods are used to protect data from unauthorized access. The IT department oversees this process and ensures compliance with established security protocols.

In the storage stage, data is securely backed up to prevent loss due to unforeseen circumstances. The security service monitors storage operations and conducts routine checks to maintain data safety.

For the transfer stage, all actions are logged in a tracking system to ensure transparency. The compliance department is responsible for supervising this stage and verifying adherence to data protection regulations.

All data operations are recorded in monitoring systems, allowing for comprehensive oversight of processing procedures. In the event of non-standard situations, an automated notification system alerts the appropriate personnel to address the issue promptly.

The primary protection measures include:

  • Multi-factor authentication to secure access to systems.
  • Differentiation of access rights based on roles and responsibilities.
  • Regular backups to safeguard data against potential loss.
  • Antivirus protection to prevent malware and other security threats.

8. Personal Data Confidentiality

Ensuring confidentiality is a fundamental aspect of personal data processing. The protection system integrates technical, organizational, and legal measures to safeguard information at all stages of its lifecycle.
Protection Type Method Check Frequency
Technical Encryption Daily
Physical Access control Constant
Organizational Training Quarterly
Technical measures include the use of encryption to secure data against unauthorized access. Daily checks are performed to ensure systems remain effective and aligned with current security standards. Physical measures involve strict access controls, ensuring that only authorized personnel can access data storage facilities. These controls are continuously monitored to prevent breaches. Organizational measures emphasize staff training. Employees participate in regular information security programs conducted quarterly to reinforce their understanding of data protection practices. The entire protection system undergoes routine testing to identify vulnerabilities and implement updates addressing emerging threats

9. Final Provisions

  • This policy defines the rules for personal data processing at River Rock Casino Resort. Its implementation is monitored through regular reviews and audits.
  • The legal department reviews the policy annually, while the security service conducts quarterly audits. Updates to protection measures are made by the IT department as necessary.
  • Changes to the policy are published on the official website. Control measures include internal audits, external reviews, and protection system testing.
  • For inquiries about personal data processing, individuals can use official communication channels. All requests are handled confidentially.
river rock casino logo
Disclosure: On riverrockcasinocanada.com, we provide reviews and detailed information exclusively about River Rock Casino Resort in Canada. Our website includes affiliate links that may generate commissions when users sign up or make purchases through them. These commissions support the maintenance of our site, allowing us to keep it free and accessible to users. Despite these affiliate relationships, we are committed to delivering unbiased and accurate content about River Rock Casino Resort. We value the trust of our users and strive to provide high-quality, reliable information.

About Us

Privacy Policy

Copyright © 2025 riverrockcasinocanada.com. All rights reserved.