General provisions and scope

This Privacy policy governs the handling of personal data in connection with the website ashmuskoka.ca and any related pages, features, and communications operated under the Betty Casino name. It is intended to describe, in a legally structured manner, how information is collected, used, stored, protected, and disclosed, and how requests relating to such information are managed. The policy applies to visitors and account holders, as well as to individuals who interact with support channels or compliance processes. The scope includes online identifiers, transactional records, verification documentation, and any other information that can reasonably be associated with an identifiable individual under Canadian law. For interpretive purposes, the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality are adopted where relevant.

Regulatory framework and accountability

In Canada, private sector organizations are generally governed by the Personal Information Protection and Electronic Documents Act and, where applicable, provincial privacy statutes of substantially similar effect. This Privacy policy is intended to align operational practices with those requirements, including meaningful consent, limitation of collection, and safeguards proportional to sensitivity. Where processing activities involve individuals located in other jurisdictions, GDPR principles are used as a reference standard for transparency and accountability without limiting any applicable local rights. Responsibility for compliance is maintained through internal governance, documented procedures, and role based access controls. Casino Betty maintains records of key processing activities where required for regulatory or audit purposes.

Definitions and interpretation

Personal information means information about an identifiable individual, including information that can be used alone or in combination to identify that individual. Sensitive information includes government identifiers, verification documentation, and financial details, and is subject to elevated protection measures consistent with risk. Processing means any operation performed on personal information, including collection, use, disclosure, storage, and deletion. Service providers are third parties that process information on behalf of the organization under contractual restrictions and confidentiality obligations. This Privacy policy is to be interpreted in a manner consistent with Canadian privacy legislation and recognized guidance, and no clause is intended to waive statutory rights.

Categories of personal information collected

The personal information collected may include identity data such as legal name, date of birth, and contact information, including email address and telephone number. Account and transactional data may include login identifiers, account status, deposits, withdrawals, payment confirmation references, chargeback indicators, and records necessary to reconcile funds. Verification and compliance data may include copies or extracts of identification documents, proof of address, source of funds information, and responsible gaming related notes where required to meet legal obligations. Technical data may include device identifiers, IP address, browser and operating system details, log files, and security event metadata. Casino Betty limits collection to information that is reasonably necessary for identified purposes and does not intentionally collect information from individuals under 18 years of age.

Methods and sources of collection

Operationally, information is collected when an account is created, when identity verification steps are completed, when payments are initiated, and when support tickets are submitted. Information may also be generated through the use of the site, including authentication logs, fraud prevention signals, and records associated with consent choices. Where permitted by law, limited information may be obtained from third party verification services, payment processors, or anti fraud partners to validate identity, assess risk, and prevent unlawful activity. If an individual communicates by email, chat, or other channels, the content of communications and associated metadata may be retained as part of the support record. This Privacy policy applies to all such collection methods, regardless of whether data is obtained directly or through permitted intermediaries.

Legal bases and consent model

Processing is conducted on bases recognized under Canadian privacy law, including consent, legal or regulatory obligation, and purposes a reasonable person would consider appropriate in the circumstances. Consent may be express, such as where verification documents are submitted, or implied, such as where essential technical information is provided through ordinary site use. Where processing is necessary to perform an agreement, including account administration and transaction execution, information is used to fulfill those functions and to maintain accurate records. Where processing is required by law, including anti money laundering and record keeping requirements, consent may not be withdrawn for those specific obligations. This Privacy policy describes how withdrawal of consent is handled for optional processing, subject to lawful limitations and operational feasibility.

Purposes of processing and use limitations

Personal information is used to establish and administer accounts, authenticate access, process transactions, and provide requested services with appropriate continuity and auditability. It is also used to conduct identity verification, fraud detection, security monitoring, and compliance screening to meet legal obligations and reduce platform abuse. Communications may be used to respond to inquiries, investigate incidents, and maintain evidence of resolution where a dispute exists. Technical information is used to maintain system integrity, diagnose errors, optimize performance, and support the prevention of unauthorized access. The Privacy policy requires that data use remains compatible with the original purposes unless further consent is obtained or a legal basis permits a new compatible purpose.

Cookies and tracking technologies within this Privacy policy

This Privacy policy addresses the use of cookies and similar technologies that may store or access information on a device for functionality, security, and analytics. Certain cookies are necessary to maintain sessions, prevent fraudulent activity, and support account security, and disabling them may reduce site functionality. Other technologies may be used to measure usage patterns, diagnose stability issues, and understand aggregate interactions without intentionally identifying individuals. Consent preferences, where applicable, are respected through available settings and through choices maintained in the user environment. Casino Betty does not use tracking technologies to circumvent legal requirements or to collect sensitive information without an appropriate basis.

Data retention and deletion standards

Retention periods are determined by legal requirements, dispute limitation periods, security needs, and the continued necessity of information for identified purposes. Account records, transactional logs, and compliance documentation may be retained for 7 years where required for regulatory compliance, audit readiness, or financial record keeping. Support communications may be retained for 24 months to ensure service continuity and to address recurring issues, unless a longer retention is necessary due to an ongoing dispute. Certain security logs may be retained for 180 days to support incident investigation and the integrity of monitoring systems. When retention periods expire, information is deleted, anonymized, or irreversibly de identified, subject to technical constraints and lawful holds.

Sharing and disclosure to third parties

Information may be disclosed to service providers that support hosting, payment processing, identity verification, customer support tooling, and security monitoring, under contracts that require confidentiality and purpose limitation. Disclosure may also occur to regulators, law enforcement, or competent authorities where required or permitted by law, including to meet reporting and verification obligations. Where corporate restructuring occurs, information may be transferred as part of a transaction, subject to confidentiality, necessity, and continuity of protections. Casino Betty does not sell personal information as a commercial practice, and any disclosure is limited to what is reasonably necessary for the stated purpose. This Privacy policy requires documented assessment of third party access where the sensitivity of information or the risk profile warrants enhanced scrutiny.

International transfers and cross border processing

Where service providers operate or store information outside Canada, personal information may be processed in other jurisdictions and may be subject to lawful access by foreign authorities. Transfers are managed through contractual clauses, access controls, and risk based due diligence to maintain a comparable level of protection to that required in Canada. The assessment considers the nature of the information, the purpose of processing, and available technical and organizational safeguards. Where practical, data localization preferences may be applied for particular systems, though operational requirements may necessitate distributed infrastructure. Casino Betty maintains oversight of cross border processing through vendor management and periodic review.

Information security and breach management

Security controls are designed according to a risk based approach and include administrative, technical, and physical measures proportionate to the sensitivity of information. Measures may include encryption in transit and at rest, secure key management, logging and monitoring, and authentication controls, including multi factor mechanisms where feasible. Access is restricted through least privilege permissions and is reviewed periodically, including at intervals not exceeding 12 months for critical roles. Operational resilience includes backups, segregation of duties, and secure development practices intended to reduce vulnerabilities. Casino Betty aims to maintain at least 99.5 percent service availability as a reliability objective, while recognizing that availability targets do not replace confidentiality and integrity obligations.

Incident response and notification

A suspected incident is assessed promptly to determine scope, containment steps, and potential harm, including the sensitivity of affected information and likelihood of misuse. Where a breach of security safeguards creates a real risk of significant harm, notification is provided to the Office of the Privacy Commissioner of Canada and affected individuals as required by law. Records of breaches are maintained in accordance with legal requirements and are retained for at least 24 months to support oversight and accountability. Communications regarding incidents are limited to verified information to preserve evidentiary integrity and to avoid unnecessary exposure. Remedial actions may include credential resets, access revocation, vendor escalation, and control enhancements.

Rights and choices available to individuals

A rights based approach applies to access, correction, and accountability, including the ability to request information about how personal information has been handled. Subject to legal exceptions, individuals may request access to their personal information and may seek correction of inaccurate or incomplete records. Where processing is based on consent, consent may be withdrawn for optional purposes, recognizing that certain processing must continue where legally required or necessary to administer an account. Requests are evaluated with attention to identity verification to prevent unauthorized disclosure and to protect third party privacy. This Privacy policy describes the procedural safeguards used to manage requests in a timely and documented manner.

Response timelines and verification

Requests are generally answered within 30 days, subject to permitted extensions where complexity, volume, or legal constraints require additional time. Identity verification may require matching information already on file, and in higher risk cases may require additional validation steps to prevent impersonation. Where access is refused or limited, reasons are provided to the extent permitted by law, along with information on available recourse. If correction is requested, updates are applied where justified, and reasonable steps are taken to communicate corrections to service providers where appropriate. Casino Betty maintains a record of requests to support accountability and to demonstrate compliance.

Contact, data requests, and complaints handling

Requests relating to access, correction, deletion, consent withdrawal, or general privacy inquiries may be submitted through the contact channels made available on ashmuskoka.ca. Communications should include sufficient detail to identify the relevant account or interaction, while limiting unnecessary sensitive information within the message body. Where an authorized representative acts on behalf of an individual, documented authority may be required to protect confidentiality and prevent unauthorized changes. Complaints are investigated internally, and outcomes may include corrective action, policy updates, or additional controls where gaps are identified. Casino Betty may provide information on escalation pathways to applicable privacy regulators where internal resolution is not achieved.

Amendments, governance, and continued compliance under this Privacy policy

This Privacy policy is maintained as a controlled governance document and may be amended to reflect changes in legal requirements, regulatory guidance, operational practices, or risk assessments. Where material changes affect the manner in which personal information is collected, used, disclosed, or retained, notice is provided through reasonable means, which may include publication on ashmuskoka.ca and, where appropriate, account level messaging. The effective date of an updated version will be indicated within the published policy context, and prior versions may be retained for auditability for a period aligned with internal governance, commonly 12 months. Compliance commitment is supported through periodic reviews, staff confidentiality obligations, and vendor oversight intended to maintain protections consistent with Canadian requirements and aligned GDPR principles where relevant. Casino Betty documents decisions relating to significant processing changes, including assessment of necessity, proportionality, and safeguards, and implements remediation where gaps are identified. This Privacy policy forms part of a broader accountability framework, and any request for clarification or exercise of rights will be handled through the contact and data request procedures described herein, with responses targeted within 30 days where legally required or reasonably achievable.