burger icon
Shorelines Casino
Log In

Privacy Policy

shorelines-casino, operating exclusively via shorelines777.com, requires this privacy policy to inform all players and website visitors about our personal data processing practices. This policy applies to anyone who interacts with our services, including account holders and other visitors. The effective date of this policy is November 6, 2025.

Who We Are

OBSERVE: We identify the controlling entity, legal address, and available contact details as per CA requirements.
EXPAND: Although some registration data is not specified, the operator is clearly linked to its parent organization and licensing authority.
REFLECT: This section provides the necessary transparency for users and regulators.

  • Operator: shorelines-casino, operated under the authority of Great Canadian Entertainment (owned by Apollo Global Management).
  • Headquarters / Legal Address: 39 Wynford Drive, North York, ON M3C 3K5, Canada.
  • Regulatory Status: Registered operator under Alcohol and Gaming Commission of Ontario (AGCO) for land-based gaming in Ontario, valid as of 2025.
  • Contact for Data Protection: Data Protection Officer (DPO), contact details not specified. For privacy inquiries, please use the main office address above until a dedicated DPO contact is published.

What Personal Data We Collect

OBSERVE: Per CA privacy law and industry best practice, all relevant categories of data must be disclosed.
EXPAND: Collection extends beyond registration to all technical and behavioral data generated during use.
REFLECT: Full transparency is provided on data types and collection methods.

  • Personal Data: Full name, date of birth, physical address, email address, phone number, government-issued identification, and other information as required for Know Your Customer (KYC) and Anti-Money Laundering (AML) processes.
  • Technical Data: IP address, device identifiers, browser type and version, operating system, log files, access times, and referring URLs.
  • Payment Data: Credit/debit card information, banking details, transaction records, and payout history.
  • Behavioral Data: Account activity, betting and gaming history, session data, clickstream data, preferences, and communications with customer support.
  • Cookies & Similar Technologies: Usage of browser cookies, web beacons, pixels, and other tracking technologies (see "Cookies & Tracking Technologies" section).

Legal Basis for Processing

OBSERVE: CA privacy law, including PIPEDA and AGCO guidelines, requires explicit legal bases for processing.
EXPAND: Multiple overlapping legal grounds apply to different processing activities.
REFLECT: All relevant legal justifications and protective clauses are specified.

  • User Consent: We rely on your informed consent for marketing communications and, where required, for the use of cookies and analytics.
  • Contractual Necessity: Data is processed to create, manage, and operate your player account, process payments, verify identity, fulfill bonuses, and provide customer support in accordance with our Terms & Conditions.
  • Legitimate Interests: Data is processed to improve our services, prevent fraud and abuse, ensure network and information security, and conduct analytics that do not override your fundamental rights and freedoms.
  • Legal Obligations: Processing is required to comply with applicable laws, including KYC/AML regulations, recordkeeping, and lawful requests from regulatory authorities (e.g., AGCO, OLG).

Purpose of Processing

OBSERVE: CA regulations stipulate that all purposes for data use must be clearly stated.
EXPAND: Each purpose is linked to the corresponding legal basis.
REFLECT: The following purposes are strictly limited to those necessary for the operation of shorelines-casino via shorelines777.com.

  • Provision of Casino Services: To facilitate account registration, enable gaming activity, process transactions, and deliver rewards or incentives.
  • Service Improvement: To analyze player behavior, troubleshoot technical issues, and optimize website and game performance.
  • Marketing and Promotions: To send promotional communications (where permitted by law and with your consent), personalize offers, and conduct targeted advertising.
  • Analytics: To monitor aggregate site usage, perform statistical analysis, and understand trends for business planning purposes.
  • Fraud and Security: To detect, investigate, and prevent fraud, money laundering, unauthorized account access, and other security threats.

Disclosure & Sharing

OBSERVE: CA law and AGCO standards require disclosure of all potential third-party recipients.
EXPAND: Data sharing is circumscribed by necessity and contractual protections.
REFLECT: User data is only disclosed under strict legal and operational circumstances.

  • Payment Partners: Banks, payment processors, and financial institutions receive only the information necessary to process financial transactions.
  • Service Providers: Third-party vendors supplying IT infrastructure, data hosting, cloud services, marketing tools, or customer support solutions, all bound by confidentiality and data protection agreements.
  • Regulators: Disclosure to regulatory bodies such as AGCO, OLG, and law enforcement agencies as required for legal compliance, investigation, or reporting.
  • Affiliates: Data may be shared within the group of companies under Great Canadian Entertainment for strictly defined operational and compliance purposes.
  • Advertising Networks: With your explicit consent, certain data may be shared with advertising partners for targeted marketing.

Protective Clause: Personal data will never be sold to third parties. All disclosures are subject to appropriate safeguards and contractual protections.

International Transfers

OBSERVE: CA privacy law requires explicit notice if data may leave Canada.
EXPAND: Data may be transferred to third-party service providers or affiliates outside Canada.
REFLECT: All transfers are conducted in accordance with applicable legal frameworks and security standards.

  • Possible Destinations: Data may be transferred to countries where our service providers or affiliates are located, including the United States and countries in the European Economic Area (EEA).
  • Protection Measures: All international transfers are governed by standard contractual clauses, data processing agreements, and technical safeguards to ensure a level of protection equivalent to CA standards.
  • User Notification: You will be informed if your data is transferred to a jurisdiction with materially different privacy protections.

Regional Compliance Note: All transfers comply with PIPEDA and, where applicable, relevant international frameworks.

Data Retention

OBSERVE: Data retention must be limited to what is necessary for each processing purpose.
EXPAND: Explicit criteria for retention periods and deletion triggers are required.
REFLECT: The following retention policies apply to shorelines-casino's operations via shorelines777.com.

  • Personal Data: Retained for the duration of your account's activity and for up to 5 years after account closure or last activity, in line with KYC/AML regulations and AGCO guidance.
  • Payment Data: Kept as long as necessary to complete transactions and for audit or regulatory purposes, not exceeding 7 years from transaction date.
  • Technical and Behavioral Data: Retained for up to 2 years or as required to ensure system integrity, investigate fraud, or resolve disputes.
  • Deletion Criteria: Data is securely deleted or anonymized upon expiry of the above retention periods, upon verified user request (where permitted by law), or when the original purpose for processing has ceased.

Legal Obligation: Certain data may be retained beyond these periods where required by law or for the establishment, exercise, or defense of legal claims.

Your Rights

OBSERVE: CA privacy law, including PIPEDA, and alignment with GDPR principles mandate a comprehensive set of user rights.
EXPAND: Although the Mexican law reference is not directly applicable in CA, best practices for international standards are adopted.
REFLECT: Procedures and timeframes are clearly described for exercising each right.

  1. Right of Access: You may request confirmation of whether your personal data is processed, and obtain a copy of such data, free of charge.
  2. Right to Correction: You are entitled to have inaccurate or incomplete personal data rectified promptly.
  3. Right to Deletion ("Right to be Forgotten"): You may request deletion of your data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful, subject to statutory retention requirements.
  4. Restriction of Processing: You may request that we restrict the processing of your data where you contest its accuracy or the lawfulness of processing.
  5. Objection to Processing: You have the right to object to processing carried out on the basis of legitimate interests or for direct marketing purposes.
  6. Data Portability: You may request to receive your data in a structured, commonly used electronic format and have it transmitted to another controller, where technically feasible.
  7. Withdrawal of Consent: You may withdraw previously given consent for marketing or analytics at any time, without affecting the lawfulness of prior processing.
  8. Procedures for Exercising Rights: Submit requests by written application to the main office address or by contacting our DPO (contact details above). We will respond within 30 days of receipt and provide the requested information or justification for refusal, free of charge unless requests are manifestly unfounded or excessive.

Protective Clause: These rights are subject to applicable legal exceptions. If you are dissatisfied with our response, you may escalate the matter to the Office of the Privacy Commissioner of Canada (OPC).
Regional Compliance Note: CA data protection law is the governing standard for shorelines-casino via shorelines777.com.

Cookies & Tracking Technologies

OBSERVE: CA and international standards require full disclosure of tracking technologies.
EXPAND: Cookie types and management options must be specified.
REFLECT: User autonomy and browser-based controls are emphasized.

  • Session Cookies: Temporary cookies essential for site navigation and secure login, deleted when you close your browser.
  • Persistent Cookies: Remain on your device for a defined period to remember preferences, enable quick login, and enhance user experience.
  • Third-Party Cookies: Placed by analytics (e.g., Google Analytics) or advertising partners to track aggregated usage and support targeted marketing, subject to your consent.
  • Cookie Management: You can manage or disable cookies at any time via your browser settings or, where available, through an internal privacy panel on shorelines777.com. Disabling certain cookies may affect website functionality.

Data Security

OBSERVE: CA law and AGCO require robust technical and organizational measures.
EXPAND: Industry certifications and incident response planning are included.
REFLECT: A layered, risk-based approach to data protection is implemented for shorelines-casino via shorelines777.com.

  • TLS Encryption: All data in transit is protected using TLS 1.2 or higher, ensuring confidentiality and integrity.
  • Encryption at Rest: Sensitive data is encrypted on our servers to prevent unauthorized access.
  • Multi-Factor Authentication (MFA): MFA is used for administrative account access and may be offered to players.
  • Access Controls: Role-based access restrictions and regular access reviews minimize internal risk.
  • Security Audits: Regular internal and third-party security audits are performed to test and improve data protection measures.
  • Staff Training: Employees receive mandatory privacy and security training, with periodic refresher courses.
  • Incident Response: A documented response plan ensures prompt detection, containment, and notification in case of a data breach.
  • Compliance: We strive to align with international security standards, including ISO 27001 and SOC 2, where applicable.

Complaints & Contacts

OBSERVE: CA privacy law mandates clear complaint procedures and escalation paths.
EXPAND: Multiple channels and supervisory authority contacts are provided.
REFLECT: User confidence is reinforced via transparent, accountable processes.

  1. Contact Methods:
    • By mail: Data Protection Officer, 39 Wynford Drive, North York, ON M3C 3K5, Canada
    • Online: Contact forms and dedicated email address to be published at shorelines777.com (until then, use the main office address)
  2. Complaint Procedure:
    • Submit your complaint via mail or the online form (if available), providing your name, contact details, and a detailed description of your concern.
    • We will acknowledge receipt within 5 business days and aim to resolve the issue within 30 days.
    • If resolution is delayed, you will receive a written explanation and an expected timeline.
  3. Escalation:
    • If you are unsatisfied with our response, you may escalate the complaint to the Office of the Privacy Commissioner of Canada (OPC):
      Website: https://www.priv.gc.ca/en/
      Phone: 1-800-282-1376
      Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3, Canada

Updates

OBSERVE: CA best practice requires proactive user notification of privacy policy changes.
EXPAND: Communication methods, version control, and user rights are detailed.
REFLECT: Users are empowered to make informed choices about continued use.

  • Notification of Changes: Material updates to this Privacy Policy will be communicated via email (if you have provided one), website banners, and account dashboard alerts on shorelines777.com.
  • Advance Notice: For significant changes affecting your rights or data use, we will provide at least 30 days' advance notice prior to the effective date.
  • User Options: You may object to changes or close your account without penalty if you disagree with updated terms.
  • Version Control: Last updated: November 6, 2025. Material changes will be summarized in a changelog section on our website.

Legal Disclaimer: Continued use of shorelines-casino via shorelines777.com after updates constitutes acceptance of the amended policy.