Privacy Notice
Short version: we collect what the law and your account require, protect it properly, sell none of it, and delete it when retention law allows. The long version follows. Effective July 15, 2026.
Updated July 15, 2026
1 · Controller & Contact
Tower Casino operates tower-casino.ca and is responsible for personal information processed through it. Privacy questions and requests: [email protected] — answered within 30 days as PIPEDA requires.
2 · What We Collect & Why
| Category | Examples | Why |
|---|---|---|
| Identity | Name, date of birth, address | Account operation, age verification, KYC |
| Contact | Email, phone | Service messages, security alerts, optional marketing |
| Verification | ID documents, proof of address | Legal AML obligations, one-time check |
| Transactions | Deposits, withdrawals, wagers | Wallet operation, fraud prevention, statutory records |
| Technical | IP, device, session logs | Security, jurisdiction checks, debugging |
| Usage | Games played, preferences | Lobby personalisation, responsible-gambling monitoring |
We do not sell personal information. Automated risk systems may flag activity for human review; no account is closed by an algorithm alone.
3 · Cookies
Essential cookies run sessions, security and the consent banner itself — always on. Preference cookies remember language and display choices. Analytics cookies produce anonymous usage statistics, and marketing cookies handle campaign and affiliate attribution — both optional and controllable from the banner or your browser settings.
4 · Sharing & International Transfers
Data reaches only the providers needed to run the Tower — payment processors, identity-verification services, game studios (anonymised play data), hosting and analytics — each bound by contract. Regulators and law enforcement receive data where the law requires. Transfers outside Canada carry contractual safeguards consistent with PIPEDA.
5 · Retention & Security
Account and transaction records are retained for the statutory anti-money-laundering period (typically five years after closure), then deleted or irreversibly anonymised. Everything is encrypted in transit and at rest; verification documents live in segregated encrypted storage with role-restricted, logged access.
6 · Your Rights
Under PIPEDA you can request access to your data, correction of errors, withdrawal of marketing consent (one click in any email), and deletion where no retention law applies. Write to [email protected]; unresolved concerns can go to the Office of the Privacy Commissioner of Canada.
Self-excluded players' core identifiers are retained for the exclusion term — deleting them would break the protection you asked for.