Privacy Policy

This Privacy Policy explains how Club Regent Casino, available via the domain clubregent-ca.com, collects, uses, discloses, and protects personal information of players and website visitors. It applies to all users who access or use our online services, interact with our websites, or otherwise provide personal information to us in connection with casino and gaming services linked to Club Regent Casino in Manitoba, Canada. By using our services, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and supersedes any prior online privacy notices published on this domain.

Who We Are

OBSERVE: The brand, operator, and jurisdiction must be clearly identified, including contact points for privacy matters.

EXPAND: Club Regent Casino is operated as part of a Manitoba Crown corporation structure. For purposes of this site, we must link the brand, the physical venue, and the online presence at clubregent-ca.com, and designate a data protection contact.

REFLECT: We therefore provide clear identification, legal context, and DPO-style contacts below.

The online information and casino-related services presented on clubregent-ca.com under the brand Club Regent Casino (also referenced here as Club Regent Casino) are conducted and managed by, or on behalf of, the provincial Crown corporation:

• Operator / Controller: Manitoba Liquor & Lotteries Corporation ("MBLL")
• Brand / Venue: Club Regent Casino, part of Casinos of Winnipeg
• Physical venue address: 1425 Regent Ave W, Winnipeg, Manitoba, Canada
• Legal entity type: Provincial Crown corporation established under The Manitoba Liquor and Lotteries Corporation Act
• Primary regulator for gaming: Liquor, Gaming and Cannabis Authority of Manitoba (LGCA)
• Official informational websites:
  • https://clubregent-ca.com
  • https://casinosofwinnipeg.com
  • https://playnow.com (online gaming platform for Manitoba)

Data Protection Contact

MBLL designates a privacy and data protection contact responsible for overseeing questions related to this Privacy Policy and our handling of personal information.

• Data Protection / Privacy Office: Manitoba Liquor & Lotteries - Privacy Office
• Email (general inquiries): [email protected]
• Email (support / account-related requests): [email protected]
• Postal contact (privacy / legal): Privacy Office, c/o Manitoba Liquor & Lotteries, Club Regent Casino, 1425 Regent Ave W, Winnipeg, Manitoba, Canada

When contacting us regarding privacy, please indicate that your request relates to the clubregent-ca.com Privacy Policy and provide sufficient information to identify your account or interaction with us.

What Personal Data We Collect

OBSERVE: We collect several categories of data: identity, contact, technical, transactional, behavioral, and cookie-based information.

EXPAND: As a regulated gaming operator, we also collect information required for KYC/AML and responsible gambling, and we log activities for security and compliance.

REFLECT: Below we categorize these data types and explain their scope.

Identification and Contact Data

• Personal identification: full name, date of birth, gender (where permitted), proof-of-identity data (e.g., details from government-issued ID), proof-of-address data.
• Contact details: email address, telephone number, physical address, preferred language of communication.
• Account information: username, internal customer ID, password hashes, security questions and answers (where used).

Regulatory and Verification Data

• KYC/AML information: information obtained during "know your customer" checks, identity verification results, age and residency confirmations, sanctions and politically exposed persons (PEP) screening results where legally required.
• Responsible gambling data: self-exclusion status, voluntary limit settings (deposit, loss, time), GameSense interactions, records of support or intervention related to gambling behaviour.

Technical and Usage Data

• Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings.
• Log data: login and logout timestamps, session duration, clicked links, pages viewed, navigation paths, error logs.
• Location-related data: approximate geolocation inferred from IP address or other lawful geolocation methods, to confirm eligibility (e.g., presence in Manitoba) and prevent fraud.

Payment and Financial Data

• Payment details: limited payment card information (tokenized or truncated where possible), bank account identifiers, e-wallet or payment provider IDs, transaction references.
• Transaction history: deposits, withdrawals, refunds, chargebacks, account balances and adjustments.

Behavioral and Gaming Data

• Gameplay records: betting history, game selections, wager amounts, wins and losses, frequency and duration of play.
• Interaction history: clicks, interactions with promotions, bonus opt-ins, communication preferences, response to marketing campaigns (e.g., opening emails, following links).
• Customer support data: records of communications with support (email, phone, chat), complaints, feedback, and internal notes created to handle your requests in compliance with law.

Cookies and Similar Technologies

• Cookies: small text files stored on your device that support core site functionality, remember preferences, and measure site performance.
• Similar technologies: web beacons, pixels, tags, SDKs, and local storage used to understand how users interact with our services and to support fraud prevention and security.
• Third-party tools: analytics and advertising technologies from carefully selected providers (e.g., for audience measurement), implemented in accordance with applicable laws and, where required, your consent.

Where permitted by law, we may combine information collected from different sources (e.g., clubregent-ca.com, Casinos of Winnipeg, PlayNow Manitoba) to maintain accurate records, comply with legal obligations, and provide a consistent user experience.

Legal Basis for Processing

OBSERVE: In Canada, and particularly within Manitoba's public-sector/Crown context, privacy obligations arise from applicable provincial and federal privacy laws, as well as regulatory rules for gaming. Some visitors may also benefit from additional protections (e.g., GDPR) depending on their location.

EXPAND: Our processing must therefore rest on clear legal grounds, such as consent, contract necessity, legitimate interests (balanced against privacy rights), and compliance with statutory duties (e.g., KYC/AML, gaming regulation).

REFLECT: We articulate these bases in a manner aligned with international standards to enhance transparency.

Consent

• We rely on your consent when:
  • you agree to receive marketing communications (email, SMS, push notifications) that are not strictly necessary for service delivery;
  • you accept optional cookies or similar technologies for advertising or advanced analytics;
  • you participate voluntarily in surveys, contests, or promotions where additional personal information is requested beyond what is needed to operate your account.
• You can withdraw your consent at any time, as described in the "Your Rights" and "Cookies & Tracking Technologies" sections, without affecting processing that occurred before withdrawal.

Contractual Necessity

• We process personal information because it is necessary to enter into or perform a contract with you when:
  • creating and managing your player profile or related account access;
  • enabling access to games, placing bets, and crediting winnings;
  • processing deposits, withdrawals, and other account-related financial transactions;
  • providing customer support and responding to your queries or requests.
• Without this information, we may be unable to provide some or all of our gaming and related services.

Legal Obligations

• We process and retain certain personal information to comply with applicable laws and regulations, including but not limited to:
  • provincial gaming laws and regulations in Manitoba;
  • anti-money laundering (AML) and counter-terrorist financing (CTF) requirements;
  • age and identity verification requirements;
  • record-keeping obligations prescribed by regulators and oversight bodies;
  • responses to lawful requests from public authorities, courts, or regulators.
• Where such obligations apply, we may be legally required to retain or disclose certain information, even if you request deletion.

Legitimate Interests

• We may process your personal information on the basis of our legitimate interests, provided these are not overridden by your rights and freedoms. These interests include:
  • ensuring the security and integrity of our websites, systems, and gaming environment;
  • preventing and detecting fraud, abuse, cheating, money laundering, and other prohibited conduct;
  • improving and optimizing our services, including usability, performance, and customer satisfaction;
  • conducting internal analytics and reporting to understand trends and manage our operations;
  • defending and asserting our legal rights, including in disputes and legal proceedings.
• Where required by law (e.g., under GDPR for users in the EU/EEA), we conduct balancing tests to ensure that our legitimate interests do not unduly impact your privacy.

Purpose of Processing

OBSERVE: Each category of personal data is collected for specific, lawful purposes related to gaming operations, compliance, and service improvement.

EXPAND: We must distinguish service delivery, security, analytics, marketing, and regulatory needs, while avoiding incompatible secondary uses.

REFLECT: Below we summarize our main purposes in a structured manner.

Provision and Management of Casino Services

• Creating and managing user accounts and player profiles.
• Verifying your age, identity, and eligibility to participate in gaming activities (including location checks for Manitoba play).
• Operating games, processing bets, crediting winnings, and managing in-game events.
• Processing deposits, withdrawals, and related financial transactions.
• Providing customer support, handling inquiries, and resolving issues related to your use of the services.

Regulatory Compliance and Responsible Gambling

• Complying with legal and regulatory obligations (e.g., KYC/AML requirements, financial reporting, and gaming regulations imposed by LGCA and other authorities).
• Monitoring player behaviour for signs of risky or harmful gambling and enabling responsible gambling tools, such as limits and self-exclusion.
• Maintaining audit trails and evidence for regulatory inspections and compliance assessments.

Service Improvement and Analytics

• Analyzing gameplay, traffic, and usage patterns to improve site performance, content relevance, and the overall user experience.
• Testing new features, games, and user interface changes using aggregated or pseudonymized data where possible.
• Producing statistical and management reports to support operational decision-making.

Marketing and Personalization

• Sending you promotional communications about games, events, offers, and services that may be of interest, in accordance with your preferences and applicable laws.
• Customizing content and offers based on your interactions, preferences, and gameplay history, where permitted.
• Conducting surveys, contests, and promotions to understand customer satisfaction and reward participation.

Security, Fraud Prevention, and Legal Protection

• Maintaining the security of our IT systems, detecting and mitigating cyber threats, and enforcing technical safeguards.
• Detecting, investigating, and preventing fraudulent transactions, bonus abuse, collusion, and other prohibited activities.
• Establishing, exercising, or defending legal claims, including in connection with disputes, complaints, or regulatory inquiries.

Disclosure & Sharing

OBSERVE: Regulated gaming operations rely on multiple third parties (e.g., payment providers, platform partners, regulators). Data sharing must be transparent and limited to what is necessary.

EXPAND: We distinguish between service providers, corporate relationships, regulatory bodies, and optional marketing partners, applying contractual safeguards.

REFLECT: The categories and circumstances of disclosures are detailed below.

Service Providers and Technical Partners

• We may share personal information with third-party service providers that support our operations, including:
  • IT and hosting providers, platform operators, and game developers;
  • identity verification and KYC/AML screening providers;
  • payment processors, banks, and financial institutions;
  • customer support platforms and communication tools;
  • analytics and security service providers.
• These providers may access personal information only as necessary to perform services on our behalf and are bound by contractual obligations to protect confidentiality and security.

Regulators, Governmental Bodies, and Law Enforcement

• We may disclose information to:
  • the Liquor, Gaming and Cannabis Authority of Manitoba (LGCA);
  • other competent regulatory, supervisory, or enforcement authorities in Canada;
  • courts and tribunals, when required.
• Such disclosures occur when:
  • required by law or binding legal process;
  • necessary to establish, exercise, or defend legal claims;
  • necessary to cooperate with investigations into suspected unlawful activity, fraud, or regulatory breaches.

Affiliates and Corporate Relations

• We may share personal information within the broader operational framework of MBLL, including with:
  • other MBLL-operated properties such as McPhillips Station Casino, where necessary for consolidated reporting or responsible gambling programs;
  • the PlayNow Manitoba platform, where accounts or services are linked or interoperable;
  • other business units of MBLL for administrative and compliance purposes.
• Any such sharing is conducted in accordance with applicable privacy requirements and internal policies.

Advertising and Analytics Partners

• With your consent where required, we may share limited information (often in aggregated or pseudonymized form) with advertising networks and analytics partners to:
  • measure the effectiveness of our campaigns;
  • deliver or optimize advertising content;
  • understand audience demographics and interests.
• We do not sell your personal information in the sense of transferring identifiable data for independent third-party use contrary to this Privacy Policy.

Business Transactions

• In the event of a reorganization, merger, transfer, or other corporate transaction involving MBLL's gaming operations, personal information may be transferred as part of that transaction, subject to confidentiality safeguards and applicable laws.

International Transfers

OBSERVE: While core operations are based in Manitoba, some technical services and partners may be located outside Canada.

EXPAND: We must explain that data may be processed in other countries (e.g., other Canadian provinces, the United States, or the European Economic Area) and outline safeguards used for such transfers.

REFLECT: The following describes where and how international transfers may occur.

• Locations of processing: Personal information may be stored or processed in:
  • Canada (including provinces other than Manitoba);
  • the United States of America;
  • member states of the European Economic Area (EEA);
  • other jurisdictions where our trusted service providers or partners maintain facilities, to the extent necessary for the services they provide.
• Safeguards: When personal information is transferred outside of Canada, we take appropriate measures to protect it, which may include:
  • entering into contracts based on standard contractual clauses or equivalent instruments approved under applicable data protection frameworks (e.g., GDPR) for international transfers;
  • conducting due diligence and security assessments of service providers;
  • requiring robust technical and organizational security measures consistent with this Privacy Policy.
• Access by foreign authorities: Personal information processed in other countries may be subject to lawful access by courts, law enforcement, and national security authorities in those jurisdictions.
• Additional rights for certain users: Where GDPR or similar regimes apply (for example, for EU/EEA-based users who interact with our informational content), we take steps to ensure that transfers comply with applicable legal requirements, and you may request further details of specific safeguards used.

Data Retention

OBSERVE: Privacy rules and gaming regulations require that data retention be limited to what is necessary but often for extended periods for compliance.

EXPAND: We must align operational needs, statutory retention periods (e.g., AML, financial records), and user rights to deletion, providing indicative timeframes.

REFLECT: Retention is set out by category and criteria below. All dates and practices described reflect expectations up to and including 2026.

General Retention Principles

• We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, unless a longer period is required or permitted by law.
• We periodically review the data we hold and apply deletion, anonymization, or aggregation where information is no longer needed in identifiable form.

Illustrative Retention Periods

• Account and identification data: Typically retained for the duration of your active relationship with us and, after account closure, for up to 5 years, unless a longer period is required for legal, regulatory, or dispute-related reasons.
• KYC/AML and transactional records: Retained for a minimum of 5 - 7 years after the end of the relationship or the completion of the transaction, in accordance with applicable financial and gaming regulations.
• Responsible gambling records: Retained for the period necessary to administer self-exclusion or limit programs and for a further period (generally up to 5 years) to support compliance and responsible gambling initiatives.
• Technical logs and security data: Retained for shorter periods (typically 6 - 24 months), unless needed longer for security investigations or legal purposes.
• Marketing data: Retained for as long as you remain subscribed to marketing communications and for a limited period thereafter (normally up to 2 years) to document consent history, unless you object earlier.

Deletion Criteria

• Personal information is deleted or anonymized when:
  • it is no longer necessary for the purposes for which it was collected or processed;
  • you successfully exercise your right to erasure and no overriding legal ground for retention exists;
  • retention periods prescribed by law have expired;
  • we replace identifiable data with aggregated or anonymized forms for statistical or research purposes.

Your Rights

OBSERVE: Users are entitled to transparent access and control over their personal information. While our primary legal framework is Canadian, many of our practices are aligned with international standards such as the EU General Data Protection Regulation (GDPR).

EXPAND: The requested specification also mentions Mexican privacy law; while Club Regent Casino does not actively target Mexico, we recognize comparable rights (e.g., access, rectification, cancellation, opposition - "ARCO" rights) as good practice.

REFLECT: Accordingly, we describe a harmonized set of rights and procedures, including response times and cost-free handling.

Overview of Your Rights

• Right of access: You may request confirmation of whether we process your personal information and receive a copy of such information, together with an explanation of how it is used.
• Right to rectification (correction): You may request that inaccurate or incomplete personal information be corrected or updated.
• Right to erasure (deletion / cancellation): You may, in certain circumstances, request deletion of your personal information, for example where it is no longer necessary for the purposes for which it was collected or where you have withdrawn consent and no other legal ground applies.
• Right to restriction of processing: You may request that we temporarily restrict processing of your information, for instance while we verify its accuracy or assess an objection.
• Right to object: Where we rely on legitimate interests or conduct direct marketing, you may object to the processing of your personal information. We will then cease processing unless we demonstrate compelling legitimate grounds or are required to continue by law.
• Right to data portability: Where technically feasible and legally applicable (for example under GDPR-equivalent scenarios), you may request that we provide your personal information in a structured, commonly used, and machine-readable format or transfer it to another service provider.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw such consent at any time, without affecting the lawfulness of processing before withdrawal.

How to Exercise Your Rights

1. Submission of request: You may exercise your rights by:
   • emailing us at [email protected] or [email protected] with the subject line "Privacy request - clubregent-ca.com";
   • writing to the Privacy Office at the postal address indicated in the "Who We Are" and "Complaints & Contacts" sections.
2. Verification: For your protection, we may need to verify your identity (e.g., by requesting additional information or documentation) before we act on your request.
3. Response timeframe: We aim to respond to all valid requests within 30 days of receipt. If we require more time due to complexity or number of requests, we will inform you of the reason and extension period as permitted by law.
4. Cost: We do not charge a fee to process your reasonable, standard requests. However, where permitted by law, we may charge a reasonable fee or refuse to act if a request is manifestly unfounded, excessive, or repetitive.
5. Legal limitations: Some rights may be limited or inapplicable under certain circumstances, such as where we must retain information to comply with legal obligations, protect public interests, or establish or defend legal claims. We will explain these limitations in our response where relevant.

Nothing in this section limits any rights you may have under applicable Canadian privacy legislation or foreign privacy laws that may apply to you, including GDPR or Mexican data protection principles, to the extent they are relevant to your situation.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar tools are used for functionality, security, analytics, and marketing.

EXPAND: We must distinguish types and provide user controls, while explaining potential impact on site operation.

REFLECT: The cookie framework is described below.

Types of Cookies We Use

• Session cookies: Temporary cookies that are stored on your device only for the duration of your browsing session and are deleted when you close your browser. They support essential site functions, such as keeping you logged in while navigating.
• Persistent cookies: Cookies that remain on your device for a defined period (e.g., days or months) or until you delete them. They help us remember your preferences, such as language, and allow us to recognize you on subsequent visits.
• First-party cookies: Cookies placed directly by clubregent-ca.com to support operation, security, and analytics.
• Third-party cookies: Cookies placed by trusted partners providing services such as analytics, advertising measurement, or social media integrations.

Purposes of Cookies

• Strictly necessary / functional: Enable core website functions, including secure login, session management, and navigation. These cookies are essential and cannot generally be disabled through our cookie settings without impacting functionality.
• Performance and analytics: Help us understand how users interact with our site (e.g., pages visited, time spent, error messages) to improve performance and content.
• Advertising and marketing: Used, with your consent where required, to deliver or measure advertising related to our services, limit the number of times you see an ad, and help us tailor content to your interests.

Managing Cookies

• Browser settings: Most web browsers allow you to:
  • view which cookies are stored on your device;
  • delete cookies individually or all at once;
  • block or restrict cookies from specific sites or all sites;
  • configure notifications before cookies are stored.
  Please consult your browser's help section for detailed instructions.
• Internal controls (where available): We may offer an internal cookie or privacy settings panel on clubregent-ca.com that allows you to manage certain categories of cookies and tracking technologies, excluding those strictly necessary for site operation.
• Impact of disabling cookies: If you block or delete certain cookies, some features of our website or services may not function properly, and your user experience may be affected.

Data Security

OBSERVE: Gaming operations handle sensitive personal and financial data, requiring robust security controls.

EXPAND: We apply layered technical, organizational, and procedural measures, in alignment with recognized industry standards and regulatory expectations.

REFLECT: Key safeguards are summarized below; however, no system can be guaranteed completely secure.

Technical Measures

• Encryption in transit: Data transmitted between your device and our systems is protected using industry-standard encryption protocols (such as TLS 1.2+) to reduce the risk of interception.
• Encryption at rest: Sensitive information, including certain financial and authentication data, is stored using encryption and other data protection methods.
• Access controls: Access to personal information is restricted to authorized personnel and service providers who require it for their duties, using role-based permissions and strong authentication mechanisms. Multi-factor authentication is implemented for privileged accounts where feasible.
• Network and system security: Firewalls, intrusion detection or prevention systems, anti-malware solutions, and security monitoring tools are used to protect our infrastructure.

Organizational and Procedural Measures

• Policies and training: We maintain internal policies on information security and privacy and provide regular training to staff who handle personal information, emphasizing confidentiality obligations and secure handling practices.
• Vendor management: We assess and contractually require service providers to maintain appropriate security measures consistent with this Privacy Policy and applicable legal requirements.
• Security audits and assessments: We conduct periodic assessments, which may include internal audits, external reviews, and testing of systems and controls. Gaming platforms used in connection with PlayNow Manitoba are tested and certified by independent labs (such as GLI) for integrity, as required by regulators.

Incident Response

• We maintain procedures to detect, address, and mitigate security incidents, including:
  • identifying and containing suspected or confirmed breaches;
  • assessing risks and impact on affected individuals;
  • notifying regulators and affected individuals where required by law and within applicable timeframes;
  • implementing remedial measures to prevent recurrence.

While we strive to protect personal information, no system is completely secure. You are also responsible for maintaining the confidentiality of your login credentials and for using unique, strong passwords. Please notify us immediately if you suspect any unauthorized use of your account.

Complaints & Contacts

OBSERVE: Users need clear channels to raise questions or concerns and to escalate unresolved issues.

EXPAND: We must provide contact methods, describe the internal complaint process, and identify relevant supervisory authorities, including those in the EU where applicable.

REFLECT: The procedure below aims to be transparent and user-friendly.

Contacting Us

• Email (general inquiries and privacy requests): [email protected]
• Email (support / account issues): [email protected]
• Postal address: Privacy Office, c/o Manitoba Liquor & Lotteries, Club Regent Casino, 1425 Regent Ave W, Winnipeg, Manitoba, Canada
• Web resources:
  • Club Regent / Casinos of Winnipeg: https://casinosofwinnipeg.com
  • Responsible gaming (GameSense Manitoba): https://gamesensemb.ca

Internal Complaint Procedure

1. Submission: Send your complaint or inquiry by email or post, clearly describing the nature of your concern (e.g., data access, security incident, marketing preferences, accuracy of data).
2. Acknowledgment: We aim to acknowledge receipt of your complaint within 10 business days, providing a reference number where applicable.
3. Investigation: Relevant teams (e.g., Privacy Office, Customer Support, Security) will review your complaint, may request additional information, and will conduct any necessary internal investigation.
4. Response: We endeavor to provide a substantive response within 30 days of receiving a complete complaint. If additional time is needed due to complexity, we will inform you of the reason and expected timeframe.
5. Resolution and follow-up: If we find that we have not complied with this Policy or with applicable laws, we will take appropriate corrective action and inform you of the steps taken.

Escalation to Supervisory Authorities

If you are not satisfied with our response or believe that your privacy rights have been violated, you may have the right to lodge a complaint with a data protection or privacy authority. Relevant authorities may include:

• In Manitoba / Canada:
  • Liquor, Gaming and Cannabis Authority of Manitoba (LGCA)
    Website: https://lgcamb.ca
  • Office of the Privacy Commissioner of Canada (OPC)
    Website: https://www.priv.gc.ca
• In the European Union (where applicable): You may contact your local data protection authority in the EU/EEA. Contact details are available through the European Data Protection Board (EDPB) website.
• In Mexico (where applicable): Individuals located in Mexico may contact the competent data protection authority (e.g., the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI) to assert their privacy rights, consistent with local law.

We encourage you to contact us first so that we can attempt to resolve your concerns directly.

Updates

OBSERVE: Privacy practices may evolve due to legal, technical, or operational changes.

EXPAND: We must explain how updates will be communicated, how versioning is handled, and what options users have regarding changes.

REFLECT: The update mechanism fosters transparency and ongoing trust.

Changes to This Privacy Policy

• We may update this Privacy Policy from time to time to reflect:
  • changes in our services, technologies, or business operations;
  • updates to legal or regulatory requirements;
  • feedback from users or supervisory authorities.
• The "Last updated" date at the end of this Policy indicates when it was most recently revised. Earlier versions may be retained for reference.

Notification of Material Changes

• For material changes that significantly affect how we process your personal information or your rights, we will provide advance notice of at least 30 days before the changes take effect, where practicable.
• Notification methods may include:
  • email messages to the address associated with your account;
  • prominent notices on our website (e.g., banner or pop-up);
  • notifications within your account dashboard, where available.

Your Options in Case of Changes

• By continuing to use our services after the effective date of an updated Privacy Policy, you acknowledge the revised terms.
• If you do not agree with the changes, you may:
  • adjust your privacy or marketing preferences using the tools provided; and/or
  • request closure of your account and, where applicable, exercise your rights as described in the "Your Rights" section.

Last updated: January 2026