burger icon
River Rock Casino
Log In

Privacy Policy

This Privacy Policy explains how river-rock-casino, operating through river-rock-casino-ca.com, collects, uses, stores, and protects your personal information. It applies to all players, website visitors, and users interacting with our services. Effective date: November 6, 2025.

Who We Are

river-rock-casino is operated through river-rock-casino-ca.com by its licensed entity under the authority of the British Columbia Lottery Corporation (BCLC), via a Casino Service Provider Agreement valid through 2025.

  • Legal Address: 8811 River Road, Richmond, British Columbia, V6X 3P8, Canada
  • Licensing Authority: British Columbia Lottery Corporation (BCLC)
  • Parent Company: Great Canadian Entertainment (transitioning to Petroglyph Development Group (PDG) in 2025), ultimate parent Apollo Global Management
  • Main Office Phone: +1-604-273-1895
  • General Email: [email protected]
  • Website: https://river-rock-casino-ca.com
  • Contact Form: Contact Us
  • Data Protection Contact (DPO): Sarah McLeod, reachable via the contact details above.

What Personal Data We Collect

We collect and process the following categories of personal data when you interact with river-rock-casino-ca.com:

  • Personal Identification Data: Full name, date of birth, address, email address, phone number, government-issued identification (for KYC/AML).
  • Account and Transaction Data: Username, password (securely hashed), betting and gaming history, deposit and withdrawal records, payment method details (including, where applicable, bank account or card information).
  • Technical and Device Data: IP address, device identifiers, browser type and version, operating system, access timestamps, log files, geolocation (subject to consent and regulatory requirements).
  • Behavioral Data: Clickstream data, navigation paths, session duration, in-game behavior, preferences, marketing interactions.
  • Cookies and Similar Technologies: Session cookies, persistent cookies, third-party cookies (analytics, advertising), tracking pixels, local storage objects.

Collection of certain data is mandatory for legal compliance and service provision, while other data may be collected with your explicit consent.

Legal Basis for Processing

river-rock-casino processes your personal data only where permitted by law and strictly for legitimate purposes. The principal legal bases include:

  • User Consent: For optional services such as marketing communications, cookies (beyond strictly necessary), and geolocation-based features. Consent may be withdrawn at any time.
  • Contractual Necessity: To create, manage, and operate your account, process transactions, facilitate gameplay, and deliver customer support under our Terms of Service.
  • Legitimate Interests: To ensure network and information security, prevent fraud, optimize user experience, and analyze site performance-balanced against your rights and freedoms.
  • Legal and Regulatory Obligations: To comply with KYC (Know Your Customer), AML (Anti-Money Laundering), and reporting requirements mandated by BCLC and Canadian law.

If additional legal grounds apply under evolving regulations, river-rock-casino will update this section accordingly.

Purpose of Processing

Your personal data is processed by river-rock-casino-ca.com for the following purposes:

  • Service Provision: Enabling account creation, identity verification, transaction processing, and access to gaming services.
  • Regulatory Compliance: Fulfilling obligations under BCLC license, including KYC/AML checks, responsible gambling monitoring, and reporting to authorities.
  • Customer Support: Responding to inquiries, resolving issues, and providing account assistance.
  • Service Improvement and Analytics: Monitoring site usage, optimizing platform performance, and enhancing user experience through aggregated analytics.
  • Marketing and Promotions: Sending promotional offers, newsletters, and personalized content-only with your explicit consent and subject to opt-out at any time.
  • Fraud Detection and Security: Preventing unauthorized access, financial crime, and enforcing platform integrity.

Disclosure & Sharing

river-rock-casino may share your personal data only under strict conditions, with:

  • Payment Service Providers: For processing deposits, withdrawals, and verifying payment sources. All partners are contractually bound to data protection standards.
  • Service Providers and Contractors: Including cloud storage, IT support, analytics, and customer verification agencies, acting solely on our instructions and subject to confidentiality agreements.
  • Regulators and Legal Authorities: Such as BCLC, law enforcement, and financial authorities, in compliance with applicable laws and license obligations.
  • Affiliates and Parent Companies: Within Great Canadian Entertainment and, where relevant, Petroglyph Development Group (PDG) and Apollo Global Management, for group compliance and operational purposes.
  • Advertising and Analytics Networks: Only with your explicit consent, for personalized marketing and performance measurement.

river-rock-casino does not sell your personal data to third parties. All disclosures are governed by strict contractual, legal, and technical safeguards.

International Transfers

Your personal data may be transferred to, and processed in, jurisdictions outside Canada, including the United States and European Economic Area, where our cloud services and technical partners operate. In all cases, river-rock-casino ensures:

  • Data Protection Safeguards: Standard contractual clauses, data processing agreements, and equivalent security measures are implemented to protect your information, regardless of location.
  • Regulatory Compliance: Transfers comply with Canadian privacy law and, where applicable, international standards such as GDPR.
  • User Rights: You retain all rights regarding your data, even when processed abroad, as described in the "Your Rights" section.

If data transfer to a country without adequate protection is required, you will be notified and provided with options to consent or object, in accordance with regulatory requirements.

Data Retention

river-rock-casino retains your personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations. Retention periods are as follows:

  • Account and Transaction Data: Retained for up to 5 years after account closure or last transaction, as required by BCLC regulations and applicable law.
  • Personal Identification Data: Retained for up to 5 years post-account closure for KYC/AML compliance, unless a longer period is required by law.
  • Technical and Behavioral Data: Retained for up to 3 years for analytics and security purposes, or until consent is withdrawn where applicable.
  • Cookies and Tracking Data: Retention periods vary by cookie type; session cookies are deleted upon browser closure, persistent cookies expire as specified in our Cookies Policy.

Data is securely deleted or anonymized when retention periods expire, upon user request (where legally permissible), or once processing purposes are fulfilled.

Your Rights

As a user of river-rock-casino-ca.com, you have the following rights regarding your personal data, in accordance with Canadian privacy law (including PIPEDA and relevant provincial statutes) and international standards:

  1. Right of Access: Request confirmation of whether we process your personal data and obtain a copy of such data.
  2. Right to Rectification: Request correction of inaccurate or incomplete personal information.
  3. Right to Deletion: Request erasure of your data where no longer necessary or where consent is withdrawn, subject to legal retention obligations.
  4. Right to Restrict Processing: Request suspension of data processing under certain circumstances (e.g., contesting data accuracy or processing legality).
  5. Right to Object: Object to processing based on legitimate interests or for marketing purposes at any time.
  6. Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller, where technically feasible.
  7. Right to Withdraw Consent: Withdraw your consent for processing activities based on consent (e.g., marketing, cookies) at any time, without affecting lawfulness of prior processing.
  8. Complaint and Redress: Lodge a complaint with our Data Protection Officer or escalate to the Office of the Information and Privacy Commissioner for British Columbia.

To exercise your rights, contact Sarah McLeod (DPO) via [email protected] or use our online contact form. All requests are handled free of charge within 30 days, unless the request is manifestly unfounded or excessive, in which case a reasonable fee or extension may apply (notification provided).

Regional Compliance Note: CA-specific privacy regulations apply; if you are located in another jurisdiction, additional rights may be available under local law.

Cookies & Tracking Technologies

river-rock-casino-ca.com uses cookies and similar tracking technologies to enhance your experience and optimize our services. Types of cookies used include:

  • Session Cookies: Temporary cookies deleted when you close your browser; necessary for secure authentication and core functionality.
  • Persistent Cookies: Remain on your device for a defined period to remember preferences, facilitate faster login, and personalize content.
  • Third-Party Cookies: Set by analytics providers (e.g., Google Analytics) and advertising networks for performance measurement and targeted marketing, always subject to your consent.

You can manage or disable cookies through your browser settings or via the internal cookie management panel available on our site. Please note, disabling certain cookies may impact core site functionality.

Data Security

river-rock-casino employs a comprehensive suite of data security measures to protect your personal information, including:

  • Encryption: TLS 1.2+ encryption for all data transmitted between your device and our servers; encryption at rest for sensitive data.
  • Access Controls: Multi-factor authentication for staff, strict role-based access, and regular review of permissions.
  • Security Audits and Monitoring: Regular penetration testing, vulnerability assessments, and continuous monitoring for suspicious activity.
  • Staff Training: Ongoing security awareness and data protection training for all employees handling personal data.
  • Incident Response: Formal procedures for rapid response to security incidents, including user notification and regulatory reporting as required.
  • Standards Compliance: Adherence to industry best practices and international standards such as ISO 27001 and SOC 2 where applicable.

Complaints & Contacts

If you have concerns about your privacy or wish to lodge a complaint, contact our Data Protection Officer:

  • DPO: Sarah McLeod
  • Email: [email protected]
  • Phone: +1-604-273-1895
  • Online Form: Contact Us
  • Mail Address: 8811 River Road, Richmond, British Columbia, V6X 3P8, Canada
  1. Step 1 - Initial Complaint: Submit your inquiry through any of the above channels. You will receive acknowledgment within 5 business days.
  2. Step 2 - Investigation: Our DPO will review your complaint, request further information if necessary, and investigate the matter.
  3. Step 3 - Resolution: A formal response will be provided within 30 days. If you are dissatisfied with our response, you may escalate the issue.
  4. Escalation: Contact the Office of the Information and Privacy Commissioner for British Columbia:
    • Website: https://www.oipc.bc.ca
    • Phone: +1-250-387-5629
    • Mail: PO Box 9038 Stn Prov Govt, Victoria, BC V8W 9A4, Canada

Complaints are handled free of charge and impartially. You may also seek recourse with other applicable supervisory authorities in your jurisdiction.

Updates

river-rock-casino reserves the right to update this Privacy Policy to reflect legal, regulatory, or operational changes. When updates are made:

  • Notification: Users will be informed via email, prominent website banners, and account dashboard alerts.
  • Advance Notice: For material changes affecting your rights or obligations, at least 30 days' advance notice will be provided wherever feasible.
  • User Options: You may object to changes or close your account if you do not agree with the updated policy. Continued use after the effective date constitutes acceptance of changes.
  • Version Control: Last updated: November 6, 2025. Major changes will be summarized in a changelog available on this page.